Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSE331: Introduction to Networks and Security Lecture 21 Fall 2002.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "CSE331: Introduction to Networks and Security Lecture 21 Fall 2002."— Presentation transcript:

1 CSE331: Introduction to Networks and Security Lecture 21 Fall 2002

2 CSE331 Fall 20022 Announcements Reminder: Project 2 is due Today Project 3 will be on the web pages this afternoon.

3 CSE331 Fall 20023 Recap Diffie-Hellman Key Exchange Today: –Cryptographic Hashes –Digital Signatures –Primality Testing

4 CSE331 Fall 20024 Cryptographic Hashes Creates a hard-to-invert summary of input data Useful for integrity properties –Sender computes the hash of the data, transmits data and hash –Receiver uses the same hash algorithm, checks the result Like a check-sum or error detection code –Uses a cryptographic algorithm internally –More expensive to compute Sometimes called a Message Digest Examples: –Secure Hash Algorithm (SHA) –Message Digest (MD4, MD5)

5 CSE331 Fall 20025 Hash Algorithms Take a variable length string Produce a fixed length digest –Typically 128-1024 bits (Bad) Examples we’ve already seen: –Parity (or byte-wise XOR) –CRC Realistic Example –The NIST Secure Hash Algorithm (SHA) takes a message of less than 2 64 bits and produces a digest of 160 bits Hash

6 CSE331 Fall 20026 Uses of Hash Algorithms Hashes are used to protect integrity of data –Virus Scanners –Program fingerprinting in general –Modification Detection Codes (MDC) Message Authenticity Code (MAC) –Includes a cryptographic component –Send (msg, hash(msg, key)) –Attacker who doesn’t know the key can’t modify msg (or the hash) –Receiver who knows key can verify origin of message Make digital signatures more efficient

7 CSE331 Fall 20027 Desirable Properties The probability that a randomly chosen message maps to an n-bit hash should ideally be 2 -n. –Attacker must spend a lot of effort to be able to modify the source message without altering the hash value Hash functions h for cryptographic use as MDC’s fall in one or both of the following classes. – Collision Resistant Hash Function: It should be computationally infeasible to find two distinct inputs that hash to a common value ( ie. h(x) = h(y) ). – One Way Hash Function: Given a specific hash value y, it should be computationally infeasible to find an input x such that h(x)=y.

8 CSE331 Fall 20028 Secure Hash Algorithm (SHA) Pad message so it can be divided into 512-bit blocks, including a 64 bit value giving the length of the original message. Process each block as 16 32-bit words called W(t) for t from 0 to 15. Expand from these 16 words to 80 words by defining as follows for each t from 16 to 79: –W(t) := W(t-3)  W(t-8)  W(t-14)  W(t-16) Constants H0, …, H5 are initialized to special constants Result is final contents of H0, …, H5

9 CSE331 Fall 20029 SHA Chaining Variables Shift A left 5 bits

10 CSE331 Fall 200210 Physical Signatures Consider a paper check used to transfer money from one person to another Signature confirms authenticity –Only legitimate signer can produce signature In case of alleged forgery –3 rd party can verify authenticity Checks are cancelled –So they can’t be reused Checks are not alterable –Or alterations are easily detected

11 CSE331 Fall 200211 Digital Signatures: Requirements I A mark that only one principal can make, but others can easily recognize Unforgeable –If P signs a message M with signature S{P,M} it is impossible for any other principal to produce the pair (M, S{P,M}). Authentic –If R receives the pair (M, S{P,M}) purportedly from P, R can check that the signature really is from P.

12 CSE331 Fall 200212 Digital Signatures: Requirements II Not alterable –After being transmitted, (M,S{P,M}) cannot be changed by P, R, or an interceptor. Not reusable –A duplicate message will be detected by the recipient.

13 CSE331 Fall 200213 Digital Signatures with Shared Keys K AT K TB AliceBartTom K AT K TB K AT {msg}K TB {Alice,msg,K AT {msg}} Tom is a trusted 3 rd party (or arbiter). Authenticity: Tom verifies Alice’s message, Bart trusts Tom. No Forgery: Bart can keep msg, K AT {msg}, which only Alice could produce

14 CSE331 Fall 200214 Preventing Reuse and Alteration To prevent reuse of the signature –Incorporate a timestamp (or sequence number) Alteration –If a block cipher is used, recipient could splice- together new messages from individual blocks. To prevent alteration –Timestamp must be part of each block –Or… use cipher block chaining

15 CSE331 Fall 200215 Digital Signatures with Public Keys Assumes the algorithm is commutative: –D(E(M, K), k) = E(D(M, k), K) Let K A be Alice’s public key Let k A be her private key To sign msg, Alice sends D(msg, k A ) Bart can verify the message with Alice’s public key Works! RSA: (m e ) d = m ed = (m d ) e

16 CSE331 Fall 200216 Digital Signatures with Public Keys k A, K A, K B AliceBart D(msg,k A ) - No trusted 3 rd party. - Simpler algorithm. - More expensive - No confidentiality k B, K B, K A

17 CSE331 Fall 200217 Variations on Public Key Signatures Timestamps again (to prevent replay) Add an extra layer of encryption to guarantee confidentiality –Alice sends K B {D(msg, k A )} to Bart Combined with hashes: –Send {msg, D(Hash(msg), k A )}

18 CSE331 Fall 200218 Protocol Sample Threat Common strategy: –Encrypt for confidentiality. –Sign for integrity. Is it better to sign then encrypt? Or is it better to encrypt then sign? There is a pitfall.

19 CSE331 Fall 200219 Two Possible Messages A sends to B : K B {msg, D(msg,k A )} –B decodes with D(—, k B ) –Verifies with E: K A {D(msg, k B )} = M ? A sends to B : K B {msg}, D(K B {msg}, k A ) –B decodes with D(—, k B ) –Verifies with E: K A {D(K B {msg}, k B )} = K B {msg}?

20 CSE331 Fall 200220 Pitfall Interception Scenario A sends to B : K B {msg}, D(K B {msg}, k A ) –O intercepts O sends to B: K B {msg}, D(K B {msg}, k O ) B might think that msg came from O. Is this really a problem? To be safe: sign then encrypt.

Download ppt "CSE331: Introduction to Networks and Security Lecture 21 Fall 2002."

Similar presentations

Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.

Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
1 Information System Security AABFS-Jordan Summer 2006 Digital Signature and Hashing Functions Prepared by: Maher Abu Hamdeh & Adel Hamdan Supervised by:

1 Information System Security AABFS-Jordan Summer 2006 Digital Signature and Hashing Functions Prepared by: Maher Abu Hamdeh & Adel Hamdan Supervised by:
CS526Topic 5: Hash Functions and Message Authentication 1 Computer Security CS 526 Topic 5 Cryptography: Cryptographic Hash Functions And Message Authentication.

CS526Topic 5: Hash Functions and Message Authentication 1 Computer Security CS 526 Topic 5 Cryptography: Cryptographic Hash Functions And Message Authentication.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.

1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
CS5204 – Fall 2009 1 Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.

CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden +46 470 70 86.

1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden
MAC and HASH Functions Unit 5. AUTHENTICATION REQUIREMENTS In the context of communications across a network, the following attacks can be identified:

MAC and HASH Functions Unit 5. AUTHENTICATION REQUIREMENTS In the context of communications across a network, the following attacks can be identified:
Lecture 15 Lecture’s outline Public algorithms (usually) that are each other’s inverse.

Lecture 15 Lecture’s outline Public algorithms (usually) that are each other’s inverse.
Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.

Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.

Similar presentations

Ads by Google