Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authentication & MD5 Jen-Chang Liu, Fall 2005 Adapted from lecture slides by Lawrie Brown.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Authentication & MD5 Jen-Chang Liu, Fall 2005 Adapted from lecture slides by Lawrie Brown."— Presentation transcript:

1 Authentication & MD5 Jen-Chang Liu, Fall 2005 Adapted from lecture slides by Lawrie Brown

2 Model for Network Security

3 Type of attacks disclosure traffic analysis masquerade 偽裝 content modification sequence modification Insertion, deletion, reordering timing modification Delay or replay of message source repudiation destination repudiation Message confidentiality => ciphers Message authentication =>Message encryption, Message auth. code, Hash function 不可否認發出訊息 Digital signature 不可否認收到訊息

4 Outline Message authentication Message encryption Message authentication code: MAC=C k (M), k is a shared secret key, MAC is a fixed-length code Hash function: h=H(M), h is a fixed-length code MD5

5 Message Authentication message authentication is concerned with: protecting the integrity of a message validating identity of originator non-repudiation of origin (dispute resolution) Two-level approach Produce an authenticator: a value to be used to authenticate a message Authentication protocol 訊息 來源 來源不可否認發出訊息

6 Message Encryption The ciphertext of the message serves as its authenticator symmetric encryption is used: * A is the only party that possesses K * Y=D K (X), How to verify that Y is legitimate plaintext? Source: text file Source: binary file, such as compressed file, …

7 Symmetric encryption for authentication Constraint: the plaintext have some well- formed structure Example 1: frame check sequence (FCS) Error detection code Frame check sequence Hash function

8 Symmetric encryption for authentication (cont.) Example 2: TCP header encrypted

9 Public-key encryption for authentication Anyone can access public key – no authentication Only A has private key, M must be well-formed AB confidentiality authentication Confidentiality +authentication

10 Outline Message authentication Message encryption Message authentication code: MAC=C k (M), k is a shared secret key, MAC is a fixed-length code Hash function: h=H(M), h is a fixed-length code MD5

11 Message Authentication Code (MAC) MAC is a cryptographic checksum MAC=C K (M) condenses a variable-length message M using a secret key K to a fixed-sized authenticator

12 Message Authentication Codes (cont.) why use a MAC instead of message encryption? Sometimes only authentication is needed Ex. Broadcast of shut down message, check MAC is cheaper Ex. The receiver side cannot afford time to decrypt Ex. Authentication of a program in plaintext Separation of authentication and confidentiality Sometimes need authentication to persist longer than the encryption (eg. archival use) note that a MAC is not a digital signature Both sender and receiver share the same key

13 Requirements for MACs taking into account the types of attacks, we need the MAC to satisfy the following: 1. knowing a message and MAC, is infeasible to forge another message with same MAC 2. MACs should be uniformly distributed For random M and M ’, n-bit MAC, the prob. that C K (M)=C K (M ’ ) is 2 -n 3. MAC should depend equally on all bits of the message

14 Using Symmetric Ciphers for MACs Data Authentication Algorithm (DAA) is a widely used MAC based on DES-CBC using IV=0 and zero-pad of final block encrypt message using DES in CBC mode and send just the final block as the MAC or the leftmost M bits (16≤M≤64) of final block Cipher block chaining + IV=0

15 Message + MAC with confidentiality

16 Outline Message authentication Message encryption Message authentication code: MAC=C k (M), k is a shared secret key, MAC is a fixed-length code Hash function: h=H(M), h is a fixed-length code MD5

17 Hash Functions Hash function: h=H(M), h is a fixed-length code Also called as message digest or hash value usually assume that the hash function is public and not keyed. cf. MAC which is keyed hash is used to detect changes to message can use in various ways with message, most often to create a digital signature

18 Hash functions & symmetric encryption Hash code provide a structure for the message In fact, a MAC code

19 Hash functions & public-key encryptions In fact, a digital signature confidentiality User A User B

20 Hash functions & a shared secret value S Advantage: no encryption is necessary confidentiality

21 Requirements for Hash Functions 1. is easy to compute h=H(M) for any message M 2. can be applied to any sized message M 3. produces fixed-length output h 4. given h is infeasible to find x s.t. H(x)=h one-way property Important if a secret value is hashed. h = H(M || S) 5. given x is infeasible to find y s.t. H(y)=H(x) weak collision resistance Prevent forgery 6. is infeasible to find any x,y s.t. H(y)=H(x) strong collision resistance

22 Simple Hash Functions based on XOR of message blocks XOR * Too simple to fit the security requirements

23 Chapter 12 – Hash Algorithms Each of the messages, like each one he had ever read of Stern's commands, began with a number and ended with a number or row of numbers. No efforts on the part of Mungo or any of his experts had been able to break Stern's code, nor was there any clue as to what the preliminary number and those ultimate numbers signified. — Talking to Strange Men, Ruth Rendell Lecture slides from Lawrie Brown

24 Hash Algorithms see similarities in the evolution of hash functions & block ciphers increasing power of brute-force attacks leading to evolution in algorithms from DES to AES in block ciphers from MD4 & MD5 to SHA-1 & RIPEMD-160 in hash algorithms likewise tend to use common iterative structure as do block ciphers

25 MD5 (Message Digest) designed by Ronald Rivest (the R in RSA) latest in a series of MD2, MD4 produces a 128-bit hash value until recently was the most widely used hash algorithm in recent times have both brute-force & cryptanalytic concerns specified as Internet standard RFC1321

26 MD5 Overview 1. pad message so its length is 448 mod 512 2. append a 64-bit length value to message 3. initialise 4-word (128-bit) MD buffer (A,B,C,D) 4. process message in 16-word (512-bit) blocks: using 4 rounds of 16-step operations on message block & buffer add output to buffer input to form new buffer value 5. output hash value is the final buffer value

27 always

28 H MD5

29 T[i]=2 32  abs(sin(i)) [32 bits or 1 word]

30 MD5 Compression Function (1 step) 32 bits Random 32 bits 32 bits from 512-bits block Circular left shift

31 MD5 Compression Function each round has 16 steps of the form: a = b+((a+g(b,c,d)+X[k]+T[i])<<<s) a,b,c,d refer to the 4 words of the buffer, but used in varying permutations note this updates 1 word only of the buffer after 16 steps each word is updated 4 times where g(b,c,d) is a different nonlinear function in each round (F,G,H,I) T[i] is a constant value derived from sin()

32 Round functions RoundPrimitive function g g(b,c,d) 1F(b, c, d) (b  c)  (b  d) 2G(b, c, d) (b  d)  (c  d) 3H(b, c, d) bcdbcd 4I(b, c, d) c  (b  d) * Bitwise logical operations

33 H MD5

34 Strength of MD5 MD5 hash is dependent on all message bits Rivest claims security is good as can be Case 1: find M 1 and M 2 Case 2: find a message with given MD M1M1 M2M2 128-bit MD 2 64 operations 2 128 operations

35 Strength of MD5 (cont.) known attacks are: Berson 92 attacked any 1 round using differential cryptanalysis (but can ’ t extend) Boer & Bosselaers 93 found a pseudo collision (different ABCD buffers, same output) in single block (again unable to extend) Dobbertin 96 created collisions (different 512-bit blocks, same output) in single block (but initial constants prevent exploit) conclusion is that MD5 looks vulnerable soon

Download ppt "Authentication & MD5 Jen-Chang Liu, Fall 2005 Adapted from lecture slides by Lawrie Brown."

Similar presentations

Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
Fall 2008CS 334: Computer Security1 Crypto Conclusion Message Authentication Codes Key Management.

Fall 2008CS 334: Computer Security1 Crypto Conclusion Message Authentication Codes Key Management.
Cryptography and Network Security Chapter 12 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 12 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Cryptography and Network Security Chapter 12

Cryptography and Network Security Chapter 12
Cryptography and Network Security Hash Algorithms.

Cryptography and Network Security Hash Algorithms.
Information Security and Management 11

Information Security and Management 11
Cryptography and Network Security Chapter 11. Chapter 11 – Message Authentication and Hash Functions At cats' green on the Sunday he took the message.

Cryptography and Network Security Chapter 11. Chapter 11 – Message Authentication and Hash Functions At cats' green on the Sunday he took the message.
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
COM 5336 Cryptography Lecture 9 Hash, MAC, HMAC

COM 5336 Cryptography Lecture 9 Hash, MAC, HMAC
1 Pertemuan 09 Hash and Message Digest Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 09 Hash and Message Digest Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Authentication & digital signature Jen-Chang Liu Adapted from lecture slides by Lawrie Brown.

Authentication & digital signature Jen-Chang Liu Adapted from lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.

Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Cryptography and Network Security (Various Hash Algorithms) Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Changed by Somesh Jha)

1 Cryptography and Network Security (Various Hash Algorithms) Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Changed by Somesh Jha)

Similar presentations

Ads by Google