Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hash/MD5 background; Message Authentication

Published byGertrude Norah Greer Modified over 9 years ago

Similar presentations

Presentation on theme: "Hash/MD5 background; Message Authentication"— Presentation transcript:

1 Hash/MD5 background; Message Authentication

2 Hash Function Y = H(X) Any length message X Fixed size digest Y
e.g. 128 bits for MD5 Cannot be inverted, as not unique X = x bits Y = y bits Assuming ideal mapping, Y is the result for 2x-y possible X messages Example: x=5 bits  32 messages y=2 bits  4 digests 32/4 = 8= 23

3 Properties of a good hash function
Preimage resistance (one way) Given Y = result of a hash, it is hard to find X such as H(X)=Y Second preimage resistance (weak collision resistance) Given X, it is hard to find another X’ such that H(X) = H(X’) Collision resistance (strong collision resistance) It is hard to find two generic X1 and X2 such that H(X1) = H(X2)

4 !! Birthday paradox H Human being X  birthday
What is the probability that none of you N=22 is born in my same day? What is the probability that no two+ of us N=23 are born the same day? !!

5 Birthday paradox again
Digest = D bits Number of messages = K How many messages K to observe to get 50% probability to have my same digest? How many messages K to observe to get 50% probability to have two same digest?

6 Ricordando che per x piccolo
1-x approx e^(-x)

7 Message digest size Must be considered against birthday paradox!
32 bits (RAND) 50% collision after 216 msg (very little!) 56 bits (DES) 50% collision after 228 msg 250M (still little!) 128 bits (MD5) 50% collision after 264 msg 1.8x1019 (OK!) 160 bits SHA-1

8 MD5 iterative construction
Merkle-Damgard approach Length K mod 264 K bits Padding Message (any size) 10000 N x 512 bits Chunk (512 bits) Chunk (512 bits) Chunk (512 bits) Chunk (512 bits) F F F F 128 bits 128 bits 128 bits 128 bits 128 bits Initialization Vector (known) Hash Compression function (if it is resistant, also iteration is)

9 Message authentication
k k message m tag Sender Receiver Generate tag Verify Tag K message K message Generate tag Generate tag tag =?

10 Requires secret key! CRC meant to DETECT random errors!
message m CRC(m) message m* CRC(m*) CRC meant to DETECT random errors! Not meant to prevent attacks! Attacker can trivially recompute «valid» CRC

11 Requires secret key! Secret key, so that attacker CANNOT recompute tag (not knowing K) Pay 100 dollars Pay 1000 dollars X Pay 100 dollars H(M,K) Pay 1000 dollars H(M,K) Modified! And H(M’,K) not Computable by attacker Weaker than digital signature Why?  But fast, practical, and OK for two-party session Issues: Must use good hash Must use shared secret among parties

12 Security Attacker is given a number of past message/tag pairs
(m1,t1), (m2,t2), (m3,t3), … Even more powerful: «chosen message» attack Now sees message m Must NOT be able to forge tag t Even more powerful: must NOT be able to forge ANY valid pair (m,t) for any chosen new msg Formally: probability to forge valid pair must be NEGLIGIBLE

13 Short tags? 1 byte tags No way for attacker to guess tag from msg, beyond pure random choice Is this secure? NO! Probability of guessing = 1/256 Not nearly negligible!! Note the crucial difference with encryption security definitions!

14 Message authentication using hash functions
k k message m tag Sender Receiver Generate tag Verify Tag K message K message Hash function Hash function tag =?

15 Devil is in the details…
So far so good. But… How to combine message and K? tag = ? Hash(message, K)? Hash(K,message)? Who matters? Shouldn’t this be the same?

16 Expansion attack! Trivial to “extend” the message!
Especially critical if secret at the beginning Example: start from MD5(k | x), k unknown secret Append y To compute MD5(k | x | y) use iterative Merkle construction! No need to know k!!! Length (Damgard) strengthening: helps but does not solve the problem A strong reason to use different constructs (HMAC)

17 HMAC-MD5 opad = 0x36 = 00110110 repeated as needed
HMACK(M) = H(K+ XOR opad || H(K+ XOR ipad || M)) K+ = shared key padded to hash basic block size When H=MD5, padding to 512 bits opad = 0x36 = repeated as needed ipad = 0x5C = repeated as needed Why HMAC and not just a Hash? Hash H: applies to known message; does not assume any secret key Including secret key in Hash: At 1996: many naive approaches e.g. secret as IV, or secret in the message as Radius Response Authenticator  But none was backed-up by theoretical results

18 Why HMAC? quantitatively proven robustness: as secure as its underlying hash is see Bellare, Canetti, Krawczyk, Keying Hash Functions for Message Authentication Actually more secure Bellare 2006: collision resistence NOT necessary Nore strengthening needed Pseudorandomness only requirement You can use HMAC with MD5 or SHA-1 even if there are algorithms to compute collision Practical and flexible (you may change the underying hash with more robust one) Efficient computation

19 Collisions without HMAC
Collision in hash = collision in MAC H(M,S) construction: Obvious find collision on first part of the message, then expand H(S,M) construction: less obvious, but same problem Start from H(S,x)  IV Find collision H*(IV,X1)=H*(IV,X2) Mi = x | pad(x) | Xi | pad (Xi) Hence H(S,M1)=H(S,M2)

20 Lecture 3.1: Handling Remote Access: RADIUS Remote Authentication Dial In User Service
Recommended reading: RFC 2865, June 2000

21 Internet Service Provider
Motivation Managing large-scale networks: a nightmare Multiple NAS, multiple access services Not only authentication, but also service-specific configuration assignment Best achieved by managing single user "database" User+passwd login Internet Service Provider NAS PPP

22 RADIUS Provides centralized AAA functionalities Authentication
are you really the one you claim to be? Authorization Do you have permissions to access a service? Accounting what are you currently doing/using/paying? Transmitted bytes, billing, etc Client-Server protocol NAS acts as RADIUS client 1 primary server (0+ secondary servers - replicated) Management of replicated servers  implementation dependent Server may in turns act as a proxy Based on UDP/IP Server port 1812 (client port ephemeral, as usual in C/S)

23 RADIUS architecture RADIUS Server application Registered User Database
For each entry (user_name), contains (at least): Authentication information (secrets) Authentication Method One per user! Otherwise attacker would negotiate the least secure method from among a set If multiple authentication methods provided, much better use distinct user names! Authorization attributes (access profile per each user) Client database Clients which are entitled to communicate with the server Accounting Database Whhen radius used for accounting Frequently used only for authentication

24 RADIUS Security features
Per-packet authenticated reply Transactions are authenticated through the use of a shared key between RADIUS server and RADIUS clients Well, not all the transaction but only the reply packet: more later Shared Key never sent over the network Per-packet 16-bytes signature Encrypted user password transmission Same shared key used to transmit user passwords Remaining information transmitted in clear text

25 RADIUS scenario RADIUS server ISP NAS PPP
User sends authentication attributes to NAS NAS wraps them into Access-Request sent to Server Server response: OK, NO, Challenge (for some AUTH) if Y, user profile, authorization and config data added NAS notifies user RADIUS server ISP Access-Request 3 2 NAS Response 1 PPP 4

26 (or other AAA e.g. Cisco TACACS+)
Proxy Operation RADIUS server May be transparent or not transparent (e.g. change response to fit with local policies) remote RADIUS server (or other AAA e.g. Cisco TACACS+) ISP Frequently from different ISP: Typical Proxy usage is roaming

27 Message exchange (example)
If needed

28 packet format ……… Code (dec) Packet 1 Access-Request 2 Access-Accept 3
Access-Reject 4 Accounting-Request 5 Accounting-Response 11 Access-Challenge Code: type of radius packet Identifier: match requests with responses IP src and UDP src also help matching Length minimum 20, maximum 4096 Authenticator: used to authenticate reply from server Used in user password-hiding algorithm Attributes: extensible information field Turned out not being extensible enough with “only” 256 types… ……… type len value type len value code 1 byte identifier 1 byte length 2 byte authenticator 16 byte attributes *** IP header UDP header RADIUS PACKET

29 Packet authentication
Request Authenticator In Access-Request (CS) 16 randomly generated bytes unpredictable and unique (over the lifetime of shared C/S secret) To avoid replay attack Response Authenticator In Access-Accept/Reject/Challenge packets (SC) One-way MD5 hash of the request authenticator, the shared secret, the packet response information Response packet is signed! Otherwise packet tampering possible! Specifically: MD5(Code | ID | Length | RequestAuth | Attributes | Secret)

30 Attributes (at a glance)
User-Name User-Password CHAP-Password NAS-IP-Address NAS-Port Service-Type Framed-Protocol Framed-IP-Address Framed-IP-Netmask Framed-Routing Filter-Id Framed-MTU Framed-Compression (for Login service) (unassigned) Reply-Message Callback-Number Callback-Id (unassigned) Framed-Route Framed-IPX-Network State Class Vendor-Specific Session-Timeout Idle-Timeout Termination-Action Called-Station-Id Calling-Station-Id NAS-Identifier Proxy-State (for LAT) (for AppleTalk) (res. for accounting) CHAP-Challenge NAS-Port-Type Port-Limit Login-LAT-Port Attributes (at a glance) Information and configuration details carried by request and/or reply (accept/reject/challenge) packets Any number of attributes in a packet Length field  end of attributes payload Order of attributes does NOT matter Some attributes may be included more than once effect is attribute-specific (here order may matter!) Up to 28 attributes (1 byte type field): Type 0: reserved Type 1-191: IANA (public) assigned/assignable Type : for private use Type : experimental Type : implementation-specific Type : reserved Extensible Protocol New attribute values can be added without disturbing existing implementations

31 Access-Request Typically contains: Who is the user Password
User-Name Mandatory: search key to access the user database Password User-Password CHAP-password (when CHAP employed) An identifier of the RADIUS client NAS-IP or NAS-identifier user might access only a subset of NAS An identifier of the port the user is accessing NAS-Port (if the NAS has ports) Wi-Fi: Logical association Dial Up: physical (modem) port# receiving the user call User might be restricted to access only specific ports

32 Password encryption Native User-Password Step 1: padding to 16 bytes
Step 2: generate a 16 bytes hash using key and the content of the authenticator field of the request MD5(secret | RequestAuth) u g o Step 3: XOR padded passwd & hash MD5(secret | RequestAuth) If passwd longer than 16 characters: Step 4: compute MD5(secret | result of previous XOR) and Step 5: XOR with next segment of the passwd

33 Access-Accept Positive server response
User authentication credentials OK Contains all the service-specific configuration Including the Service-Type attribute Complemented with other service-related configuration parameters E.g. IP address, mask, etc Possible values of the Service-Type option

34 Access-Reject Two main reasons: Authentication failed
1+ attributes in the request were not considered acceptable (authorization failed)

35 Access-Challenge Used whenever the server wants/needs the user to send a further response E.g. a challenge/response authentication mechanisms Not necessarily CHAP (see CHAP support later on)! Could be RADIUS support for GSM/UMTS authentication! E.g. prompting the user to enter a password Challenge typically contains One or more reply-message attributes Which MAY be used in a very flexible manner May contain text to be prompted to the user May contain an explicit authentication challenge NAS collects response from the user and sends a NEW Access-Request New ID New User-Password - contains the user response (crypted) Based on this, server accepts or rejects or send another challenge

36 PPP CHAP support with RADIUS
CHAP challenge locally generated by NAS No need to know user password for this! CHAP challenge + response sent to RADIUS server RADIUS server retrieves user password from database, computes and compares CHAP response Chap Challenge RADIUS Access Request (User Name, CHAP password, CHAP Challenge, Service :Framed PPP , …) Chap Response Verify RADIUS Access Accept (Service : Framed PPP, …) Chap Success CHAP RADIUS PPP UDP/IP PPP User NAS RADIUS SERVER

37 Lecture 3.2: RADIUS limits and extensions

38 RADIUS Security Weaknesses
Recommended reading: Joshua Hill, “An analysis of the RADIUS Authentication Protocol”

39 Vulnerable to message sniffing and modification
Clear-text protocol  privacy issues User-Name, Calling-Station-ID, NAS identification, location attributes sent in the clear Access-Request not authenticated Attacker may intercept (e.g. MITM) an Access-Request and change its contents effortless Access requests may be forged Solution proposed Message-Authenticator attribute To be mandatorily used with EAP only, though More later on EAP

40 Message-Authenticator
Message signature Primarily for Access-Request messages Since they are not authenticated Of course can be used also in Reject/Accept/Challenge packets MUST be used when EAP used with RADIUS (RFC 2869) May (of course) be used with other authentication methods Usual attribute syntax Authenticator = HMAC-MD5(whole packet) = HMAC-MD5(type | ID | len | RequestAuth | attributes) In computation, Authenticator = Shared secret used as key for the HMAC-MD5 hash Type=80 Len=18 Authenticator (16 bytes)

41 RespAuth Attack to shared secret
Attack to the shared secret based on the Response Authenticator RespAuth = MD5(Code | ID | Length | RequestAuth | Attributes | Secret) Secret placed at the end: very bad idea!! Pre-computation of MD5 state for (Code | ID | Length | RequestAuth | Attributes) reduces the computational requirement for a successful offline exhaustive search attack

42 Attack to shared secret based on User-Password attribute
RADIUS server NAS Arbitrary User-ID Access-Request Arbitrary Password (< 16 bytes) User-Password attribute (16 bytes) Request Authenticator (16 bytes) XOR (password) MD5(secret, RequestAuth) Attack to the shared secret based on the User-Password attribute Exhaustive search attack But pre-computation of MD5 state not possible here, as secret is first

43 Offline dictionary attacks
Their “effectiveness” depends on chosen secret (Often ignored) advice from RFC 2865: “The secret (password shared between the client and the RADIUS server) SHOULD be at least as large and unguessable as a well-chosen password. It is preferred that the secret be at least 16 octets. This is to ensure a sufficiently large range for the secret to provide protection against exhaustive search attacks. The secret MUST NOT be empty (length 0) since this would allow packets to be trivially forged.” Many implementations only allow shared-secrets that are ASCII characters, and less than 16 characters; resulting RADIUS shared secrets are low entropy!

44 Attacking the password of a user
FIRST STEP: as previous case, but with valid user ID: RADIUS server NAS Victim User-ID Access-Request Arbitrary Password (< 16 bytes) User-Password attribute (16 bytes) XOR (password) MD5(secret, RequestAuth) SECOND STEP: Attacker now able to “encrypt” the user password!! May exploit: 1) lack of upper limit on authentication rate at server-side (limits imposed on clients are by-passed) 2) RADIUS servers typically do not check for authenticator reuse Works only with 16 or less byte passwords (most cases) Spoofed Access-Request, with: New-passwords XOR MD5(secret, RequestAuth)

45 poor PRNG implementations Replay Attacks
Security of radius depends on the uniqueness and non-predictable generation of the Request Authenticator Some implementations exploit poor Pseudo-Random Number Generators (PRNGs) Short cycles, predictable Immediate exploitation: replay attack: authenticate/authorize an illegal user with no valid password NAS Valid users Access-Request (Request authenticator) Access-Accept (Response authenticator) Dictionary of ReqAuth/RespAuth Access-Request (ReqAuth in dictionary) Access-Accept (corresponding RespAuth)

46 poor PRNG implementations Attack to Customer passwords /1
Passively monitor the network traffic allows to build a dictionary of Request Authenticators and the associated (protected) User-Password attributes NAS Valid users Access-Request (Request authenticator) Dictionary of ReqAuth/User-Password Repeated Request Authenticator observed XOR previous user-password with new user-password From different users Result: since ReqAuth is the same (user-password #1) XOR (user-Password #2) = = [pw_user1 XOR MD5(secret,ReqAuth)] XOR [ps_user2 XOR MD5(secret,ReqAuth)] = = pw_user1 XOR pw_user2 BUT passwords from different users differ in length: last characters of longer password are put in clear!! Password sizes are known!! Now intelligent dictionary attack (guided by improper habits to select passwords with low entropy) may clear passwords

47 poor PRNG implementations Attack to Customer passwords /2
ACTIVELY submit known passwords to add known passwords to the dictionary of Request Authenticators and the associated (protected) User-Password attributes NAS Arbitrary pw Access-Request (Request authenticator) Dictionary of ReqAuth/User-Password If customer Access-Request uses a Request Authenticator already in the dictionary linked to a KNOWN password, customer password gets known! Since ReqAuth is the same (User-password from customer) XOR (user-Password from attacker) = = [pw_user XOR MD5(secret,ReqAuth)] XOR [known_pw XOR MD5(secret,ReqAuth)] = = pw_user XOR known_pw  pw_user in clear

48 Poor PRNG, a note PRNG cycle depends on underlying PRNG seed
N bit seed  only 2^N different values! Birthday attack: ½ prob with approx 2N/2 N=16  birthday attack with o(250) packets! C drand48  birthday attack with o(16M) packets (not really a lot!) Terrific (?) implementation idea: Start from 32 bit random number Generate 128 bit authenticator by appending 4 subsequent 32 bit random numbers Cycle: reduced to 30 bits!! Birthday attack: o(32000) packets!

49 Lessons learned from RADIUS
Do-it-all-in-one does not pay off AAA protocols should NOT implement their own security mechanisms carefully structured attacks break down RADIUS “simple” approaches MD5 serious flaws emerged recently (2005, Wang and Yu) MD5 hard to upgrade in radius (requires complete change) all the RADIUS security architecture will now vanish? Current trend: rely on an underlying security layer RADSEC = Radius over TLS; RADIUS over IPsec DIAMETER approach: mandatory usage of IPsec Easy to say, much harder to deploy (complexity, cost, extra processing) Mixing encryption with hashing may have severe side effect consequences Using MD5 hasing for password encryption was NOT a good idea – see related attacks Single (static) shared key: too risky Require different shared keys per each client/server pair Server selects which shared secret to use: based on client IP address

50 AAA evolution: beyond RADIUS

51 RADIUS today Radius initially deployed to mainly support dial-in PPP users and terminal login users Today, RADIUS = de-facto standard for AAA Universal support from device vendors But severe functional limits Scalability: today much larger customer base “size” From a few thousands of users, as in first ISPs To several M users as in cellular operators and national-level ISPs Extensibility: new technologies Wireless, DSL, 3G, Ethernet, … many more service scenarios Mobile-IP, roaming, carrier-grade accounting, etc new authentication mechanisms Interoperability: lot left unspecified, and dealt with in proprietarily E.g. failover, load balancing, server selection, etc

52 A note on scalability 48 port NAS In average 1 request every 25 sec
Average session time = 20 minutes What if of such NAS? 400 access-requests/second 3.2 mbps server load if request averages 1KB Add 400 account-requests/second Add delivery of accounting records Some RADIUS implementations may be unable to manage all this load with no packet loss! Finally, add load peaks when NAS reboots (e.g. after power failure) Many accounting records back-to-back Remote users log-in simultaneously Conclusion: AAA servers (and their networks) may experience CONGESTION!! As well as packet drop!!

53 Ongoing evolution in IETF
Diameter Started on dec 1998 Now completed, activities moved to DiME (Diameter Maintenance and Extensions WG) First WG on jan 2006 Planned actions: support of MIPv6; QoS; AAA in IP telephony (SIP) and in Local Area Networks (VLAN) RADext Started on august 2003 RADIUS extensions with mandatory backward compatibility Planned actions: AAA in IP telephony (SIP) and in Local Area Networks (VLAN), pre-paid support No transport (still UDP) and Security enhancements RADIUS/Diameter compatibility Goal of both WGs!!

54 Why “duplicating” the work?
RADIUS: Massive work on RADIUS deployment De-Facto standard, heavily integrated in business/ISP domains Limitations can be circumvented with “small” ad-hoc extensions Diameter: Brand new protocol Though somehow backward compatible, neverteless it changes lots of basics Transport, Packet format, philosophy, … Much more powerful but also muuuuch more complex Perfect choice in new (emerging) scenarios Most notably 3G mobility world Uncertainty on what will be THE future AAA protocol, and IF there will be ONE dominant protocol: keep both!

55 Diameter: whole picture
DIAMETER applications (inherit base protocol and extend/customize it for specific purposes) AAA Transport Profile (SCTP/TCP-based) – RFC 3539 DIAMETER Base protocol RFC 3588 Diameter Mobile IPv4 app RFC 4004 Diameter NAS app RFC 4005 Diameter Credit ctrl app RFC 4006 Diameter EAP app RFC 4072 Diameter SIP app in RFC queue A very complex specification! Indeed, DIAMETER = 2 x RADIUS  We will NOT enter into ANY detail…

56 Diameter improvements at a glance /1
reliable transport Versus RADIUS unreliable UDP and “proprietary” retransmission Reliability essential in accounting Packet loss = money loss! SCTP preferred (otherwise TCP) One persistent connection between client & server Packets pipelined in this single connection Standardized error and fail-over control Versus RADIUS implementation dependent approaches Error control and retransmission functionalities at the application level Duplicate detection Especially important in accounting Application-layer watchdog: periodic packets devised to understand when Diameter peer fails Default: 1 message every 30 +/- 2 seconds (artificial random jitter added to avoid syncronized arrivals) May be decreased to 6 +/-2 seconds Timer reset when other packets arrive (i.e. watchdogs used only when no other packets arrive)

57 Diameter improvements at a glance /2
Extension of functional limits 24 bit AVP filed (Attribute-Value-Pair) versus 8 bit attribute field (exhausted) No more 8 bit ID (limits to 256 packets on the fly from client to same server – not scalable), but 32 bit (Hop-by-Hop identifier) Duplicate detection (E2E identifier and T flag) Capability negotiation: mandatory/non-mandatory AVPs (flag M) allow to restrict reject only to serious lack of capabilities Versus radius “reject” answer if request attributes not supported Diameter header Version: 0x01 Message length (3B) Flags: R: 1=request, 0=answer P: proxiable E: this is an error message T: potentially retransmitted message R P E T res-flags Command-Code (3B) Application-ID (4B) Hop-By-Hop Identifier (4B) End-To-End Identifier (4B) AVPs AVP code (4B) Flags: V: vendor-specific bit: vendor ID follows, code is from vendor M: mandatory bit: reject if this AVP unsupported P: privacy bit: need for e2e encryprion V M P res-flags AVP length (3B) Vendor-ID (optional, 4B) …… DATA ……

58 Diameter improvements at a glance /3
Peer discovery, configuration, capability detection In RADIUS, clients are manually configured Diameter uses specific IETF protocols (Service Location Protocol version 2) C/S exchange capabilities when they set-up a transport connection Identity, diameter version, security mechanisms, supported Diameter applications Supports unsolicited SC messages Versus RADIUS pure client-server paradigm Allows unsolicited abort/disconnect, reauthentication/reauthorization,… Very detailed management of intermediate entities Versus sloppy specification in (early) RADIUS Clear distinction between hop-by-hop and end-to-end End-To-End protection mechanisms RADIUS can only deal with Hop-by-Hop Explicit specification of Proxies, Redirects, Relay agents Roaming support Routing (!!) support

59 Diameter agents operation
request No intermediate agent answer Realm routing table Relay agent: accept request and routes it to the proper server based on info contained In the message (destination realm) Proxy agent: as relay but modifies message (hence e2e message authentication broken) request request Relay agent answer answer pluto.net pippo.net Dest. realm redirect agent Realm routing table Redirect agent: provide routing decision on incoming request but does not actually route request (returns redirect) Useful when Diameter routing decisions are centralized (e.g. for a consortium of realms) Typical usage: individual relays default-route to redirect agent req Redirect notif. request request Relay agent answer answer

Download ppt "Hash/MD5 background; Message Authentication"

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Lecture 5: Cryptographic Hashes

Lecture 5: Cryptographic Hashes
Web security: SSL and TLS

Web security: SSL and TLS
CPSC 441 - Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Umut Girit 200535027.  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.

Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
Hash Function. What are hash functions? Just a method of compressing strings – E.g., H : {0,1}*  {0,1} 160 – Input is called “message”, output is “digest”

Hash Function. What are hash functions? Just a method of compressing strings – E.g., H : {0,1}*  {0,1} 160 – Input is called “message”, output is “digest”
Cryptography and Network Security

Cryptography and Network Security
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
What is EAP EAP stands for Extensible Authentication Protocol. Offers a basic framework for authentication. Many different authentication protocols can.

What is EAP EAP stands for Extensible Authentication Protocol. Offers a basic framework for authentication. Many different authentication protocols can.
CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)

CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Similar presentations

Ads by Google