Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSCE 815 Network Security Lecture 8 SHA Operation and Kerberos.

Similar presentations


Presentation on theme: "CSCE 815 Network Security Lecture 8 SHA Operation and Kerberos."— Presentation transcript:

1 CSCE 815 Network Security Lecture 8 SHA Operation and Kerberos

2 – 2 – CSCE 815 Sp 03 Resources Stallings Web Site: http://williamstallings.com/ http://williamstallings.com/ Network Security Essentials, Second Edition Network Security Essentials, Second Edition Instructors Resources PowerPoint Slides Henric Johnson Tables and Figures Student Resources: look here for yourself! Resources for Cryptography and Network Security, Third Edition http://williamstallings.com/Crypto3e.html http://williamstallings.com/Crypto3e.html Instructors Resources Figures, Tables PowerPoint Lawrie Brown

3 – 3 – CSCE 815 Sp 03 Test 1 Feb 20 Sample Test ??? (next Time) Open vs Closed??? Questions  Analyze this sequence of ciphertext given table of frequencies.  Analyze this ciphertext knowing it is a very simple permutation.  Describe approach to decipher composition of substitution and permutation.  DES ?  RSA ?  SHA, MAC,

4 – 4 – CSCE 815 Sp 03

5 – 5 – CSCE 815 Sp 03 Birthday Attacks You might think a 64-bit hash is secure But by Birthday Paradox is not The Birthday attack works thus: opponent generates 2 m / 2 variations of a valid message all with essentially the same meaning opponent also generates 2 m / 2 variations of a desired fraudulent message two sets of messages are compared to find pair with same hash (probability > 0.5 by birthday paradox) have user sign the valid message, then substitute the forgery which will have a valid signature Conclusion is that need to use larger MACs

6 – 6 – CSCE 815 Sp 03 One-way HASH function

7 – 7 – CSCE 815 Sp 03 One-way HASH function Secret value is added before the hash and removed before transmission.

8 – 8 – CSCE 815 Sp 03 SHA Overview pad message so its length is 448 mod 512 append a 64-bit length value to message initialize 5-word (160-bit) buffer (A,B,C,D,E) to (67452301,efcdab89,98badcfe,10325476,c3d2e1f0) process message in 16-word (512-bit) chunks: expand 16 words into 80 words by mixing & shifting use 4 rounds of 20 bit operations on message block & buffer add output to input to form new buffer value output hash value is the final buffer value

9 – 9 – CSCE 815 Sp 03 Message Digest Generation Using SHA-1

10 – 10 – CSCE 815 Sp 03 SHA-1 Process- ing of single 512-Bit Block

11 – 11 – CSCE 815 Sp 03 Figure 12-6 (C&NS) SHA one step

12 – 12 – CSCE 815 Sp 03 SHA-1 Compression Function Each round has 20 steps which replaces the 5 buffer words thus: (A,B,C,D,E) <-(E+f(t,B,C,D)+S 5 (A)+W t +K t ),A,S 30 (B),C,D) A,B,C,D,E refer to the five words of the buffer t is the step number K t is a constant value derived from step f(t,B,C,D) is nonlinear function for round f t (t,B,C,D) is nonlinear function for round W t is derived from the message block S – circular shift by k bits S k – circular shift by k bits + here means addition modulo 2 32

13 – 13 – CSCE 815 Sp 03 K t - Constants for SHA-1 steps Step NumberK Step NumberK t (in hex) Integer portion of -1 < t <205A8279992 30 x sqrt(2) 19 < t <406ED9EBA12 30 x sqrt(3) 39 < t <608F1BBCDC 2 30 x sqrt(5) 59 < t <80CA62C1D6 2 30 x sqrt(10)

14 – 14 – CSCE 815 Sp 03 f t – Round Functions for SHA-1 steps Step Numberf Step Numberf t (t,B,C,D) -1 < t <20(B ^ C) V (B’ ^ D) 19 < t <40B + C + D 39 < t <60(B ^ C) V (B ^ D) V (C ^ D) 59 < t <80 B + C + D Where B’ means B complement, and + on this slide means XOR

15 – 15 – CSCE 815 Sp 03 W t words 32 bit Wt words For the first 16 words W t = 16 words of current block Henceforth W t = S 1 (W t-16 + W t-14 + W t-8 + W t-3 ) W t = S 1 (W t-16 + W t-14 + W t-8 + W t-3 ) + means XOR

16 – 16 – CSCE 815 Sp 03

17 – 17 – CSCE 815 Sp 03 Message Digest Generation Using SHA-1 revisited

18 – 18 – CSCE 815 Sp 03 Output Stage of SHA-1 After all 512 bit blocks have been processed Where IV = initial vector, initial value of five words L = number of 512 bit blocks in padded message MD = final Message Digest ABCDE q = output of last round of processing of the q th block Algorithm CV 0 = IV for q = 0 to L for q = 0 to L CV q+1 = CV q + ABCDE q MD = CV L

19 – 19 – CSCE 815 Sp 03 Other Secure Hash Functions MD5 Message Digest Algorithm RFC 1321 Ron Rivest 128 bit message digest with faster processors security has become questionable RIPEMD-160 Round European group produces 160 bit digest produces 160 bit digest processes text in 512 bit blocks

20 – 20 – CSCE 815 Sp 03 Other Secure HASH functions- table 3.1 SHA-1MD5RIPEMD-160 Digest length 160 bits 128 bits 160 bits Basic unit of processing 512 bits Number of steps 80 (4 rounds of 20) 64 (4 rounds of 16) 160 (5 paired rounds of 16) Maximum message size 2 64 -1 bits

21 – 21 – CSCE 815 Sp 03 Message Authentication Codes revisited MAC based on MAC algorithm and Key K Hash Functions one way function not based on key

22 – 22 – CSCE 815 Sp 03 Keyed Hash Functions as MACs have desire to create a MAC using a hash function rather than a block cipher because hash functions are generally faster not limited by export controls unlike block ciphers hash includes a key along with the message original proposal: KeyedHash = Hash(Key|Message) some weaknesses were found with this eventually led to development of HMAC

23 – 23 – CSCE 815 Sp 03 HMAC Use a MAC derived from a cryptographic hash code, such as SHA-1. Motivations: Cryptographic hash functions executes faster in software than encryption algorithms such as DES Library code for cryptographic hash functions is widely available No export restrictions from the US RFC 2104

24 – 24 – CSCE 815 Sp 03 HMAC Design Objectives Proposal to include secret key in hash function RFC 2104 lists design objectives for HMAC  To use available hash functions  Allow easy replaceability of hash function  Maintain performance of original hash  Use and handle keys simply  Have well understood cryptographic analysis of strength of the authentication method

25 – 25 – CSCE 815 Sp 03 HMAC Structure fig 3.6

26 – 26 – CSCE 815 Sp 03 HMAC Details Hash = embedded hash function (e.g., SHA-1) M – message L – number of blocks in M Y i – the ith block of M 0 < i < L b = number of bits in a block n = length of hash code produced by embedded hash K = secret Key K+ = K padded on left with zeroes so length is b Ipad = 00110110 repeated b/8 times Opad = 01011100 repeated b/8 times

27 – 27 – CSCE 815 Sp 03 Diffie Hellman Key Exchange First published public-key algorithm (1976) Purpose is to allow two users to exchange a private key Diffie-Hellman depends on the difficulty in computing discrete logarithms (inverse exponentials) Choose a prime p, consider the sequence a mod p, a 2 mod p, a 3 mod p, … a p-1 mod p If these are distinct and a permutation of 1 … p-1, then  b = a i mod p then ‘i’ is the discrete logarithm of b  a is called a primitive root of p Diffie-Hellman fig 3.10

28 – 28 – CSCE 815 Sp 03 Diffie-Hellman Algorithm fig 3.10 Global public elements q – a prime and ‘a’ a primitive root of q User A key generation Select private X A, calculate public Y A = a X A mod q User B key generation Select private X B, calculate public Y B = a X B mod q Select private X B, calculate public Y B = a X B mod q Generation of Secret Key by User A K = (Y B ) X A mod q Generation of Secret Key by User B K = (Y A ) X B mod q

29 – 29 – CSCE 815 Sp 03 Other Public-Key Cryptographic Algorithms Meaning other than RSA Digital Signature Standard (DSS) Makes use of the SHA-1 Not for encryption or key echange Elliptic-Curve Cryptography (ECC) Good for smaller bit size Low confidence level, compared with RSA Very complex

30 – 30 – CSCE 815 Sp 03 Diffie-Hellman Key Exchange fig 3.11

31 – 31 – CSCE 815 Sp 03 Key Management Major contribution of public-key encryption is to address the problem of key distribution Private keys as in RSA to distribute key for AES Public keys Public Key Certificates Public keys are public. Why not just broadcast? Forgery of public announcement Darth sends out “I’m Bob and my public key is XXX” Then Darth can read secret messages for Bob and Bob can’t Public Key certificate: public key + User Id signed by trusted third party X.509 protocol for certificates (next time)

32 – 32 – CSCE 815 Sp 03 Key Management Public-Key Certificate Use fig 3.12

33 – 33 – CSCE 815 Sp 03 Public-Key Distribution of Secret Keys How to share private key between Bob and Alice Diffie-Hellman Works but no user authenticationAlternative  Prepare message.  Encrypt message using conventional encryption using one- time session key.  Encrypt session key using public-key with Alice’s public key.  Attach the encrypted session key to the message and send to Alice. Only Alice is capable of decrypting the session key. Bob get’s public key from Alice’s public-key certificate.

34 – 34 – CSCE 815 Sp 03 Summary have considered: message authentication using message encryption MACs hash functions some current hash algorithms: MD5, SHA-1, RIPEMD-160 HMAC authentication using hash function Diffie-Hellman Key Exchange


Download ppt "CSCE 815 Network Security Lecture 8 SHA Operation and Kerberos."

Similar presentations


Ads by Google