Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 8 Overview. Secure Hash Algorithm (SHA) SHA-01993 SHA-11995 SHA-22002 – SHA-224, SHA-256, SHA-384, SHA-512 SHA-1 A message composed of b bits.

Published byAllison King Modified over 8 years ago

Similar presentations

Presentation on theme: "Lecture 8 Overview. Secure Hash Algorithm (SHA) SHA-01993 SHA-11995 SHA-22002 – SHA-224, SHA-256, SHA-384, SHA-512 SHA-1 A message composed of b bits."— Presentation transcript:

1 Lecture 8 Overview

2 Secure Hash Algorithm (SHA) SHA-01993 SHA-11995 SHA-22002 – SHA-224, SHA-256, SHA-384, SHA-512 SHA-1 A message composed of b bits 160-bit message digest CS 450/650 Lecture 8: Secure Hash Algorithm 2

3 Step 1 -- Padding Padding  the total length of a padded message is multiple of 512 – Every message is padded even if its length is already a multiple of 512 Padding is done by appending to the input – A single bit, 1 – Enough additional bits, all 0, to make the final 512 block exactly 448 bits long – A 64-bit integer representing the length of the original message in bits CS 450/650 Lecture 8: Secure Hash Algorithm 3

4 Padding (cont.) MessageMessage length10…0 64 bits Multiple of 512 1 bit CS 450/650 Lecture 8: Secure Hash Algorithm 4

5 Example M = 01100010 11001010 1001 (20 bits) Padding is done by appending to the input – A single bit, 1 – 427 0s – A 64-bit integer representing 20 Pad(M) = 01100010 11001010 10011000 … 00010100 CS 450/650 Lecture 8: Secure Hash Algorithm 5

6 Example Length of M = 500 bits Padding is done by appending to the input: – A single bit, 1 – 459 0s – A 64-bit integer representing 500 Length of Pad(M) = 1024 bits CS 450/650 Lecture 8: Secure Hash Algorithm 6

7 Step 2 -- Dividing Pad(M) Pad (M) = B 1, B 2, B 3, …, B n Each B i denote a 512-bit block Each B i is divided into 16 32-bit words – W 0, W 1, …, W 15 CS 450/650 Lecture 8: Secure Hash Algorithm 7

8 Step 3 – Compute W 16 – W 79 To Compute word W j (16<=j<=79) – W j-3, W j-8, W j-14, W j-16 are XORed – The result is circularly left shifted one bit CS 450/650 Lecture 8: Secure Hash Algorithm 8

9 Step 4 – Initialize A,B,C,D,E A = H 0 B = H 1 C = H 2 D = H 3 E = H 4 CS 450/650 Lecture 8: Secure Hash Algorithm 9

10 Initialize 32-bit words H 0 = 67452301 H 1 = EFCDAB89 H 2 = 98BADCFE H 3 = 10325476 H 4 = C3D2E1F0 K 0 – K 19 = 5A827999 K 20 – K 39 = 6ED9EBA1 K 40 – K 49 = 8F1BBCDC K 60 – K 79 = CA62C1D6 CS 450/650 Lecture 8: Secure Hash Algorithm 10

11 Step 5 – Loop For j = 0 … 79 TEMP = CircLeShift_5 (A) + f j (B,C,D) + E + W j + K j E = D; D = C; C = CircLeShift_30(B); B = A; A = TEMP Done +  addition (ignore overflow) CS 450/650 Lecture 8: Secure Hash Algorithm 11

12 Four functions For j = 0 … 19 – f j (B,C,D) = (B AND C) OR ( B AND D) OR (C AND D) For j = 20 … 39 – f j (B,C,D) = (B XOR C XOR D) For j = 40 … 59 – f j (B,C,D) = (B AND C) OR ((NOT B) AND D) For j = 60 … 79 – f j (B,C,D) = (B XOR C XOR D) CS 450/650 Lecture 8: Secure Hash Algorithm 12

13 Step 6 – Final H 0 = H 0 + A H 1 = H 1 + B H 2 = H 2 + C H 3 = H 3 + D H 4 = H 4 + E CS 450/650 Lecture 8: Secure Hash Algorithm 13

14 Done Once these steps have been performed on each 512-bit block (B 1, B 2, …, B n ) of the padded message, – the 160-bit message digest is given by H 0 H 1 H 2 H 3 H 4 CS 450/650 Lecture 8: Secure Hash Algorithm 14

15 SHA Output size (bits) Internal state size (bits) Block size (bits) Max message size (bits) Word size (bits) RoundsOperations Collisions found SHA-0160 5122 64 − 13280 +, and, or, xor, rot Yes SHA-1160 5122 64 − 13280 +, and, or, xor, rot None (2 52 attack) SHA-2 256/2242565122 64 − 13264 +, and, or, xor, shr, rot None 512/38451210242 128 − 16480 +, and, or, xor, shr, rot None CS 450/650 Lecture 8: Secure Hash Algorithm 15

16 Lecture 9 Digital Signatures CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Hesham El-Rewini

17 Digital Signatures A digital signature can be interpreted as indicating the signer’s agreement with the contents of an electronic document – Similar to handwritten signatures on physical documents CS 450/650 Lecture 9: Digital Signatures 17

18 Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 18 Unforgeable: Only the signer can produce his/her signature Authentic: A signature is produced only by the signer deliberately signing the document

19 Digital Signature Properties Non-Alterable: A signed document cannot be altered without invalidating the signature Non-Reusable: A signature from one document cannot be moved to another document Signatures can be validated by other users – the signer cannot reasonably claim that he/she did not sign a document bearing his/her signature CS 450/650 Lecture 9: Digital Signatures 19

20 Digital Signature Using RSA The RSA public-key cryptosystem can be used to create a digital signature for a message m – Asymmetric Cryptographic techniques are well suited for creating digital signatures The signer must have an RSA public/private key pair – c = M e mod n – M = c d mod n CS 450/650 Lecture 9: Digital Signatures 20

21 Signature Generation (Signer) Message SignaturePrivate Key Redundancy Function Formatted Message Encrypt CS 450/650 Lecture 9: Digital Signatures 21

22 Signature Verification Message Signature Public Key Verify Formatted Message Decrypt CS 450/650 Lecture 9: Digital Signatures 22

23 Example Generate signature S – d = 53 – e = 413 – n = 629 – m = 250 – Assume that R(X) = X S = R(m) e mod n – S = 250 53 mod 629 = 411 CS 450/650 Lecture 9: Digital Signatures 23

24 Example Verify signature with message recovery – Public key (e) = 413 – n = 629 – S = 411 R(m) = S e mod n – R(m) = 411 413 mod 629 = 250 Verifier checks that R(m) has proper redundancy created by R (none in this case) – m = R -1 (m) = 250 CS 450/650 Lecture 9: Digital Signatures 24

25 Creating a forged signature Choose a random number between 0 and n-1 for S – S = 323 Use the signer’s public key to decrypt S – R(m) = 323 413 mod 629 = 85 Invert R(m) to m: m = 85 – A valid signature (323) has been created for a random message (85) CS 450/650 Lecture 9: Digital Signatures 25

26 Redundancy Function The choice of a poor redundancy function can make RSA vulnerable to forgery A good redundancy function should make forging signatures much harder CS 450/650 Lecture 9: Digital Signatures 26

27 Example generate signature S – d = 53 – e = 413 – n = 629 – m = 7 – Assume that R(X) = XX S = R(m) e mod n – S = 77 53 mod 629 = 25 CS 450/650 Lecture 9: Digital Signatures 27

28 Example verify signature with message recovery – Public key (e) = 413 – n = 629 – S = 25 R(m) = S e mod n – R(m) = 25 413 mod 629 = 77 The verifier then checks that R(m) is of the form XX for some message X – m = R -1 (m) = 7 CS 450/650 Lecture 9: Digital Signatures 28

29 Forging signature (revisited) Choose a random number between 0 and n-1 for S – S = 323 Use the signer’s public key to decrypt S – R(m) = 323 413 mod 629 = 85 However, 85 is not a legal value for R(m) – so S = 323 is not a valid signature CS 450/650 Lecture 9: Digital Signatures 29

30 Privacy Signature provides only authenticity. How can we provide privacy in addition? CS 450/650 Fundamentals of Integrated Computer Security 30

31 Simple Scenario of Digital Signature

32 Getting a Message Digest from a document Hash Message Digest CS 450/650 Lecture 9: Digital Signatures 32

33 Generating Signature Message Digest Signature Encrypt using private key CS 450/650 Lecture 9: Digital Signatures 33

34 Appending Signature to document Append Signature CS 450/650 Lecture 9: Digital Signatures 34

35 Verifying Signature Hash Decrypt using public key Message Digest Message Digest CS 450/650 Lecture 9: Digital Signatures 35

Download ppt "Lecture 8 Overview. Secure Hash Algorithm (SHA) SHA-01993 SHA-11995 SHA-22002 – SHA-224, SHA-256, SHA-384, SHA-512 SHA-1 A message composed of b bits."

Similar presentations

Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.

Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.
Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.

Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Cryptographic Security CS5204 – Operating Systems1.

Cryptographic Security CS5204 – Operating Systems1.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.

PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.

CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Hashes and Message Digest Hash is also called message digest One-way function: d=h(m) but no h’(d)=m –Cannot find the message given a digest Cannot find.

Hashes and Message Digest Hash is also called message digest One-way function: d=h(m) but no h’(d)=m –Cannot find the message given a digest Cannot find.
CSE331: Introduction to Networks and Security Lecture 21 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 21 Fall 2002.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.

Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

Similar presentations

Ads by Google