Presentation is loading. Please wait.

Presentation is loading. Please wait.

MESSAGE AUTHENTICATION and HASH FUNCTIONS - Chapter 11 MESSAGE AUTHENTICATION and HASH FUNCTIONS - Chapter 11 Masquerade – message insertion, fraud, ACK.

Published byDana Johnston Modified over 9 years ago

Similar presentations

Presentation on theme: "MESSAGE AUTHENTICATION and HASH FUNCTIONS - Chapter 11 MESSAGE AUTHENTICATION and HASH FUNCTIONS - Chapter 11 Masquerade – message insertion, fraud, ACK."— Presentation transcript:

1 MESSAGE AUTHENTICATION and HASH FUNCTIONS - Chapter 11 MESSAGE AUTHENTICATION and HASH FUNCTIONS - Chapter 11 Masquerade – message insertion, fraud, ACK Content Modification Sequence Modification – insertion, deletion, re-ordering Timing Modification – delay, replay

2 AUTHENTICATION AUTHENTICATION Message Encryption – E K (M) Message Authentication Code (MAC) – C K (M) Hash Function – H(M)

3 BASIC USES OF MESSAGE ENCRYPTION

4 INTERNAL AND EXTERNAL ERROR CONTROL

5 STRUCTURE STRUCTURE Fig 11.1a : Legitimacy test at B (intelligible) - small subset of plaintext legitimate - structured Fig 11.2a : Structured redundancy via FCS - internal ECC - authentication Fig 11.2b : External ECC – opponent can construct code words - authentication Any ’structure’ will do e.g. Fig 11.3

6 BASIC USES OF MESSAGE ENCRYPTION

7 PUBLIC-KEY PUBLIC-KEY Fig 11.1b : Confidentiality Fig 11.1c : Authentication - plaintext needs structure Signature - only A could have sent, not even B Fig 11.1 : Confidentality / Authentication Table 11.1

8 TCP SEGMENT

9 BASIC USES of MESSAGE AUTHENTICATION CODE (MAC)

10 MAC MAC A, B share key, K MAC =C K (M) Transmit message + MAC (Fig 11.4a) MAC not necessarily reversible - less vulnerable than encryption

11 BASIC USES of MESSAGE AUTHENTICATION CODE (MAC)

12 Authentication + Confidentiality Figs 11.4b and 11.4c - Two separate keys (Table 11.2) - Fig 11.4b preferred Use MAC, not conventional Encryption - MAC gives no signature - sender/receiver share key

13 Authentication + Confidentiality SCENARIOS 1.Broadcast message – one destination monitors authenticity 2. Heavy load – selective authentication 3. SporadicAuthentication of computer program 4. Secrecy Unimportant 5. Separation of authentication and confidentiality - flexible 6. Prolong protection against modification

14 14 BASIC USES OF HASH FUNCTION

15 15 BASIC USES OF HASH FUNCTION

16 16 HASH FUNCTIONS HASH FUNCTIONS variable size  fixed size variable size  fixed size M  H(M) M  H(M)  M|H(M) (error detection)  M|H(M) (error detection) Fig 11.5 – Table 11-3 Fig 11.5 – Table 11-3 (b) and (c) require less computation (b) and (c) require less computation (e) - no encryption (e) - no encryption

17 17 FOR AUTHENTICATION: COMPARE HASH WITH ENCRYPTION FOR AUTHENTICATION: COMPARE HASH WITH ENCRYPTION Encryption is: Slow Costly in hardware Optimised for large data blocks Patented Export control

18 18 MAC MAC MAC = C K (M) many-to-one, domain is arbitrary length many-to-one, domain is arbitrary lengthAttack: MAC collisions : 2 k keys, 2 n MACs, 2 n < 2 k MAC collisions : 2 k keys, 2 n MACs, 2 n < 2 k Many keys for one MAC : opponent cannot choose Opponent must iterate attack for many MACs: Round 1 : 2 k-n keys Round 1 : 2 k-n keys Round 2 : 2 k-2n keys Round 2 : 2 k-2n keys............ Round r : 1 key Round r : 1 key

19 19 MAC PROPERTIES MAC PROPERTIES 1.Given M and C K (M), too much work to construct M’ such that, too much work to construct M’ such that, C K (M’) = C K (M) C K (M’) = C K (M) 2. C K (M) uniformly distributed: pr(C K (M) = C K (M’)) = 2 -n pr(C K (M) = C K (M’)) = 2 -n

20 20 DATA AUTHENTICATION ALGORITHM (CBC Mode)

21 21 HASH FUNCTIONS HASH FUNCTIONS h = H(x) - file fingerprint Properties: 1. Any size input 1. Any size input 2. Fixed-size output 2. Fixed-size output 3. H(x) easy to compute 3. H(x) easy to compute 4. Infeasible to compute x given h – (one-way) – 2 n 4. Infeasible to compute x given h – (one-way) – 2 n 5. (Weak Collision Resistance) – 2 n 5. (Weak Collision Resistance) – 2 n Given x, infeasible to compute y not equal to x such that, H(y) = H(x) - prevents forgery Given x, infeasible to compute y not equal to x such that, H(y) = H(x) - prevents forgery 6. (Strong Collision Resistance) – 2 n/2 6. (Strong Collision Resistance) – 2 n/2 Infeasible to find (x,y) such that H(x) = H(y) Infeasible to find (x,y) such that H(x) = H(y) - Birthday Attack - Birthday Attack

22 22 BIRTHDAY ATTACK BIRTHDAY ATTACK Given M, find M’ such that H(M’) = H(M) Given M, find M’ such that H(M’) = H(M) ~ 2 n-1 hashes ~ 2 n-1 hashes But (Fig 11.5c), Prepare 2 n/2 variations of MPrepare 2 n/2 variations of M Prepare 2 n/2 variations of M’Prepare 2 n/2 variations of M’ Search for H(M) = H(M’)Search for H(M) = H(M’) Pr(success) > 0.5 using 2 n/2 hashes Pr(success) > 0.5 using 2 n/2 hashes A signs M  H(M) A signs M  H(M) Opponent substitutes M’ for M Opponent substitutes M’ for M A encrypts M’|H(M) A encrypts M’|H(M)

23 23 MEET-IN-THE-MIDDLE ATTACK MEET-IN-THE-MIDDLE ATTACK Block ChainingBlock Chaining Given M = M 1 | M 2 | ………| M N Given M = M 1 | M 2 | ………| M N H 0 = init H 0 = init H i = E M i [H i-1 ] H i = E M i [H i-1 ] G = H N G = H N Opponent has M and encrypted signature, G Opponent has M and encrypted signature, G Construct arbitrary messageConstruct arbitrary message Q 1 | Q 2 | …….| Q N-2 Q 1 | Q 2 | …….| Q N-2 Compute H i = E Qi [H i-1 ] up to H N-2Compute H i = E Qi [H i-1 ] up to H N-2 Find X,Y such that E X [H N-2 ] = D Y [G] (prob 2 n/2 )Find X,Y such that E X [H N-2 ] = D Y [G] (prob 2 n/2 ) Construct Q 1 | Q 2 | ….| Q N-2 | X | Y = M’Construct Q 1 | Q 2 | ….| Q N-2 | X | Y = M’ Substitute M’ for MSubstitute M’ for M

24 24 BRUTE-FORCE ATTACKS BRUTE-FORCE ATTACKS Hash : 2 n/2 Hash : 2 n/2 MAC : min(2 k,2 n ) MAC : min(2 k,2 n ) - like symmetric encryp. - like symmetric encryp.

25 25 SECURE HASH CODE If compression function collision-resistant then so is iterated hash function

26 26 THE BIRTHDAY PARADOX

Download ppt "MESSAGE AUTHENTICATION and HASH FUNCTIONS - Chapter 11 MESSAGE AUTHENTICATION and HASH FUNCTIONS - Chapter 11 Masquerade – message insertion, fraud, ACK."

Similar presentations

Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
Fall 2008CS 334: Computer Security1 Crypto Conclusion Message Authentication Codes Key Management.

Fall 2008CS 334: Computer Security1 Crypto Conclusion Message Authentication Codes Key Management.
Message Authentication and Hash functions

Message Authentication and Hash functions
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Authentication & MD5 Jen-Chang Liu, Fall 2005 Adapted from lecture slides by Lawrie Brown.

Authentication & MD5 Jen-Chang Liu, Fall 2005 Adapted from lecture slides by Lawrie Brown.
Information Security and Management 11

Information Security and Management 11
Cryptography and Network Security Chapter 11. Chapter 11 – Message Authentication and Hash Functions At cats' green on the Sunday he took the message.

Cryptography and Network Security Chapter 11. Chapter 11 – Message Authentication and Hash Functions At cats' green on the Sunday he took the message.
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Authentication & digital signature Jen-Chang Liu Adapted from lecture slides by Lawrie Brown.

Authentication & digital signature Jen-Chang Liu Adapted from lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.

Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.

1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS
Network Security Essentials Fifth Edition by William Stallings Fifth Edition by William Stallings.

Network Security Essentials Fifth Edition by William Stallings Fifth Edition by William Stallings.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture 2: Message Authentication Anish Arora CSE5473 Introduction to Network Security.

Lecture 2: Message Authentication Anish Arora CSE5473 Introduction to Network Security.

Similar presentations

Ads by Google