ECE 646 Lecture 11. Hash functions & MACs. Digital Signature. message. hash. function. Alice. Bob. Alice s public key. Alice s private key

Size: px
Start display at page:

Download "ECE 646 Lecture 11. Hash functions & MACs. Digital Signature. message. hash. function. Alice. Bob. Alice s public key. Alice s private key"

Transcription

1 ECE 646 Lecture 11 Hash functions & MACs Digital Signature Alice Message Signature Message Signature Bob Hash function Hash function Hash value Public key algorithm yes Hash value 1 Hash value 2 no Public key algorithm Alice s private key Alice s public key Hash function arbitrary length m h message hash function h(m) hash value fixed length 1

2 Vocabulary hash function message digest hash value message digest hash total fingerprint imprint cryptographic checksum compressed encoding MDC, Message Digest Code Hash functions Basic requirements 1. Public description, NO key 2. Compression arbitrary length input fixed length output 3. Ease of computation 1. Preimage resistance Hash functions Security requirements It is computationally infeasible Given y To Find x, such that h(x) = y 2. 2nd preimage resistance x and y=h(x) x x, such that h(x ) = h(x) = y 3. Collision resistance x x, such that h(x ) = h(x) 2

3 Hash functions Dependence between requirements 2nd preimage resistant collision resistant Hash functions (unkeyed) One-Way Hash Functions OWHF Collision-Resistant Hash Functions CRHF preimage resistance 2nd preimage resistance collision resistance Given y Brute force attack against One-Way Hash Function m i h i=1..2 n 2 n messages with the contents required by the forger? h(m i ) = y n - bits 3

4 Creating multiple versions of the required message I state confirm thereby - that I borrowed received $10,000 ten thousand dollars from Mr. Dr. Kris Krzysztof Gaj on November 19, 11 / 19 / This money sum of money should is required to by the be returned given back 27 th 28 th day of November Nov. to Mr. Dr. Gaj Brute force attack against Collision Resistant Hash Function Yuval r messages acceptable for the signer m i h h(m i ) i=1..r r messages required by the forger m j h h(m j ) j=1..r n - bits h(m i ) = h(m j ) n - bits Message required by the forger I state confirm thereby - that I borrowed received $10,000 ten thousand dollars from Mr. Dr. Kris Krzysztof Gaj on November 19, 11 / 19 / This money sum of money should is required to by the be returned given back 27 th 28 th day of November Nov. to Mr. Dr. Gaj 4

5 Message acceptable for the signer I state confirm thereby - that on November 19, 11 / 19 / 2008 I borrowed received from Mr. Dr. Kris Krzysztof a book manuscript on implementing hash functions. factoring using Number Field Sieve. This text item should is required to be returned given back to Mr. Dr. Gaj by the 27 th 28 th day of November Nov Birthday paradox How many students must be in a class so that there is a greater than 50% chance that 1. one of the students shares the teacher s birthday (up to the day and month)? 2. any two of the students share the same birthday (up to the day and month)? Birthday paradox How many students must be in a class so that there is a greater than 50% chance that 1. one of the students shares the teacher s birthday (day and month)? ~ 366/2 = any two of the students share the same birthday (day and month)? ~

6 Brute force attack against Collision Resistant Hash Function Probability p that two different messages have the same hash value: p = 1 exp ( r2 2 n ) For r = 2 n/2 p = 63% Brute force attack against Collision Resistant Hash Function Storage requirements J.J. Quisquater collision search algorithm Number of operations: 2 /2 2 n/ n/2 Storage: Negligible Hash value size One-Way Collision-Resistant Older algorithms: n 64 n bytes 16 bytes Current algorithms: n 80 n bytes 20 bytes Newly proposed algorithms: n = 128, 192, , 24, 32 bytes n = 256, 384, , 48, 64 bytes 6

7 Hash function algorithms Customized (dedicated) Based on block ciphers Based on modular arithmetic MD2 Rivest 1988 MD4 Rivest 1990 MDC-2 MDC-4 IBM, Brachtl, Meyer, Schilling, 1988 MASH MD5 Rivest 1990 SHA-0 NSA, 1992 SHA-1 NSA, 1995 RIPEMD European RACE Integrity Primitives Evaluation Project, 1992 RIPEMD-160 SHA-256, SHA-384, SHA-512 NSA, 2000 Attacks against dedicated hash functions known by 2004 MD2 MD4 partially broken broken, H. Dobbertin, 1995 (one hour on PC, 20 free bytes at the start of the message) MD5 partially broken, collisions for the compression function, Dobbertin, 1996 (10 hours on PC) SHA-0 SHA-1 weakness discovered, 1995 NSA, 1998 France RIPEMD RIPEMD-160 reduced round version broken, Dobbertin 1995 SHA-256, SHA-384, SHA-512 What was discovered in ? MD4 broken; Wang, Feng, Lai, Yu, Crypto 2004 (manually, without using a computer) MD5 broken; Wang, Feng, Lai, Yu Crypto 2004 (1 hr on a PC) SHA-0 SHA-1 attack with 2 40 operations Crypto 2004 attack with 2 63 operations Wang, Yin, Yu, Aug 2005 SHA-256, SHA-384, SHA-512 RIPEMD RIPEMD-160 broken; Wang, Feng, Lai, Yu, Crypto 2004 (manully, without using a computer) 7

8 In hardware: 2 63 operations Schneier, 2005 Machine similar to the one used to break DES: Cost = $50,000-$70,000 or Cost = $0.9-$1.26M In software: Time: 18 days Time: 24 hours Computer network similar to distributed.net used to break DES (~331,252 computers) : Cost = ~ $0 Time: 7 months Recommendations of NIST (1) NIST Brief Comments on Recent Cryptanalytic Attacks on SHA-1 Feb 2005 The new attack is applicable primarily to the use of hash functions in digital signatures. In many cases applications of digital signatures introduce additional context information, which may make attacks impracticle. Other applications of hash functions, such as Message Authentication Codes (MACs), are not threatened by the new attacks. Recommendations of NIST (2) NIST was already earlier planning to withdraw SHA-1 in favor of SHA-224, SHA-256, SHA-384 & SHA-512 do roku 2010 New implementations should use new hash functions. NIST encourages government agancies to develop plans for gradually moving towards new hash functions, taking into account the sensitivity of the systems when setting the timetables. 8

9 SHA-3 Contest Timeline 2007 publication of requirements 29.X. 2007: request for candidates X.2008: deadline for submitting candidates Q first workshop devoted to the presentation of candidates Q: second workshop devoted to the analysis of candidates 3 Q: selection of finalists Q: last workshop 2 Q: selection of the winner 3 Q: draft version of the standard published 4 Q: final version of the standard published 1. Digital Signatures Advantages 1. Shorter signature Hash functions Applications (1) 2. Much faster computations 3. Larger resistance to manipulation (one block instead of several blocks of signature) 4. Resistance to the multiplicative attacks 5. Avoids problems with different sizes of the sender and the receiver moduli Hash functions Applications (2) 2. Fingerprint of a program or a document (e.g., to detect a modification by a virus or an intruder) program hash fingerprint =? safe place original_fingerprint 9

10 3. Storing passwords Hash functions Applications (3) password hash hash(password) Instead of: ID, password System stores: ID, hash(password) UNIX password scheme password DES salt password password DES salt.... DES salt hash(password, salt) ID, salt, hash(password, salt) salt modifies the expansion function E of DES 4. Fast encryption Hash functions Applications (4) PRNG k i m i c i k 0 = hash(k AB IV ) k 1 = hash(k AB k 0 ) k n = hash(k AB k n-1 ) or k 0 = hash(k AB IV) k 1 = hash(k AB c 0 ) k n = hash(k AB c n-1 ) 10

11 General scheme for constructing a secure hash function Message m Padding, appending bit length, M M 1 M 2... M t IV H 0 H 1 H 2 f f... H t g h(m) compression function output transformation General scheme for constructing a secure hash function Compression function H i-1 n Entire hash M i f r n H i In SHA-1 n=160 r=512 In MD5 n=128 r=512 H 0 = IV H i = f(h i-1, M i ) h(m) = g(h t ) Hash padding 64-bits message length length of the entire message in bits All zero padding: X X X X X X Correct padding: X X X X X X

12 Parameters of dedicated hash functions name # bits of hash value # bits of message block no. of rounds (steps) speed relative to MD4 MD x MD x SHA x RIPEMD x RIPEMD x Parameters of new hash functions Features affecting security and functionality SHA-1 SHA-256 SHA-384 SHA-512 Size of hash value Complexity of the best attack Equivalently secure Skipjack AES-128 AES-192 AES-256 secret-key cipher Message size < 2 64 < 2 64 < < Parameters of new hash functions Features affecting implementation speed SHA-1 SHA-256 SHA-384 SHA-512 Message block size Number of digest rounds 12

13 Speed Hardware implementations Conceptual comparison SHA-512, SHA-384 SHA-256 SHA-1 Area Results of the prototype FPGA implementation Speed in hardware [Mbit/s] GMU, Complexity SHA-1 SHA-512 of the best attack the same as Skipjack AES-256 Hash functions 10 years ago Present U.S. Governemnt standards: SHA-1 Other popular hash functions: MD5, RIPEMD Security status: MD4 broken (1995) SHA-1 replaced SHA-0 (1995) MD5 partially broken (collisions in compression function, 1996) U.S. Governemnt standards: SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 Other popular hash functions: Whirlpool winner of NESSIE Security status: MD5 broken (1 hr on PC) SHA-0 broken RIPEMD broken (without a need for computer) SHA-1 practically broken, best attack 2 63 operations only 128 x more than breaking DES 13

14 Hash functions Timeline U.S. Government standards: II SHA-1 FIPS 180 FIPS SHA-256, 384, 512 FIPS SHA-224 FIPS II Contests: I XII SHA-256, SHA-384, SHA-512, NESSIE Whirlpool Attacks: MD5 collisions for compression function, 10 hrs on PC VIII SHA-0 attack with 2 61 operations VIII broken: MD4, MD5, SHA-0, RIPEMD II-VIII attack on SHA operacji Alice Message Authentication MAC Message Bob MAC K AB Secret key of Alice and Bob Secret key algorithm K AB Secret key of Alice and Bob Secret key algorithm MAC yes MAC no MAC - Message Autentication Codes (keyed hash functions) arbitrary length m message secret key K MAC function MAC fixed length 14

15 MAC functions Basic requirements 1. Public description, SECRET key parameter 2. Compression arbitrary length input fixed length output 3. Ease of computation Given zero or more pairs MAC functions Security requirements m i, MAC K (m i ) i = 1..k it is computationally impossible to find any new pair m, MAC K (m ) Such that m m i i = 1..k MAC functions Security requirements Resistance against 1. Known-text attack 2. Chosen-text attack 3. Adaptive chosen-text attack 15

16 m 1 CBC-MAC (1) m 2 m t 0 H t E E E K H K K t H 1 H 2 MAC K D FIPS-113 K E MAC CBC-MAC (1) H 0 = IV = 0 H i = DES K (m i H i-1 ) i = 1..t MAC(m) = H t [1..32] or MAC(m) = E K (E K -1 (H t ))[1..32] MAC functions Based on block ciphers Based on hash functions Dedicated Based on stream ciphers CBC-MAC CFB-MAC RIPE-MAC HMAC MD5-MAC MAA CRC-MAC 16

17 CMAC RIPE-MAC H 0 = IV = 0 H i = DES K (m i H i-1 ) m i i = 1..t MAC(m) = E K (E K -1 (H t ))[0..31] K = K 0xf0f0 f0 HMAC Bellare, Canetti, Krawczyk, 1996 Used in SSL and IPSec HMAC(m) = h(k ipad h(k opad m)) ipad, opad - constant padding strings of the length of the message block size in the hash function h ipad = repetitions of 0x36 = opad = repetitions of 0x5A =

18 KEY opad = KEY HMAC message m KEY ipad = KEY h American standard FIPS 198 Arbitrary hash function and key size h HMAC Message Authentication Codes - MACs 10 years ago Present U.S. Government standards: U.S. Government standards: MAC (DAC) based on DES (since 1985) MAC (DAC) based on DES HMAC based on hash functions used in SSL and IPSec CMAC block cipher mode (AES, Triple DES, Skipjack) Number of certified implementations: MAC (DAC): 34 ( ) Other MACs in use: RIPE-MAC3, CRC-MAC, MAA Number of certified implementations: HMAC: 173 (XII IV. 2006) Other MACs in use: UMAC, TTMAC, EMAC winners of the NESSIE contest NESSIE: Winners of the contest: 2002 Message Authentication Codes, MACs Security level Key size Output width Name high normal Origin UMAC UC Davis 2. TTMAC K.U. Leuven 3. EMAC U. of Toronto 4. HMAC NIST & NSA 32 k 32 k 18

19 Message Authentication Codes Timeline U.S. standards: MAC (DAC) V FIPS 113 (based on DES) HMAC FIPS 198 (based on hash functions) CMAC SP C III V Contests: Attacks: NESSIE 2002 Contest winners: UMAC, TTMAC, EMAC RMAC practical attack against MAC proposed by NIST and based on Triple DES

ECE 646 Lecture 12. Hash functions & MACs. Digital Signature. Required Reading. Recommended Reading. m message. hash function hash value.

ECE 646 Lecture 12. Hash functions & MACs. Digital Signature. Required Reading. Recommended Reading. m message. hash function hash value. ECE 646 Lecture 12 Required Reading W. Stallings, "Cryptography and Network-Security, Chapter 11 Cryptographic Hash Functions & MACs Appendix 11A Mathematical Basis of Birthday Attack Chapter 12 Message

More information

Hash functions & MACs

Hash functions & MACs ECE 646 Lecture 11 Hash functions & MACs Required Reading W. Stallings, "Cryptography and Network-Security, Chapter 11 Cryptographic Hash Functions Appendix 11A Mathematical Basis of Birthday Attack Chapter

More information

ECE 646 Lecture 11. Hash functions & MACs. Digital Signature. Vocabulary. hash value message digest hash total. m message.

ECE 646 Lecture 11. Hash functions & MACs. Digital Signature. Vocabulary. hash value message digest hash total. m message. ECE 646 Lecture 11 Alice Message Digital Signature Signature Message Signature Bob & s Has Has Has value 1 Has value yes no Public key algoritm Has value 2 Public key algoritm Alice s private key Alice

More information

ECE 646 Lecture 11. Hash functions & MACs. Digital Signature. Required Reading. Recommended Reading. m message. hash function hash value

ECE 646 Lecture 11. Hash functions & MACs. Digital Signature. Required Reading. Recommended Reading. m message. hash function hash value ECE 646 Lecture 11 Required Reading W. Stallings, "Cryptograpy and Network-Security, Capter 11 Cryptograpic Has Functions & s Appendix 11A Matematical Basis of Birtday Attack Capter 12 Autentication Codes

More information

Cryptography. Summer Term 2010

Cryptography. Summer Term 2010 Summer Term 2010 Chapter 2: Hash Functions Contents Definition and basic properties Basic design principles and SHA-1 The SHA-3 competition 2 Contents Definition and basic properties Basic design principles

More information

A hash function is strongly collision-free if it is computationally infeasible to find different messages M and M such that H(M) = H(M ).

A hash function is strongly collision-free if it is computationally infeasible to find different messages M and M such that H(M) = H(M ). CA4005: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 5 5.1 A hash function is an efficient function mapping binary strings of arbitrary length to binary strings of fixed length (e.g. 128 bits), called the hash-value

More information

Cryptographic Hash Functions. Rocky K. C. Chang, February 5, 2015

Cryptographic Hash Functions. Rocky K. C. Chang, February 5, 2015 Cryptographic Hash Functions Rocky K. C. Chang, February 5, 2015 1 This set of slides addresses 2 Outline Cryptographic hash functions Unkeyed and keyed hash functions Security of cryptographic hash functions

More information

Cryptographic Hash Functions

Cryptographic Hash Functions Cryptographic Hash Functions Çetin Kaya Koç koc@cs.ucsb.edu Çetin Kaya Koç http://koclab.org Winter 2017 1 / 34 Cryptographic Hash Functions A hash function provides message integrity and authentication

More information

CSCE 715: Network Systems Security

CSCE 715: Network Systems Security CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Next Topic in Cryptographic Tools Symmetric key encryption Asymmetric key encryption Hash functions and

More information

Lecture 4: Hashes and Message Digests,

Lecture 4: Hashes and Message Digests, T-79.159 Cryptography and Data Security Lecture 4: Hashes and Message Digests Helsinki University of Technology mjos@tcs.hut.fi 1 Cryptographic hash functions Maps a message M (a bit string of arbitrary

More information

Lecture 5. Cryptographic Hash Functions. Read: Chapter 5 in KPS

Lecture 5. Cryptographic Hash Functions. Read: Chapter 5 in KPS Lecture 5 Cryptographic Hash Functions Read: Chapter 5 in KPS 1 Purpose CHF one of the most important tools in modern cryptography and security CHF-s are used for many authentication, integrity, digital

More information

A hash function is strongly collision-free if it is computationally infeasible to find different messages M and M such that H(M) = H(M ).

A hash function is strongly collision-free if it is computationally infeasible to find different messages M and M such that H(M) = H(M ). CA642: CRYPTOGRAPHY AND NUMBER THEORY 1 8 Hash Functions 8.1 Hash Functions Hash Functions A hash function is an efficient function mapping binary strings of arbitrary length to binary strings of fixed

More information

CS408 Cryptography & Internet Security

CS408 Cryptography & Internet Security CS408 Cryptography & Internet Security Lecture 18: Cryptographic hash functions, Message authentication codes Functions Definition Given two sets, X and Y, a function f : X Y (from set X to set Y), is

More information

Data Integrity & Authentication. Message Authentication Codes (MACs)

Data Integrity & Authentication. Message Authentication Codes (MACs) Data Integrity & Authentication Message Authentication Codes (MACs) Goal Ensure integrity of messages, even in presence of an active adversary who sends own messages. Alice (sender) Bob (receiver) Fran

More information

Data Integrity & Authentication. Message Authentication Codes (MACs)

Data Integrity & Authentication. Message Authentication Codes (MACs) Data Integrity & Authentication Message Authentication Codes (MACs) Goal Ensure integrity of messages, even in presence of an active adversary who sends own messages. Alice (sender) Bob (reciever) Fran

More information

Lecture 5. Cryptographic Hash Functions. Read: Chapter 5 in KPS

Lecture 5. Cryptographic Hash Functions. Read: Chapter 5 in KPS Lecture 5 Cryptographic Hash Functions Read: Chapter 5 in KPS 1 Purpose CHF one of the most important tools in modern cryptography and security In crypto, CHF instantiates a Random Oracle paradigm In security,

More information

Spring 2010: CS419 Computer Security

Spring 2010: CS419 Computer Security Spring 2010: CS419 Computer Security MAC, HMAC, Hash functions and DSA Vinod Ganapathy Lecture 6 Message Authentication message authentication is concerned with: protecting the integrity of a message validating

More information

Message Authentication Codes and Cryptographic Hash Functions

Message Authentication Codes and Cryptographic Hash Functions Message Authentication Codes and Cryptographic Hash Functions Readings Sections 2.6, 4.3, 5.1, 5.2, 5.4, 5.6, 5.7 1 Secret Key Cryptography: Insecure Channels and Media Confidentiality Using a secret key

More information

ENEE 459-C Computer Security. Message authentication

ENEE 459-C Computer Security. Message authentication ENEE 459-C Computer Security Message authentication Data Integrity and Source Authentication Encryption does not protect data from modification by another party. Why? Need a way to ensure that data arrives

More information

Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms

Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of

More information

Data Integrity. Modified by: Dr. Ramzi Saifan

Data Integrity. Modified by: Dr. Ramzi Saifan Data Integrity Modified by: Dr. Ramzi Saifan Encryption/Decryption Provides message confidentiality. Does it provide message authentication? 2 Message Authentication Bob receives a message m from Alice,

More information

Lecture 1 Applied Cryptography (Part 1)

Lecture 1 Applied Cryptography (Part 1) Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication

More information

CS-E4320 Cryptography and Data Security Lecture 5: Hash Functions

CS-E4320 Cryptography and Data Security Lecture 5: Hash Functions Lecture 5: Hash Functions Céline Blondeau Email: celine.blondeau@aalto.fi Department of Computer Science Aalto University, School of Science Hash Functions Birthday Paradox Design of Hash Functions SHA-3

More information

CS 645 : Lecture 6 Hashes, HMAC, and Authentication. Rachel Greenstadt May 16, 2012

CS 645 : Lecture 6 Hashes, HMAC, and Authentication. Rachel Greenstadt May 16, 2012 CS 645 : Lecture 6 Hashes, HMAC, and Authentication Rachel Greenstadt May 16, 2012 Reminders Graded midterm, available on bbvista Project 3 out (crypto) Hash Functions MAC HMAC Authenticating SSL Man-in-the-middle

More information

Network and System Security

Network and System Security Network and System Security Lecture 5 2/12/2013 Hashes and Message Digests Mohammad Almalag 1 Overview 1. What is a cryptographic hash? 2. How are hashes used? 3. One-Way Functions 4. Birthday Problem

More information

Hashes, MACs & Passwords. Tom Chothia Computer Security Lecture 5

Hashes, MACs & Passwords. Tom Chothia Computer Security Lecture 5 Hashes, MACs & Passwords Tom Chothia Computer Security Lecture 5 Today s Lecture Hashes and Message Authentication Codes Properties of Hashes and MACs CBC-MAC, MAC -> HASH (slow), SHA1, SHA2, SHA3 HASH

More information

Jaap van Ginkel Security of Systems and Networks

Jaap van Ginkel Security of Systems and Networks Jaap van Ginkel Security of Systems and Networks November 17, 2016 Part 3 Modern Crypto SSN Modern Cryptography Hashes MD5 SHA Secret key cryptography AES Public key cryptography DES Presentations Minimum

More information

Hardware Architectures

Hardware Architectures Hardware Architectures Secret-key Cryptography Public-key Cryptography Cryptanalysis AES & AES candidates estream candidates Hash Functions SHA-3 Montgomery Multipliers ECC cryptosystems Pairing-based

More information

CSE 127: Computer Security Cryptography. Kirill Levchenko

CSE 127: Computer Security Cryptography. Kirill Levchenko CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified

More information

Cryptographic Hash Functions

Cryptographic Hash Functions ECE458 Winter 2013 Cryptographic Hash Functions Dan Boneh (Mods by Vijay Ganesh) Previous Lectures: What we have covered so far in cryptography! One-time Pad! Definition of perfect security! Block and

More information

Outline. Hash Function. Length of Hash Image. AIT 682: Network and Systems Security. Hash Function Properties. Question

Outline. Hash Function. Length of Hash Image. AIT 682: Network and Systems Security. Hash Function Properties. Question Hash function lengths Outline AIT 682: Network and Systems Security Topic 4. Cryptographic Hash Functions Instructor: Dr. Kun Sun Hash function applications MD5 standard SHA-1 standard Hashed Message Authentication

More information

Outline. AIT 682: Network and Systems Security. Hash Function Properties. Topic 4. Cryptographic Hash Functions. Instructor: Dr.

Outline. AIT 682: Network and Systems Security. Hash Function Properties. Topic 4. Cryptographic Hash Functions. Instructor: Dr. AIT 682: Network and Systems Security Topic 4. Cryptographic Hash Functions Instructor: Dr. Kun Sun Hash function lengths Outline Hash function applications MD5 standard SHA-1 standard Hashed Message Authentication

More information

ECE 646 Lecture 8. Modes of operation of block ciphers

ECE 646 Lecture 8. Modes of operation of block ciphers ECE 646 Lecture 8 Modes of operation of block ciphers Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5 th and 6 th Edition, Chapter 6 Block Cipher Operation II. A. Menezes, P.

More information

Cryptographic Hash Functions. William R. Speirs

Cryptographic Hash Functions. William R. Speirs Cryptographic Hash Functions William R. Speirs What is a hash function? Compression: A function that maps arbitrarily long binary strings to fixed length binary strings Ease of Computation: Given a hash

More information

Integrity of messages

Integrity of messages Lecturers: Mark D. Ryan and David Galindo. Cryptography 2016. Slide: 106 Integrity of messages Goal: Ensure change of message by attacker can be detected Key tool: Cryptographic hash function Definition

More information

COMP4109 : Applied Cryptography

COMP4109 : Applied Cryptography COMP4109 : Applied Cryptography Fall 2013 M. Jason Hinek Carleton University Applied Cryptography Day 2 information security cryptographic primitives unkeyed primitives NSA... one-way functions hash functions

More information

CSCI 454/554 Computer and Network Security. Topic 4. Cryptographic Hash Functions

CSCI 454/554 Computer and Network Security. Topic 4. Cryptographic Hash Functions CSCI 454/554 Computer and Network Security Topic 4. Cryptographic Hash Functions Hash function lengths Outline Hash function applications MD5 standard SHA-1 standard Hashed Message Authentication Code

More information

Hash Function. Guido Bertoni Luca Breveglieri. Fundations of Cryptography - hash function pp. 1 / 18

Hash Function. Guido Bertoni Luca Breveglieri. Fundations of Cryptography - hash function pp. 1 / 18 Hash Function Guido Bertoni Luca Breveglieri Fundations of Cryptography - hash function pp. 1 / 18 Definition a hash function H is defined as follows: H : msg space digest space the msg space is the set

More information

Chapter 11 Message Integrity and Message Authentication

Chapter 11 Message Integrity and Message Authentication Chapter 11 Message Integrity and Message Authentication Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 11.1 Chapter 11 Objectives To define message integrity

More information

Introduction to Software Security Hash Functions (Chapter 5)

Introduction to Software Security Hash Functions (Chapter 5) Introduction to Software Security Hash Functions (Chapter 5) Seong-je Cho Spring 2018 Computer Security & Operating Systems Lab, DKU Sources / References Textbook, Chapter 5. An Illustrated Guide to Cryptographic

More information

Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes

Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes CSE 484 / CSE M 584: Computer Security and Privacy Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes Spring 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu

More information

S. Erfani, ECE Dept., University of Windsor Network Security

S. Erfani, ECE Dept., University of Windsor Network Security 4.11 Data Integrity and Authentication It was mentioned earlier in this chapter that integrity and protection security services are needed to protect against active attacks, such as falsification of data

More information

Computer Security Spring Hashes & Macs. Aggelos Kiayias University of Connecticut

Computer Security Spring Hashes & Macs. Aggelos Kiayias University of Connecticut Computer Security Spring 2008 Hashes & Macs Aggelos Kiayias University of Connecticut What is a hash function? A way to produce the fingerprint of a file what are the required properties: 1. Efficiency.

More information

P2_L8 - Hashes Page 1

P2_L8 - Hashes Page 1 P2_L8 - Hashes Page 1 Reference: Computer Security by Stallings and Brown, Chapter 21 In this lesson, we will first introduce the birthday paradox and apply it to decide the length of hash, in order to

More information

Cryptography and Network Security Chapter 12. Message Authentication. Message Security Requirements. Public Key Message Encryption

Cryptography and Network Security Chapter 12. Message Authentication. Message Security Requirements. Public Key Message Encryption Cryptography and Network Security Chapter 12 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 12 Message Authentication Codes At cats' green on the Sunday he took the message from

More information

Cryptographic hash functions and MACs

Cryptographic hash functions and MACs Cryptographic hash functions and MACs Myrto Arapinis School of Informatics University of Edinburgh October 05, 2017 1 / 21 Introduction Encryption confidentiality against eavesdropping 2 / 21 Introduction

More information

Lecture 1: Course Introduction

Lecture 1: Course Introduction Lecture 1: Course Introduction Thomas Johansson T. Johansson (Lund University) 1 / 37 Chapter 9: Symmetric Key Distribution To understand the problems associated with managing and distributing secret keys.

More information

Message authentication codes

Message authentication codes Message authentication codes Martin Stanek Department of Computer Science Comenius University stanek@dcs.fmph.uniba.sk Cryptology 1 (2017/18) Content Introduction security of MAC Constructions block cipher

More information

Encryption. INST 346, Section 0201 April 3, 2018

Encryption. INST 346, Section 0201 April 3, 2018 Encryption INST 346, Section 0201 April 3, 2018 Goals for Today Symmetric Key Encryption Public Key Encryption Certificate Authorities Secure Sockets Layer Simple encryption scheme substitution cipher:

More information

Network Security. Cryptographic Hash Functions Add-on. Benjamin s slides are authoritative. Chair for Network Architectures and Services

Network Security. Cryptographic Hash Functions Add-on. Benjamin s slides are authoritative. Chair for Network Architectures and Services Chair for Network Architectures and Services Technische Universität München Network Security Cryptographic Hash Functions Add-on Benjamin s slides are authoritative Motivation (1) Common practice in data

More information

Lecture 4: Authentication and Hashing

Lecture 4: Authentication and Hashing Lecture 4: Authentication and Hashing Introduction to Modern Cryptography 1 Benny Applebaum Tel-Aviv University Fall Semester, 2011 12 1 These slides are based on Benny Chor s slides. Some Changes in Grading

More information

Introduction to Cryptography. Lecture 6

Introduction to Cryptography. Lecture 6 Introduction to Cryptography Lecture 6 Benny Pinkas page 1 1 Data Integrity, Message Authentication Risk: an active adversary might change messages exchanged between Alice and Bob M Alice M M M Bob Eve

More information

Winter 2011 Josh Benaloh Brian LaMacchia

Winter 2011 Josh Benaloh Brian LaMacchia Winter 2011 Josh Benaloh Brian LaMacchia Symmetric Cryptography January 20, 2011 Practical Aspects of Modern Cryptography 2 Agenda Symmetric key ciphers Stream ciphers Block ciphers Cryptographic hash

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown Chapter 12 Hash Algorithms Each of the messages, like each one he had ever read of Stern's commands,

More information

COMP4109 : Applied Cryptography

COMP4109 : Applied Cryptography COMP4109 : Applied Cryptography Fall 2013 M. Jason Hinek Carleton University Applied Cryptography Day 8 (and maybe 9) secret-key primitives Message Authentication Codes Pseudorandom number generators 2

More information

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis

More information

Unit III. Chapter 1: Message Authentication and Hash Functions. Overview:

Unit III. Chapter 1: Message Authentication and Hash Functions. Overview: Unit III Chapter 1: Message Authentication and Hash Functions Overview: Message authentication is a mechanism or service used to verify the integrity of a message. Message authentication assures that data

More information

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Outline Basic concepts in cryptography systems Secret key cryptography Public key cryptography Hash functions 2 Encryption/Decryption

More information

Ref:

Ref: Cryptography & digital signature Dec. 2013 Ref: http://cis.poly.edu/~ross/ 2 Cryptography Overview Symmetric Key Cryptography Public Key Cryptography Message integrity and digital signatures References:

More information

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.). Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 2 M.M:50 The question paper contains 40 multiple choice questions with four choices and students will have to pick the

More information

APNIC elearning: Cryptography Basics

APNIC elearning: Cryptography Basics APNIC elearning: Cryptography Basics 27 MAY 2015 03:00 PM AEST Brisbane (UTC+10) Issue Date: Revision: Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security

More information

CSC574: Computer & Network Security

CSC574: Computer & Network Security CSC574: Computer & Network Security Lecture 4 Prof. William Enck Spring 2016 (Derived from slides by Micah Sherr, Patrick McDaniel, and Peng Ning) Announcements Homework 2, assigned. Due Friday, January

More information

Multiple forgery attacks against Message Authentication Codes

Multiple forgery attacks against Message Authentication Codes Multiple forgery attacks against Message Authentication Codes David A. McGrew and Scott R. Fluhrer Cisco Systems, Inc. {mcgrew,sfluhrer}@cisco.com May 31, 2005 Abstract Some message authentication codes

More information

Lecture 18 Message Integrity. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller & Bailey s ECE 422

Lecture 18 Message Integrity. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller & Bailey s ECE 422 Lecture 18 Message Integrity Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller & Bailey s ECE 422 Cryptography is the study/practice of techniques for secure communication,

More information

Encryption I. An Introduction

Encryption I. An Introduction Encryption I An Introduction Reading List ADO and SQL Server Security A Simple Guide to Cryptography Protecting Private Data with the Cryptography Namespaces Using MD5 to Encrypt Passwords in a Database

More information

e-pgpathshala Subject : Computer Science Paper: Cryptography and Network Security Module: Hash Algorithm Module No: CS/CNS/28 Quadrant 1 e-text

e-pgpathshala Subject : Computer Science Paper: Cryptography and Network Security Module: Hash Algorithm Module No: CS/CNS/28 Quadrant 1 e-text e-pgpathshala Subject : Computer Science Paper: Cryptography and Network Security Module: Hash Algorithm Module No: CS/CNS/28 Quadrant 1 e-text Cryptography and Network Security Module 28- Hash Algorithms

More information

Betriebssysteme und Sicherheit. Stefan Köpsell, Thorsten Strufe. Modul 5: Mechanismen Integrität

Betriebssysteme und Sicherheit. Stefan Köpsell, Thorsten Strufe. Modul 5: Mechanismen Integrität Betriebssysteme und Sicherheit Stefan Köpsell, Thorsten Strufe Modul 5: Mechanismen Integrität Disclaimer: large parts from Mark Manulis, Dan Boneh, Stefan Katzenbeisser Dresden, WS 17/18 Reprise from

More information

Internet Engineering Task Force (IETF) Request for Comments: Category: Informational ISSN: March 2011

Internet Engineering Task Force (IETF) Request for Comments: Category: Informational ISSN: March 2011 Internet Engineering Task Force (IETF) S. Turner Request for Comments: 6149 IECA Obsoletes: 1319 L. Chen Category: Informational NIST ISSN: 2070-1721 March 2011 Abstract MD2 to Historic Status This document

More information

Security Requirements

Security Requirements Message Authentication and Hash Functions CSCI 454/554 Security Requirements disclosure traffic analysis masquerade content modification sequence modification timing modification source repudiation destination

More information

Cryptanalysis on Hash Functions. Xiaoyun Wang Tsinghua University & Shandong University

Cryptanalysis on Hash Functions. Xiaoyun Wang Tsinghua University & Shandong University Cryptanalysis on Hash Functions Xiaoyun Wang Tsinghua University & Shandong University 05-10-2006 Outline Introduction to hash function Hash function and signature Dedicated hash function Modular differential

More information

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018 Lecture 6: Symmetric Cryptography CS 5430 February 21, 2018 The Big Picture Thus Far Attacks are perpetrated by threats that inflict harm by exploiting vulnerabilities which are controlled by countermeasures.

More information

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Chapter 8 Security A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you see the animations; and can add,

More information

CSC 5930/9010 Modern Cryptography: Cryptographic Hashing

CSC 5930/9010 Modern Cryptography: Cryptographic Hashing CSC 5930/9010 Modern Cryptography: Cryptographic Hashing Professor Henry Carter Fall 2018 Recap Message integrity guarantees that a message has not been modified by an adversary Definition requires that

More information

Stream Ciphers and Block Ciphers

Stream Ciphers and Block Ciphers Stream Ciphers and Block Ciphers Ruben Niederhagen September 18th, 2013 Introduction 2/22 Recall from last lecture: Public-key crypto: Pair of keys: public key for encryption, private key for decryption.

More information

Kurose & Ross, Chapters (5 th ed.)

Kurose & Ross, Chapters (5 th ed.) Kurose & Ross, Chapters 8.2-8.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) Addison-Wesley, April 2009. Copyright 1996-2010, J.F Kurose and

More information

CIS 4360 Secure Computer Systems Symmetric Cryptography

CIS 4360 Secure Computer Systems Symmetric Cryptography CIS 4360 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2017 Previous Class Classical Cryptography Frequency analysis Never use home-made cryptography Goals of Cryptography

More information

Computer Security: Principles and Practice

Computer Security: Principles and Practice Computer Security: Principles and Practice Chapter 2 Cryptographic Tools First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Cryptographic Tools cryptographic algorithms

More information

Symmetric Crypto MAC. Pierre-Alain Fouque

Symmetric Crypto MAC. Pierre-Alain Fouque Symmetric Crypto MAC Pierre-Alain Fouque Message Authentication Code (MAC) Warning: Encryption does not provide integrity Eg: CTR mode ensures confidentiality if the blockcipher used is secure. However,

More information

CS Computer Networks 1: Authentication

CS Computer Networks 1: Authentication CS 3251- Computer Networks 1: Authentication Professor Patrick Traynor 4/14/11 Lecture 25 Announcements Homework 3 is due next class. Submit via T-Square or in person. Project 3 has been graded. Scores

More information

Use of Embedded FPGA Resources in Implementa:ons of 14 Round 2 SHA- 3 Candidates

Use of Embedded FPGA Resources in Implementa:ons of 14 Round 2 SHA- 3 Candidates Use of Embedded FPGA Resources in Implementa:ons of 14 Round 2 SHA- 3 Candidates Kris Gaj, Rabia Shahid, Malik Umar Sharif, and Marcin Rogawski George Mason University U.S.A. Co-Authors Rabia Shahid Malik

More information

S. Erfani, ECE Dept., University of Windsor Network Security. All hash functions operate using the following general principles:

S. Erfani, ECE Dept., University of Windsor Network Security. All hash functions operate using the following general principles: 4.14 Simple Hash Functions All hash functions operate using the following general principles: a) The input string is viewed as a sequence of n-byte blocks. b) The input is processed one block at a time

More information

Message Authentication and Hash function

Message Authentication and Hash function Message Authentication and Hash function Concept and Example 1 Approaches for Message Authentication Encryption protects message against passive attack, while Message Authentication protects against active

More information

BCA III Network security and Cryptography Examination-2016 Model Paper 1

BCA III Network security and Cryptography Examination-2016 Model Paper 1 Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 1 M.M:50 The question paper contains 40 multiple choice questions with four choices and student will have to pick the correct

More information

CSC 580 Cryptography and Computer Security

CSC 580 Cryptography and Computer Security CSC 580 Cryptography and Computer Security Cryptographic Hash Functions (Chapter 11) March 22 and 27, 2018 Overview Today: Quiz (based on HW 6) Graded HW 2 due Grad/honors students: Project topic selection

More information

David Wetherall, with some slides from Radia Perlman s security lectures.

David Wetherall, with some slides from Radia Perlman s security lectures. David Wetherall, with some slides from Radia Perlman s security lectures. djw@cs.washington.edu Networks are shared: Want to secure communication between legitimate participants from others with (passive

More information

Overview. CSC 580 Cryptography and Computer Security. Hash Function Basics and Terminology. March 28, Cryptographic Hash Functions (Chapter 11)

Overview. CSC 580 Cryptography and Computer Security. Hash Function Basics and Terminology. March 28, Cryptographic Hash Functions (Chapter 11) CSC 580 Cryptography and Computer Security Cryptographic Hash Functions (Chapter 11) March 28, 2017 Overview Today: Review Homework 8 solutions Discuss cryptographic hash functions Next: Study for quiz

More information

V.Sorge/E.Ritter, Handout 6

V.Sorge/E.Ritter, Handout 6 06-20008 Cryptography The University of Birmingham Autumn Semester 2015 School of Computer Science V.Sorge/E.Ritter, 2015 Handout 6 Summary of this handout: Cryptographic Hash Functions Merkle-Damgård

More information

Hashing, One-Time Signatures, and MACs. c Eli Biham - March 21, Hashing, One-Time Signatures, and MACs

Hashing, One-Time Signatures, and MACs. c Eli Biham - March 21, Hashing, One-Time Signatures, and MACs Hashing, One-Time Signatures, and MACs c Eli Biham - March 21, 2011 159 Hashing, One-Time Signatures, and MACs Digital Signatures A signature is (according to the Miriam-Webster dictionary): 1. (a) The

More information

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018 Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect

More information

CIT 480: Securing Computer Systems. Hashes and Random Numbers

CIT 480: Securing Computer Systems. Hashes and Random Numbers CIT 480: Securing Computer Systems Hashes and Random Numbers Topics 1. Hash Functions 2. Applications of Hash Functions 3. Secure Hash Functions 4. Collision Attacks 5. Pre-Image Attacks 6. Current Hash

More information

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

ח'/סיון/תשע א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms Public Key Cryptography Kurose & Ross, Chapters 8.28.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) AddisonWesley, April 2009. Copyright 19962010,

More information

Cryptographic Hash Functions

Cryptographic Hash Functions Cryptographic Hash Functions Cryptographic Hash Functions A cryptographic hash function takes a message of arbitrary length and creates a message digest of fixed length. Iterated Hash Function A (compression)

More information

Jaap van Ginkel Security of Systems and Networks

Jaap van Ginkel Security of Systems and Networks Jaap van Ginkel Security of Systems and Networks November 5, 2012 Part 3 Modern Crypto SSN Week 2 Hashes MD5 SHA Secret key cryptography AES Public key cryptography DES Book Chapter 1 in full Chapter 2

More information

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015 Distributed Systems 26. Cryptographic Systems: An Introduction Paul Krzyzanowski Rutgers University Fall 2015 1 Cryptography Security Cryptography may be a component of a secure system Adding cryptography

More information

Symmetric, Asymmetric, and One Way Technologies

Symmetric, Asymmetric, and One Way Technologies Symmetric, Asymmetric, and One Way Technologies Crypto Basics Ed Crowley Fall 2010 1 Topics: Symmetric & Asymmetric Technologies Kerckhoff s Principle Symmetric Crypto Overview Key management problem Attributes

More information

Hashes, MACs & Passwords. Tom Chothia Computer Security Lecture 5

Hashes, MACs & Passwords. Tom Chothia Computer Security Lecture 5 Hashes, MACs & Passwords Tom Chothia Computer Security Lecture 5 Today s Lecture Hash functions: Generates a unique short code from a large file Uses of hashes MD5, SHA1, SHA2, SHA3 Message Authentication

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 14: Folklore, Course summary, Exam requirements Ion Petre Department of IT, Åbo Akademi University 1 Folklore on

More information

Demise of MD5 and SHA-1. Designing the New Hash. Stanis law Pawe l Radziszowski Department of Computer Science Rochester Institute of Technology

Demise of MD5 and SHA-1. Designing the New Hash. Stanis law Pawe l Radziszowski Department of Computer Science Rochester Institute of Technology Demise of MD5 and SHA-1 Designing the New Hash Stanis law Pawe l Radziszowski Department of Computer Science Rochester Institute of Technology August 2008 1 Abstract A hash function H : {0,1} {0,1} m produces

More information

Cryptography Functions

Cryptography Functions Cryptography Functions Lecture 3 1/29/2013 References: Chapter 2-3 Network Security: Private Communication in a Public World, Kaufman, Perlman, Speciner Types of Cryptographic Functions Secret (Symmetric)

More information

CS155. Cryptography Overview

CS155. Cryptography Overview CS155 Cryptography Overview Cryptography Is n n A tremendous tool The basis for many security mechanisms Is not n n n n The solution to all security problems Reliable unless implemented properly Reliable

More information