Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms

Transcription

1 Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science and Technology 21 September 2016 rev Egemen K. Çetinkaya

2 Data Integrity Algorithms Outline Hash algorithms (MD5 and SHA) Message authentication algorithms (MAC and HMAC) Digital signature algorithms (DSA) 21 September 2016 MST CPE 5420 Data Integrity Algorithms 2

3 Data Integrity Algorithms Hash Algorithms Hash algorithms Message authentication algorithms Digital signature algorithms 21 September 2016 MST CPE 5420 Data Integrity Algorithms 3

4 A hash function h = H(m) Hash Function Overview accepts a variable-length block of data m as input produces a fixed-size hash value h Main object of hash function is data integrity Hash determines whether or not data has changed 21 September 2016 MST CPE 5420 Data Integrity Algorithms 4

5 Hash Function Properties Easy to compute hash value for any given message Infeasible to generate message that has a given hash a data object that maps to a pre-specified hash result the one-way property Infeasible to modify message without changing hash Infeasible to find different messages with same hash two data objects that map to the same hash result the collision-free property 21 September 2016 MST CPE 5420 Data Integrity Algorithms 5

6 Hash Function Security Requirements Preimage resistant h = H(m), where m is called preimage it should be easy to generate the message it should be difficult to find message from hash value the one-way property Secondary preimage resistant given input m 1 it should be difficult to find another input m 2 such that m 1 m 2 and H(m 1 ) = H(m 2 ) also called weak collision resistant Collusion-free resistant infeasible to find (m 1, m 2 ) pair such that H(m 1 ) = H(m 2 ) also called strong collision-free resistant 21 September 2016 MST CPE 5420 Data Integrity Algorithms 6

7 Hash Algorithm General Operation Each algorithm can be described in two stages: preprocessing hash computation Preprocessing involves: padding a message parsing the padded message into m-bit blocks setting initialization values to be used in hash computation Hash computation involves: generating internal state from the padded message along with functions, constants, and word operations final hash value is used to determine the message digest 21 September 2016 MST CPE 5420 Data Integrity Algorithms 7

8 MD5 Overview MD5 is a message-digest algorithm Algorithm input is a message of arbitrary length Algorithm output is: a 128-bit fingerprint message digest MD5 was published in 1992 as RFC 1321 Attacks showed that it is not collision resistant MD6 is developed in 2008 by Rivest and his team 21 September 2016 MST CPE 5420 Data Integrity Algorithms 8

9 SHA Overview SHA: secure hash algorithm Published by NIST Evolution SHA-0: published in 1993 as SHA SHA-1: published in 1995, obsoleted in 2010, design by NSA SHA-2: published in 2001, designed by NSA SHA-3: latest draft FIPS 202 published in 2014 SHS published in FIPS SHA-2 and SHA-3 has many modes primarily depends on the digest size 21 September 2016 MST CPE 5420 Data Integrity Algorithms 9

10 SHA Modes SHA-0 SHA-1 SHA-2 SHA Digest size Message size Block size Word size No of rounds September 2016 MST CPE 5420 Data Integrity Algorithms 10

11 SHA-3 Algorithm Overview Based on KECCAK algorithm winner of NIST SHA competition Consists of: four cryptographic hash functions: SHA3-224, 256, 384, 512 two extendable-output functions: SHAKE-128, 256 Six functions share the sponge construction structure Sponge functions are a class of algorithms: with finite internal state that take an input bit stream of any length produce an output bit stream of any desired length 21 September 2016 MST CPE 5420 Data Integrity Algorithms 11

12 Data Integrity Algorithms Message Authentication Algorithms Hash algorithms Message authentication algorithms Digital signature algorithms 21 September 2016 MST CPE 5420 Data Integrity Algorithms 12

13 Message Authentication Overview Mechanism to verify the integrity of a message It ensures data is received as sent, no alterations: modification insertion deletion replay Hash function value of a message is referred a message digest or digest or fingerprint 21 September 2016 MST CPE 5420 Data Integrity Algorithms 13

14 Disclosure: Message Authentication Attacks 1 unauthorized release of message contents Traffic analysis: discovery of the pattern of traffic between parties Masquerade: insertion of messages from a fraudulent source Content modification: insertion, deletion, transposition, and modification 21 September 2016 MST CPE 5420 Data Integrity Algorithms 14

15 Message Authentication Attacks 2 Sequence modification: modification to a sequence of messages between parties Timing modification: delay or replay of messages Source repudiation: denial of transmission of message by source Destination repudiation: denial of receipt of message by destination 21 September 2016 MST CPE 5420 Data Integrity Algorithms 15

16 Message Authentication Symmetric Encryption Egemen K. Çetinkaya Services provided? 21 September 2016 MST CPE 5420 Data Integrity Algorithms 16

17 Message Authentication Symmetric Encryption Egemen K. Çetinkaya Confidentiality and authentication 21 September 2016 MST CPE 5420 Data Integrity Algorithms 17

18 Message Authentication Public-key Encryption Egemen K. Çetinkaya Services provided? 21 September 2016 MST CPE 5420 Data Integrity Algorithms 18

19 Message Authentication Public-key Encryption Egemen K. Çetinkaya Confidentiality and destination repudiation 21 September 2016 MST CPE 5420 Data Integrity Algorithms 19

20 Message Authentication Public-key Encryption Egemen K. Çetinkaya Services provided? 21 September 2016 MST CPE 5420 Data Integrity Algorithms 20

21 Message Authentication Public-key Encryption Egemen K. Çetinkaya Authentication and source repudiation 21 September 2016 MST CPE 5420 Data Integrity Algorithms 21

22 Message Authentication Public-key Encryption Egemen K. Çetinkaya Services provided? 21 September 2016 MST CPE 5420 Data Integrity Algorithms 22

23 Message Authentication Public-key Encryption Egemen K. Çetinkaya Confidentiality, authentication, and non-repudiation 21 September 2016 MST CPE 5420 Data Integrity Algorithms 23

24 Message Authentication Code Overview Message authentication is achieved using a message authentication code (MAC) also known as a keyed hash function Typically, MACs are used between two parties that share a secret key to authenticate information exchange A MAC function: MAC = C(K, M) takes input: a secret key and a data block and outputs: a hash value MACs are similar to encryption but no decryption (irreversible) and only compares 21 September 2016 MST CPE 5420 Data Integrity Algorithms 24

25 Message Authentication MAC Egemen K. Çetinkaya Services provided? 21 September 2016 MST CPE 5420 Data Integrity Algorithms 25

26 Message Authentication MAC Egemen K. Çetinkaya Authentication 21 September 2016 MST CPE 5420 Data Integrity Algorithms 26

27 Message Authentication MAC Egemen K. Çetinkaya Services provided? 21 September 2016 MST CPE 5420 Data Integrity Algorithms 27

28 Message Authentication MAC Confidentiality and authentication authentication tied to plaintext 21 September 2016 MST CPE 5420 Data Integrity Algorithms 28

29 Message Authentication MAC Egemen K. Çetinkaya Services provided? 21 September 2016 MST CPE 5420 Data Integrity Algorithms 29

30 Message Authentication MAC Confidentiality and authentication authentication tied to ciphertext 21 September 2016 MST CPE 5420 Data Integrity Algorithms 30

31 HMAC Overview Keyed-Hashing for Message Authentication MAC mechanism based on crypto hash functions Published in RFC 2104 Can be used with MD5 or SHA-1 latest versions use SHA September 2016 MST CPE 5420 Data Integrity Algorithms 31

32 HMAC Block Sizes HMAC requires a cryptographic hash function and key cryptographic hash function H and a secret key K H to be a cryptographic hash function data is hashed on blocks of data B the byte-length of such blocks, B=64 L the byte-length of hash outputs L=16 for MD5, L=20 for SHA-1 Authentication key K can be of any length up to B the block length of the hash function if K is of length 20 bytes and B=64, then K will be appended with 44 zero bytes 0x00 the minimal recommended length for K is L bytes 21 September 2016 MST CPE 5420 Data Integrity Algorithms 32

33 HMAC Inner and Outer Pads Involves two fixed and different strings: inner pad (ipad) and outer pad (opad) ipad = the Byte 0x36 repeated B times opad = the Byte 0x5C repeated B times HMAC function is: H(K opad, H(K ipad, m)) 21 September 2016 MST CPE 5420 Data Integrity Algorithms 33

34 HMAC Operation HMAC function is: H(K opad, H(K ipad, m)) 1. Append zeros to end of K to create a B byte string 2. XOR B byte string computed in step (1) with ipad 3. Append (concatenate) stream of data (m) to 1. B byte string resulting from step (2) 4. Apply H to the stream generated in step (3) 5. XOR B byte string computed in step (1) with opad 6. Append the H result (4) to the B byte string from (5) 7. Apply H to stream generated in (6) and output result 21 September 2016 MST CPE 5420 Data Integrity Algorithms 34

35 Data Integrity Algorithms Digital Signature Algorithms Hash algorithms Message authentication algorithms Digital signature algorithms 21 September 2016 MST CPE 5420 Data Integrity Algorithms 35

36 Digital Signatures Overview The hash value is encrypted with a user s private key Anyone who knows the user s public key can verify the integrity of the message An attacker who wishes to alter the message would need to know the user s private key 21 September 2016 MST CPE 5420 Data Integrity Algorithms 36

37 Digital Signatures Algorithms Elgamal digital signature schemes Schnorr digital signature schemes Digital Signature Algorithm (DSA) Elliptic Curve Digital Signature Algorithm (ECDSA) RSA Probabilistic Signature Scheme (RSA-PSS) 21 September 2016 MST CPE 5420 Data Integrity Algorithms 37

38 Digital Signatures Generic Digital Signature Process Signature is generated with sender s private key Receiver verifies signature with sender s public key 21 September 2016 MST CPE 5420 Data Integrity Algorithms 38

39 Digital Signatures Generic Digital Signature Process Signature is generated with sender s private key Receiver verifies signature with sender s public key 21 September 2016 MST CPE 5420 Data Integrity Algorithms 39

40 Digital Signatures Properties It must verify author and date and time of signature It must authenticate contents at the time of signature digital signature function includes authentication function It must be verifiable by third parties to resolve disputes 21 September 2016 MST CPE 5420 Data Integrity Algorithms 40

41 Key-only attack Known message attack Digital Signatures Attacks Generic chosen message attack Directed chosen message attack Adaptive chosen message attack 21 September 2016 MST CPE 5420 Data Integrity Algorithms 41

42 Total break Universal forgery Selective forgery Existential forgery Digital Signatures Forgeries 21 September 2016 MST CPE 5420 Data Integrity Algorithms 42

43 Digital Signatures Requirements Signature must be a bit pattern that depends on the message being signed Signature must use information unique to sender to prevent both forgery and denial It must be relatively easy to produce signature It must be easy to recognize and verify the signature It must be infeasible to forge signature either by constructing new message for an existing signature by constructing a fraudulent signature for a given message It must be practical to retain signature in storage 21 September 2016 MST CPE 5420 Data Integrity Algorithms 43

44 Digital Signature Algorithms ElGamal Digital Signature Scheme uses of the private key for encryption Scheme uses the public key for decryption Global elements are a prime number q and α α is a primitive root of q Use private key for encryption (signing) Uses public key for decryption (verification) 21 September 2016 MST CPE 5420 Data Integrity Algorithms 44

45 Digital Signature Algorithms NIST Digital Signature Published by NIST as FIPS standard 186 FIPS-186-0: 1993 FIPS-186-1: 1996 FIPS-186-2: 2000 FIPS-186-3: 2009 FIPS-186-4: 2013 Makes use of the Secure Hash Algorithm (SHA) The latest version incorporates DSA based on: RSA elliptic curve cryptography 21 September 2016 MST CPE 5420 Data Integrity Algorithms 45

46 Digital Signatures Algorithms RSA Approach The hash code is encrypted using public-key encryption with the sender s private key this provides authentication It also provides a digital signature only sender could have produced the encrypted hash code 21 September 2016 MST CPE 5420 Data Integrity Algorithms 46

47 Digital Signatures Algorithms DSA Approach Hash code is provided as input to signature function along with a random number k The signature function also depends on: sender s private key a global public key 21 September 2016 MST CPE 5420 Data Integrity Algorithms 47

48 Digital Signatures Algorithms RSA vs. DSA Approach Egemen K. Çetinkaya 21 September 2016 MST CPE 5420 Data Integrity Algorithms 48

49 Data Integrity Algorithms What are the differences and similarities? Hash function? MAC? DS? 21 September 2016 MST CPE 5420 Data Integrity Algorithms 49

50 Data Integrity Algorithms What are the differences and similarities? 21 September 2016 MST CPE 5420 Data Integrity Algorithms 50

51 References and Further Reading [KPS2002] Charlie Kaufman, Radia Perlman, and Mike Speciner, Network Security: Private Communication in a Public World, 2nd edition, Prentice Hall, [S2017] William Stallings, Cryptography and Network Security: Principles and Practice, 7th edition, Prentice Hall, September 2016 MST CPE 5420 Data Integrity Algorithms 51

52 References and Further Reading Historic: MD2: RFC 1329, MD4: RFC 1320, MD5: RFC 1321 MD6: Draft SHS: FIPS SHS: FIPS SHA: RFC 6234 HMAC: RFC 2104, RFC 6151 DSS: FIPS Attacks on hash functions: RFC September 2016 MST CPE 5420 Data Integrity Algorithms 52

53 End of Foils 21 September 2016 MST CPE 5420 Data Integrity Algorithms 53