Message Authentication and Hash function 2

Transcription

1 Message Authentication and Hash function 2 Concept and Example 1

2 SHA : Secure Hash Algorithm Four secure hash algorithms, SHA-11, SHA-256, SHA-384, and SHA-512. All four of the algorithms are iterative, one-way hash functions that can process a message to produce a message digest. This property is useful in the generation and verification of 1. Digital signatures 2. Message authentication codes 3. random numbers (bits). 2

3 SHA 512 The most widely used hash function Input max size is Output size is 512 bit digest. The input is processed in1024 bit blocks. SHA algorithm described into two steps 1. Preprocessing Padding the message, M. Parsing the padded message into message blocks Setting the initial hash value, H(0) 2. Hash computation It generates a message schedule from the padded message. uses that schedule, along with functions, constants, and word operations to iteratively generate a series of hash values The final hash value generated by the hash computation is used to determine the message digest. 3

4 SHA-512 Preprocessing 1. Padding the Message The message, M, shall be padded before hash computation begins. The purpose of this padding is to ensure that the padded message 1024 bits. If the length of the message M, in bits, is l bits the Append the bit 1 to the end of the message followed by k zero bits, where k is the smallest non-negative solution to the equation l +1+ k = 896(mod1024) 4

5 SHA-512 Preprocessing 1. Padding the Message Example: For example, the (8-bit ASCII) message abc has length l=8 3 = 24, so the message is padded with a one bit, then (24 + 1) = 871 zero bits and then the message length to become the 1024-bit padded message. The length of the padded message should now be a multiple of 1024 bits. 5

6 SHA-512 Preprocessing 2. Parsing the Padded Message After a message has been padded, it must be parsed into N m-bit blocks before the hash computation can begin. the padded message is parsed into N bit blocks, M(1), M(2),,M(N) bits of the input block may be expressed as sixteen 16 words of size 64 bits (W0 W15). 3. Setting the Initial Hash Value (H(0)) Before hash computation begins for each of the secure hash algorithms, the initial hash value, H(0), must be set. 6

7 SHA-512 Preprocessing 3. Setting the Initial Hash Value (H(0)) the initial hash value, H(0), shall consist of the following eight 64-bit words, in hex These words were obtained by taking the first sixty-four bits of the fractional parts of the square roots of the first eight prime numbers. 7

8 SHA-512 Hash Computing. 8

9 SHA-512 Hash Computing 1. Prepare the message schedule, {Wt} 2. Initialize these values 3. Compute intermediate values of a,b,c,d,e,f,g,h using constant K 9

10 SHA-512 Hash Computing 4. Compute the ith intermediate hash value H(i): 10

11 SHA-512 Hash Computing After all N 1024 bit block have been processed, the output from the Nth stage is the 512 bit message digest. 11

12 HMAC There has been increased interest in developing MAC derived from hash code such as SHA. Hash function execution are faster than encryption function. Library code for hash function is wieldy used. However, Hash function like SHA cannot be used as MAC. Why? 12

13 HMAC HMAC : Incorporating a secrete key in a hash function. HMAC has advantages over SHA More secure, because the embedded hash function has the strength of cryptography. 13

14 HMAC Algorithm Variables 1. H= embedded hash function (SHA) 2. M = Message. 3. Yi = ith block of M 4. L= number of blocks in M 5. b= number of bits in block 6. n= length of hash code. 7. K= secret key. 8. K + = K padded with 0s so that the result is b bit in the length. 9. Ipad = repeated b/8 times 10. Opad = repeated b/8 times 14

15 HMAC Algorithm 1. Append zeros to the left end of K to create a b-bit string K XOR K + With ipad to produce the b- bit block Si 3. Append M to Si. 4. Apply H to the stream generated in the step 3 5. XOR K + with opad to produce the b-bit block So. 6. Append the hash result from step 4 to So. 7. Apply H to the stream generated in step6 and output the result. 15

16 HMAC Algorithm So HMAC can be expressed as HMAC (K,M) = H[ (K + xor opad) H [(K + xor ipad) M] ] 16