Message authentication. Why message authentication. Authentication primitives. and secure hashing. To prevent against:

Similar documents
UNIT - IV Cryptographic Hash Function 31.1

Message Authentication and Hash function

CS408 Cryptography & Internet Security

Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms

CS 161 Computer Security

CS Computer Networks 1: Authentication

Security Requirements

CSC/ECE 774 Advanced Network Security

Message Authentication Codes and Cryptographic Hash Functions

Computer Security: Principles and Practice

Spring 2010: CS419 Computer Security

ENEE 459-C Computer Security. Message authentication

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

Digital Signatures. Luke Anderson. 7 th April University Of Sydney.

Public-key Cryptography: Theory and Practice

Kurose & Ross, Chapters (5 th ed.)

Lecture 1: Course Introduction

Digests Requirements MAC Hash function Security of Hash and MAC Birthday Attack MD5 SHA RIPEMD Digital Signature Standard Proof of DSS

Encryption. INST 346, Section 0201 April 3, 2018

COMP4109 : Applied Cryptography

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

Unit III. Chapter 1: Message Authentication and Hash Functions. Overview:

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Summary on Crypto Primitives and Protocols

Lecture 1 Applied Cryptography (Part 1)

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

CSC 774 Network Security

Deploying a New Hash Algorithm. Presented By Archana Viswanath

(a) Symmetric model (b) Cryptography (c) Cryptanalysis (d) Steganography

CSC 8560 Computer Networks: Network Security

Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1

Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 7, 2013

Unit 8 Review. Secure your network! CS144, Stanford University

Introduction to Software Security Hash Functions (Chapter 5)

CSCE 715: Network Systems Security

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Security. Communication security. System Security

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

S. Erfani, ECE Dept., University of Windsor Network Security

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Network Security and Cryptography. December Sample Exam Marking Scheme

Test 2 Review. 1. (10 points) Timestamps and nonces are both used in security protocols to prevent replay attacks.

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

Ref:

Verteilte Systeme (Distributed Systems)

Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank

Security: Focus of Control. Authentication

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

Lecture III : Communication Security Mechanisms

Cryptography V: Digital Signatures

Computer Networks. Wenzhong Li. Nanjing University

Cryptography and Network Security. Sixth Edition by William Stallings

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

Chapter 6. New HASH Function. 6.1 Message Authentication. Message authentication is a mechanism or service used for verifying

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

Cryptography: More Primitives

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

Test 2 Review. (b) Give one significant advantage of a nonce over a timestamp.

14. Internet Security (J. Kurose)

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

HOST Authentication Overview ECE 525

A hash function is strongly collision-free if it is computationally infeasible to find different messages M and M such that H(M) = H(M ).

Cryptography and Network Security

Cryptography V: Digital Signatures

Password. authentication through passwords

Overview of Cryptography

CSC 474/574 Information Systems Security

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

CSE 127: Computer Security Cryptography. Kirill Levchenko

Cryptography and Network Security Chapter 12. Message Authentication. Message Security Requirements. Public Key Message Encryption

Other Topics in Cryptography. Truong Tuan Anh

Security: Focus of Control

NETWORK SECURITY & CRYPTOGRAPHY

Pretty Good Privacy (PGP

Cryptographic Hash Functions

IMPLEMENTING MICROSOFT CREDENTIAL GUARD FOR ISO 27001, PCI, AND FEDRAMP

Cryptographic Checksums

The most important development from the work on public-key cryptography is the digital signature. Message authentication protects two parties who

Junos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved. Worldwide Education Services

Cryptographic Hash Functions. William R. Speirs

05 - WLAN Encryption and Data Integrity Protocols

(2½ hours) Total Marks: 75

CS 161 Computer Security

Blind Signatures and Their Applications

Lecture 5. Cryptographic Hash Functions. Read: Chapter 5 in KPS

Data Integrity. Modified by: Dr. Ramzi Saifan

Cryptography and Network Security Chapter 13. Digital Signatures & Authentication Protocols

IEEE Std and IEEE Std 1363a Ashley Butterworth Apple Inc.

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY 2 Mark Questions & Answers

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Network Security and Cryptography. 2 September Marking Scheme

Lecture 6 - Cryptography

Transcription:

Message authentication and secure hashing Why message authentication To prevent against: Masquerade/impersonation Modification of message content Modification of message sequence Acceptance of replayed/delayed messages Source repudiation (denial of origination) Requires signatures/attestation Destination repudiation (denial of receipt) Requires attestation or signature+specific measures Authentication primitives To construct authentication mechanisms, several cryptographic tools can be used: Keyless primitives: A secure hash function maps any-length messages to a short tag, which can be subsequently authenticated by entering it into a trusted registry or by using keyed primitives. Keyed primitives: Encryption (public-key or secret-key), Message Authentication Codes (secret-key based) and Signatures (public-key based). 1

Symmetric Encryption Symmetric encryption can be used to achieve both confidentiality and authentication, via the following heuristic: If modified in transit, the decrypted message will likely be garbled to the point where the modification is detected. This requires that the message have a particular structure that can be automatically recognized by the receiver. Examples A TCP packet has a welldefined structure: If it is encrypted within an IP packet, modifications are likely to be detected upon decryption. If the authentication is implemented at the application level, even more information about data structure is available to detect modification Problems with approach Encryption schemes are not designed to prevent modification, only to provide confidentiality. For instance, the OFB encryption mode enables arbitrary bit modifications. The resulting security is heuristic, hard to assess, and prone to failure: WEP, Kerberos v.4 PCBC encryption mode,... 2

Public key encryption Public key encryption by itself provides no authentication (even of the heuristic sort conferred by symmetric-key encryption) because the use of the key does not identify the message creator, only recipient. In interactive protocols, the use of nonces can bind authorship to public-key encrypted messages, resulting in authentication (but not non-repudiation). Hashing Hashing is a common computing tool. A hash function f is typically has these properties: Fixed size output: f(x) in {0, 1} t, where t is the hash length, for any acceptable input x. Larger size input (or arbitrary size input): Input x in {0, 1} k, where k > t, or x in {0, 1}*. Well distributed output: The size of the sets f -1 (y) = { x : f(x) = y } does not vary widely with y, i.e., all output values are approximately equally likely. Secure hash While the previous definition of hashing is adequate for general purpose computing tasks, such as optimization of data structures/sorting, it is NOT appropriate for secure applications. Secure hashing needs to bind the hash output to input. Given the hash value on some input x, it should be difficult to find an alternative input y that has the same hash value. 3

Hash example (not secure) Choose integer n. Given binary input x, interpret it as binary expansion of an integer, and let f(x) = x mod n. This results in a fixed-length result for arbitrary length inputs The results are often well-distributed It does not bind the input. Any y such that the binary representations of x, y satisfy: x = y mod n, and its is easy to construct other inputs with the same hash value. Desirable properties of secure hash functions A secure hash function is efficiently computable. Accepts very long inputs, produces fixed-length (short) output. One-way: Given y, finding x such that H(x) = y is hard. Second pre-image or weak collision resistant: Given x, finding y x such that H(x) = H(y) is hard. (Strong) collision-resistant: Find any pair (x, y), x y such that H(x) = H(y) is hard. Hash-and-sign Public key signature schemes can be used to authenticate messages. But there are two problems with that: The computation of signatures is expensive, and prohibitively so for long messages. Without use of redundancy in the messages, signatures are malleable, and can be modified by other parties. By first hashing a message, and then signing the hash, both problems are solved. 4

Example: RSA hash-and-sign RSA public key (n, e) and private key d. Sign message m as m d mod n. Attacker malleability attack: Change m d to c m d mod n, signing c e m mod n. Hash-and-sign: Send (m, s= H(m) d mod n). Malleability attack fails: Changing m to m and s to s requires that s e = H(m ). This is hard to do. 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback