Security Requirements

Similar documents
CSCE 715: Network Systems Security

Cryptography and Network Security Chapter 12. Message Authentication. Message Security Requirements. Public Key Message Encryption

Spring 2010: CS419 Computer Security

Unit III. Chapter 1: Message Authentication and Hash Functions. Overview:

Lecture 1 Applied Cryptography (Part 1)

Message Authentication and Hash function

Digests Requirements MAC Hash function Security of Hash and MAC Birthday Attack MD5 SHA RIPEMD Digital Signature Standard Proof of DSS

S. Erfani, ECE Dept., University of Windsor Network Security

Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Data Integrity. Modified by: Dr. Ramzi Saifan

e-pgpathshala Subject : Computer Science Paper: Cryptography and Network Security Module: Hash Algorithm Module No: CS/CNS/28 Quadrant 1 e-text

A hash function is strongly collision-free if it is computationally infeasible to find different messages M and M such that H(M) = H(M ).

Lecture 5. Cryptographic Hash Functions. Read: Chapter 5 in KPS

Message Authentication Codes and Cryptographic Hash Functions

CS408 Cryptography & Internet Security

Introduction to Software Security Hash Functions (Chapter 5)

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Message authentication. Why message authentication. Authentication primitives. and secure hashing. To prevent against:

Summary on Crypto Primitives and Protocols

Introduction to Cryptography. Lecture 6

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Lecture 5. Cryptographic Hash Functions. Read: Chapter 5 in KPS

ENEE 459-C Computer Security. Message authentication

Symmetric Crypto MAC. Pierre-Alain Fouque

Encryption. INST 346, Section 0201 April 3, 2018

CSC 474/574 Information Systems Security

CRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext

Lecture 1: Course Introduction

CIS 4360 Secure Computer Systems Symmetric Cryptography

Computer Security: Principles and Practice

Computer Networks. Wenzhong Li. Nanjing University

Security: Cryptography

Cryptography MIS

(2½ hours) Total Marks: 75

CSE 127: Computer Security Cryptography. Kirill Levchenko

Cryptographic Hash Functions

CSC 474/574 Information Systems Security

Cryptographic Checksums

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

UNIT - IV Cryptographic Hash Function 31.1

A hash function is strongly collision-free if it is computationally infeasible to find different messages M and M such that H(M) = H(M ).

Ref:

Practical Aspects of Modern Cryptography

ECEN 5022 Cryptography

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

Chapter 6. New HASH Function. 6.1 Message Authentication. Message authentication is a mechanism or service used for verifying

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography

CSCI 454/554 Computer and Network Security. Topic 3.2 Secret Key Cryptography Modes of Operation

Symmetric Encryption 2: Integrity

Outline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing

Cryptographic Hash Functions

CSCI 454/554 Computer and Network Security. Topic 4. Cryptographic Hash Functions

Winter 2011 Josh Benaloh Brian LaMacchia

CS 645 : Lecture 6 Hashes, HMAC, and Authentication. Rachel Greenstadt May 16, 2012

ROEVER ENGINEERING COLLEGE Elambalur,Perambalur DEPARTMENT OF CSE NP UNIT-I

Solutions to exam in Cryptography December 17, 2013

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Data Integrity & Authentication. Message Authentication Codes (MACs)

CHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))

Homework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING

Cryptographic Hash Functions. Rocky K. C. Chang, February 5, 2015

Cryptography Introduction

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Cryptographic Concepts

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

Outline. Hash Function. Length of Hash Image. AIT 682: Network and Systems Security. Hash Function Properties. Question

Outline. AIT 682: Network and Systems Security. Hash Function Properties. Topic 4. Cryptographic Hash Functions. Instructor: Dr.

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

CS Computer Networks 1: Authentication

Deploying a New Hash Algorithm. Presented By Archana Viswanath

Chapter 3 Block Ciphers and the Data Encryption Standard

Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets

Cryptographic hash functions and MACs

P2_L6 Symmetric Encryption Page 1

Cryptanalysis. Ed Crowley

Data Integrity & Authentication. Message Authentication Codes (MACs)

1.264 Lecture 28. Cryptography: Asymmetric keys

ISO/IEC INTERNATIONAL STANDARD

Cryptography ThreeB. Ed Crowley. Fall 08

CIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm

Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Integrity of messages

Introduction to Symmetric Cryptography

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Hash Function. Guido Bertoni Luca Breveglieri. Fundations of Cryptography - hash function pp. 1 / 18

Digital Signatures. Luke Anderson. 7 th April University Of Sydney.

Processing with Block Ciphers

CSC/ECE 574 Computer and Network Security. Processing with Block Ciphers. Issues for Block Chaining Modes

CPSC 467: Cryptography and Computer Security

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Content of this part

Lecture 18 Message Integrity. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller & Bailey s ECE 422

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl

7.3. Cryptographic algorithms

n-bit Output Feedback

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

ICT 6541 Applied Cryptography. Hossen Asiful Mustafa

Transcription:

Message Authentication and Hash Functions CSCI 454/554 Security Requirements disclosure traffic analysis masquerade content modification sequence modification timing modification source repudiation destination repudiation 1

Message Authentication Message authentication is concerned with: protecting the integrity of a message validating identity of originator Authenticator and Authentication Protocol Producing authenticator (three alternative functions) message encryption message authentication code (MAC) hash function Message Encryption message encryption by itself also provides a measure of authentication symmetric and public-key encryption schemes if symmetric encryption is used then: receiver knows sender must have created it since only sender and receiver know key used know content cannot have been altered plaintext has suitable structure, eg. FCS (frame check sequence) or checksum, to detect any changes 2

Message Encryption if public-key encryption is used: encryption provides no authentication of sender since anyone potentially knows public-key however if sender signs message using their private-key then encrypts with recipients public key have both secrecy and authentication again need to recognize corrupted messages but at cost of two public-key uses on message Message Authentication Code (MAC) generated by an algorithm that creates a small fixedsized block depending on both message and key like encryption though need not be reversible appended to message as a cryptographic checksum receiver performs same computation on message and checks it matches the MAC provides assurance that message is unaltered and comes from sender 3

Message Authentication Code Message Authentication Codes can also use encryption for secrecy generally use separate keys for each can compute MAC either before or after encryption is generally regarded as better done before why use a MAC? sometimes only authentication is needed sometimes need authentication to persist longer than the encryption (eg. archival use) note that a MAC is not a digital signature 4

MAC Properties a MAC is a cryptographic checksum MAC = C K (M) condenses a variable-length message M using a secret key K a fixed-sized authenticator is a many-to-one function potentially several messages may have same MAC but finding these needs to be very difficult Requirements for MACs taking into account the types of attacks need the MAC to satisfy the following: 1. knowing a message and MAC, is infeasible to find another message with same MAC 2. MACs should be uniformly distributed 3. MAC should depend equally on all bits of the message 5

Using Symmetric Ciphers for MACs can use any block cipher chaining mode and use final block as a MAC Data Authentication Algorithm (DAA) is a widely used MAC based on DES-CBC using IV=0 and zero-pad of final block encrypt message using DES in CBC mode and send just the final block as the MAC or the leftmost M bits (16 M 64) of final block Hash Functions condenses arbitrary message to fixed size usually assume that the hash function is public and not keyed vs. MAC is keyed hash used to detect changes to message can use in various ways with message 6

7

Digital Signatures Hash Function Properties a Hash Function produces a fingerprint of some file/message/data Hash code: h = H(M) condenses a variable-length message M a fixed-sized fingerprint assumed to be public 8

Requirements for Hash Functions 1. can be applied to any sized message M 2. produces fixed-length output h 3. is easy to compute h=h(m) for any message M 4. given h is infeasible to find x s.t. H(x)=h one-way property 5. given x is infeasible to find y s.t. H(y)=H(x) weak collision resistance 6. is infeasible to find any x,y s.t. H(y)=H(x) strong collision resistance How Hash Functions Works General principle: the message is viewed as a sequence of b-bit blocks the message is processed one block at a time in an iterative way to produce an n-bit hash code Iterated hash function M = (M1, M2, M3, Mn ); hi = H(hi-1, Mi); H(M) = hn 9

Different Hash Functions simple HF: based on XOR of message blocks not secure since message can be easily changed with the same hash code use block ciphers as hash functions using h 0 =0 and zero-pad of final block compute: h i = E [Mi, h i-1 ] resulting hash is not big enough (64-bit) both due to direct birthday attack and to meet-in-the-middle attack other variants also susceptible to attack Birthday Paradox 10

Birthday Attacks might think a 64-bit hash is secure but by Birthday Paradox is not birthday attack works thus: Eve generates 2 m / 2 variations of a valid message all with essentially the same meaning Eve also generates 2 m / 2 variations of a desired fraudulent message two sets of messages are compared to find pair with same hash (probability > 0.5 by birthday paradox) have user sign the valid message, then substitute the forgery which will have a valid signature conclusion is that need to use larger Hash Codes Hash Functions & MAC Security brute-force attacks exploiting strong collision resistance hash have cost 2 m / 2 128-bit hash looks vulnerable, 160-bit better MACs with known message-mac pairs can either attack keyspace (cf key search) or MAC at least 128-bit MAC is needed for security cryptanalytic attacks exploit structure typically focus on collisions in function h 11

Summary have considered: message authentication usage message encryption MACs hash functions general approach & security 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback