ISA 662 Internet Security Protocols. Outline. Prime Numbers (I) Beauty of Mathematics. Division (II) Division (I)

Similar documents
CSC 474/574 Information Systems Security

Public Key Algorithms

Overview. Public Key Algorithms I

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Public Key Algorithms

Chapter 9 Public Key Cryptography. WANG YANG

Lecture 2 Applied Cryptography (Part 2)

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

Encryption. INST 346, Section 0201 April 3, 2018

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Public Key Algorithms

Public Key (asymmetric) Cryptography

Public Key Cryptography

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

Kurose & Ross, Chapters (5 th ed.)

Chapter 9. Public Key Cryptography, RSA And Key Management

Public Key Cryptography

CSE 127: Computer Security Cryptography. Kirill Levchenko

Module: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Topics. Number Theory Review. Public Key Cryptography

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

Chapter 3 Public Key Cryptography

ASYMMETRIC CRYPTOGRAPHY

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

What did we talk about last time? Public key cryptography A little number theory

Public Key Encryption. Modified by: Dr. Ramzi Saifan

CSC/ECE 774 Advanced Network Security

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Lecture 6 - Cryptography

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

CSC 774 Network Security

Cryptography and Network Security. Sixth Edition by William Stallings

2.1 Basic Cryptography Concepts

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Chapter 7 Public Key Cryptography and Digital Signatures

Network Security. Chapter 4 Public Key Cryptography. Public Key Cryptography (4) Public Key Cryptography

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Public-key encipherment concept

Public Key Cryptography and RSA

The most important development from the work on public-key cryptography is the digital signature. Message authentication protects two parties who

Lecture 6: Overview of Public-Key Cryptography and RSA

Study Guide to Mideterm Exam

1.264 Lecture 28. Cryptography: Asymmetric keys

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

CS669 Network Security

Spring 2010: CS419 Computer Security

Ref:

APNIC elearning: Cryptography Basics

Security: Cryptography

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

Lecture 1 Applied Cryptography (Part 1)

Introduction to Cryptography. Vasil Slavov William Jewell College

CS Computer Networks 1: Authentication

Cryptographic Techniques. Information Technologies for IPR Protections 2003/11/12 R107, CSIE Building

CPSC 467: Cryptography and Computer Security

Part VI. Public-key cryptography

CRYPTOGRAPHY & DIGITAL SIGNATURE

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

Cryptography Intro and RSA

Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms

Crypto Basics. Recent block cipher: AES Public Key Cryptography Public key exchange: Diffie-Hellmann Homework suggestion

Cryptography and Network Security

David Wetherall, with some slides from Radia Perlman s security lectures.

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Chapter 3. Principles of Public-Key Cryptosystems

CS 332 Computer Networks Security

Other Topics in Cryptography. Truong Tuan Anh

CSC 474/574 Information Systems Security

Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets

CS 161 Computer Security

Digital Signatures. Luke Anderson. 7 th April University Of Sydney.

EEC-682/782 Computer Networks I

Tuesday, January 17, 17. Crypto - mini lecture 1

Cryptography Symmetric Cryptography Asymmetric Cryptography Internet Communication. Telling Secrets. Secret Writing Through the Ages.

n-bit Output Feedback

Introduction to Cryptography. --- Foundations of computer security ---

10.1 Introduction 10.2 Asymmetric-Key Cryptography Asymmetric-Key Cryptography 10.3 RSA Cryptosystem

CS 161 Computer Security

CS61A Lecture #39: Cryptography

More on Cryptography CS 136 Computer Security Peter Reiher January 19, 2017

CIS 4360 Secure Computer Systems Applied Cryptography

Cryptographic Systems

Computer Security: Principles and Practice

UNIT III 3.1DISCRETE LOGARITHMS

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

RSA (algorithm) History

CPSC 467: Cryptography and Computer Security

14. Internet Security (J. Kurose)

Public-key Cryptography: Theory and Practice

Cryptographic Concepts

CS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD

Transcription:

Outline ISA 662 Internet Security Protocols Some Math Essentials & History Asymmetric signatures and key exchange Asymmetric encryption Symmetric MACs Lecture 2 ISA 662 1 2 Beauty of Mathematics Demonstration Pick a number from 10 to 99 At the 2 digits, for example: If you chose 51, you would add 5+1=6 Then subtract the result from the original number So 51-6=45 (Demonstration shown in class) Prime Numbers (I) x 1,000 10,000 100,000 1,000,000 10,000,000 100,000,000 1,000,000,000 10,000,000,000 Percentage 168 1,229 9,592 78,498 664,579 5,761,455 50,847,534 455,052,511 Percentage 16.8% 12.3% 9.6% 7.8% 6.6% 5.8% 5.1% 4.6% 454,011,971 Prime numbers thin out as the numbers get larger There are 25 primes <100, so density is 1 in 4. Ten digit number, density is 1 in 23. Hundred digit number, density is 1 in 230. x/(lnx - 1) 169 1,218 9,512 78,030 661,459 5,740,304 50,701,542 Percentage 16.9% 12.2% 9.5% 7.8% 6.6% 5.7% 5.1% 4.5% 3 4 Division (I) Division (II) (also called counting numbers) 5 6 1

Division (III) Common Divisors (I) 7 8 Common Divisors (II) Euler s Totient Function (I) Leonhard Euler Swiss mathematician and physicist First to use the term function. Lived in the 1700 s in Z Totient function ø(n): Z n* number of integers less than n and relatively prime to n If n is prime, ø(n)=n-1 If n=p q, and p, q are primes, ø(n)=(p-1)(q-1) If p is prime and k>0, ø(p k ) =(p-1) p k-1 9 10 Euler s Totient Function (II) Examples: ø(7)= 7*(1-(1/7))=6 {1,2,3,4,5,6} Or ø(7) =7-1=6, because 7 is prime ø(10)= 10*(1-(1/2)*(1-(1/5))=4 {1,3,7,9} ø(18)= 18*(1-(1/2)*(1-(1/3))=6 {1,5,7,11,13,17} ø(21)= 21*(1-(1/3)*(1-(1/7))=12 {1,2,4,5,8,10,11,13,16,17,19,20} Or ø(21)= ø(3.7)= ø(3). ø(7)= 2.6 = 12 11 Motivation 1- Key Distribution Problem In a secret key cryptosystem, the secret key must be transmitted via a secure channel Inconvenient n parties want to communicate with each other, how many keys total keys are needed and how many other keys must each n store? n entities There will be n(n-1) / 2 keys total Each entity has to store n-1 keys Insecure Is the secure channel really secure? Public key cryptosystem solves the problem Public key known by everyone telephone directory Privacy key is never transmitted 12 2

How many Symmetric Keys needed? Administration Problems: Adding new entities Removing existing entities Changing keys n 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Total Keys 2 3 6 10 15 21 28 36 45 55 66 78 91 105 Keys Stored 1 2 3 4 5 6 7 8 9 10 11 12 13 14 Motivation 2- Digital Signature In a secret key cryptosystem, authentication and non-repudiation may be difficult Authentication You must share a secret key with someone in order to verify his signature Non-repudiation I didn t sign it. You did since you also have the key Public key cryptosystem solves the problem Verification of signature needs only the public key One is solely responsible for his private key 13 14 Public Key Algorithms Public key algorithms covered in this class RSA: encryption and digital signature Diffie-Hellman: key exchange DSA: digital signature Number theory underlies most of public key algorithms. Requirements for Public-Key Algorithms It is computationally easy to generate a (public, private) key pair. to generate a ciphertext using the public key. to decrypt the ciphertext using the private key. to sign with the private key. to verify the signature with the public key. It is computationally infeasible to determine the private key from the public key. recover the message from the ciphertext and the public key. forge a signature. 15 16 A The Big Picture Encryption Algorithm B's Public Key Ciphertext INSECURE CHANNEL Decryption Algorithm B's Private Key B The Basic Idea Confidentiality: encipher using public key, decipher using private key Integrity/authentication: encipher using private key, decipher using public key Encryption Algorithm Ciphertext Signature Decryption Algorithm RELIABLE CHANNEL B's Public Key 17 A B's Public Key B's Private Key B 18 3

Public Key Model Public Key Encryption 19 20 Public Key Signatures Use of Public-Key Cryptosystems Encryption/decryption The sender encrypts a message with the receiver s public key Only the receiver can decrypt the message. Digital signature The sender signs a message with its private key. Authentication and non-repudiation Key exchange Two sides cooperate to exchange a session key. Secret key cryptosystems are often used with the session key. 21 22 Goals of Public-Key Cryptanalysis Given the public key, cipher text, signature, to find out the private key find out the message encrypted forge the signature Public-Key Cryptanalysis Brute-force attack Try all possible keys Derivation of private key from public key Try to find the relationship between the public key and the private key and compute the private key from the public one. Probable-message attack The public key is known. Encrypt all possible messages Try to find a match between the ciphertext and one of the above encrypted messages. Example: Prof. sends encrypted messages of letter grades to his students based on their public key. 23 24 4

History of Public-Key Schemes 1976 Diffie & Hellman suggested the public-key model for encryption and signatures 1976 Diffie & Hellman developed public-key protocol for key-exchange based on Discrete Log Problem 1977- Rivest, Shamir, Adelman developed RSA publickey scheme for encryption and signatures based on the Number Factoring Problem 1980 s- El-Gamal developed public-key protocols for encryption and signatures based on Discrete Log Problem Revolution in Cryptography Diffie & Hellman sought to solve 2 problems Find a secure way to distribute keys in the public Provide digital signature for document Public key cryptography is based on rigorous mathematical theory, rather than substitutions and permutations. It is asymmetric requires two different keys: private key & public key 25 26 Diffie-Hellman Key Exchange (I) Diffie-Hellman Key Exchange (II) Published in W. Diffie and ME Hellman, "New Directions in Cryptography", in IEEE Transactions on Information Theory, IT-22 no 6 (November 1976) p. 644-654 The first public key algorithm Allows two users to agree on a secret key over public channel No encryption, decryption, nor authentication What s involved? p is a large prime number (about 512 bits), g < p and g is a primitive root of p. p and g are publicly known 27 28 Diffie-Hellman Key Exchange (III) Diffie-Hellman Man-in-the-middle 29 30 5

Diffie-Hellman Example Alice and Bob want to establish a shared secret key Have agree on the value n=353 (prime) and g=3 Select the random secret values: Alice chooses X a =97, Bob chooses X b =233 Derive the public keys: T a = g Xa mod n = 3 97 mod 353 = 40 (Alice s) T b = g Xb mod n = 3 233 mod 353 = 248 (Bob s) Derive the shared secret key K = T b Xa mod n = 248 97 mod 353 = 160 (Alice s) K = T a Xb mod n = 40 233 mod 353 = 160 (Bob s) Hard Number Theory Problems T = g s mod p Given T, g, p, it is computationally infeasible to compute the value of s (discrete logarithm) This is the basis of the Diffie-Hellman, El-Gamal, and DSS Public-Key Schemes. Another difficult number theory problem, it is to compute the product of two primes p and q to obtain n=pq. But it is difficult to factor the composite number n into its two prime factors p and q. This is the basis of the RSA Public-Key scheme 31 32 Diffie-Hellman Scheme Security factors Discrete logarithm very difficult. Shared key (the secret) itself never transmitted. Disadvantages: Expensive exponential operation Cannot be used to encrypt anything. No authentication, so you can not sign anything. Diffie-Hellman in Phone Book Mode DH is subject to active man-in-the-middle attack because their public key-component may be intercepted and substituted Phone book mode allows everyone to generate the public key-component in advance and publish them through other reliable means All communicating parties agree on their common <g, p> Essential requirement: authenticity of the public key. 33 34 RSA (Rivest, Shamir, Adleman) Published in R. Rivest, A. Shamir, and L. Adleman, "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems", CACM 21, pp. 120--126, Feb. 1978 The first public key encryption and signature system Support both public key encryption and digital signature. Assumption/theoretical basis: Factorization of large primes is hard. Variable key length (usually 1024 bits). Variable plaintext block size. must be smaller than the key. Ciphertext block size is the same as the key length. Number Factoring How about Tomorrow s computers? 35 36 6

Quantum Computing A classical computer has a memory made up of bits, where each bit holds either a one or a zero. The device computes by manipulating those bits, i.e. by transporting these bits from memory to (possibly a suite of) logic gates and back. A quantum computer maintains a set of qubits. A qubit can hold a one, or a zero, or a superposition of these. A quantum computer operates by manipulating those qubits, i.e. by transporting these bits from memory to (possibly a suite of) quantum logic gates and back. Qubits for a quantum computer can be implemented using particles with two spin states: "up" and "down"; in fact any system, possessing an observable quantity A which is conserved under time evolution and such that A has at least two discrete and sufficiently spaced consecutive eigenvalues, is a suitable candidate for implementing a qubit. Information Source: Wikipedia The RSA Algorithm To generate key pair: Pick large primes p and q Let n = p*q, keep p and q to yourself! For public key, choose e that is relatively prime to ø(n) =(p-1)(q-1). public key = <e,n> For private key, find d that is the multiplicative inverse of e mod ø(n), i.e., e*d = 1 mod ø(n) Private key = <d,n>. 37 38 How Does RSA Work? Given pubkey = <e, n> and privkey = <d, n> Message = m encryption: c = m e mod n, m < n decryption: m = c d mod n signature: s = m d mod n, m < n verification: m = s e mod n An Example Choose p = 7 and q = 17. Compute n = p*q= 119. Compute φ(n)=(p-1)(q-1)=96. Select e = 5, which is relatively prime to φ(n). Compute d = _77_such that e*d=1 mod φ(n). Public key: <5,119> Private key: <77,119> Message = 19 Encryption: 19 5 mod 119 = 66 Decryption: 66 77 mod 119 = 19. 39 40 Example: Encryption Example: Decryption p = 7, q = 11, n = 77 Alice chooses e = 17, making d = 53 Bob wants to send Alice secret message HELLO (07 04 11 11 14) 07 17 mod 77 = 28 04 17 mod 77 = 16 11 17 mod 77 = 44 11 17 mod 77 = 44 14 17 mod 77 = 42 Bob sends 28 16 44 44 42 41 Alice receives 28 16 44 44 42 Alice uses private key, d = 53, to decrypt message: 28 53 mod 77 = 07 16 53 mod 77 = 04 44 53 mod 77 = 11 44 53 mod 77 = 11 42 53 mod 77 = 14 Alice translates 07 04 11 11 14 to HELLO No one else could read it, as only Alice knows her private key and that is needed for decryption 42 7

Digital Signatures in RSA RSA has an important property, not shared by other public key systems Encryption and decryption are symmetric Encryption followed by decryption yields the original message (M e mod n) d mod n = M Decryption followed by encryption also yields the original message (M d mod n) e mod n = M Because e and d are symmetric in e*d = 1 mod (p-1)*(q-1) 43 Digital Signatures in RSA M A M d mod n A's Private Keyd M Ciphertext C (signature) RELIABLE CHANNEL? C e mod n A's Public Key e M B 44 Compared To Encryption in RSA Signature and Encryption M A M e mod n Ciphertext C C d mod n M B A D Signed Encrypted Signed Signed E D E B B's Public Key e B's Private Key d RELIABLE CHANNEL A's Private Key B's Public Key B's Private Key A's Public Key 45 46 Example: Sign Take p = 7, q = 11, n = 77 Alice chooses e = 17, making d = 53 Alice wants to send Bob message HELLO (07 04 11 11 14) so Bob knows it is from Alice, and it has not been modified in transit 07 53 mod 77 = 35 04 53 mod 77 = 09 11 53 mod 77 = 44 11 53 mod 77 = 44 14 53 mod 77 = 49 Alice sends 35 09 44 44 49 47 Example: Verify Bob receives 35 09 44 44 49 Bob uses Alice s public key, e = 17, n = 77, to decrypt message: 35 17 mod 77 = 07 09 17 mod 77 = 04 44 17 mod 77 = 11 44 17 mod 77 = 11 49 17 mod 77 = 14 Bob translates 07 04 11 11 14 to HELLO (Assume) only Alice has her private key, so no one else could have been able to create a correct signature The (deciphered) signature matches the transmitted plaintext, so the plaintext is not altered 48 8

Example: Both Alice wants to send Bob message HELLO both enciphered and signed Alice s keys: public (17, 77); private: 53 Bob s keys: public: (37, 77); private: 13 Alice does (does she encipher first or sign first?) (07 53 mod 77) 37 mod 77 = 07 (04 53 mod 77) 37 mod 77 = 37 (11 53 mod 77) 37 mod 77 = 44 (11 53 mod 77) 37 mod 77 = 44 (14 53 mod 77) 37 mod 77 = 14 Alice sends 07 37 44 44 14 What would Bob do upon receiving the message? Class Exercise 1. Find primes p and q so that 12-bit plaintext blocks could be encrypted with RSA. 2. Decrypt the ciphertext C=4 using RSA with the private key {d=7, p=3, q=7} 49 50 Class Exercise 1. Find primes p and q so that 12-bit plaintext blocks could be encrypted with RSA. The primes P*Q must be > or = to 2 12 =4096. So let P=67 and Q=71 so P x Q = 4,757 2. Decrypt the ciphertext C=4 using RSA with the private key {d=7, p=3, q=7} N=p*q N=7*3=21 M=C^d mod n M=4^7 mod 21 M=4 RSA KEY SIZE In August 1999 a group using 300 workstations and PCs was able to factor 512-bit number in 7 months. RSA Laboratories currently recommends key sizes of 1024 bits for corporate use and 2048 bits for extremely valuable keys like the root key pair used by a certifying authority (rsasecurity.com) What does an RSA-155 number look like? 51 52 RSA-155 Number 10263959282974110577205419657399759007165678080380668 334193352190711307779 * 1066034883801684548209272203600187867920795857598929 22270608237193062808643. = 10941738641570527421809707322040357612003732945449 20599091384213147634998428893478471799725789126733 24976257528997818337970765372440271467435315933543 33897 Finding Large Prime Numbers Good news Infinite number of prime numbers Bad news The prime number ratio decreases as the prime number gets big Brute-force Try to divide n by 2,,n 1/2 Impractical for large number!!! No known practical method to determine if a given large number is prime However fast probabilistic primality test exists. That is, determine if a larger number is likely to be a prime. 53 54 9

Finding Large Prime Numbers (Cont d) Primality test Randomly pick 0<a<n, see if a n-1 mod n=1? If a n-1 mod n 1, n is not prime for sure If a n-1 mod n=1, n is very likely to be prime. The false positive rate is 10-13 for 100 digit number Exist n>0 such that a n-1 mod n=1 for all 0<a<n Implication We may (with small probability) choose some nonprime numbers for p & q, which would fail RSA operations (encryption/decryption, signature/verification) The Security of RSA Attacks against RSA Brute force: Try all possible private keys Can be defeated by using a large key space Mathematical attacks Factor n into n=p*q. Determine ø(n) directly: equivalent to factoring n. Determine d directly: at least as difficult as factoring n. 55 56 The Security of RSA (Cont d) Factoring large integer is very hard! But if you can factor big number n then given public key <e,n>, you can find d, and hence the private key by: Knowing factors p, q, such that, n = p*q Then ø(n) =(p-1)(q-1) Then d such that e*d = 1 mod ø(n) Ways to make n difficult to factor p and q should differ in length by only a few digits Both (p-1) and (q-1) should contain a large prime factor gcd(p-1, q-1) should be small. d > n 1/4. RSA Versus DES Fastest implementations of RSA can encrypt kilobits/second Fastest implementations of DES can encrypt megabits/second It is often proposed that RSA be used for secure exchange of DES keys This 1000-fold difference in speed is likely to remain independent of technology advances 57 58 Digital Signature Standard (DSS) Efficiency of signature schemes By NIST Related to El Gamal Use SHA (SHA-1) to generate the hash value and Digital Signature Algorithm (DSA) to generate the digital signature. Faster for the signer, but not for the verifier: Potential application: smart cards 59 60 10

Summary-Key required lengths One-way Hash Functions Also known as message digest A function H(M) = m satisfies (Fixed length): M can be of any length, whereas m is of fixed length (One-way): computing H(M)=m is easy, but computing H -1 (m)=m is computationally infeasible (Collision-free): in two forms Weak collision-freedom: given any M, difficult to find another M such that H(M)=H(M ) Strong collision-freedom: difficult to find any M and M such that H(M)=H(M ) 61 62 Why Those Requirements? Many applications store H(p) instead of a password p Fixed length: cannot guess the length of p from H(p) (and H(p) is easier to store) One-way: the administrator cannot learn p of others Collision-free: cannot submit incorrect p matching H(p) Most applications sign H(M) instead of M Hash Functions Broken? Crypto 2004 Rump session reported attacks on MD4, MD5 and SHA-0 MD4 s attacks are done by hands Crypto 2005 reported attacks on full SHA-1 Should we panic? 63 Xiaoyun Wang s webpage: http://www.infosec.sdu.edu.cn/people/wangxiaoyun.htm 64 Hash Functions Broken? (Cont d) MESSAGE AUTHENTICATION CODES Nature of the results Algorithm that finds collision faster than theoretic bound MD5 about one hour; SHA-1 2 63 vs 2 80 (theoretically) Yes, the results disprove those functions to be strong collision-free No, they do not give you a password from its hash Brute force attacks do (refer to http://passcracking.com/) Whether you should panic or not depends on what you use the hash functions for A MAC Algorithm M K INSECURE CHANNEL + MAC MAC = MD of plaintext + K Verification Algorithm V K Yes/No B Xiaoyun Wang s webpage: http://www.infosec.sdu.edu.cn/people/wangxiaoyun.htm 65 66 11

Hash Functions Vs MAC HMAC Send a message M together with its hash h=h(m), so the recipient can verify M by comparing H(M) with the received h Attack: If anyone in the middle can replace M with M and h with h =H(M ), the recipient won t detect this Keyed hash functions Also known as message authentication codes (MAC) Example: DES in CBC mode: use a key to encipher message in CBC mode and use last n bits as the MAC value. 67 HMAC is a keyed-hash message authentication code, which is a type of message authentication code (MAC) As with any MAC, it may be used to simultaneously verify both the data integrity and the authenticity of a message. h : hash function K : a secret key k padded with extra 0 s to the block size of the hash function opad=0x5c5c..5c5c (outer padding )and ipad=0x3636..3636 (inner padding) are two one-block long hexadecimal constants. exclusive or, concatenation 68 Example of HMAC use A pizza restaurant that suffers from attackers that place bogus Internet orders may insist that all its customers deposit a secret key with the restaurant. Along with an order, a customer must supply the order's HMAC digest, computed using the customer's secret key. The restaurant, knowing the customer's secret key, can then verify that the order originated from the stated customer and has not been tampered with. (wiki example) Key Points Public key cryptosystems has two keys Diffie-Hellman exchanges secret key via insecure channel RSA can be used for confidentiality and integrity Cryptographic Checksums are keyed hash functions 69 70 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback