S. Erfani, ECE Dept., University of Windsor Network Security

Similar documents
Message Authentication and Hash function

Security Requirements

Lecture 1 Applied Cryptography (Part 1)

Data Integrity. Modified by: Dr. Ramzi Saifan

UNIT - IV Cryptographic Hash Function 31.1

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

Cryptographic Hash Functions. Rocky K. C. Chang, February 5, 2015

A hash function is strongly collision-free if it is computationally infeasible to find different messages M and M such that H(M) = H(M ).

Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms

Message Authentication Codes and Cryptographic Hash Functions

Computer Security: Principles and Practice

Digests Requirements MAC Hash function Security of Hash and MAC Birthday Attack MD5 SHA RIPEMD Digital Signature Standard Proof of DSS

Other Topics in Cryptography. Truong Tuan Anh

Chapter 11 Message Integrity and Message Authentication

Lecture 5. Cryptographic Hash Functions. Read: Chapter 5 in KPS

Encryption. INST 346, Section 0201 April 3, 2018

Kurose & Ross, Chapters (5 th ed.)

Ref:

CS408 Cryptography & Internet Security

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

Cryptographic Checksums

Lecture 5. Cryptographic Hash Functions. Read: Chapter 5 in KPS

P2_L8 - Hashes Page 1

Cryptography and Network Security Chapter 12. Message Authentication. Message Security Requirements. Public Key Message Encryption

Unit III. Chapter 1: Message Authentication and Hash Functions. Overview:

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

ENEE 459-C Computer Security. Message authentication

Public-key Cryptography: Theory and Practice

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

Computer Networks. Wenzhong Li. Nanjing University

CS Computer Networks 1: Authentication

CSCE 715: Network Systems Security

CSC 474/574 Information Systems Security

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Chapter 6. New HASH Function. 6.1 Message Authentication. Message authentication is a mechanism or service used for verifying

Lecture 1: Course Introduction

Network Security CHAPTER 31. Solutions to Review Questions and Exercises. Review Questions

Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL

ASYMMETRIC CRYPTOGRAPHY

CSC 474/574 Information Systems Security

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Cryptographic Concepts

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

ECEN 5022 Cryptography

CSE 127: Computer Security Cryptography. Kirill Levchenko

1-7 Attacks on Cryptosystems

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to talk so much?!? Content taken from the following:

(2½ hours) Total Marks: 75

Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1

Winter 2011 Josh Benaloh Brian LaMacchia

A hash function is strongly collision-free if it is computationally infeasible to find different messages M and M such that H(M) = H(M ).

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

APNIC elearning: Cryptography Basics

Integrity of messages

NETWORK SECURITY & CRYPTOGRAPHY

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

CSCI 454/554 Computer and Network Security. Topic 4. Cryptographic Hash Functions

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Outline. Hash Function. Length of Hash Image. AIT 682: Network and Systems Security. Hash Function Properties. Question

Outline. AIT 682: Network and Systems Security. Hash Function Properties. Topic 4. Cryptographic Hash Functions. Instructor: Dr.

Data Integrity & Authentication. Message Authentication Codes (MACs)

Security: Cryptography

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

CPSC 467: Cryptography and Computer Security

Cryptographic Hash Functions

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography

Introduction to Cryptography

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

PROTECTING CONVERSATIONS

CSC 774 Network Security

CSC/ECE 774 Advanced Network Security

HY-457 Information Systems Security

CRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext

Outline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing

Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Garantía y Seguridad en Sistemas y Redes

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

PUBLIC-KEY CRYPTOGRAPHY AND MESSAGE AUTHENTICATION

Practical Aspects of Modern Cryptography

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to share so many secrets?!?

Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes

ECE 646 Lecture 11. Hash functions & MACs. Digital Signature. message. hash. function. Alice. Bob. Alice s public key. Alice s private key

Introduction to Software Security Hash Functions (Chapter 5)

CSC 8560 Computer Networks: Network Security

Security. Communication security. System Security

Summary on Crypto Primitives and Protocols

Chapter 3. Principles of Public-Key Cryptosystems

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

From Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design. Edition 4 Pearson Education 2005

Encryption I. An Introduction

2.1 Basic Cryptography Concepts

UNIT III 3.1DISCRETE LOGARITHMS

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

Data Integrity & Authentication. Message Authentication Codes (MACs)

CIS 4360 Secure Computer Systems Symmetric Cryptography

The Network Security Model. What can an adversary do? Who might Bob and Alice be? Computer Networks 12/2/2009. CSC 257/457 - Fall

Solutions to exam in Cryptography December 17, 2013

KALASALINGAM UNIVERSITY

Transcription:

4.11 Data Integrity and Authentication It was mentioned earlier in this chapter that integrity and protection security services are needed to protect against active attacks, such as falsification of data and transaction. Protection against such attacks is known as message authentication. Def. Authentication A message, file, document, or other collection of data is said to be authentic when it is genuine and came from its alleged source. authentication is a procedure that allows communicating parties to verify that received messages are authentic. The two important aspects are to verify that the contents of the message have not been altered and that the source is authentic sometimes, we need to verify a message s timelines (i.e., it has not been purposely delayed and replayed) and sequence relative to other messages following between two parties. There are two approaches to message authentication: A. Authentication with Conventional Encryption If we assume that only the sender and receiver share a key, then only the genuine sender would be able to encrypt a message. Furthermore, if the message includes an error-detection code and a sequence number, the receiver is assumed that no alterations have been made and that sequencing is proper. If the message also includes a timestamp, the receiver is assumed that the message has not been delayed beyond that normally expected for network transit. B. Authentication without Encryption There are a number of application in which the same message is broadcast to a number of destinations. It is much cheaper and faster to broadcast in plaintext with an associated authentication tag. Another example would be on-line download of a computer program in plaintext, but in a way that assumes its authentication. In this case, if a message authentication tag were attached to the program, it could be checked whenever assurance is required of the integrity of the program. In all of these cases, an authentication tag is generated and appended to each message for transmission. The message itself is not encrypted and can be need at the destination independent of the authentication function. 4.12 Authentication Code (MAC) One technique involves the use of a recent key to generate a small block of data, known as a message authentication code (MAC), that is appended to the message. In this technique, the two communicating parties, Alice and Bob, share a common recent key AB. Alice calculates the MAC as a function of the message and the key: Sep. 30, 2003 1

MAC M =f( AB,M) The message plus this MAC code are transmitted to the intended recipient. The recipient performs the same calculation on the received message, using the same recent key, to generate a new MAC code. The received MAC code is compared to the calculated code. If they match, then a) The receiver is assured that the message has not been altered. b) The receiver is assureds that the message is from the alleged sender. c) if the message includes a sequence number, then the receiver can be assured of the proper sequence. This is shown in Figure 5. Transmit MAC algorithm MAC algorithm MAC Figure 5 Authentication Using a Authentication Code(MAC) Sep. 30, 2003 2

Note 1 A number of algorithms could be used to generate the MAC code. The NIST, in its publication entitled DES Modes of Operation, recommends the use of Data Encryption Algorithms (DEA). This algorithms is used to generate an encrypted version of the message, and only the last number of lists of ciphertext are used as the MAC code. A 16-bit or 32-bit code is typical. Note 2 The process just described is similar to encryption. One difference is that the authentication algorithms need not be reversible, as it must for decryption. Note 3 The message authentication code is also known as data authentication code (DAC). 4.13 One-Way ash Function A variation on the MAC code is the one-way hash function. A one-way hash function has many names: compression function, contraction function, message digest, fingerprint, cryptographic checksum, message integrity check (MIC), and modification detection code (MDC). It is central to modern cryptography. As with the message authentication code, a hash function accepts a variable -size message M as input and produces a fixed-size message digest (M) as output. Unlike the MAC, a hash function does not need a secret key as input. In other words, the one-way hash function is a non-key message digest. To authenticate the message, the message digest is sent with the message in such a way that the message digest is authentic. Note 4 A simple hash function would be a function that takes the input message and returns some bytes consisting of the XOR of all the input bytes. Figure 6 shows the 3 ways in which a message can be authenticated: E D Sep. 30, 2003 3

(a) Using conventional encryption private public E D (b) Using conventional encryption (c) Using secret value Figure 6 Authentication Using a One-Way Function (a) A message digest can be encrypted using conventional encryption. (b) The message also can be encrypted using public-key encryption (to be discussed in the next chapter). This has two advantages: (1) it provides Sep. 30, 2003 4

a digital signature (to be discussed later), (2) it does not require the distribution of keys to communicating parties. (c) We can use a hash function but no encryption for message authentication, as shown in Fig.6(c). this technique assumes that two communicating parties, Alice and Bob, share a common secret value S AB When Alice has a message to send to Bob, she calculates the hash function over the concatenation of the secret value and the message as: MD M =(S AB M) Where denotes concatenation. Alice then sends [M MD M ] to Bob. Because Bob possesses S AB, he can recomputed (S AB M) and verify MD M. Because the secret value itself is not sent, it is not possible for an opponent, Oscar, to modify an intercepted message. As long as the secret value S AB remains secret, it is not possible for an opponent to generate a false message. Note 5 A variation of the above technique called MAC, is adopted for IP security protocol. This is a strong collision resistance property. Def. ash Function A hash family is a four-tuple (X, Y,, ), where the following conditions are satisfied: 1) X is a set of possible messages. 2) Y is a finite set of possible message digests or authentication tags. 3), the key space, is a finite set of possible keys. 4) For each k, there exists a hash function h k, such that for each h k : X Y. Note 6 The hash function takes a variable-length input string, called a pre-image, and produces a fixed-length (generally smaller) output string, called a hash value. Note 7 To be useful for message authentication, a hash function must have the following properties: 1) can be applied to any size of data. 2) must produces a fixed-length output. Sep. 30, 2003 5

3) (x) should be relatively easy to compute for any given x, making both hardware and software implementation practical. 4) For any given code h, it should be computationally infeasible to find x such that (x)=h. this is the one-way property. 5) For any given block x, it should be computationally infeasible to find x y with (y)=(x). This property is called a weak collision resistance. 6) It should be computationally infeasible to find any pair (x,y) such that (x)=(y). Note 8 The fourth property listed above is the one-way property. That is, it should be virtually impossible to generate a message given a hash value code. Note 9 A hash function that satisfies the first five properties in the preceding list is referred to as a weak hash function. If the sixth property is also satisfied, then it is referred to as a strong hash function. The sixth property protects against a sophisticated class of attack known as the birthday attach. Note 10 in addition to providing authentication, a message digest also provides data integrity. If performs the same function as a frame check sequence. Sep. 30, 2003 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback