Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms

Similar documents
Spring 2010: CS419 Computer Security

Cryptography and Network Security. Sixth Edition by William Stallings

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

CSCE 715: Network Systems Security

Lecture 1 Applied Cryptography (Part 1)

Unit III. Chapter 1: Message Authentication and Hash Functions. Overview:

Digital Signature. Raj Jain

The most important development from the work on public-key cryptography is the digital signature. Message authentication protects two parties who

Security Requirements

Cryptographic Hash Functions. Rocky K. C. Chang, February 5, 2015

Ref:

1. Digital Signatures 2. ElGamal Digital Signature Scheme 3. Schnorr Digital Signature Scheme 4. Digital Signature Standard (DSS)

Introduction to Network Security Missouri S&T University CPE 5420 Network Access Control

Cryptography and Network Security Chapter 12. Message Authentication. Message Security Requirements. Public Key Message Encryption

Digests Requirements MAC Hash function Security of Hash and MAC Birthday Attack MD5 SHA RIPEMD Digital Signature Standard Proof of DSS

CS408 Cryptography & Internet Security

Lecture 5. Cryptographic Hash Functions. Read: Chapter 5 in KPS

Computer Security: Principles and Practice

Cryptographic Concepts

Message Authentication Codes and Cryptographic Hash Functions

Introduction to Network Security Missouri S&T University CPE 5420 Key Management and Distribution

Data Integrity. Modified by: Dr. Ramzi Saifan

CIS 4360 Secure Computer Systems Symmetric Cryptography

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

CSE 127: Computer Security Cryptography. Kirill Levchenko

S. Erfani, ECE Dept., University of Windsor Network Security

Message Authentication and Hash function 2

KALASALINGAM UNIVERSITY

Digital Signatures. Luke Anderson. 7 th April University Of Sydney.

Cryptography and Network Security Chapter 13. Digital Signatures & Authentication Protocols

Message authentication codes

APNIC elearning: Cryptography Basics

Cryptographic Hash Functions

Cryptographic Hash Functions. William R. Speirs

Cryptography. Summer Term 2010

UNIT III 3.1DISCRETE LOGARITHMS

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

Kurose & Ross, Chapters (5 th ed.)

Contents Digital Signatures Digital Signature Properties Direct Digital Signatures

Message authentication. Why message authentication. Authentication primitives. and secure hashing. To prevent against:

UNIT - IV Cryptographic Hash Function 31.1

Unit 8 Review. Secure your network! CS144, Stanford University

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Cryptography and Network Security Chapter 13. Fourth Edition by William Stallings. Lecture slides by Lawrie Brown

Lecture 5. Cryptographic Hash Functions. Read: Chapter 5 in KPS

Winter 2011 Josh Benaloh Brian LaMacchia

Encryption. INST 346, Section 0201 April 3, 2018

UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering. Introduction to Cryptography ECE 597XX/697XX

CS 645 : Lecture 6 Hashes, HMAC, and Authentication. Rachel Greenstadt May 16, 2012

Hash Function. Guido Bertoni Luca Breveglieri. Fundations of Cryptography - hash function pp. 1 / 18

Jaap van Ginkel Security of Systems and Networks

CSCI 454/554 Computer and Network Security. Topic 4. Cryptographic Hash Functions

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Outline. Hash Function. Length of Hash Image. AIT 682: Network and Systems Security. Hash Function Properties. Question

Outline. AIT 682: Network and Systems Security. Hash Function Properties. Topic 4. Cryptographic Hash Functions. Instructor: Dr.

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

Appendix A: Introduction to cryptographic algorithms and protocols

(2½ hours) Total Marks: 75

Network and System Security

COMP4109 : Applied Cryptography

Symmetric, Asymmetric, and One Way Technologies

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Data Integrity & Authentication. Message Authentication Codes (MACs)

Cryptographic Systems

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Deploying a New Hash Algorithm. Presented By Archana Viswanath

Hashes, MACs & Passwords. Tom Chothia Computer Security Lecture 5

A hash function is strongly collision-free if it is computationally infeasible to find different messages M and M such that H(M) = H(M ).

Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 7, 2013

Cryptography and Network Security

ECE 646 Lecture 11. Hash functions & MACs. Digital Signature. message. hash. function. Alice. Bob. Alice s public key. Alice s private key

Message Authentication and Hash function

SRI VENKATESWARA COLLEGE OF ENGINEERING

A hash function is strongly collision-free if it is computationally infeasible to find different messages M and M such that H(M) = H(M ).

Chapter 6. New HASH Function. 6.1 Message Authentication. Message authentication is a mechanism or service used for verifying

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL

ROEVER ENGINEERING COLLEGE Elambalur,Perambalur DEPARTMENT OF CSE NP UNIT-I

Introduction to Cryptography. Lecture 6

Introduction to Software Security Hash Functions (Chapter 5)

Security: Cryptography

ISA 662 Internet Security Protocols. Outline. Prime Numbers (I) Beauty of Mathematics. Division (II) Division (I)

Integrity of messages

EEC-682/782 Computer Networks I

Network Working Group Request for Comments: 2085 Category: Standards Track NIST February HMAC-MD5 IP Authentication with Replay Prevention

Summary on Crypto Primitives and Protocols

Cryptography and Network Security

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

Cryptography V: Digital Signatures

Other Topics in Cryptography. Truong Tuan Anh

Introduction to Cryptography. Vasil Slavov William Jewell College

ENEE 459-C Computer Security. Message authentication

Lecture 4: Authentication and Hashing

CSC/ECE 774 Advanced Network Security

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

P2_L8 - Hashes Page 1

Betriebssysteme und Sicherheit. Stefan Köpsell, Thorsten Strufe. Modul 5: Mechanismen Integrität

Cryptography V: Digital Signatures

Cryptography MIS

Transcription:

Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science and Technology cetinkayae@mst.edu http://web.mst.edu/~cetinkayae/teaching/cpe5420fall2016 21 September 2016 rev. 16.0 2014 2016 Egemen K. Çetinkaya

Data Integrity Algorithms Outline Hash algorithms (MD5 and SHA) Message authentication algorithms (MAC and HMAC) Digital signature algorithms (DSA) 21 September 2016 MST CPE 5420 Data Integrity Algorithms 2

Data Integrity Algorithms Hash Algorithms Hash algorithms Message authentication algorithms Digital signature algorithms 21 September 2016 MST CPE 5420 Data Integrity Algorithms 3

A hash function h = H(m) Hash Function Overview accepts a variable-length block of data m as input produces a fixed-size hash value h Main object of hash function is data integrity Hash determines whether or not data has changed 21 September 2016 MST CPE 5420 Data Integrity Algorithms 4

Hash Function Properties Easy to compute hash value for any given message Infeasible to generate message that has a given hash a data object that maps to a pre-specified hash result the one-way property Infeasible to modify message without changing hash Infeasible to find different messages with same hash two data objects that map to the same hash result the collision-free property 21 September 2016 MST CPE 5420 Data Integrity Algorithms 5

Hash Function Security Requirements Preimage resistant h = H(m), where m is called preimage it should be easy to generate the message it should be difficult to find message from hash value the one-way property Secondary preimage resistant given input m 1 it should be difficult to find another input m 2 such that m 1 m 2 and H(m 1 ) = H(m 2 ) also called weak collision resistant Collusion-free resistant infeasible to find (m 1, m 2 ) pair such that H(m 1 ) = H(m 2 ) also called strong collision-free resistant 21 September 2016 MST CPE 5420 Data Integrity Algorithms 6

Hash Algorithm General Operation Each algorithm can be described in two stages: preprocessing hash computation Preprocessing involves: padding a message parsing the padded message into m-bit blocks setting initialization values to be used in hash computation Hash computation involves: generating internal state from the padded message along with functions, constants, and word operations final hash value is used to determine the message digest 21 September 2016 MST CPE 5420 Data Integrity Algorithms 7

MD5 Overview MD5 is a message-digest algorithm Algorithm input is a message of arbitrary length Algorithm output is: a 128-bit fingerprint message digest MD5 was published in 1992 as RFC 1321 Attacks showed that it is not collision resistant MD6 is developed in 2008 by Rivest and his team http://groups.csail.mit.edu/cis/md6 21 September 2016 MST CPE 5420 Data Integrity Algorithms 8

SHA Overview SHA: secure hash algorithm Published by NIST Evolution SHA-0: published in 1993 as SHA SHA-1: published in 1995, obsoleted in 2010, design by NSA SHA-2: published in 2001, designed by NSA SHA-3: latest draft FIPS 202 published in 2014 SHS published in FIPS-180-4 SHA-2 and SHA-3 has many modes primarily depends on the digest size 21 September 2016 MST CPE 5420 Data Integrity Algorithms 9

SHA Modes SHA-0 SHA-1 SHA-2 SHA-3 224 256 384 512 224 256 384 512 Digest size 160 160 224 256 384 512 224 256 384 512 Message size 2 64-1 2 64-1 2 64-1 2 64-1 2 128-1 2 128-1 Block size 512 512 512 512 1024 1024 1152 1088 832 576 Word size 32 32 32 32 64 64 64 64 64 64 No of rounds 80 80 64 64 80 80 24 24 24 24 21 September 2016 MST CPE 5420 Data Integrity Algorithms 10

SHA-3 Algorithm Overview Based on KECCAK algorithm winner of NIST SHA competition Consists of: four cryptographic hash functions: SHA3-224, 256, 384, 512 two extendable-output functions: SHAKE-128, 256 Six functions share the sponge construction structure Sponge functions are a class of algorithms: with finite internal state that take an input bit stream of any length produce an output bit stream of any desired length 21 September 2016 MST CPE 5420 Data Integrity Algorithms 11

Data Integrity Algorithms Message Authentication Algorithms Hash algorithms Message authentication algorithms Digital signature algorithms 21 September 2016 MST CPE 5420 Data Integrity Algorithms 12

Message Authentication Overview Mechanism to verify the integrity of a message It ensures data is received as sent, no alterations: modification insertion deletion replay Hash function value of a message is referred a message digest or digest or fingerprint 21 September 2016 MST CPE 5420 Data Integrity Algorithms 13

Disclosure: Message Authentication Attacks 1 unauthorized release of message contents Traffic analysis: discovery of the pattern of traffic between parties Masquerade: insertion of messages from a fraudulent source Content modification: insertion, deletion, transposition, and modification 21 September 2016 MST CPE 5420 Data Integrity Algorithms 14

Message Authentication Attacks 2 Sequence modification: modification to a sequence of messages between parties Timing modification: delay or replay of messages Source repudiation: denial of transmission of message by source Destination repudiation: denial of receipt of message by destination 21 September 2016 MST CPE 5420 Data Integrity Algorithms 15

Message Authentication Symmetric Encryption Egemen K. Çetinkaya Services provided? 21 September 2016 MST CPE 5420 Data Integrity Algorithms 16

Message Authentication Symmetric Encryption Egemen K. Çetinkaya Confidentiality and authentication 21 September 2016 MST CPE 5420 Data Integrity Algorithms 17

Message Authentication Public-key Encryption Egemen K. Çetinkaya Services provided? 21 September 2016 MST CPE 5420 Data Integrity Algorithms 18

Message Authentication Public-key Encryption Egemen K. Çetinkaya Confidentiality and destination repudiation 21 September 2016 MST CPE 5420 Data Integrity Algorithms 19

Message Authentication Public-key Encryption Egemen K. Çetinkaya Services provided? 21 September 2016 MST CPE 5420 Data Integrity Algorithms 20

Message Authentication Public-key Encryption Egemen K. Çetinkaya Authentication and source repudiation 21 September 2016 MST CPE 5420 Data Integrity Algorithms 21

Message Authentication Public-key Encryption Egemen K. Çetinkaya Services provided? 21 September 2016 MST CPE 5420 Data Integrity Algorithms 22

Message Authentication Public-key Encryption Egemen K. Çetinkaya Confidentiality, authentication, and non-repudiation 21 September 2016 MST CPE 5420 Data Integrity Algorithms 23

Message Authentication Code Overview Message authentication is achieved using a message authentication code (MAC) also known as a keyed hash function Typically, MACs are used between two parties that share a secret key to authenticate information exchange A MAC function: MAC = C(K, M) takes input: a secret key and a data block and outputs: a hash value MACs are similar to encryption but no decryption (irreversible) and only compares 21 September 2016 MST CPE 5420 Data Integrity Algorithms 24

Message Authentication MAC Egemen K. Çetinkaya Services provided? 21 September 2016 MST CPE 5420 Data Integrity Algorithms 25

Message Authentication MAC Egemen K. Çetinkaya Authentication 21 September 2016 MST CPE 5420 Data Integrity Algorithms 26

Message Authentication MAC Egemen K. Çetinkaya Services provided? 21 September 2016 MST CPE 5420 Data Integrity Algorithms 27

Message Authentication MAC Confidentiality and authentication authentication tied to plaintext 21 September 2016 MST CPE 5420 Data Integrity Algorithms 28

Message Authentication MAC Egemen K. Çetinkaya Services provided? 21 September 2016 MST CPE 5420 Data Integrity Algorithms 29

Message Authentication MAC Confidentiality and authentication authentication tied to ciphertext 21 September 2016 MST CPE 5420 Data Integrity Algorithms 30

HMAC Overview Keyed-Hashing for Message Authentication MAC mechanism based on crypto hash functions Published in RFC 2104 Can be used with MD5 or SHA-1 latest versions use SHA-512 21 September 2016 MST CPE 5420 Data Integrity Algorithms 31

HMAC Block Sizes HMAC requires a cryptographic hash function and key cryptographic hash function H and a secret key K H to be a cryptographic hash function data is hashed on blocks of data B the byte-length of such blocks, B=64 L the byte-length of hash outputs L=16 for MD5, L=20 for SHA-1 Authentication key K can be of any length up to B the block length of the hash function if K is of length 20 bytes and B=64, then K will be appended with 44 zero bytes 0x00 the minimal recommended length for K is L bytes 21 September 2016 MST CPE 5420 Data Integrity Algorithms 32

HMAC Inner and Outer Pads Involves two fixed and different strings: inner pad (ipad) and outer pad (opad) ipad = the Byte 0x36 repeated B times opad = the Byte 0x5C repeated B times HMAC function is: H(K opad, H(K ipad, m)) 21 September 2016 MST CPE 5420 Data Integrity Algorithms 33

HMAC Operation HMAC function is: H(K opad, H(K ipad, m)) 1. Append zeros to end of K to create a B byte string 2. XOR B byte string computed in step (1) with ipad 3. Append (concatenate) stream of data (m) to 1. B byte string resulting from step (2) 4. Apply H to the stream generated in step (3) 5. XOR B byte string computed in step (1) with opad 6. Append the H result (4) to the B byte string from (5) 7. Apply H to stream generated in (6) and output result 21 September 2016 MST CPE 5420 Data Integrity Algorithms 34

Data Integrity Algorithms Digital Signature Algorithms Hash algorithms Message authentication algorithms Digital signature algorithms 21 September 2016 MST CPE 5420 Data Integrity Algorithms 35

Digital Signatures Overview The hash value is encrypted with a user s private key Anyone who knows the user s public key can verify the integrity of the message An attacker who wishes to alter the message would need to know the user s private key 21 September 2016 MST CPE 5420 Data Integrity Algorithms 36

Digital Signatures Algorithms Elgamal digital signature schemes Schnorr digital signature schemes Digital Signature Algorithm (DSA) Elliptic Curve Digital Signature Algorithm (ECDSA) RSA Probabilistic Signature Scheme (RSA-PSS) 21 September 2016 MST CPE 5420 Data Integrity Algorithms 37

Digital Signatures Generic Digital Signature Process Signature is generated with sender s private key Receiver verifies signature with sender s public key 21 September 2016 MST CPE 5420 Data Integrity Algorithms 38

Digital Signatures Generic Digital Signature Process Signature is generated with sender s private key Receiver verifies signature with sender s public key 21 September 2016 MST CPE 5420 Data Integrity Algorithms 39

Digital Signatures Properties It must verify author and date and time of signature It must authenticate contents at the time of signature digital signature function includes authentication function It must be verifiable by third parties to resolve disputes 21 September 2016 MST CPE 5420 Data Integrity Algorithms 40

Key-only attack Known message attack Digital Signatures Attacks Generic chosen message attack Directed chosen message attack Adaptive chosen message attack 21 September 2016 MST CPE 5420 Data Integrity Algorithms 41

Total break Universal forgery Selective forgery Existential forgery Digital Signatures Forgeries 21 September 2016 MST CPE 5420 Data Integrity Algorithms 42

Digital Signatures Requirements Signature must be a bit pattern that depends on the message being signed Signature must use information unique to sender to prevent both forgery and denial It must be relatively easy to produce signature It must be easy to recognize and verify the signature It must be infeasible to forge signature either by constructing new message for an existing signature by constructing a fraudulent signature for a given message It must be practical to retain signature in storage 21 September 2016 MST CPE 5420 Data Integrity Algorithms 43

Digital Signature Algorithms ElGamal Digital Signature Scheme uses of the private key for encryption Scheme uses the public key for decryption Global elements are a prime number q and α α is a primitive root of q Use private key for encryption (signing) Uses public key for decryption (verification) 21 September 2016 MST CPE 5420 Data Integrity Algorithms 44

Digital Signature Algorithms NIST Digital Signature Published by NIST as FIPS standard 186 FIPS-186-0: 1993 FIPS-186-1: 1996 FIPS-186-2: 2000 FIPS-186-3: 2009 FIPS-186-4: 2013 Makes use of the Secure Hash Algorithm (SHA) The latest version incorporates DSA based on: RSA elliptic curve cryptography 21 September 2016 MST CPE 5420 Data Integrity Algorithms 45

Digital Signatures Algorithms RSA Approach The hash code is encrypted using public-key encryption with the sender s private key this provides authentication It also provides a digital signature only sender could have produced the encrypted hash code 21 September 2016 MST CPE 5420 Data Integrity Algorithms 46

Digital Signatures Algorithms DSA Approach Hash code is provided as input to signature function along with a random number k The signature function also depends on: sender s private key a global public key 21 September 2016 MST CPE 5420 Data Integrity Algorithms 47

Digital Signatures Algorithms RSA vs. DSA Approach Egemen K. Çetinkaya 21 September 2016 MST CPE 5420 Data Integrity Algorithms 48

Data Integrity Algorithms What are the differences and similarities? Hash function? MAC? DS? 21 September 2016 MST CPE 5420 Data Integrity Algorithms 49

Data Integrity Algorithms What are the differences and similarities? 21 September 2016 MST CPE 5420 Data Integrity Algorithms 50

References and Further Reading [KPS2002] Charlie Kaufman, Radia Perlman, and Mike Speciner, Network Security: Private Communication in a Public World, 2nd edition, Prentice Hall, 2002. [S2017] William Stallings, Cryptography and Network Security: Principles and Practice, 7th edition, Prentice Hall, 2017. 21 September 2016 MST CPE 5420 Data Integrity Algorithms 51

References and Further Reading Historic: MD2: RFC 1329, MD4: RFC 1320, MD5: RFC 1321 MD6: http://groups.csail.mit.edu/cis/md6 Draft SHS: FIPS-202 http://csrc.nist.gov/publications/drafts/fips-202/fips_202_draft.pdf SHS: FIPS 180-4 http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf SHA: RFC 6234 HMAC: RFC 2104, RFC 6151 DSS: FIPS-186-4 http://dx.doi.org/10.6028/nist.fips.186-4 Attacks on hash functions: RFC 4270 21 September 2016 MST CPE 5420 Data Integrity Algorithms 52

End of Foils 21 September 2016 MST CPE 5420 Data Integrity Algorithms 53

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback