Download Cryptography: Message Authentication, Hash Functions, and Public-Key Encryption and more Slides Computer Security in PDF only on Docsity!
Lecture 4
Cryptographic Tools (cont)
Message Authentication
protects against
active attacks
verifies received
message is
authentic
can use
conventional
encryption
altered
- from authentic source
- timely and in correct
sequence
share a key
Secure Hash
Functions
Message
Authentication
Using a
One-Way
Hash Function
Security of Hash Functions
• approaches to attack a secure hash function
– cryptanalysis
• exploit logical weaknesses in the algorithm
– brute-force attack
• strength of hash function depends solely on the length of
the hash code produced by the algorithm
• additional secure hash function applications:
– Passwords : hash of a password is stored by an
operating system
– intrusion detection : store H(F) for each file on a
system and secure the hash values
Public-Key Encryption Structure
publicly
proposed by
Diffie and
Hellman in 1976
based on
mathematical
functions
asymmetric
separate keys
private key
made public for
others to use
some form of
protocol is needed for
distribution
Private-Key Encryption
Requirements for Public-Key Crypto.
computationally
easy to create
key pairs
computationally easy for
sender knowing public
key to encrypt messages
computationally easy for
receiver knowing private
key to decrypt
ciphertext
computationally
infeasible for opponent
to determine private key
from public key
computationally
infeasible for opponent
to otherwise recover
original message
useful if either key can
be used for each role
Applications for Public-Key Cryptosystems
Digital Signatures
• used for authenticating both source and data
integrity
• created by encrypting hash code with private
key
• does not provide confidentiality
– even in the case of complete encryption
– message is safe from alteration but not
eavesdropping
Digital Envelopes
• protects a message
without needing to
first arrange for
sender and receiver
to have the same
secret key
• equates to the same
thing as a sealed
envelope containing
an unsigned letter
Random Numbers
- Uses include generation of:
- keys for public-key algorithms
- stream key for symmetric
stream cipher
- symmetric key for use as a
temporary session key or in
creating a digital envelope
- handshaking to prevent replay
attacks
Random versus Pseudorandom
• cryptographic applications typically use algorithms for
random number generation
– algorithms are deterministic and therefore produce sequences of
numbers that are not statistically random
• pseudorandom numbers are:
– sequences produced that satisfy statistical randomness tests
– likely to be predictable
• true random number generator (TRNG):
– uses a nondeterministic source to produce randomness
– most operate by measuring unpredictable natural processes
- e.g. radiation, gas discharge, leaky capacitors
– increasingly provided on modern processors
Application: Encryption of Stored Data
common to encrypt transmitted data
there is often little much less common for stored data protection beyond domain authentication and operating system access controls
data are archived for indefinite periods
even though erased, until disk sectors are reused data are recoverable
approaches to encrypt stored data:
use a commercially available encryption package
back-end appliance
library based tape encryption
background laptop/PC data encryption