Message Authentication and Hash Functions-System Security-Lecture Slides, Slides of Cryptography and System Security

This lecture was delivered by Dr. Samarendra Jeethesh at Ankit Institute of Technology and Science for System Security and Cryptography course. It includes: Authentication, Message, Hash, Functions, Security, Requirement, Encryption, MAC, Traffic, Analysis

Typology: Slides

2011/2012

Uploaded on 07/17/2012

pameela
pameela 🇮🇳

4.8

(5)

94 documents

1 / 21

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Chapter 11
Message
Authentication and Hash
Functions
At cats' green on the Sunday he took the message from
the inside of the pillar and added Peter Moran's name to
the two names already printed there in the "Brontosaur"
code. The message now read: “Leviathan to Dragon:
Martin Hillman, Trevor Allan, Peter Moran: observe and
tail.” What was the good of it John hardly knew. He felt
better, he felt that at last he had made an attack on Peter
Moran instead of waiting passively and effecting no
retaliation. Besides, what was the use of being in
possession of the key to the codes if he never took
advantage of it?
Talking to Strange Men, Ruth Rendell
docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15

Partial preview of the text

Download Message Authentication and Hash Functions-System Security-Lecture Slides and more Slides Cryptography and System Security in PDF only on Docsity!

Chapter 11 – Message

Authentication and Hash

Functions

At cats' green on the Sunday he took the message fromthe inside of the pillar and added Peter Moran's name tothe two names already printed there in the "Brontosaur"code. The message now read: “Leviathan to Dragon:Martin Hillman, Trevor Allan, Peter Moran: observe andtail.” What was the good of it John hardly knew. He feltbetter, he felt that at last he had made an attack on PeterMoran instead of waiting passively and effecting noretaliation. Besides, what was the use of being inpossession of the key to the codes if he never tookadvantage of it? Talking to Strange Men, Ruth Rendell

Message Authentication

 message authentication is concerned with:  protecting the integrity of a message  validating identity of originator  non-repudiation of origin (dispute resolution)  will consider the security requirements  then three alternative functions used:  message encryption  message authentication code (MAC)  hash function

Message Encryption

message encryption by itself also providesa measure of authentication

if symmetric encryption is used then:

 receiver know sender must have created it  since only sender and receiver now key used  know content cannot of been altered  if message has suitable structure, redundancyor a checksum to detect any changes

Message Encryption

if public-key encryption is used:

 encryption provides no confidence of sender  since anyone potentially knows public-key  however if

  • sender signs message using their private-key
    • then encrypts with recipients public key• have both secrecy and authentication  again need to recognize corrupted messages  but at cost of two public-key uses on message

Message Authentication Code

Message Authentication

Codes

 as shown the MAC provides authentication  can also use encryption for secrecy  generally use separate keys for each  can compute MAC either before or after encryption  is generally regarded as better done before  why use a MAC?  sometimes only authentication is needed  sometimes need authentication to persist longer thanthe encryption (eg. archival use)  note that a MAC is not a digital signature

Requirements for MACs

taking into account the types of attacks

need the MAC to satisfy the following:

knowing a message and MAC, is infeasibleto find another message with same MAC

MACs should be uniformly distributed

MAC should depend equally on all bits of themessage

Using Symmetric Ciphers for

MACs

can use any block cipher chaining modeand use final block as a MAC

Data Authentication Algorithm (DAA)

is

a widely used MAC based on DES-CBC

 using IV=0 and zero-pad of final block  encrypt message using DES in CBC mode  and send just the final block as the MAC

  • or the leftmost M bits ( ≤ M ≤
  1. of final block 

but final MAC is now too small for security

Hash Functions

condenses arbitrary message to fixed size

h = H(M) 

usually assume that the hash function ispublic and not keyed

 cf. MAC which is keyed 

hash used to detect changes to message

can use in various ways with message

most often to create a digital signature

Hash Functions & Digital

Signatures

Simple Hash Functions

are several proposals for simple functions

based on XOR of message blocks

not secure since can manipulate anymessage and either not change hash orchange hash also

need a stronger cryptographic function(next chapter)

Birthday Attacks

 might think a 64-bit hash is secure  but by Birthday Paradox is not  birthday attack works thus:  opponent generates 2 m /^2 variations of a valid message all with essentially the same meaning  opponent also generates 2 m /^2 variations of a desired fraudulent message  two sets of messages are compared to find pair withsame hash (probability > 0.5 by birthday paradox)  have user sign the valid message, then substitute theforgery which will have a valid signature  conclusion is that need to use larger MAC/hash

Hash Functions & MAC

Security

like block ciphers have:

brute-force

attacks exploiting

 strong collision resistance hash have cost 2 m /^2

  • have proposal for h/w MD5 cracker• 128-bit hash looks vulnerable, 160-bits better  MACs with known message-MAC pairs - can either attack keyspace (cf key search) or MAC• at least 128-bit MAC is needed for security

Hash Functions & MAC

Security

cryptanalytic attacks exploit structure  like block ciphers want brute-force attacks to be thebest alternative  have a number of analytic attacks on iteratedhash functions  CV i^ = f[CV i- , M ]; H(M)=CVi N  typically focus on collisions in function f  like block ciphers is often composed of rounds  attacks exploit properties of round functions