Network Security: Message Integrity and Digital Signatures, Slides of Computer Networks

Message integrity and digital signatures in the context of network security. Topics include message digests, hash functions, message authentication codes (mac), hmac, and digital signatures. The document also covers the importance of message integrity and the use of these techniques to ensure it.

Typology: Slides

2012/2013

Uploaded on 04/25/2013

avanti
avanti 🇮🇳

4.4

(11)

112 documents

1 / 27

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Lecture 22
Network Security (cont)
slides are modified from Dave Hollinger
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b

Partial preview of the text

Download Network Security: Message Integrity and Digital Signatures and more Slides Computer Networks in PDF only on Docsity!

Lecture 22

Network Security (cont)

slides are modified from Dave Hollinger

Chapter 8 roadmap

8.1 What is network security?

8.2 Principles of cryptography

8.3 Message integrity

8.4 Securing e-mail

8.5 Securing TCP connections: SSL

8.6 Network layer security: IPsec

8.7 Securing wireless LANs

8.8 Operational security: firewalls and IDS

Message Digests

  • Function H( ) that takes as input an arbitrary length message and outputs a fixed-length string: “message signature”
  • Note that H( ) is a many-to- function
  • H( ) is often called a “hash function” - Desirable properties: - Easy to calculate - Irreversibility : Can’t determine m from H(m) - Collision resistance : Computationally difficult to produce m and m’ such that H(m) = H(m’) - Seemingly random output

4

large message m

H: Hash Function

H(m)

Internet checksum: poor message digest

Internet checksum has some properties of hash function:  produces fixed length digest (16-bit sum) of input  is many-to-one

5

 But given message with given hash value, it is easy to find another message with same hash value.

 Example: Simplified checksum: add 4-byte chunks at a time:

I O U 1
9 B O B
49 4F 55 31
39 42 D2 42

message ASCII format

B2 C1 D2 AC
I O U 9
9 B O B
49 4F 55 39
39 42 D2 42

message ASCII format

different messages^ B2 C1 D2 AC but identical checksums!

Message Authentication Code (MAC)

  • Authenticates sender
  • Verifies message integrity
  • No encryption!
  • Also called “keyed hash”
  • Notation: MD (^) m = H(s||m) ; send m||MD (^) m

7

message

H( )

s

message^ message

s

H( )

compare

s = shared secret

HMAC

• Popular MAC standard

• Addresses some subtle security flaws

1. Concatenates secret to front of message.

2. Hashes concatenated message

3. Concatenates the secret to front of digest

4. Hashes the combination again.

OSPF Authentication

  • Within an Autonomous

System, routers send OSPF

messages to each other.

  • OSPF provides

authentication choices

  • No authentication
  • Shared password: inserted in clear in 64-bit authentication field in OSPF packet
  • Cryptographic hash
    • Cryptographic hash with

MD

  • 64-bit authentication field includes 32-bit sequence number
  • MD5 is run over a concatenation of the OSPF packet and shared secret key
  • MD5 hash then appended to OSPF packet; encapsulated in IP datagram

End-point authentication

• Want to be sure of the originator of the

message

– end-point authentication

• Assuming Alice and Bob have a shared secret,

will MAC provide end-point authentication.

– We do know that Alice created the message.

– But did she send it?

“I am Alice”

R

MAC

Transfer $1M from Bill to Susan

MAC =

f(msg,s,R)

Defending against playback

attack: nonce

Digital Signatures

Cryptographic technique analogous to hand-written

signatures.

  • sender (Bob) digitally signs document, establishing he is

document owner/creator.

  • Goal is similar to that of a MAC,
    • except now use public-key cryptography
  • verifiable, nonforgeable: recipient (Alice) can prove to

someone that Bob, and no one else (including Alice),

must have signed document

Alice verifies signature and integrity of digitally signed message:

16

large message m

H: Hash function H(m)

digital signature (encrypt)

Bob’s private key (^) K B

Bob sends digitally signed message:

KB^ - (H(m))

encrypted msg digest

KB (H(m))

encrypted msg digest

large message m

H: Hash function

H(m)

digital signature (decrypt)

H(m)

Bob’s public key (^) K B

equal

Digital signature = signed message digest

Digital Signatures (more)

  • Suppose Alice receives msg m, digital signature K (^) B(m)
  • Alice verifies m signed by Bob by applying Bob’s public key K (^) B to

KB(m) then checks KB(KB(m) ) = m.

  • If K (^) B(KB(m) ) = m, whoever signed m must have used Bob’s private

key.

Alice thus verifies that:

 Bob signed m.

 No one else signed m.

 Bob signed m and not m’.

Non-repudiation:

 Alice can take m, and signature K B(m) to court and prove

that Bob signed m.

17

  • (^) +

Certification Authorities

  • Certification authority (CA): binds public key to particular

entity, E.

  • E (person, router) registers its public key with CA.
    • E provides “proof of identity” to CA.
    • CA creates certificate binding E to its public key.
    • certificate containing E’s public key digitally signed by CA – CA says “this is E’s public key”

19

Bob’s public key KB

Bob’s identifying information

digital signature (encrypt) CA private key KCA

KB

certificate for Bob’s public key, signed by CA

Certification Authorities

  • When Alice wants Bob’s public key:
    • gets Bob’s certificate (from Bob or elsewhere).
    • apply CA’s public key to Bob’s certificate, get Bob’s public key

20

Bob’s public KB^ + key

digital signature (decrypt)

CA public key

KCA^ +

KB