Beruflich Dokumente
Kultur Dokumente
Security
Applications of Cryptography:
Key Exchange, Message Digest, Signatures, Certificates
2/2016
I n st r u c to rs:
S e c t i o n : 1 D r. A s s a d a ra t K h u ra t a s s a d a ra t . k h u @ m a h i d o l . a c .t h
S e c t i o n : 2 D r. S u d s a n g u a n N ga m s u r i ya ro j s u d s a n g u a n . n ga @ m a h i d o l . a c .t h
S e c t i o n : 3 D r. D a m ra s Wo n g s a wa n g d a m ra s .w o n @ m a h i d o l . a c .t h
Applications of Cryptography
Public Key encryption is much slower than
Symmetric Key encryption
Public Key is only for specialized, infrequent tasks
Symmetric key is a real workhorse
Four applications of encryption
Key Exchange
Hash/Message Digest for Message Authentication/
Message Integrity
Digital Signatures
Certificates
ITCS461 COMPUTER AND COMMUNICATION
SECURITY
2
Key Exchange
Motivation:
X and Y dont know each other
X needs to send a secure message to Y (e.g. a credit card number
for shopping on a web site)
How to securely exchange the same key between two parties
Problems of key exchange
Important but not easy
To establish a secure session, we need a secure channel
Solved by public key cryptography since we can send a public key
even on an insecure channel
Proof:
x x x
KAB = yB A mod q = (a B mod q) A mod q
x x x x
= (a B) A mod q = (a A) B mod q
x x
= (a A mod q) B mod q = yAxB mod q
Other uses
As key stream generation
For password security
Use as a fingerprint of a program or document to detect any modification
MD5
Process arbitrary length of input
32-bit word computations
128-bit message digest as the output
Padded to 64 bits less than a multiple of 64 bytes (512 bits)
64-bit length field is added at the end
Processed in 16-byte chunks (16x8=128 bits)
Have 128-bit intermediate results
Do 4 passes per stage
Different constants for each message word in all passes
ITCS461 COMPUTER AND COMMUNICATION
SECURITY
32
MD5 Details
The message is padded (1 followed by 0s) such that its L
= 448 mod 512
Append an unsigned 64-bit which tells the length of the
message before padding
Initialize the 4-word (128-bit) buffer (A,B,C,D) as
shown in the diagram
The message is processed in 16-word (512-bit) chunks,
using 4 rounds of 16 bit operations each
ABCD=fH(ABCD,mi,T[33..48])
ABCD=fI(ABCD,mi,T[49..64])
+ + + +
MD i+1
in a single step
MD5 Compression Function
MD5 Insecurity
1993: Two different IV produce the same digest
1996: Collision of the compression function
2004: A project was done to crack MD5 using birthday attack
Aug 2004: collisions were found in 1 hour on IBM P690
March 2005: collisions within a few hours on a single notebook
March 2006: collisions within 1 minute on a single notebook
"Rainbow Tables" are available on the Internet to crack MD5
SHA-2
Overview of SHA-1
160 bit hash using 512 bit blocks and 32 bit operations
Five passes
Maximum message size is 264 bits
512 bits are expanded to 5x512 bits: nth word = xor of n-3,
n-8, n-14, and n-16
In SHA-1, these words are rotated left by one bit before
xor
Total 80 words: W0, ..., W79
W[40..59] f3 =
(BC)(BD)(CD)
W[60..79] f4 = BCD
A B C D E
Overview of SHA-512
SHA-512
Rounds
SHA Insecurity
SHA-0:
1998: Time complexity of SHA-0 was shown to be 2^61
compared to 2^80
12 Aug 2004: Collision for SHA-0 with 2^51 complexity
17 Aug 2004: Collision for SHA-0 with 2^40
SHA-1:
Phased out by 2010 by SHA-2
Feb 2005: 2^69 operations instead of 2^80
17 Aug 2005: 2^63 for finding a collision
2^35 compression function evaluations for 64-round SHA-1
SHA Comparison
Security of HMAC
Security based on underlying hash strength have a
chance of successful forgery given time and number of
msg-MAC pairs
The successful attack on HMAC is equivalent to
either attacker is able to compute output, even IV with
random, secret and unknown
brute force key O(2n), or use birthday attack
or attacker finds collisions in hash function even when
IV is random and secret, that is, find M and M' such that
H(M) = H(M')