Why Computer Security

The past decade has seen an explosion in the concern for the security of information
Malicious codes (viruses, worms, etc.) caused over $28 billion in economic losses in 2003, and will grow to over $75 billion by 2007

Security specialists markets are expanding !

Full-time information security professionals will rise almost 14% per year around the world, going past 2.1 million in 2008 (IDC report)

Why Computer Security (contd)

Internet attacks are increasing in frequency, severity and sophistication

Denial of service (DoS) attacks

Cost $1.2 billion in 2000 1999 CSI/FBI survey 32% of respondents detected DoS attacks directed to their systems Thousands of attacks per week in 2001 Yahoo, Amazon, eBay, Microsoft, White House, etc., attacked

Why Computer Security (contd)

Virus and worms faster and powerful
Melissa, Nimda, Code Red, Code Red II, Slammer Cause over $28 billion in economic losses in 2003, growing to over $75 billion in economic losses by 2007. Code Red (2001): 13 hours infected >360K machines $2.4 billion loss Slammer (2003): 15 minutes infected > 75K machines $1 billion loss

Spams, phishing
New Internet security landscape emerging: BOTNETS !

Outline
History of Security and Definitions

Overview of Cryptography
Symmetric Cipher
Classical Symmetric Cipher
Modern Symmetric Ciphers (DES and AES)

Asymmetric Cipher One-way Hash Functions and Message Digest

The History of Computing

For a long time, security was largely ignored in the community
The computer industry was in survival mode, struggling to overcome technological and economic hurdles As a result, a lot of comers were cut and many compromises made There was lots of theory, and even examples of systems built with very good security, but were largely ignored or unsuccessful
E.g., ADA language vs. C (powerful and easy to use)

Computing Today is Very Different

Computers today are far from survival mode
Performance is abundant and the cost is very cheap As a result, computers now ubiquitous at every facet of society

Internet
Computers are all connected and interdependent This codependency magnifies the effects of any failures

Biological Analogy
Computing today is very homogeneous.
A single architecture and a handful of OS dominates

In biology, homogeneous populations are in danger

A single disease or virus can wipe them out overnight because they all share the same weakness The disease only needs a vector to travel among hosts

Computers are like the animals, the Internet provides the vector.
It is like having only one kind of cow in the world, and having them drink from one single pool of water!

The Spread of Sapphire/Slammer Worms

The Flash Worm

Slammer worm infected 75,000 machines in <15 minutes A properly designed worm, flash worm, can take less than 1 second to compromise 1 million vulnerable machines in the Internet
The Top Speed of Flash Worms. S. Staniford, D. Moore, V. Paxson and N. Weaver, ACM WORM Workshop 2004. Exploit many vectors such as P2P file sharing, intelligent scanning, hitlists, etc.

The Definition of Computer Security

Security is a state of well-being of information and infrastructures in which the possibility of successful yet undetected theft, tampering, and disruption of information and services is kept low or tolerable Security rests on confidentiality, authenticity, integrity, and availability

The Basic Components

Confidentiality is the concealment of information or resources.
E.g., only sender, intended receiver should understand message contents

Authenticity is the identification and assurance of the origin of information. Integrity refers to the trustworthiness of data or resources in terms of preventing improper and unauthorized changes.

Availability refers to the ability to use the information or resource desired.

Security Threats and Attacks

A threat/vulnerability is a potential violation of security.
Flaws in design, implementation, and operation.

An attack is any action that violates security.

Active adversary

An attack has an implicit concept of intent

Router mis-configuration or server crash can also cause loss of availability, but they are not attacks

Friends and enemies: Alice, Bob, Trudy

well-known in network security world Bob, Alice (lovers!) want to communicate securely Trudy (intruder) may intercept, delete, add messages Alice secure sender channel
data, control messages

Bob

data

secure receiver
Trudy

data

Eavesdropping - Message Interception (Attack on Confidentiality)

Unauthorized access to information
Packet sniffers and wiretappers Illicit copying of files and programs

Eavesdropper

Integrity Attack - Tampering With Messages

Stop the flow of the message Delay and optionally modify the message Release the message again

Perpetrator

Authenticity Attack - Fabrication

Unauthorized assumption of others identity Generate and distribute objects under this identity

Masquerader: from A

Attack on Availability
Destroy hardware (cutting fiber) or software Modify software in a subtle way (alias commands) Corrupt packets in transit

Blatant denial of service (DoS):

Crashing the server

Overwhelm the server (use up its resource)

Classify Security Attacks as

Passive attacks - eavesdropping on, or monitoring of, transmissions to:
obtain message contents, or monitor traffic flows

Active attacks modification of data stream to:

masquerade of one entity as some other replay previous messages modify messages in transit denial of service

Outline
Overview of Cryptography

Symmetric Cipher
Classical Symmetric Cipher Modern Symmetric Ciphers (DES and AES)

Asymmetric Cipher One-way Hash Functions and Message Digest

Basic Terminology
plaintext - the original message ciphertext - the coded message

cipher - algorithm for transforming plaintext to ciphertext

key - info used in cipher known only to sender/receiver encipher (encrypt) - converting plaintext to ciphertext

decipher (decrypt) - recovering ciphertext from plaintext

cryptography - study of encryption principles/methods cryptanalysis (codebreaking) - the study of principles/ methods of deciphering ciphertext without knowing key cryptology - the field of both cryptography and cryptanalysis

Classification of Cryptography
Number of keys used
Hash functions: no key
Secret key cryptography: one key Public key cryptography: two keys - public, private

Type of encryption operations used

substitution / transposition / product

Way in which plaintext is processed

block / stream

Secret Key vs. Secret Algorithm

Secret algorithm: additional hurdle Hard to keep secret if used widely:
Reverse engineering, social engineering

Commercial: published
Wide review, trust

Military: avoid giving enemy good ideas

Unconditional vs. Computational Security

Unconditional security
No matter how much computer power is available, the cipher cannot be broken
The ciphertext provides insufficient information to uniquely determine the corresponding plaintext Only one-time pad scheme qualifies

Computational security
The cost of breaking the cipher exceeds the value of the encrypted info
The time required to break the cipher exceeds the useful lifetime of the info

Brute Force Search

Always possible to simply try every key Most basic attack, proportional to key size Assume either know / recognise plaintext
Key Size (bits) Number of Alternative Keys Time required at 1 decryption/s Time required at 106 decryptions/s

32
56 128 168

232 = 4.3 109

256 = 7.2 1016 2128 = 3.4 1038 2168 = 3.7 1050

231 s
255 s 2127 s years 2167 s years

= 35.8 minutes
= 1142 years = 5.4 1024 = 5.9 1036

2.15 milliseconds
10.01 hours 5.4 1018 years 5.9 1030 years

26 characters (permutation)

26! = 4 1026

2 1026 s = 6.4 1012 years

6.4 106 years

Outline
Overview of Cryptography

Classical Symmetric Cipher

Substitution Cipher Transposition Cipher

Modern Symmetric Ciphers (DES and AES) Asymmetric Cipher One-way Hash Functions and Message Digest

Symmetric Cipher Model

Requirements
Two requirements for secure use of symmetric encryption:
a strong encryption algorithm a secret key known only to sender / receiver

Y = EK(X)
X = DK(Y)

Assume encryption algorithm is known Implies a secure channel to distribute key

Classical Substitution Ciphers

Letters of plaintext are replaced by other letters or by numbers or symbols Plaintext is viewed as a sequence of bits, then substitution replaces plaintext bit patterns with ciphertext bit patterns

Caesar Cipher
Earliest known substitution cipher

Replaces each letter by 3rd letter on

Example:
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB

Caesar Cipher
Define transformation as:
a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

Mathematically give each letter a number

a b c d e f g h i j k l m 0 1 2 3 4 5 6 7 8 9 10 11 12 n o p q r s t u v w x y Z

13 14 15 16 17 18 19 20 21 22 23 24 25

Then have Caesar cipher as:

C = E(p) = (p + k) mod (26) p = D(C) = (C k) mod (26)

Cryptanalysis of Caesar Cipher

Only have 25 possible ciphers
A maps to B,..Z

Given ciphertext, just try all shifts of letters Do need to recognize when have plaintext E.g., break ciphertext "GCUA VQ DTGCM How to make it harder?

Monoalphabetic Cipher
Rather than just shifting the alphabet

Could shuffle (jumble) the letters arbitrarily

Each plaintext letter maps to a different random ciphertext letter

Key is 26 letters long

Plain: abcdefghijklmnopqrstuvwxyz

Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN Plaintext: ifwewishtoreplaceletters

Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA

Monoalphabetic Cipher Security

Now have a total of 26! = 4 x 1026 keys

Is that secure?
Problem is language characteristics
Human languages are redundant
Letters are not equally commonly used

English Letter Frequencies

Note that all human languages have varying letter frequencies, though the number of letters and their frequencies varies.

Example Cryptanalysis
Given ciphertext:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

Count relative letter frequencies (see text)

Guess P & Z are e and t

Guess ZW is th and hence ZWP is the Proceeding with trial and error finally get:
it was disclosed yesterday that several informal but direct contacts have been made with political representatives of the viet cong in moscow

Transposition Ciphers
Now consider classical transposition or permutation ciphers These hide the message by rearranging the letter order, without altering the actual letters used Any shortcut for breaking it? Can recognise these since have the same frequency distribution as the original text

Rail Fence Cipher

Write message letters out diagonally over a number of rows Then read off cipher row by row E.g., write message out as:
m e m a t r h t g p r y e t e f e t e o a a t

Giving ciphertext
MEMATRHTGPRYETEFETEOAAT

Product Ciphers
Ciphers using substitutions or transpositions are not secure because of language characteristics Hence consider using several ciphers in succession to make harder, but:
Two substitutions make another substitution
Two transpositions make a more complex transposition But a substitution followed by a transposition makes a new much harder cipher

This is bridge from classical to modern ciphers

Rotor Machines
Before modern ciphers, rotor machines were most common complex ciphers in use Widely used in WW2
German Enigma, Allied Hagelin, Japanese Purple

Implemented a very complex, varying substitution cipher

Outline
Overview of Cryptography

Classical Symmetric Cipher

Modern Symmetric Ciphers (DES/AES)

Asymmetric Cipher
One-way Hash Functions and Message Digest

Block vs Stream Ciphers

Block ciphers process messages in into blocks, each of which is then en/decrypted Like a substitution on very big characters
64-bits or more

Stream ciphers process messages a bit or byte at a time when en/decrypting

Many current ciphers are block ciphers, one of the most widely used types of cryptographic algorithms

Block Cipher Principles

Most symmetric block ciphers are based on a Feistel Cipher Structure

Block ciphers look like an extremely large substitution

Would need table of 264 entries for a 64-bit block Instead create from smaller building blocks Using idea of a product cipher

Ideal Block Cipher

Substitution-Permutation Ciphers
Substitution-permutation (S-P) networks
[Shannon, 1949]
modern substitution-transposition product cipher

These form the basis of modern block ciphers

S-P networks are based on the two primitive cryptographic operations

substitution (S-box) permutation (P-box)

provide confusion and diffusion of message

Feistel Cipher Structure

Feistel cipher implements Shannons S-P network concept
based on invertible product cipher

Process through multiple rounds which

partitions input block into two halves
perform a substitution on left data half based on round function of right half & subkey then have permutation swapping halves

Feistel Cipher Structure

Feistel Cipher Decryption

DES (Data Encryption Standard)

Published in 1977, standardized in 1979. Key: 64 bit quantity=8-bit parity+56-bit key
Every 8th bit is a parity bit.

64 bit input, 64 bit output.

64 bit M DES Encryption 64 bit C

56 bits

DES Top View

64-bit 48-bitInput K1 Permutation Round 1 Round 2 Initial Permutation 48-bit K1 48-bit K2 48-bit K16 Swap 32-bit halves Final Permutation 56-bit Key Generate keys

...
Round 16

Swap
Permutation 64-bit Output

DES Summary
Simple, easy to implement:
Hardware/gigabits/second, software/megabits/second

56-bit key DES may be acceptable for noncritical applications but triple DES (DES3) should be secure for most applications today Supports several operation modes (ECB CBC, OFB, CFB) for different applications

Avalanche Effect
Key desirable property of encryption alg

Where a change of one input or key bit results in changing more than half output bits
DES exhibits strong avalanche

Strength of DES Key Size

56-bit keys have 256 = 7.2 x 1016 values Brute force search looks hard Recent advances have shown is possible
in 1997 on a huge cluster of computers over the Internet in a few months in 1998 on dedicated hardware called DES cracker by EFF in a few days ($220,000)

in 1999 above combined in 22hrs!

Still must be able to recognize plaintext No big flaw for DES algorithms

DES Replacement
Triple-DES (3DES)
168-bit key, no brute force attacks Underlying encryption algorithm the same, no effective analytic attacks Drawbacks
Performance: no efficient software codes for DES/3DES Efficiency/security: bigger block size desirable

Advanced Encryption Standards (AES)

US NIST issued call for ciphers in 1997 Rijndael was selected as the AES in Oct-2000

AES
Private key symmetric block cipher 128-bit data, 128/192/256-bit keys

Stronger & faster than Triple-DES

Provide full specification & design details

Evaluation criteria
Security: effort to practically cryptanalysis Cost: computational efficiency and memory requirement Algorithm & implementation characteristics: flexibility to apps, hardware/software suitability, simplicity

AES Shortlist
After testing and evaluation, shortlist in Aug99:
MARS (IBM) - complex, fast, high security margin RC6 (USA) - v. simple, v. fast, low security margin

Rijndael (Belgium) - clean, fast, good security margin

Serpent (Euro) - slow, clean, v. high security margin Twofish (USA) - complex, v. fast, high security margin

Then subject to further analysis & comment

Outlines
Symmetric Cipher
Classical Symmetric Cipher
Modern Symmetric Ciphers (DES and AES)

Asymmetric Cipher One-way Hash Functions and Message Digest

Private-Key Cryptography
Private/secret/single key cryptography uses one key Shared by both sender and receiver If this key is disclosed communications are compromised Also is symmetric, parties are equal Hence does not protect sender from receiver forging a message & claiming is sent by sender

Public-Key Cryptography
Probably most significant advance in the 3000 year history of cryptography Uses two keys a public & a private key Asymmetric since parties are not equal Uses clever application of number theoretic concepts to function Complements rather than replaces private key crypto

Public-Key Cryptography
Public-key/two-key/asymmetric cryptography involves the use of two keys:
a public-key, which may be known by anybody, and can be used to encrypt messages, and verify signatures a private-key, known only to the recipient, used to decrypt messages, and sign (create) signatures

Asymmetric because
those who encrypt messages or verify signatures cannot decrypt messages or create signatures

Public-Key Cryptography

Public-Key Characteristics
Public-Key algorithms rely on two keys with the characteristics that it is:
computationally infeasible to find decryption key knowing only algorithm & encryption key computationally easy to en/decrypt messages when the relevant (en/decrypt) key is known either of the two related keys can be used for encryption, with the other used for decryption (in some schemes)

Analogy to delivery w/ a padlocked box

Public-Key Cryptosystems

Two major applications:

encryption/decryption (provide secrecy)

digital signatures (provide authentication)

RSA (Rivest, Shamir, Adleman)

The most popular one.

Support both public key encryption and digital signature.

Assumption/theoretical basis:
Factoring a big number is hard.

Variable key length (usually 512 bits). Variable plaintext block size.
Plaintext must be smaller than the key. Ciphertext block size is the same as the key length.

What Is RSA?
To generate key pair:
Pick large primes (>= 256 bits each) p and q Let n = p*q, keep your p and q to yourself! For public key, choose e that is relatively prime to (n) =(p-1)(q-1), let pub = <e,n> For private key, find d that is the multiplicative inverse of e mod (n), i.e., e*d = 1 mod (n), let priv = <d,n>

RSA Example
1. Select primes: p=17 & q=11

2.
3. 4. 5. 6. 7.

Compute n = pq =1711=187
Compute (n)=(p1)(q-1)=1610=160 Select e : gcd(e,160)=1; choose e=7 Determine d: de=1 mod 160 and d < 160 Value is d=23 since 237=161= 10160+1 Publish public key KU={7,187} Keep secret private key KR={23,17,11}

How Does RSA Work?

Given pub = <e, n> and priv = <d, n>
encryption: c = me mod n, m < n decryption: m = cd mod n signature: s = md mod n, m < n verification: m = se mod n

given message M = 88 (nb. 88<187) encryption:

C = 887 mod 187 = 11

decryption:
M = 1123 mod 187 = 88

Is RSA Secure?
Factoring 512-bit number is very hard! But if you can factor big number n then given public key <e,n>, you can find d, hence the private key by:
Knowing factors p, q, such that, n = p*q Then (n) =(p-1)(q-1) Then d such that e*d = 1 mod (n)

Threat
Moores law Refinement of factorizing algorithms

For the near future, a key of 1024 or 2048 bits needed

Symmetric (DES) vs. Public Key (RSA)

Exponentiation of RSA is expensive ! AES and DES are much faster
100 times faster in software 1,000 to 10,000 times faster in hardware

RSA often used in combination in AES and DES

Pass the session key with RSA

Outline
History of Security and Definitions

Overview of Cryptography
Symmetric Cipher
Classical Symmetric Cipher
Modern Symmetric Ciphers (DES and AES)

Asymmetric Cipher One-way Hash Functions and Message Digest

Confidentiality => Authenticity ?

Symmetric cipher ?
Shared key problem
Plaintext has to be intelligible/understandable

Asymmetric cipher?
Too expensive Plaintext has to be intelligible/understandable Desirable to cipher on a much smaller size of data which uniquely represents the long message

Hash Functions
Condenses arbitrary message to fixed size
h = H(M)

Usually assume that the hash function is public and not keyed Hash used to detect changes to message Can use in various ways with message

Most often to create a digital signature

Hash Functions & Digital Signatures

Requirements for Hash Functions

1. Can be applied to any sized message M 2. Produces fixed-length output h 3. Is easy to compute h=H(M) for any message M 4. Given h is infeasible to find x s.t. H(x)=h
One-way property

5. Given x is infeasible to find y s.t. H(y)=H(x)

Weak collision resistance

Strong collision resistance

6. Is infeasible to find any x,y s.t. H(y)=H(x)

Birthday Problem
How many people do you need so that the probability of having two of them share the same birthday is > 50% ?

Random sample of n birthdays (input) taken from k (365, output)

kn total number of possibilities

(k)n=k(k-1)(k-n+1) possibilities without duplicate birthday

Probability of no repetition:
p = (k)n/kn 1 - n(n-1)/2k

For k=366, minimum n = 23

n(n-1)/2 pairs, each pair has a probability 1/k of having the same output n(n-1)/2k > 50% n>k1/2

How Many Bits for Hash?

m bits, takes 2m/2 to find two with the same hash 64 bits, takes 232 messages to search (doable) Need at least 128 bits

Using Hash for Authentication

Assuming share a key KAB

Alice to Bob: challenge rA

Bob to Alice: MD(KAB|rA)

Bob to Alice: rB
Alice to Bob: MD(KAB|rB) Only need to compare MD results

General Structure of Secure Hash Code

Iterative compression function

Each f is collision-resistant, so is the resulting hashing

MD5: Message Digest Version 5

input Message

Output 128 bits Digest

Until recently the most widely used hash algorithm

in recent times have both brute-force & cryptanalytic concerns

Specified as Internet standard RFC1321

MD5 Overview

MD5 Overview
1. Pad message so its length is 448 mod 512 2. Append a 64-bit original length value to message 3. Initialise 4-word (128-bit) MD buffer (A,B,C,D) 4. Process message in 16-word (512-bit) blocks:
Using 4 rounds of 16 bit operations on message block & buffer Add output to buffer input to form new buffer value

5. Output hash value is the final buffer value

Processing of Block mi - 4 Passes

mi MDi

ABCD=fF(ABCD,mi,T[1..16])
C D B ABCD=fG(ABCD,mi,T[17..32]) ABCD=fH(ABCD,mi,T[33..48]) A

ABCD=fI(ABCD,mi,T[49..64])
+ + + +

MD i+1

Secure Hash Algorithm

Developed by NIST, specified in the Secure Hash Standard (SHS, FIPS Pub 180), 1993 SHA is specified as the hash algorithm in the Digital Signature Standard (DSS), NIST

General Logic
Input message must be < 264 bits
not really a problem

Message is processed in 512-bit blocks sequentially Message digest is 160 bits SHA design is similar to MD5, a little slower, but a lot stronger

SHA-1 verses MD5

Brute force attack is harder (160 vs 128 bits for MD5) A little slower than MD5 (80 vs 64 steps)
Both work well on a 32-bit architecture

Both designed as simple and compact for implementation

Cryptanalytic attacks
MD4/5: vulnerability discovered since its design
SHA-1: no until recent 2005 results raised concerns on its use in future applications

Revised Secure Hash Standard

NIST have issued a revision FIPS 180-2 in 2002 Adds 3 additional hash algorithms SHA-256, SHA-384, SHA-512
Collectively called SHA-2

Designed for compatibility with increased security provided by the AES cipher Structure & detail are similar to SHA-1 Hence analysis should be similar, but security levels are rather higher

Backup Slides

Cryptanalysis Scheme
Ciphertext only:
Exhaustive search until recognizable plaintext Need enough ciphertext

Known plaintext:
Secret may be revealed (by spy, time), thus <ciphertext, plaintext> pair is obtained
Great for monoalphabetic ciphers

Chosen plaintext:
Choose text, get encrypted Pick patterns to reveal the structure of the key

One-Time Pad
If a truly random key as long as the message is used, the cipher will be secure - One-Time pad E.g., a random sequence of 0s and 1s XORed to plaintext, no repetition of keys Unbreakable since ciphertext bears no statistical relationship to the plaintext For any plaintext, it needs a random key of the same length
Hard to generate large amount of keys

Have problem of safe distribution of key

Confusion and Diffusion

Cipher needs to completely obscure statistical properties of original message A one-time pad does this More practically Shannon suggested S-P networks to obtain: Diffusion dissipates statistical structure of plaintext over bulk of ciphertext

Confusion makes relationship between ciphertext and key as complex as possible

Bit Permutation (1-to-1)

Input:

1 2 0 0

3 1

4 0

32 1
1 bit

Output

1 22

0 6

..

1 3

13 32

Per-Round Key Generation

Initial Permutation of DES key C i-1 28 bits Circular Left Shift D i-1 28 bits Circular Left Shift Round 1,2,9,16: single shift Others: two bits

One round
48 bits Ki

Permutation with Discard

Ci

28 bits

Di

28 bits

A DES Round
32 bits Ln 32 bits Rn

One Round Encryption

Mangler Function

48 bits

S-Boxes
P 32 bits 32 bits Ln+1 32 bits Rn+1

48 bits Ki

Mangler Function
4 4 4 4 4 4 4 4 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6

+ The permutation produces spread among the chunks/S-boxes!

S1 S2 S3 S4 S5 S6 S7 S8 4 4 4 4 4 4 4 4 Permutation

Bits Expansion (1-to-m)

Input:

1 2 0 0

3 1

4 0

5 . 1

32 1

Output 1 1 0 2 0 3 1 4 0 5 1 6 0 7 1 8 .. 1 0 48

S-Box (Substitute and Shrink)

48 bits ==> 32 bits. (8*6 ==> 8*4)

2 bits used to select amongst 4 substitutions for the rest of the 4-bit quantity
2 bits row

4 bits column

I1 I2 I3 I4 I5 I6

Si
i = 1,8.

O1 O2 O3 O4

S-Box Examples
Each row and column contain different numbers.

0
0 14

1
4

2
13

3
1

4
2

5
15

6
11

7
8

8
3

9. 15

1
2

0
4

15
1

7
14

4
8

14
13

2
6

13
2

1
11

10
15

15

12

Example: input: 100110 output: ???

Padding Twist
Given original message M, add padding bits 10* such that resulting length is 64 bits less than a multiple of 512 bits. Append (original length in bits mod 264), represented in 64 bits to the padded message Final message is chopped 512 bits a block

Why Does RSA Work?

Given pub = <e, n> and priv = <d, n>
n =p*q, (n) =(p-1)(q-1)
e*d = 1 mod (n) xed = x mod n encryption: c = me mod n decryption: m = cd mod n = med mod n = m mod n = m (since m < n) digital signature (similar)

Using Hash to Encrypt

One-time pad with KAB
Compute bit streams using MD, and K
b1=MD(KAB), bi=MD(KAB|bi-1),

with message blocks Is this a real one-time pad ? Add a random 64 bit number (aka IV) b1=MD(KAB|IV), bi=MD(KAB|bi-1),

MD5 Process
As many stages as the number of 512-bit blocks in the final padded message Digest: 4 32-bit words: MD=A|B|C|D Every message block contains 16 32-bit words: m0|m1|m2|m15
Digest MD0 initialized to: A=01234567,B=89abcdef,C=fedcba98, D=76543210 Every stage consists of 4 passes over the message block, each modifying MD

Each block 4 rounds, each round 16 steps

Different Passes...
Each step i (1 <= i <= 64): Input:
mi a 32-bit word from the message With different shift every round

Ti int(232 * abs(sin(i)))
Provided a randomized set of 32-bit patterns, which eliminate any regularities in the input data ABCD: current MD

Output:
ABCD: new MD

MD5 Compression Function

Each round has 16 steps of the form:
a = b+((a+g(b,c,d)+X[k]+T[i])<<<s)

a,b,c,d refer to the 4 words of the buffer, but used in varying permutations
note this updates 1 word only of the buffer after 16 steps each word is updated 4 times

where g(b,c,d) is a different nonlinear function in each round (F,G,H,I)

MD5 Compression Function

Functions and Random Numbers

F(x,y,z) == (xy)(~x z)
selection function

G(x,y,z) == (x z) (y ~ z) H(x,y,z) == xy z I(x,y,z) == y(x ~z)

Basic Steps for SHA-1

Step1: Padding Step2: Appending length as 64 bit unsigned

Step3: Initialize MD buffer 5 32-bit words

Store in big endian format, most significant bit in low address A|B|C|D|E A = 67452301 B = efcdab89

C = 98badcfe
D = 10325476 E = c3d2e1f0

Basic Steps...
Step 4: the 80-step processing of 512-bit blocks 4 rounds, 20 steps each. Each step t (0 <= t <= 79):
Input:
Wt a 32-bit word from the message
Kt a constant. ABCDE: current MD.

Output:
ABCDE: new MD.