Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Chap 11. Message Authentication and Hash Functions

    Hochgeladen von

    YazanAlomari
    26 Ansichten26 Seiten
    This document discusses message authentication and hash functions. It describes the requirements for message authentication, including verifying the source and integrity of messages. It then discusses different types of authentication functions, including message encryption, message authentication codes (MACs), and hash functions. MACs and hash functions are described in more detail, including their basic uses, requirements, and examples of specific MAC algorithms.

    Originalbeschreibung:

    biometrics

    Originaltitel

    ch11

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PPT, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    This document discusses message authentication and hash functions. It describes the requirements for message authentication, including verifying the source and integrity of messages. It then discusses different types of authentication functions, including message encryption, message authentication codes (MACs), and hash functions. MACs and hash functions are described in more detail, including their basic uses, requirements, and examples of specific MAC algorithms.

    Copyright:

    © All Rights Reserved
    Als PPT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    26 Ansichten26 Seiten

    Chap 11. Message Authentication and Hash Functions

    Hochgeladen von

    YazanAlomari
    This document discusses message authentication and hash functions. It describes the requirements for message authentication, including verifying the source and integrity of messages. It then discusses different types of authentication functions, including message encryption, message authentication codes (MACs), and hash functions. MACs and hash functions are described in more detail, including their basic uses, requirements, and examples of specific MAC algorithms.

    Copyright:

    © All Rights Reserved
    Als PPT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 26

    Message Authentication and Hash Functions

    Chap 11.
    Message Authentication and
    Hash Functions

    Cryptography & Network Security

    H. Yoon

    Message Authentication and Hash Functions

    Authentication Requirements

    Authentication Requirements

    Kind of attacks in the context of communications


    across a network
    1.
    2.
    3.
    4.
    5.
    6.
    7.
    8.

    Disclosure
    Confidentiality
    Traffic analysis
    Masquerade
    Content modification
    Message
    Digital
    Authentication
    Sequence modification
    Signature
    Timing modification
    Source repudiation
    Specialized Digital Signature
    Destination repudiation

    Cryptography & Network Security

    H. Yoon

    Message Authentication and Hash Functions

    Authentication Requirements

    Authentication Requirements
    Message authentication
    A procedure to verify that received messages come from the
    alleged source and have not been altered
    Message authentication may also verify sequencing and
    timeliness

    Digital signature
    An authentication technique that also includes measures to
    counter repudiation by the source

    Cryptography & Network Security

    H. Yoon

    Message Authentication and Hash Functions

    Authentication Functions

    Authentication Functions
    Message authentication or digital signature
    mechanism can be viewed as having two levels
    At lower level: there must be some sort of functions producing an
    authenticator a value to be used to authenticate a message
    This lower level functions is used as primitive in a higher level
    authentication protocol

    Three classes of functions that may be used to


    produce an authenticator
    Message encryption
    Ciphertext itself serves as authenticator
    Message authentication code (MAC)
    A function of the message and a secret key that produces a
    fixed-length value that serves as the authenticator
    Hash function
    A function that maps a message of any length into a fixedlength hash value that serves as the authenticator
    Cryptography & Network Security

    H. Yoon

    Message Authentication and Hash Functions

    Authentication Functions

    Message Encryption
    Symmetric encryption can serve as authenticator
    Symmetric encryption provides authentication as well as
    confidentiality
    Requires recognizable plaintext or other structure to distinguish
    between well-formed legitimate plaintext and meaningless random
    bits
    e.g., ASCII text, an appended checksum, or use of layered
    protocols

    Public-key encryption also can serve as authenticator

    Cryptography & Network Security

    H. Yoon

    Message Authentication and Hash Functions

    Authentication Functions

    Basic Uses of Message Encryption

    Cryptography & Network Security

    H. Yoon

    Message Authentication and Hash Functions

    Authentication Functions

    Basic Uses of Message Encryption

    Cryptography & Network Security

    H. Yoon

    Message Authentication and Hash Functions

    Basic Uses of Message Encryption

    Cryptography & Network Security

    H. Yoon

    Message Authentication and Hash Functions

    Authentication Functions

    Ways of Providing Structure - 1


    Append an error-detecting code (frame check sequence
    (FCS) or checksum) to each message before encryption

    Cryptography & Network Security

    H. Yoon

    Message Authentication and Hash Functions

    10

    Authentication Functions

    Message Authentication Code


    Uses a shared secret key to generate a fixed-size
    block of data (known as a cryptographic checksum
    or MAC) that is appended to the message
    MAC = CK(M), where C is a MAC function
    Assurances:
    Message has not been altered
    Message is from the alleged sender
    Message sequence is unaltered (requires internal sequencing)

    Similar to encryption but MAC algorithm need not


    be reversible

    Cryptography & Network Security

    H. Yoon

    Message Authentication and Hash Functions

    11

    Authentication Functions

    Basic Uses of MAC

    Cryptography & Network Security

    H. Yoon

    Message Authentication and Hash Functions

    12

    Authentication Functions

    Basic Uses of MAC

    Cryptography & Network Security

    H. Yoon

    Message Authentication and Hash Functions

    13

    Authentication Functions

    Why Use MACs?


    Why not just use encryption?
    Cleartext stays clear
    MAC might be cheaper
    Sometimes only authentication is needed
    Broadcast
    Authentication of executable codes
    Sometimes need authentication to persist longer than
    the encryption (e.g., archival use)
    Separation of authentication and confidentiality provides
    architectural flexibility

    MAC does not provide a digital signature


    Because both sender and receiver share the same key
    Cryptography & Network Security

    H. Yoon

    Message Authentication and Hash Functions

    14

    Authentication Functions

    Hash Function
    One-way hash function
    Converts a variable size message M into fixed size hash code
    H(M) (Sometimes called a message digest)
    Unlike the MAC, a hash code does not use a key but is a
    function only of the input message
    Provides message integrity

    Can be used with encryption or a shared key for


    authentication

    E(M || H(M)) : identical to the internal error control strategy


    M || E(H(M)) : a MAC
    M || signed H : typical digital signature
    E(M || signed H)
    M || H(M || K) : keyed hash (no encryption)
    E(M || H(M || K))

    Cryptography & Network Security

    H. Yoon

    Message Authentication and Hash Functions

    15

    Authentication Functions

    Basic Uses of Hash Function

    Cryptography & Network Security

    H. Yoon

    Message Authentication and Hash Functions

    16

    Authentication Functions

    Basic Uses of Hash Function

    Cryptography & Network Security

    H. Yoon

    Message Authentication and Hash Functions

    17

    Authentication Functions

    Basic Uses of Hash Function

    Cryptography & Network Security

    H. Yoon

    Message Authentication and Hash Functions

    18

    MACs

    Message Authentication Codes

    MAC = CK(M)
    M is a variable-length message
    K is a key shared only by sender and receiver
    MAC is the fixed-length authenticator

    Key length requirements


    Sufficient key length to thwart brute-force attack
    On average, require 2k-1 attempts for a k-bit key

    Cryptography & Network Security

    H. Yoon

    Message Authentication and Hash Functions

    19

    MACs

    Brute-force Attacks on MACs


    Let k = key length, n = MAC length
    Suppose confidentiality is not employed;
    i.e., the opponent has access to plaintext messages
    and their associated MACs
    If k > n
    Brute force gives 2(k-n) candidate keys
    Given a known M1 and MAC1, with MAC1 = CK1(M1),
    the
    cryptanalyst can perform MACi = CKi(M1) for all possible key
    values Ki.
    At least one key is guaranteed to produce a match
    On average, a total of 2k/2n = 2(k-n) keys will produce a match
    Second round (a new M and MAC) reduces this to 2(k-2n) candidate
    keys
    On average, this requires k/n rounds

    If k n, one round should suffice


    Cryptography & Network Security

    H. Yoon

    Message Authentication and Hash Functions

    20

    MACs

    Attacks on MACs
    Other attacks are possible, depending on the MAC
    algorithm
    E.g., consider the following MAC algorithm
    Let M = (X1 || X2 || || Xm) be a message that is treated as a
    concatenation of 64-bit blocks Xi
    Define (M) = X1 X2 Xm; CK(M) = EK[(M)]

    The opponent can attack the system as follows:


    Replace Xi by Yi for i = 1 to m-1
    Calculate Ym to produce the right checksum, and replace Xm by Ym
    Ym = Y1 Y2 Ym-1 (M)
    The new message, Y1 thru Ym, with the original MAC will be
    accepted as authentic by the receiver
    With this tactic, any message of length 64 (m-1) bits can be
    fraudulently inserted
    Cryptography & Network Security

    H. Yoon

    Message Authentication and Hash Functions

    21

    MACs

    Requirements for MAC Functions

    Assume that an opponent knows the MAC function


    C but does not know K. Then the MAC function
    should have the following properties:
    1. Given M and Ck(M), it must be computationally infeasible
    to construct M s.t. Ck(M) = Ck(M)
    2. CK(M) should be uniformly distributed in the sense that for
    any M and M, Pr[Ck(M) = Ck(M)] should be 2-n, where n is
    the length of the MAC
    3. Let M be equal to some known transformation on M. That
    is, M = f(M). In that case, Pr[Ck(M) = Ck(M)] = 2-n.

    Cryptography & Network Security

    H. Yoon

    Message Authentication and Hash Functions

    22

    MACs

    MAC Based on DES (CBC-MAC)


    Last block of CBC mode of DES, with IV = 0
    Referred to as Data Authentication Algorithm (FIPS
    PUB 113 and ANSI standard (X9.17))
    Security weaknesses have been discovered and it is being
    replaced (refer to Chap.12 CMAC)

    Data Authentication Code (DAC) consists of 16 to 64


    leftmost bits of ON

    Cryptography & Network Security

    H. Yoon

    Message Authentication and Hash Functions

    23

    Hash Functions

    Hash Functions
    h = H(M)
    M is a variable-length message
    h is a fixed-length hash value
    H is a hash function

    The hash value is appended at the source


    The receiver authenticates the message by
    recomputing the hash value
    Because the hash function itself is not considered
    to be secret, some means is required to protect the
    hash value

    Cryptography & Network Security

    H. Yoon

    Message Authentication and Hash Functions

    24

    Hash Functions

    Hash Function Requirements


    1.
    2.
    3.
    4.

    H can be applied to any size data block


    H produces fixed-length output
    H(x) is relatively easy to compute for any given x
    H is one-way, i.e., given h, it is computationally
    infeasible to find any x s.t. h = H(x)
    5. H is weakly collision resistant: given x, it is
    computationally infeasible to find any y x s.t.
    H(x) = H(y)
    6. H is strongly collision resistant: it is
    computationally infeasible to find any x and y
    s.t. H(x) = H(y)

    Cryptography & Network Security

    H. Yoon

    Message Authentication and Hash Functions

    25

    Hash Functions

    Simple Hash Functions


    Operation of hash functions
    The input is viewed as a sequence of n-bit blocks
    The input is processed one block at a time in an iterative fashion to
    produce an n-bit hash function

    Simplest hash function: Bitwise XOR of every block


    Ci = bi1 bi2 bim
    Ci = i-th bit of the hash code, 1 i n
    m = number of n-bit blocks in the input
    bij = i-th bit in j-th block
    Known as longitudinal redundancy check
    Not useful as a one-way function
    Less effective in some cases
    E.g., if only 7-bit out of 8-bit characters is used in text files, the
    128-bit hash value is effectively 112-bit

    We will encounter strong hash functions in Chap.12


    Cryptography & Network Security

    H. Yoon

    Message Authentication and Hash Functions

    26

    Hash Functions

    Simple Hash Functions


    Improvement over the simple
    bitwise XOR (Rotated XOR)
    Initially set the n-bit hash value to zero
    Process each successive n-bit block of data as
    Rotate the current hash value to the left by
    one bit
    XOR the block into the hash value

    Effect on randomizing the input

    Cryptography & Network Security

    H. Yoon

    Das könnte Ihnen auch gefallen