Cryptography and Network

Security

Hash functions
 Hash Functions
• condenses arbitrary message to fixed size
h = H(M)
• usually assume that the hash function is
public and not keyed
• hash used to detect changes to message
• can use in various ways with message
• most often to create a digital signature
 Hash Functions
A hash value is generated by a function H of
the form h = H(M)
– Where M is a variable-length message and H(M)
is the fixed-length hash value.
– The hash value is appended to the message at
the source at a time when the message is
assumed or known to be correct. The receiver
authenticates that message by re-computing the
hash value. Because the hash function itself is
not considered to be secret, some means is
required to protect the hash value.
 Hash functions

• it is usually assumed that the hash function is

public and not keyed
• used to condense an arbitrary length message
to a fixed size
• usually for subsequent signature by a digital
signature algorithm
• length should be large enough to resist attacks
– 64-bits is now regarded as too small
– using 128-512 is regarded as suitable
 Requirements for Hashing Function

A good cryptographic hash function H should

have the following properties:
• H can be applied to a block of data of any size
• H produces a fixed-length output
• H(x) is relatively easy to compute for any given
x, making both hardware and software
implementations practical
Requirements for Hashing Function
• For any given code h, it is computationally infeasible to
find x such that H(x) = h. This is sometimes referred to
as the one-way property. – Important to protect a
secret value if the authentication technique involves
the use of a secret value.
• For any given block x, it is computationally infeasible to
find y ≠ x with H(y) = H(x). This is sometimes referred to
as weak collision resistance. – this prevents forgery.
• It is computationally infeasible to find any pair (x, y)
such that H(x) = H(y). This is sometimes referred to as
strong collision resistance. – Resistance to birthday
attack.
 Simple Hash Functions

• All hash functions operate using the following general

principle. The input (message, file, etc) is viewed as a
sequence of n-bit blocks. The input is processed one
block at a time in an iterative fashion to produce an n-
bit hash function.
• One of the simplest hash functions is the bit-by-bit
exclusive-OR (XOR) of every block. This can be
expressed as follows:
– C i = bi1 @ bi2 @ ... @bim
• Where C i = i bit of the hash code, 1 ≤ i ≤ n
• m = number of n-bit blocks in the input
• b ij = ith bit in jth block
• @ = XOR operation
 MD2
• original member of a family of one-way hash functions
• all designed by Ronald Rivest (R in RSA)
• MD2 is the oldest
• produces a 128-bit hash value
• is regarded as slower and less efficient than MD4 and
MD5
• specified as an Internet standard (RFC1320)
• This is the first generally used hash function designed
by Ronald Rivest. Whilst not broken, it is no longer
favoured for use due to its greater complexity and
slower speed.
 MD4

• MD4 produces a 128-bit hash of the message

• uses bit operations on 32-bit operands for fast
implementation
• specified as an Internet standard (RFC1186)
• design goals:
– 1. collision resistant (hard to find collisions)
– 2. direct security (no dependence on "hard"
problems)
– 3. fast, simple, compact
 SHA (Secure Hash Algorithm)

• SHA was designed by NIST & NSA in 1993, revised

1995
• is the US federal standard for use with the DSA
signature scheme
• the algorithm is SHA, the standard is SHS
• produces 160-bit hash values
• now the generally preferred hash algorithm
• based on design of MD4/5 with some key
differences
Hash Functions & Digital Signatures
 Digital Signatures

• digital signatures provide the ability to:

– verify author, date & time of signature
– authenticate message contents
– be verified by third parties to resolve disputes
• hence include authentication function with
additional capabilities
 Characteristics of signatures:
1. authenticity – the signature convinces the document’s
recipient that the signer deliberately signed the
document
2. signature is unforgeable – the signature is a proof that
the signer, no one else, deliberately signed the
document
3. signature is not reusable – the signature is part of the
document; cannot move the signature to a different
document
4. the signed document is unalterable- after the
document is signed, it cannot be altered
5.the signature cannot be repudiated – the signer cannot
later claim that he or she didn’t sign it.
 Protocols
• A protocol is a series of steps, involving two or
more parties, designed to accomplish a task
• Arbitrated protocol uses an arbitrator who is
a disinterested third party trusted to
complete a protocol.
• self-enforcing protocol, no arbitrator is
required to complete the protocol
 Communication Using Symmetric
Cryptography
Communication using this protocol looks as follows:
• Alice and Bob agree on a cryptosystem
• Alice and Bob agree on a key
• Alice takes her plaintext message and encrypts it
using the encryption algorithm and the key. This
creates a ciphertext message
• Alice sends the ciphertext message to Bob
• Bob decrypts the ciphertext message with the
same algorithm and key and reads it
Problems of symmetric cryptosystems
The problems of symmetric cryptosystems are:
• Keys must be distributed in secret
• If a key is compromised (stolen, guessed, extorted,
bribed, etc.), then Eve can decrypt all message traffic
encrypted with that key. She can also pretend to be
one of the parties and produce false message to fool
the other party.
• Assuming a separate key is used for each pair of users
in a network, the total number of keys increases rapidly
as the number of users increases. A network of n users
requires n(n-1)/2 keys.
 Communication Using Asymmetric
Cryptography
• Alice and Bob agree on a public-key
cryptosystem
• Bob sends Alice his public key
• Alice encrypts her message using Bob’s public
key and sends it to Bob
• Bob decrypts Alice’s message using his private
key
 Hybrid Cryptosystems
In the real world, public-key algorithms are not a
substitute for symmetric algorithms. They are
not used to encrypt messages; they are used
to encrypt keys. There are two reasons for
this:
• public-key algorithms are slow. Symmetric
algorithms are generally at least 1000 times
faster than public-key algorithms
 Hybrid Cryptosystems
• public-key cryptosystem are vulnerable to
choosen-plaintext attacks. If C=E(P), when P is
one plaintext out of a set of n possible
plaintexts, then a crptanalyst one has to
encrypt all n possible plaintexts and compare
the results with C. He will not be able to
recover the decryption key this way, but he
will be able to determine P.
 Protocols
In most practical implementations, hybrid
cryptosystem is used in the following manner
• Bob sends Alice his public key
• Alice generates a random session key, K, encrypts
it using Bob’s public key and sends it to Bob
• Bob decrypts Alice’s message using his private key
to recover the session key
• Both of them encrypt their communication using
the same session key
 Singing Documents with Symmetric
Cryptosystems and an Arbitrator
• Alice wants to sign a digital message and send
it to Bob. With the help of Trent and a
symmetric cryptosystem, she can
• Trent, a powerful, trusted arbitrator shares a
secrete key, KA, with Alice, and a different
secrete key, KB, with Bob. These keys have
been established long before the protocol
begins and can be reused multiple times
 Singing Documents with Symmetric
Cryptosystems and an Arbitrator
• Alice encrypts her message to Bob with KA and
sends it to Trent
• Trent decrypts the message with KA
• Trent takes the decrypted message and a
statement that he has received this message from
Alice, and encrypts the whole bundle with KB,
• Trent sends the encrypted bundle to Bob
• Bob decrypts the bundle with KB. He can now
read both the message and Trent’s certification
that Alice sent it.
 Singing Documents with Public-Key
Cryptography
• In some algorithms such as RSA either the
public key or the private key can be used for
encryption
• Encrypt a document using your private key,
and you have a secure digital signature.
 Singing Documents with Public-Key
Cryptography
The basic protocol is as follows
1.Alice encrypts the document with her
private key, thereby signing the document
2. Alice sends the signed document to Bob
3 . Bob decrypts the document with Alice’s
public key, thereby verifying the signature
 Singing Documents with Public-Key
Cryptography and One-Way Hash
Functions
• Since public-key algorithms are often
inefficient to sign long documents, digital
signature protocols are often implemented
with one-way hash functions.
• Instead of signing a document, Alice signs the
hash of the document
 Singing Documents with Public-Key
Cryptography and One-Way Hash
Functions
• Alice produces a one-way hash of a document
• Alice encrypts the hash with her private key,
thereby signing the document
• Alice sends the document and the signed hash to
Bob
• Bob produces a one-way hash of the document
that Alice sent. He then, decrypts the signed hash
with Alice’s public key. If the signed hash matches
the hash he generated, the signature is valid.
 Key Exchange
Key Exchange with Symmetric Cryptography
• Assumes that Alice and Bob, users of a
network, each share a secrete key with the
Key Distribution Center (KDC) –or Trent.
 Key Exchange
• Alice calls Trent and requests a session key to
communicate with Bob
• Trent generates a random session key. He encrypts two
copies of it: one in Alice’s key and the other in Bob’s
key. Trent sends both copies to Alice.
• Alice decrypts her copy of the session key
• Alice sends Bob his copy of the session key
• Bob decrypts his copy of the session key
• Both Alice and Bob use this session key to
communicate securely
 Key Exchange
• Protocol relies on the absolute security of
Trent and also ignores the real problem of
how to distribute keys between Trent and
users.
• If Mallory corrupts Trent, the whole network is
compromised
• Trent is also a potential bottleneck as he has
to be involved in every key exchange.
 Key Exchange with Public-Key
Cryptography
• Alice gets Bob’s public key from the KDC
• Alice generates a random session key,
encrypts it using the Bob’s public key, and
sends it to Bob
• Bob then decrypts Alice’s message using his
private key
• Both of them encrypt their communications
using the same session key
 Man-in-the-Middle Attack

Mallory can attack public-key key exchange

protocol in the following manner.
• Alice sends Bob her public key. Mallory
intercepts this key and sends Bob his public
key
• Bob sends Alice his public key. Mallory
intercepts this key and sends Alice his own
public key
 Man-in-the-Middle Attack

• When Alice sends a message to Bob, encrypted in “Bob’s”

public key, Mallory intercepts it. Since the message is really
encrypted with his own public key, he decrypts it with his
private key, re-encrypts it with Bob’s public key, and sends
it on to Bob
• When Bob sends a message to Alice, encrypted in “Alice’s”
public key, Mallory intercepts it. Since the message is really
encrypted with his own public key, he decrypts it with his
private key, re-encrypts it with Alice’s public key, and sends
it on to Alice
• This man-in-the-middle attack works because Alice and Bob
have no way to verify that they are talking to each other.