L5 AuthenticationIntegrity
L5 AuthenticationIntegrity
INTEGRITY
DR. NOR FADZILAH ABDULLAH
JKEES, FKAB
Contents adopted from William Stallings “Cryptography & Network Security” 6th Edition
(Chapter 11, 12, 13, 14 & 15) & other online sources
MOTIVATION
2
AUTHENTICATION TYPES
1. Message Encryption
2. Hash functions
3. Message authentication code (MAC)
3
AUTHENTICATION LEVELS
• Message encryption
• The ciphertext of the entire message
• Two levels functionality: serves as its authenticator
Lower level
• Hash function
• There must be some sort of function that produces
an authenticator • A function that maps a message of
any length into a fixed-length hash
value which serves as the
authenticator
5
CRYPTOGRAPHIC HASH FUNCTION
7
REQUIREMENTS FOR A CRYPTOGRAPHIC HASH
FUNCTION H
CRYPTOGRAPHIC HASH FUNCTIONS
• collision-free property: 2 data objects that map to the same hash result can’t
find any M1, M2 such that H(M1)=H(M2)
ONE-WAY HASH FUNCTIONS
a) authentication &
confidentiality
b) authentication only
c) Secret value, S
provides protection to
hash value. No
encryption (faster)
18
SECURE HASH ALGORITHM (SHA)
• SHA was originally designed by the National Institute of Standards
and Technology (NIST) and published as a federal information
processing standard (FIPS 180) in 1993
• SHA-1: revised 1995
• Designed & published by NSA
• Commonly used in the Internet until 2005
• Based on the hash function MD4 and its design closely models MD4
• Produces 160-bit hash values, collisions can be found in ~261 hashes
• No longer considered secure
SHA-2
processed)
23
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
SHA-512 Constants
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
EXAMPLE: SHA-512
• Assigned to words:
28
• Buffer variables (only 2 rounds shown. Note: 6 copied from previous round)
• Hash value:
32
APPLICATION: PASSWORD STORAGE
33
MESSAGE AUTHENTICATION CODE (MAC)
• Typically used between 2 parties that share a secret key to
authenticate information exchanged between those parties
• Based on crypto checksum
35
USE OF MESSAGE AUTHENTICATION CODE
(MAC)
HMAC
41
MAC BASED ON BLOCK CIPHERS
42
DATA AUTHENTICATION ALGORITHM
(DAA)
- based on DES-CBC (IV=0 & zero-pad of final block)
43
(Tag)
AUTHENTICATED ENCRYPTION (AE)
Authentication Encryption (AE) = confidentiality + integrity
1. Hash-then-encrypt: E(K,(M||H(M))
e.g. Used in WEP
2. MAC-then-encrypt: E(K2,(M||MAC(K1,M))
e.g. Used in SSL/TLS
3. Encrypt-then-MAC: (C=E(K2,M),T=MAC(K1,C))
e.g. Used in IPSec
4. Encrypt-and-MAC: (C=(E(K2,M),T=MAC(K1,M))
e.g. Used in SSH
COUNTER WITH CIPHER BLOCK
CHAINING-MAC (CCM)
- NIST SP 800-38C for WiFi
- Algorithmic ingredients:
- AES
- CTR mode of operation
- CMAC authentication
algorithm
- Single key for both
encryption & MAC
- 2 passes over plaintext i.e.
once for MAC & once for
encryption (AE: E&M)
- Used in IEEE 802.11i
48
49
GALOIS/COUNTER MODE (GCM)
• NIST standard SP 800-38D
• Advantage: parallelizable
(high Throughput, low lost &
latency)
• Uses 2 functions:
• GHASH: keyed hash function;
plaintext (X) XOR with
feedback & multiplied with
key in GF(2128 ) to generate
authenticator tag
• GCTR: CTR mode with
incremental counter
• Option: use MAC only mode
(GMAC)
50
• Y in fig (a) & (b) not related
51
52
DIGITAL SIGNATURES
The authenticity of many legal, financial, and other documents
is determined by the presence or absence of an authorized
signature. Digital signature ascertains that:
1. Receiver can verify claimed identity of sender.
2. Sender cannot later repudiate contents of message.
3. Receiver cannot have concocted (created) message
himself.
4. Message itself can be plain or encrypted!
Implications of digital signatures go beyond just message 53
authentication.
DIGITAL SIGNATURE REQUIREMENTS
• FIPS PUB 186: makes use of the SHA-1 and presents a new digital
signature technique, the Digital Signature Algorithm (DSA)
• originally proposed in 1991, revised in 1993 and again in 1996
(a) Hash code encrypted using public-key encryption with the sender’s private
key to provide authentication only (digital signature) because only the sender
could have produced the encrypted hash code.
58
59
KEY DISTRIBUTION TECHNIQUE
62
(c) Public key authority
63
Use of public key encryption, timestamp, and nonce (unique for transaction)
(d) Public key certificates
64
X.509 CERTIFICATES
• Part of the X.500 series of recommendations that define a directory service
• A server or distributed set of servers that maintains a database of users information
• Each certificate contains the public key of a user (PUUSER) and is signed with the
private key of a trusted certification authority (PRCA)
• X.509 defines alternative authentication protocols based on the use of public-key
certificates
CERTIFICATE REVOCATION
• Each certificate includes a period of validity
• Typically a new certificate is issued just before the expiration of the
old one
• It may be desirable on occasion to revoke a certificate before it expires,
for one of the following reasons:
• The user’s private key is assumed to be compromised
• The user is no longer certified by this CA
• The CA’s certificate is assumed to be compromised
• Each CA must maintain a list consisting of all revoked but not expired
certificates issued by that CA (CRL = certificate revocation list)
• These lists should be posted on the directory
67
X.509 HIERARCHY
69
PKIX ARCHITECTURAL MODEL
Elements:
• End entity
• CA
• RA (registration authority)
• CRL issuer
• Repository
70
USER-AUTHENTICATION
• the process of determining whether some user or some
application or process acting on behalf of a user is, in fact, who
or what it declares itself to be
• authentication technology provides access control for systems by
checking to see if a user’s credentials match the credentials in a
database of authorized users or in a data authentication server
• authentication enables organizations to keep their networks secure
by permitting only authenticated users (or processes) to access its
protected resources
• user authentication is distinct from message authentication
• message authentication is a procedure that allows communicating
parties to verify that the contents of a received message have not
been altered and that the source is authentic
Connected hardware tokens are items Disconnected hardware tokens are items that do not
that connect to a computer logically (e.g., via directly connect to the client computer, instead requiring input from
wireless) or physically in order to authenticate the individual attempting to sign in. Typically, a disconnected
identity. Items such as smart cards, wireless tags, and hardware token device will use a built-in screen to display
USB tokens are common connected tokens used to authentication data that are then utilized by the user to sign in
serve as a possession factor when prompted
Scalable Transparent
78