Scribd
Upload
20 views10 pages

Unit 4 5

The document discusses authentication requirements for messages. It describes using a combination of digital signatures and a message authentication protocol to verify the source of messages and detect any modifications. There are two levels of message authentication functionality: low-level uses a hash or message encryption to generate an authenticator value, while high-level uses the lower function as a building block to enable verification of a message's authenticity.

Uploaded by

rahulthebest15
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
20 views10 pages

Unit 4 5

The document discusses authentication requirements for messages. It describes using a combination of digital signatures and a message authentication protocol to verify the source of messages and detect any modifications. There are two levels of message authentication functionality: low-level uses a hash or message encryption to generate an authenticator value, while high-level uses the lower function as a building block to enable verification of a message's authenticity.

Uploaded by

rahulthebest15
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

Authentication Requirements.

Combination
of
Message
the

Message Digital use


of digital signatures
confidentiality Authentication protocel designed
and a
Signature
-Y to counter this attack.

fuerade meamodification d A,
Disclosure unafric Analysis
Source Destination
mass

content
Repudiation Repudiation.
modification

Message Authentication - >

to
verify that received
messages come from alleged

source and have not been altered.

Message Authentication functions:


Two levels of
functionality
- ↳
Low level High level
Has authenticall lower function
-

-
level used as primitive
value used to authenticate to
message enables
verify
-

receiver the
-

authenticity of a
message

Types of functions.
- ↓ -
Hash Message Message Authentication
function
length
Encryption A function of
code (MAC)
maps message of any The
-

the
- -

ciphertext of entire message


to a fixed and
which
length hash value
message selves as a secret
key that
selves authenticator produces fixed length
as
authenticalor a

value ->
authenticator.
Hash functions:
function
Mathematical that converts numerical
ilp value
-

into another
compressed numerical value

Op is fixed
length. Chbit) (Any long the
Message
always
features:
fan o

Hash
Fixed
length olp
-

-compression func
-

Digest (smaller
reps of larger data Hash value (Message
Properties:
very

[Easy generate); Manage (Difficulty


-

Message -> Hash to Hash ->

If
you hash
message for times then hash
->
should get
-

a a same
you

value a times.

There two M.8M2 that Hi &H2


-

are
messages generate a hashes
H. f H2

Message Authentication Code [MAC]:


contains
chytographic process significance that
of
knows
Mac:
whether
-ensures receives
mac
process: message has been alreed.
-receives is assured that
message
sender came from correct sender.

Mysymmetric key(A) Willet


the
MACs used between two parties that share secret
are a
key
to authenticate information exchanged between those parties.

Receives will calculate its MAC suppose I wands to send


message
M to B
same
key used.
H. CMAC) -> send to receiver
Then we
compare HI&H2.
AOB share

A calculates
a symmetric key K, not known to anyone else

if H1=H2 in MA) by applying key to the message


.. no
change Message Asends M and MACHI to B.
Buses K to sale its own MACH2 over M. HI
Compare

HMAC: CHash based Message Authentication Code] Secure Socket layer

used for Protocol and


security implementation in internet also in ssL Protocol.

Concept:
When

3
MAC
we
generate
Original Message ->
Message digest
through message digest

betredimaya
encabuption
are
HMAC.
my
ene
-
--
MD5: Message Digest
Working:
① Add padding
original mess Padding

Padding is done such that the total


length is 64 bit less that exact

multiple of 512.

example: 1000 bits+ 472=1472


to
512x2 = 1024 which is
exactly

512x515s
by less than
multiple
of 512

⑦ Append original
length before padding: (mod on)
original mess Padding
t MD5 operation diag:
will be exac t

original mess Padding length multiple of 512

eg: original was 1000 so do mod 64 alb(Id


&
Divide it in 512 bit blocks: ,choke I,

mini
Process (P)
d

original mess Padding


a b+ (Process (b, c, d)
t
=
+

↳ m(i) + t(k)</s)

Shift Circularaft
original mess Padding length ↓
↓ Add

i
512
A
bit
-I a b C d

block............ 512 bit

block n

⑭ Initialise
4-chaining variables (32-bit, A, B, C, &D) Yalaned
③ Process blocks 512
↳>copy

Habit
four
chaining valiables
into variables.
corresponding
SA a,B b,c
=

=
=
c,D d}
=

↳ Divide 512 bit block into sixteen 32 bit block.


16
↳ four sublocks constant (t)
Rounds
↳ ↳
a b + ((a + (x))) <<Shift
=

Prosers, P(b, (d) + M(i) +T


One round

4444
a b c d
SHA : SECURE HASH ALGORITHM
SHA is modified version of MDS


Hp is a
message digest of 160 bits in length .

Properties :

}
[ I] Infeasible
Generating original message from
digest .

'" ]
finding two
messages generating same
digest

Working :

}
Ci ]
Padding [ 64 bit less than exact
multiple of
512]

[ ii ]
Appending length
exactly
[ Iii ] divide the i
/p into 512 bit blocks same as MDS

Liv] 5 variables [A , B C D E ]
chaining , , ,

( )
V
Process blocks [same as MDS ]
1)
Copy of 512 -
16 Four Round
[✓
sub blocks [20 steps]

abode = ( et Process P + Ss (a) t WH ] + Kit ]


) ,
a
,
s
"
Cbfc d. ,
Authentication Protocols:

Challenge Response Protocols:



Using 1stsymmetric key ciphers:
nonce: number used once

approach - nonce

-> nouce

end:
Using time
stamp:
Alice & bob synchronised.

No need
of challenge manage

3rd-bidirectional

②using keyed-Hash function:


Bling asymmetric key ciphers

N
Needham - Schroeder

donce, RA, Alice & Bob ID

Alicekey sends encoppled message

Bob's ricket

challenge
sends

responds to challenge
-

Kerberos:
Also a KDC

maintains database authenticated users


of

Alice X Bob
ePice oaringeverretin
Ga
Authentication IDC
-
4 Service des 4
-

E:
- E:
#
server
sT9S

- -

I
Alice's authentication
For I
1 .
Tas process is a one time process
If conversation with Bob has

A assessioners ② ended and

communicate
Alice
with
wants

John
to

then Alice wouldn't have b

perform authentication.
for
stick Bob
et She has to redo 3-6
steps

bobsession are
&
ene

Request Access
5
T

Grant Access
I
I

Alice sends request for authentication ticket- > As will


verify Alice's
identity->
if identity is valid [Already I4 present in A accept request
-
sends Ths session
key
and Tas ticket- > Alice ticket for Bob to
request communicate of him ->

Tas Alice ticket


request gives For
key
will Bob and
accept senion
- ->

Alice sends to Bob-> if has worked -> Bob will


request
everything properly
Grant/accept request
1)effie Hellman
Symmetric key exchange agreement
-

Procedure
Alice
II. II. Bob select 2 values :

1- \- P&G known by A&B .

Ri → B

Ri=g
"
mod Rz A
p →

R' Both and


calculate
② > will key
they will
get same
key
Rz=gYmodP ③ that means Comm successful .

R -

<

k=CRmodp k= CRIP mod p

Shared secret
key
- -
- - - - - - - É -
- - - - -
- -
-
.

k=g"modp

Man in the middle :

Eve find
does not have to value
of randy to attack .

Alice & Bob by 2


She can fool creating keys .

Station to station
key Agreement Method :

Same as Deffie Hellman

Only added Digital signature


to rid MIM attack
get of
.
Digital Signatures:
RSA:
The RSA idea can also be used to sign and
verify a
message.
-

The
digital signature scheme the of
changes roles
private and public keys.
-

Note: -

Firstly, the private & public key of sender are used and not the receiver

secondly, the sender uses hither own private key to


sign the document

it.
and receiver uses sender's public key to verify

key generation:

Alice chooses 2 prime nos


"p" and "a"
calculate, n
p4q
=

(n) (p 1)4eq 1)
8 =
-
-

She then chooses 2 - public exponent


calculates d ->
private exponent
such that ed= mod ((n)

For signature:
5 - and mod n

To
verify:
m=st mod n

Check if m = M + true ->


accept
DSS:
D Alice has public & private Bob
key. Alice
Alice yes her private key to
are
generate signature(s). M2 m
#
codification
sends Bration S

o
signature along
with Pr
->
Algoritum
key

to Bob
message ↓,
valid or not

Bob has S
to
relity whether the
message
sent was from Alice or not

He to
uses Alice's public key decrypt/verity

X.509:
-digital certicificate accepted internationally.
-does but
not
generate any keys provides a
way
to access public keys
v
Versions -
3 versions (1,2,3)

so serial numbers of catificate


-

Al
signature Algorithm identifier Agarimmed
F issued certificate
Issuer Name person who

validity period
v from to

s
subject jisks derate to seek
name
name
of person

P Public information
key
12 Issue unique ID

SUI subject unique ID

E Extensions

Public infrastructure (PKI)


key
-standard followed for managing, storing
and
revoking Digital Certificate

-follows symmetric key cryptography.


a

(Inrequire)
-

Includes digests,
message
Digital signature, CAthentication, Non repudiation)
Encryption services. Cconfidentiality)
Architecture
sporescentificates andended id,
name, owner etc.

I certificate
repository.
-

to it

who is SPRI)
using this

⑧ Entity -

person/ organisation

⑤ Registation
Authority (RA) - Regiswanion everiticanoincentificate (trusted not)
in
depositony or

A
decides whether to certificate to the not
give uses or

Certificate
Authority (CA) -

CMAC -
Cipher based MAC.

has limit
-

a
message
-given message is divided into equal number of blocks and

each block is
encrypled separately
original message

Ajay is As
10(1), divide into blocks

->
encrypt and get
separate ciphertexts

17 A TE # [2

CI [3 acts as MAC
Cu -

use last cipher text as MAC code


( =
E(k,A1)
(2
F2k,(A28(1))
=

(s
E(k,(A34(2))
=

(y =
f(k,(AyO(s))
(5 E(k,(AsO(4))
=

(n ECX, (AnP(n
=

-
1))

You might also like