UNIT IV CRYPTOGRAPHY & NETWORK SECURITY

Integrity and authentication

Authentication Requirement:
Message authentication is a procedure to verify that received messages come from the
alleged source and have not been altered. Message authentication may also verify
sequencing and timeliness. A digital signature is an authentication technique that also
includes measures to counter repudiation by either source or destination.
Message authentication is a procedure to verify that received messages come from the
alleged source and have not been altered. Message authentication may also verify
sequencing and timeliness. A digital signature is an authentication technique that also
includes measures to counter repudiation by either source or destination.

Authentication Requirements:

● Revelation: It means releasing the content of the message to someone who does
not have an appropriate cryptographic key.

● Analysis of Traffic: Determination of the pattern of traffic through the duration of

connection and frequency of connections between different parties.

● Deception: Adding out of context messages from a fraudulent source into a

communication network. This will lead to mistrust between the parties
communicating and may also cause loss of critical data.

● Modification in the Content: Changing the content of a message. This includes

inserting new information or deleting/changing the existing one.

● Modification in the sequence: Changing the order of messages between parties.

This includes insertion, deletion, and reordering of messages.

● Modification in the Timings: This includes replay and delay of messages sent
between different parties. This way session tracking is also disrupted.

● Source Refusal: When the source denies being the originator of a message.

● Destination refusal: When the receiver of the message denies the reception.

1
Prof. Andleeb Sahar
 UNIT IV CRYPTOGRAPHY & NETWORK SECURITY

Message Authentication Hash Function:

The electronic equivalent of the document and fingerprint pair is the message and
digest pair. To preserve the integrity of a message, the message is passed through an
algorithm called a cryptographic hash function. The function creates a compressed
image of the message that can be used like a fingerprint.
● Authentication is used by a server when the server needs to know exactly who is
accessing their information or site.
● Authentication is used by a client when the client needs to know that the server is
system it claims to be.
● In authentication, the user or computer has to prove its identity to the server or
client.
● Usually, authentication by a server entails the use of a user name and password.
Other ways to authenticate can be through cards, retina scans, voice recognition,
and fingerprints.
Hash Function:
Hash functions are extremely useful and appear in almost all information security
applications.
A hash function is a mathematical function that converts a numerical input value into
another compressed numerical value. The input to the hash function is of arbitrary
length but output is always of fixed length.
Values returned by a hash function are called message digest or simply hash values.

Hashing algorithm involves rounds of above hash function like a block cipher. Each round
takes an input of a fixed size, typically a combination of the most recent message block and
the output of the last round.
The typical features of hash functions are −
● Fixed Length Output (Hash Value)
o Hash function coverts data of arbitrary length to a fixed length. This process is
often referred to as hashing the data.

o In general, the hash is much smaller than the input data, hence hash functions
are sometimes called compression functions.

2
Prof. Andleeb Sahar
UNIT IV CRYPTOGRAPHY & NETWORK SECURITY

o Since a hash is a smaller representation of a larger data, it is also referred to as

a digest.

o Hash function with n bit output is referred to as an n-bit hash function.

Popular hash functions generate values between 160 and 512 bits.

Popular Hash Functions

● Message Digest (MD):

Message Digest algorithm developed by Ron Rivest.The original message

digest algorithm was called as MD. He soon came up with its next version
MD2. Byt it was found to be quite weak. Therefore Rivest began working on
MD3, which was a failure. Then Rivest developed MD4. Consequently, Rivest
released MD5.

● Secure Hash Function (SHA):

The national institute of Standard and Technology (NIST) along with NSA
developed Secure Hash Algorithm (SHA).

SHA is a modified version of MD5 and its design closely resembles MD5.

MD5: MD5 is quite fast and produce 128 bit message digest. After some initial
processing the input text is processed in 512 bit blocks(which are further divided into
16 32-bit blocks). The output of the algorithm is a set of four 32-bit blocks, which
makes up to 128-bit message digest.

Steps in MD5 Algorithm: There are four major sections of the algorithm:

Padding Bits

When you receive the input string, you have to make sure the size is 64 bits short of a
multiple of 512. When it comes to padding the bits, you must add one(1) first,
followed by zeroes to round out the extra characters.

3
Prof. Andleeb Sahar
UNIT IV CRYPTOGRAPHY & NETWORK SECURITY

Padding Length

You need to add a few more characters to make your final string a multiple of 512. To
do so, take the length of the initial input and express it in the form of 64 bits. On
combining the two, the final string is ready to be hashed.

Initialize Chaining variables / MD Buffer :

The entire string is converted into multiple blocks of 512 bits each. You also need to
initialize four different buffers, namely A, B, C, and D. These buffers are 32 bits each
and are initialized as follows:

A = 01 23 45 67

B = 89 ab cd ef

C = fe dc ba 98

D = 76 54 32 10

Process Each Block

4
Prof. Andleeb Sahar
UNIT IV CRYPTOGRAPHY & NETWORK SECURITY

Each 512-bit block gets broken down further into 16 sub-blocks of 32 bits each. There
are four rounds of operations, with each round utilizing all the sub-blocks, the buffers,
and a constant array value.

This constant array can be denoted as T[1] -> T[64].

Each of the sub-blocks are denoted as M[0] -> M[15].

According to the image above, you see the values being run for a single buffer A. The
correct order is as follows:

● It passes B, C, and D onto a non-linear process.

● The result is added with the value present at A.
● It adds the sub-block value to the result above.
● Then, it adds the constant value for that particular iteration.
● There is a circular shift applied to the string.
● As a final step, it adds the value of B to the string and is stored in buffer A.
The steps mentioned above are run for every buffer and every sub-block. When the
last block’s final buffer is complete, you will receive the MD5 digest.

5
Prof. Andleeb Sahar
UNIT IV CRYPTOGRAPHY & NETWORK SECURITY

The non-linear process above is different for each round of the sub-block.

Round 1: (b AND c) OR ((NOT b) AND (d))

Round 2: (b AND d) OR (c AND (NOT d))

Round 3: b XOR c XOR d

Round 4: c XOR (b OR (NOT d))

With this, you conclude the working of the MD5 algorithm. You will now see the
advantages procured when using this particular hash algorithm.

Advantages of MD5

● Easy to Compare: Unlike the latest hash algorithm families, a 32 digit digest is
relatively easier to compare when verifying the digests.
● Storing Passwords: Passwords need not be stored in plaintext format, making them
accessible for hackers and malicious actors. When using digests, the database also
gets a boost since the size of all hash values will be the same.

● Low Resource: A relatively low memory footprint is necessary to integrate

multiple services into the same framework without a CPU overhead.
● Integrity Check: You can monitor file corruption by comparing hash values before
and after transit. Once the hashes match, file integrity checks are valid, and it
avoids data corruption

6
Prof. Andleeb Sahar
UNIT IV CRYPTOGRAPHY & NETWORK SECURITY

Secure Hash Algorithm (SHA)

SHA works with any input message that is less than 264 bits in length. The output of
SHA is a message digest, which is 160 bits in length.
The Secure Hash Algorithm (SHA) was invented by the National Security Agency
(NSA) and published in 1993 through the National Institute of Standard and
Technology (NIST) as a U.S. Federal Information Processing Standard (FIPS PUB
180).

SHA depends on and shares the similar building blocks as the MD4 algorithm. The
design of SHA introduced a new process which develop the 16-word message block
input to the compression function to an 80-word block between other things.

SHA (Secure Hash Algorithm) Family

SHA (Secure Hash Algorithm) Family designates a family of six different hash
functions: SHA-0, SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512 . They take
variable length input messages and hash them to fixed-length outputs.

The first four operate on 512-bit message blocks divided into 32-bit words and the
last two on 1024-bit blocks divided into 64-bit words.

SHA-0 (the first version of SHA since replaced by SHA-1) and SHA-1 produce a
message digest of 160 bits, SHA-224 of 224 bits, SHA-256 of 256 bits, SHA-384 of
384 bits and SHA-512 of 512 bits respectively. message digest of 160 bits, SHA-224
of 224 bits, SHA-256 of 256 bits, SHA-384 of 384 bits and SHA-512 of 512 bits
respectively.

7
Prof. Andleeb Sahar
UNIT IV CRYPTOGRAPHY & NETWORK SECURITY

The processing of SHA works as follows −

Step 1 − Append padding bits − The original message is padded and its duration is
congruent to 448 modulo 512. Padding is continually inserted although the message
already has the desired length. Padding includes a single 1 followed by the essential
number of 0 bits.

Step 2 − Append length − A 64-bit block considered as an unsigned 64-bit integer

(most essential byte first), and defining the length of the original message (before
padding in step 1), is added to the message. The complete message's length is a
multiple of 512.

Step 3 −Initialize the buffer − The buffer includes five (5) registers of 32 bits each
indicated by A, B, C, D, and E. This 160-bit buffer can be used to influence
temporary and final outcomes of the compression function. These five registers are
initialized to the following 32-bit integers (in hexadecimal notation).

A = 67 45 23 01

B = ef cd ab 89

C = 98 ba dc fe

D = 10 32 54 76

E = c3 d2 e1 f0

The registers A, B, C, and D are actually the same as the four registers used in MD5
algorithm. But in SHA-1, these values are saved in big-endian format, which define
that the most essential byte of the word is located in the low-address byte position.
Therefore the initialization values (in hexadecimal notation) occurs as follows −

word A = 67 45 23 01

word B = ef cd ab 89

word C = 98 ba dc fe

8
Prof. Andleeb Sahar
UNIT IV CRYPTOGRAPHY & NETWORK SECURITY

word D = 10 32 54 76

word E = c3 d2 e1 f0

Step 4 − Process message in 512-bit blocks − The compression function is divided

into 20 sequential steps includes four rounds of processing where each round is made
up of 20 steps.

The four rounds are structurally same as one another with the only difference that
each round need a different Boolean function, which it can define as f1, f2, f3, f4 and
one of four multiple additive constants Kt (0 ≤t ≤79) which is based on the step under
consideration.

Step 5 − Output − After processing the final 512-bit message block t (considering
that the message is divided into t 512-bit blocks), and it can obtain a 160-bit message
digest.

9
Prof. Andleeb Sahar
UNIT IV CRYPTOGRAPHY & NETWORK SECURITY

Message Authentication Code (MAC):

To ensure the integrity of the message and the data origin authenticationthat Alice is
the originator of the message, not somebody else, we need a message authentication
code (MAC).
Alice uses a hash function to create a MAC from the concatenation of the key and the
message, h (K|M). She sends the message and the MAC to Bob over the insecure
channel. Bob separates the message from the MAC. He then makes a new MAC
fromthe concatenation of the message and the secret key. Bob then compares the
newly created MAC with the one received. If the two MACs match, the message is
authentic and has not been modified by an adversary.

Message Authentication Code

An alternative authentication technique involves the use of a secret key to generate
a small fixed-size block of data, known as a cryptographic checksum or MAC, that is
appended to the message. This technique assumes that two communicating parties,
say A and B, share a common secret key K. When A has a message to send to B, it
calculates the MAC as a function of the message and the key:
MAC = C(K, M)
where
M = input message
C = MAC function
K = shared secret key
MAC = message authentication code

10
Prof. Andleeb Sahar
UNIT IV CRYPTOGRAPHY & NETWORK SECURITY

The message plus MAC are transmitted to the intended recipient. The recipient
performs the same calculation on the received message, using the same secret key, to
generate a new MAC. The received MAC is compared to the calculated MAC.

11
Prof. Andleeb Sahar
UNIT IV CRYPTOGRAPHY & NETWORK SECURITY

HMAC
NIST has issued a standard (FIPS 198) for a nested MAC that is often referred to as
HMAC.The implementation of HMAC is much more complex than the simplified
nested MAC.

1. The message is divided into N blocks, each of b bits.

2. The secret key is left-padded with 0’s to create a b-bit key. Note that it is
recommended that the secret key (before padding) be longer than n bits, where n is the
size of the HMAC.
3. The result of step 2 is exclusive-ored with a constant called ipad (input pad) to
create a b-bit block. The value of ipad is the b/8 repetition of the sequence 00110110.
4. The resulting block is prepended to the N-block message. The result is N + 1
blocks.
5. The result of step 4 is hashed to create an n-bit digest. We call the digest the
inter-mediate HMAC.
6. The intermediate n-bit HMAC is left padded with 0s to make a b-bit block.
7. Steps 2 and 3 are repeated by a different constant opad (output pad). The value of
opad is the b/8 repetition of the sequence 01011100 (5C in hexadecimal).

12
Prof. Andleeb Sahar
UNIT IV CRYPTOGRAPHY & NETWORK SECURITY

8. The result of step 7 is prepended to the block of step 6.

9. The result of step 8 is hashed with the same hashing algorithm to create the final
n-bit HMAC.

User/ Entity Authentication:

Message authentication (or data-origin authentication) might not happen in real
time; entity authentication does. In the former, Alice sends a message to Bob.
When Bob authenticates the message, Alice may or may not be present in
the communication process.
On the other hand, when Alice requests entity authentication, there is no real message
communication involved until Alice is authenticated by Bob. Alice needs to be online
and to take part in the process.
Only after she is authenticated can messages be communicated between Alice
and Bob.
Data-origin authentication is required when an email is sent from Alice to
Bob. Entity authentication is required when Alice gets cash from an automatic
teller machine.
Second, message authentication simply authenticates one message; the process
needs to be repeated for each new message. Entity authentication authenticates the
claimant for the entire duration of a session.

PASSWORDS
The simplest and oldest method of entity authentication is the password-based
authentication, where the password is something that the claimant knows. A password
is used when a user needs to access a system to use the system’s resources (login).
Each user has a user identification that is public, and a password that is private. We
can divide these authentication schemes into two groups: the fixed password and the
one-time password.

13
Prof. Andleeb Sahar
UNIT IV CRYPTOGRAPHY & NETWORK SECURITY

i) Fixed Password
A fixed password is a password that is used over and over again for every access.
Several schemes have been built, one upon the other.
ii) One-Time Password
A one-time password is a password that is used only once. This kind of password
makes eavesdropping useless.

BIOMETRICS
Biometrics is the measurement of physiological or behavioral features that identify a
person (authentication by something inherent). Biometrics measures features that can-
not be guessed, stolen, or shared.
Physiological Techniques
● Fingerprint
● iris
● retina
● face
● hands
● voice
● DNA
Behavioral Techniques
Behavioral techniques measure some human behavior traits. Unlike physiological
techniques, behavioral techniques need to be monitored to ensure the claimant
behaves normally and does not attempt to impersonate someone else.
● Signature
● key stroke

14
Prof. Andleeb Sahar
UNIT IV CRYPTOGRAPHY & NETWORK SECURITY

Key-Distribution Center: KDC

A practical solution is the use of a trusted third party, referred to as a key-distribution
center (KDC). To reduce the number of keys, each person establishes a shared secret
key with the KDC.

A secret key is established between the KDC and each member. Alice has a secret
key with the KDC, which we refer to as KAlice; Bob has a secret key with the KDC,
which we refer to as KBob; and so on. Now the question is how Alice can send a
confidential message to Bob. The process is as follows:
1. Alice sends a request to the KDC stating that she needs a session (temporary)
secret key between herself and Bob.
2. The KDC informs Bob about Alice’s request.
3. If Bob agrees, a session key is created between the two.
The secret key between Alice and Bob that is established with the KDC is used to
authenticate Alice and Bob to the KDC and to prevent Eve from impersonating either
of them.

Session Keys
A KDC creates a secret key for each member. This secret key can be used only
between the member and the KDC, not between two members. If Alice needs to
communicate secretly with Bob, she needs a secret key between herself and Bob. A
KDC can create a session key between Alice and Bob, using their keys with the
center. The keys of Alice and Bob are used to authenticate Alice and Bob to the center
and to each other before the session key is established.
After communication is terminated, the session key is no longer useful.

15
Prof. Andleeb Sahar
UNIT IV CRYPTOGRAPHY & NETWORK SECURITY

A Simple Protocol Using a KDC

1. Alice sends a plaintext message to the KDC to obtain a symmetric session key
between Bob and herself. The message contains her registered identity (the word
Alice in the figure) and the identity of Bob (the word Bob in the figure). This message
is not encrypted, it is public. The KDC does not care.
2. The KDC receives the message and creates what is called a ticket. The ticket is
encrypted using Bob’s key (KB). The ticket contains the identities of Alice and Bob
and the session key (KAB). The ticket with a copy of the session key is sent to Alice.
Alice receives the message, decrypts it, and extracts the session key. She cannot
decrypt Bob’s ticket; the ticket is for Bob, not for Alice.
3. Alice sends the ticket to Bob. Bob opens the ticket and knows that Alice needs to
send messages to him using KAB as the session key.

16
Prof. Andleeb Sahar
UNIT IV CRYPTOGRAPHY & NETWORK SECURITY

KERBEROS:

Kerberos is an authentication protocol, and at the same time a KDC, that has
become very popular.
Several systems, including Windows 2000, use Kerberos.
Three servers are involved in the Kerberos protocol: an authentication server
(AS), a ticket-granting server (TGS), and a real (data) server that provides
services to others.

Authentication Server (AS)

The authentication server (AS) is the KDC in the Kerberos protocol. Each user
registers with the AS and is granted a user identity and a password. The AS has
a database with these identities and the corresponding passwords. The AS
verifies the user, issues a session key to be used between Alice and the TGS,
and sends a ticket for the TGS.

Ticket-Granting Server (TGS)

The ticket-granting server (TGS) issues a ticket for the real server (Bob). It also
provides the session key (KAB) between Alice and Bob. Kerberos has separated
user verification from the issuing of tickets. In this way, though Alice verifies
her ID just once with the AS, she can contact the TGS multiple times to obtain
tickets for different real servers.

Real Server
The real server (Bob) provides services for the user (Alice). Kerberos is
designed for a client-server program, such as FTP, in which a user uses the
client process to access the server process. Kerberos is not used for
person-to-person authentication.

17
Prof. Andleeb Sahar
UNIT IV CRYPTOGRAPHY & NETWORK SECURITY

Operation
A client process (Alice) can access a process running on the real server (Bob) in
six steps, as shown in Figure.
1. Alice sends her request to the AS in plain text using her registered identity.
2. The AS sends a message encrypted with Alice’s permanent symmetric key,
KA-AS.
The message contains two items: a session key, KA-TGS, that is used by Alice
to contact the TGS, and a ticket for the TGS that is encrypted with the TGS
symmetric key, KAS-TGS. Alice does not know KA-AS, but when the message
arrives, she types her symmetric password. The password and the appropriate
algorithm together create KA-AS if the password is correct. The password is
then immediately destroyed; it is not sent to the network and it does not stay in
the terminal. It is used only for a moment to create KA-AS. The process now
uses KA-AS to decrypt the message sent. KA-TGS and the ticket are extracted.
3. Alice now sends three items to the TGS. The first is the ticket received from
the AS. The second is the name of the real server (Bob), the third is a timestamp
that is encrypted by KA-TGS. The timestamp prevents a replay by Eve.

18
Prof. Andleeb Sahar
UNIT IV CRYPTOGRAPHY & NETWORK SECURITY

4. Now, the TGS sends two tickets, each containing the session key between
Alice and Bob, KA-B. The ticket for Alice is encrypted with KA-TGS; the
ticket for Bob is encrypted with Bob’s key, KTGS-B. Note that Eve cannot
extract KAB because Eve does not know KA-TGS or KTGS-B. She cannot
replay step 3 because she cannot replace the timestamp with a new one (she
does not know KA-TGS). Even if she is very quick and sends the step 3
message before the timestamp has expired, she still receives the same two
tickets that she cannot decipher.
5. Alice sends Bob’s ticket with the timestamp encrypted by KA-B.
6. Bob confirms the receipt by adding 1 to the timestamp. The message is
encrypted with KA-B and sent to Alice.

Kerberos Version 5
The minor differences between version 4 and version 5 are briefly listed below:
1. Version 5 has a longer ticket lifetime.
2. Version 5 allows tickets to be renewed.
3. Version 5 can accept any symmetric-key algorithm.
4. Version 5 uses a different protocol for describing data types.
5. Version 5 has more overhead than version 4.

19
Prof. Andleeb Sahar