UCSC005 – Cryptography and

Network Security (CNS)

16-09-2020
UNIT 3: Hash Functions and Digital Signatures
(Authentication Requirement and
Authentication Functions)
Course Coordinator,
Ms. S.Hebziba Jeba Rani, AP/CSE

Tuesday, November 23 UNIT 3: Hash Functions and Digital Signatures 1

 Introduction & number theory (UNIT 1)
Services, Mechanisms and attacks-the OSI security architecture-Network security model-Classical Encryption
techniques (Symmetric cipher model, substitution techniques, transposition techniques, steganography).FINITE
FIELDS AND NUMBER THEORY: Groups, Rings, Fields-Modular arithmetic-Euclid’s algorithm-Finite fields-
Polynomial Arithmetic –Prime numbers-Fermat’s and Euler’s theorem-Testing for primality -The Chinese remainder
theorem- Discrete logarithms
Block ciphers & public key cryptography (UNIT 2)
Data Encryption Standard-Block cipher principles-block cipher modes of operation-Advanced Encryption Standard

S
(AES)-Triple DES-Blowfish-RC5 algorithm. Public key cryptography: Principles of public key cryptosystems-The
RSA algorithm-Key management - Diffie Hellman Key exchange-Elliptic curve arithmetic-Elliptic curve cryptography
 

yl Hash functions and digital signatures (UNIT 3)

Authentication requirement – Authentication function – MAC – Hash function – Security of hash
function and MAC –MD5 - SHA - HMAC – CMAC - Digital signature and authentication protocols –

la DSS – EI Gamal – Schnorr

b
 Security practice & system security (UNIT 4)
Authentication applications – Kerberos – X.509 Authentication services - Internet Firewalls for Trusted System: Roles
of Firewalls – Firewall related terminology- Types of Firewalls - Firewall designs - SET for E-Commerce Transactions.

us
Intruder – Intrusion detection system – Virus and related threats – Countermeasures – Firewalls design principles –
Trusted systems – Practical implementation of cryptography and security.
E-Mail, IP & web security (UNIT 5)
E-mail Security: Security Services for E-mail-attacks possible through E-mail - establishing keys privacy-
authentication of the source-Message Integrity-Non-repudiation-Pretty Good Privacy-S/MIME. IPSecurity: Overview
of IPSec - IP and IPv6-Authentication Header-Encapsulation Security Payload (ESP)-Internet Key Exchange (Phases of
IKE, ISAKMP/IKE Encoding). Web Security: SSL/TLS Basic Protocol-computing the keys- client authentication-PKI
as deployed by SSL Attacks fixed in v3-Exportability-Encoding-Secure Electronic Transaction (SET)

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 2
  

•It is a service used to verify the integrity of a message

• Ensures that the message has been sent by trusted identity
•Message authentication is typically achieved by using Message
Authentication Codes (MACs)

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 3
 Message Authentication Code (MAC)

• Piece of information used to authenticate a message

• MAC confirms that the message came from the stated sender 

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 4
 Authentication Requirements
1. Disclosure - Release of message contents 

2. Traffic analysis - Discovery of the pattern of traffic between parties

3. Masquerade - Insertion of messages into the network from a

fraudulent source

4. Content modification - Changes to the contents of a message

5. Sequence modification - modification to a sequence of messages

6. Timing modification - Delay or replay of messages

7. Source repudiation - Denial of transmission of message by source.

8. Destination repudiation - Denial of receipt of message by destination.

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 5
 Message Authentication Functions
Following are the functions that produce an
authenticator

 Hash Function – Maps a message of any length into

fixed length hash value

 Message Encryption - The cipher-text of the entire

message serves as its authenticator

 Message Authentication Code(MAC) - A function of

the message and a secret key produces a fixed-length
value that serves as the authenticator
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 6
 Hash Function – Authentication
Function

• Maps a message of any length into fixed length hash value

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 7
 Message Encryption – Authentication
Function

The cipher text of the entire message

serves as its authenticator

The analysis differs for symmetric and

public-key encryption schemes.

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 8
 Symmetric Encryption -
Authentication Function
• Symmetric encryption provides authentication as well as
confidentiality

Problem:
• there is no way to determine at the destination, whether an
incoming message is the cipher text of a legitimate message.
Solution: Append frame check sequence (FCS) / Error Detecting
Code or checksum, to each message before/after encryption

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 9
 Symmetric Encryption
(using frame check sequence/checksum/error detecting code)

Internal Error Control – appending frame check sequence before encryption

(authentication is achieved)

External Error Control – appending frame check sequence after encryption

(authentication is achieved)

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 10
 Public Key Encryption -
Confidentiality
• provides confidentiality but not authentication

• The source (A) uses the public key PUb of the destination (B) to
encrypt M.

• provides no authentication, because any opponent could also use B’s

public key to encrypt a message

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 11
 Public Key Encryption –
Authentication and Signature

• Provides authentication but lacks confidentiality

•To provide authentication, A uses its private key to encrypt the

message, and B uses A’s public key to decrypt

• Sender A has “signed” the message using its private key that no
other party knows the key (digital signature)

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 12
 Public Key Encryption – Confidentiality,
Authentication and Signature

• To provide both confidentiality and authentication

• A can encrypt first using its private key, which provides the digital
signature and then using B’s public key, which provides
confidentiality

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 13
 Message Authentication Code(MAC)
– Authentication Function
 Uses secret key to generate a small fixed-size block of
data (MAC), that is appended to the message

MAC = C (k , M)

M = input message
C = MAC function
K = Shared secret key
MAC = Message Authentication code

 Message + MAC  sent to receiver

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 14
 MAC – Authentication

If the received MAC matches the calculated MAC, then

1. The receiver is assured that the message has not been altered
2. The receiver is assured that the message is from the trusted sender
3. If the message includes a sequence number, then the receiver can
be assured of the proper sequence

It provides authentication but not confidentiality

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 15
 MAC – Achieving Confidentiality and
Authentication by performing message
encryption after the MAC algorithm

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 16
 MAC – Achieving Confidentiality and
Authentication by performing message
encryption before the MAC algorithm

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 17
 Situations where MAC is used.
 same message is to be broadcasted to a number of destinations

 one side has a heavy load and cannot afford the time to decrypt all
incoming messages

 MAC can be used to check integrity of the program whenever required

 For some applications, it may not be of concern to keep messages

secret, but it is important to authenticate messages

 Separation of authentication and confidentiality functions affords

architectural flexibility.

 A user may wish to prolong the period of protection

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 18
 Hash Function – Authentication
Function

• Maps a message of any length into fixed length hash value

• Hash code is also called as message digest or hash value
• h = H(M)

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 19
Requirements for a Hash Function
 To produce “fingerprint” of a message
 For message authentication

Properties of Hash Function h=H(M)

• H can be applied to data of any size
• H Produces fixed length output
• H(M) is relatively easy to compute
• one-way property (not easy to compute ‘M’ based on ‘h’)
• weak collision resistance (infeasible to find M2 based on M1 such that H(M2) =H(M1))
• strong collision resistance (infeasible to find M1 and M2 such that H(M1)=H(M2))
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 20
 Variety of ways in which Hash Code
can be used – Method 1

• Only A and B share the secret key  authentication is

provided.

• Encryption is applied  confidentiality is also

provided.

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 21
 Use of Hash Function – Method 2

• Only the hash code is encrypted to provide authentication

• Reduces Processing Burden
• Secure against the opponent who doesn’t know the secret key

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 22
 Use of Hash Function – Method 3

• Only the hash code is encrypted using public key encryption

• Provides authentication and digital signature

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 23
 Use of Hash Function – Method 4

• This is a common technique

• Confidentiality and Digital signature is achieved
• Authentication is also achieved using Hash code

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 24
 Use of Hash Function – Method 5

• Two Parties share a common secret value ‘S’ for generating

hash value (encryption is not used)
• Authentication is achieved

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 25
 Use of Hash Function – Method 6

• Provides Authentication and Confidentiality

• Confidentiality is achieved using Encryption

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 26
 Use of Hash Function – Summary of 6
Methods
 When Confidentiality is not required  Method 2
and Method 3 have an advantage because it doesn’t
include cryptographic protection (encryption) on
messages which reduces computational complexity

 Also there has been interest shown towards the

techniques that avoid encryption.

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 27
 Reasons for Showing interest towards
techniques that lack encryption

 Encryption Software is slow

 Encryption hardware costs are not negligible

 Encryption hardware is optimized towards large data sizes

 Encryption algorithms may be covered by patents

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 28
 Simple Hash Functions
 Input is processed one block at a time
 Most of the hash functions operate using the following
general principle
 Simplest hash function is bit-by-bit XOR of every
block

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 29
 Improving Effectiveness of Simple
Hash Function

 To improve the effectiveness of simple hash function,

Rotation on the bits of hash value can be done
 Initially set n-bit hash value to zero
 Process each successive n-bit block of data as follows:

◦ Rotate the current hash value to the left by one bit

◦ XOR the block into the hash value

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 30
 Security of MACs and Hash Function
 Attacks on MACs and Hash functions can be categorized into two: brute-
force attacks and cryptanalysis

Brute-Force Attacks
 Security Property of MAC: Given one or more text-MAC pairs, it is
computationally infeasible to compute any text-MAC pair for any new input
 In hash, a brute-force attack depends only on the bit length of the hash value
and the following brute-force attacks happen
◦ PREIMAGE AND SECOND PREIMAGE ATTACKS
◦ COLLISION RESISTANT ATTACKS

Cryptanalysis
 Attacks on MAC and Hash algorithms tend to exploit some property of the
algorithm to perform some attack other than an exhaustive search

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 31
 MD5
 5th version of the Message Digest Algorithm 
 MD5 accepts a message of any length and returns as output
a fixed-length value
 Ronald Rivest - designed MD5
 5 steps - padding, appending, dividing input into blocks,
initialize buffers and 4 rounds

 Secure MD5 should meet two requirements:

◦ It is impossible to generate two inputs that cannot
produce the same hash function.
◦ It is impossible to generate a message having the same
hash value.

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 32
 MD5 Step 1: Appending Padding Bits

 The original message is "padded" (extended) so that its

length (in bits) is congruent to 448 modulo 512.

The padding rules are:

1. The original message is always padded with one bit
"1" first.

2. Then zero or more bits "0" are padded to bring the

length of the message up to 64 bits fewer than a
multiple of 512.

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 33
 MD5 Step 2: Appending Length

 64 bits are appended – indicates the length of the

original message in bytes.

The rules of appending length are:

1. The length in bytes is converted to its binary format of
64 bits.

2. Break the 64-bit length into 2 words.

3. The low-order word is appended first.

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 34
 MD5 Step 3: Initialize MD buffer

A four-word buffer (A, B, C, D) is used to compute the

values for the message digest.

 Here A, B, C, D are 32- bit registers and are initialized

in the following way

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 35
 MD5 Step 4: Processing message in 16-word block

• Four auxiliary functions that each take as input three

32-bit words and produce as output one 32-bit word.

•These functions use logical operators like OR, XOR,

NOR.

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 36
 MD5 Step 5:
Processing the Blocks
Output

• After all, rounds

have performed
the buffer A, B,
C, D contains the
MD5 output

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 37
 Secure Hash Algorithms
 Also known as SHA

 Designed to keep data secured

 These algorithms are designed to be one-way functions

 Versions:  SHA-1, SHA-2, and SHA-3

 Common application of SHA is to encrypting passwords

 SHAs exhibit the avalanche effect

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 38
 Types of SHA Algorithm

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 39
 SHA Characteristics
Pre-image resistance
Second Pre-image resistance
Collision Resistance

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 40
 SHA – 1 – Processing Steps
  Developed in 1993 by NIST

 Used in security protocols (TLS, SSL, PGP)

 Produces 160-bit hash value known as message digest

 Eg: ‘abc’ in binary - 01100001 01100010 01100011

‘abc’ in hexadecimal – 616263

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 41
 SHA – 1 – Processing Steps
 Step 1: initialize 5 random strings

 Step 2:  The message is then padded

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 42
 SHA – 1 – Processing Steps
 Step 3: M, is then divided into 512-bit chunks

 Step 4: 80 iterations and Circular shift operations

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 43
 SHA – 1 – Processing Steps
 Step 5: store the hash values in the following variable

 Step 6: For 80 iterations Compute,

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 44
 SHA – 1 – Processing Steps
 Step 7: Store the result and execute the next chunk

 Step 8: the message digest is represented as 160-bit

comprised of the OR logical operator

 Hash value for string ‘abc’

 Hash value for string ‘abcd’

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 45
 HMAC (Hash based MAC)
 twin benefits of Hashing and MAC

 more secure than any other authentication codes

 verifies data integrity and authenticity of a message

 HMACs are almost similar to digital signatures. They

both enforce integrity and authenticity. They both use
cryptographic keys. And they both employ hash
functions. The main difference is that digital signatures
use asymmetric keys, while HMACs use symmetric
keys
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 46
 HMAC – Design Objectives
 HMAC is also aimed to be one way.

 It aims at being less effected by collisions than the hash

functions.

 HMAC reuses the algorithms like MD5 and SHA

 HMAC tries to handle the Keys in more simple manner.

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 47
 HMAC - Working

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 48
 CMAC (Cipher based MAC)
 calculates MAC code and it is based on block cipher
 provide assurance of the authenticity and integrity of binary data

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 49
 Introduction & number theory (UNIT 1)
Services, Mechanisms and attacks-the OSI security architecture-Network security model-Classical Encryption techniques
(Symmetric cipher model, substitution techniques, transposition techniques, steganography).FINITE FIELDS AND NUMBER
THEORY: Groups, Rings, Fields-Modular arithmetic-Euclid’s algorithm-Finite fields- Polynomial Arithmetic –Prime numbers-
Fermat’s and Euler’s theorem-Testing for primality -The Chinese remainder theorem- Discrete logarithms
Block ciphers & public key cryptography (UNIT 2)
Data Encryption Standard-Block cipher principles-block cipher modes of operation-Advanced Encryption Standard (AES)-Triple
DES-Blowfish-RC5 algorithm. Public key cryptography: Principles of public key cryptosystems-The RSA algorithm-Key
management - Diffie Hellman Key exchange-Elliptic curve arithmetic-Elliptic curve cryptography

S  
Hash functions and digital signatures (UNIT 3)

yl Authentication requirement – Authentication function – MAC – Hash function – Security of hash function and MAC –MD5 -
SHA - HMAC – CMAC - Digital signature and authentication protocols – DSS – EI Gamal – Schnorr

la  Security practice & system security (UNIT 4)

Authentication applications – Kerberos – X.509 Authentication services - Internet

b Firewalls for Trusted System: Roles of Firewalls – Firewall related terminology- Types of
Firewalls - Firewall designs - SET for E-Commerce Transactions. Intruder – Intrusion
detection system – Virus and related threats – Countermeasures – Firewalls design

us principles – Trusted systems – Practical implementation of cryptography and security.

E-Mail, IP & web security (UNIT 5)

E-mail Security: Security Services for E-mail-attacks possible through E-mail - establishing keys privacy-authentication of the
source-Message Integrity-Non-repudiation-Pretty Good Privacy-S/MIME. IPSecurity: Overview of IPSec - IP and IPv6-
Authentication Header-Encapsulation Security Payload (ESP)-Internet Key Exchange (Phases of IKE, ISAKMP/IKE Encoding).
Web Security: SSL/TLS Basic Protocol-computing the keys- client authentication-PKI as deployed by SSL Attacks fixed in v3-
Exportability-Encoding-Secure Electronic Transaction (SET)

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 50
 Kerberos
• Greek mythology Kerberos - three headed
dog

• developed for Project at the MIT.

• three heads of the Kerberos represent a

client, a server and a Key Distribution
Centre (KDC)

•The KDC includes two servers: AS and

TGS

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 51
 How Kerberos Works?

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 52
 X.509 Authentication Services

Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 53
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 54