Cryptography and Network Security
Cryptography and Network Security
16-09-2020
UNIT 3: Hash Functions and Digital Signatures
(Authentication Requirement and
Authentication Functions)
Course Coordinator,
Ms. S.Hebziba Jeba Rani, AP/CSE
S
(AES)-Triple DES-Blowfish-RC5 algorithm. Public key cryptography: Principles of public key cryptosystems-The
RSA algorithm-Key management - Diffie Hellman Key exchange-Elliptic curve arithmetic-Elliptic curve cryptography
b
Security practice & system security (UNIT 4)
Authentication applications – Kerberos – X.509 Authentication services - Internet Firewalls for Trusted System: Roles
of Firewalls – Firewall related terminology- Types of Firewalls - Firewall designs - SET for E-Commerce Transactions.
us
Intruder – Intrusion detection system – Virus and related threats – Countermeasures – Firewalls design principles –
Trusted systems – Practical implementation of cryptography and security.
E-Mail, IP & web security (UNIT 5)
E-mail Security: Security Services for E-mail-attacks possible through E-mail - establishing keys privacy-
authentication of the source-Message Integrity-Non-repudiation-Pretty Good Privacy-S/MIME. IPSecurity: Overview
of IPSec - IP and IPv6-Authentication Header-Encapsulation Security Payload (ESP)-Internet Key Exchange (Phases of
IKE, ISAKMP/IKE Encoding). Web Security: SSL/TLS Basic Protocol-computing the keys- client authentication-PKI
as deployed by SSL Attacks fixed in v3-Exportability-Encoding-Secure Electronic Transaction (SET)
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 2
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 3
Message Authentication Code (MAC)
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 4
Authentication Requirements
1. Disclosure - Release of message contents
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 5
Message Authentication Functions
Following are the functions that produce an
authenticator
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 7
Message Encryption – Authentication
Function
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 8
Symmetric Encryption -
Authentication Function
• Symmetric encryption provides authentication as well as
confidentiality
Problem:
• there is no way to determine at the destination, whether an
incoming message is the cipher text of a legitimate message.
Solution: Append frame check sequence (FCS) / Error Detecting
Code or checksum, to each message before/after encryption
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 9
Symmetric Encryption
(using frame check sequence/checksum/error detecting code)
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 10
Public Key Encryption -
Confidentiality
• provides confidentiality but not authentication
• The source (A) uses the public key PUb of the destination (B) to
encrypt M.
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 11
Public Key Encryption –
Authentication and Signature
• Sender A has “signed” the message using its private key that no
other party knows the key (digital signature)
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 12
Public Key Encryption – Confidentiality,
Authentication and Signature
• A can encrypt first using its private key, which provides the digital
signature and then using B’s public key, which provides
confidentiality
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 13
Message Authentication Code(MAC)
– Authentication Function
Uses secret key to generate a small fixed-size block of
data (MAC), that is appended to the message
MAC = C (k , M)
M = input message
C = MAC function
K = Shared secret key
MAC = Message Authentication code
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 14
MAC – Authentication
1. The receiver is assured that the message has not been altered
2. The receiver is assured that the message is from the trusted sender
3. If the message includes a sequence number, then the receiver can
be assured of the proper sequence
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 16
MAC – Achieving Confidentiality and
Authentication by performing message
encryption before the MAC algorithm
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 17
Situations where MAC is used.
same message is to be broadcasted to a number of destinations
one side has a heavy load and cannot afford the time to decrypt all
incoming messages
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 19
Requirements for a Hash Function
To produce “fingerprint” of a message
For message authentication
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 21
Use of Hash Function – Method 2
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 22
Use of Hash Function – Method 3
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 23
Use of Hash Function – Method 4
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 24
Use of Hash Function – Method 5
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 25
Use of Hash Function – Method 6
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 26
Use of Hash Function – Summary of 6
Methods
When Confidentiality is not required Method 2
and Method 3 have an advantage because it doesn’t
include cryptographic protection (encryption) on
messages which reduces computational complexity
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 27
Reasons for Showing interest towards
techniques that lack encryption
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 28
Simple Hash Functions
Input is processed one block at a time
Most of the hash functions operate using the following
general principle
Simplest hash function is bit-by-bit XOR of every
block
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 29
Improving Effectiveness of Simple
Hash Function
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 30
Security of MACs and Hash Function
Attacks on MACs and Hash functions can be categorized into two: brute-
force attacks and cryptanalysis
Brute-Force Attacks
Security Property of MAC: Given one or more text-MAC pairs, it is
computationally infeasible to compute any text-MAC pair for any new input
In hash, a brute-force attack depends only on the bit length of the hash value
and the following brute-force attacks happen
◦ PREIMAGE AND SECOND PREIMAGE ATTACKS
◦ COLLISION RESISTANT ATTACKS
Cryptanalysis
Attacks on MAC and Hash algorithms tend to exploit some property of the
algorithm to perform some attack other than an exhaustive search
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 31
MD5
5th version of the Message Digest Algorithm
MD5 accepts a message of any length and returns as output
a fixed-length value
Ronald Rivest - designed MD5
5 steps - padding, appending, dividing input into blocks,
initialize buffers and 4 rounds
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 32
MD5 Step 1: Appending Padding Bits
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 33
MD5 Step 2: Appending Length
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 34
MD5 Step 3: Initialize MD buffer
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 35
MD5 Step 4: Processing message in 16-word block
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 36
MD5 Step 5:
Processing the Blocks
Output
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 37
Secure Hash Algorithms
Also known as SHA
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 38
Types of SHA Algorithm
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 39
SHA Characteristics
Pre-image resistance
Second Pre-image resistance
Collision Resistance
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 40
SHA – 1 – Processing Steps
Developed in 1993 by NIST
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 41
SHA – 1 – Processing Steps
Step 1: initialize 5 random strings
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 42
SHA – 1 – Processing Steps
Step 3: M, is then divided into 512-bit chunks
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 43
SHA – 1 – Processing Steps
Step 5: store the hash values in the following variable
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 44
SHA – 1 – Processing Steps
Step 7: Store the result and execute the next chunk
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 45
HMAC (Hash based MAC)
twin benefits of Hashing and MAC
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 47
HMAC - Working
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 48
CMAC (Cipher based MAC)
calculates MAC code and it is based on block cipher
provide assurance of the authenticity and integrity of binary data
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 49
Introduction & number theory (UNIT 1)
Services, Mechanisms and attacks-the OSI security architecture-Network security model-Classical Encryption techniques
(Symmetric cipher model, substitution techniques, transposition techniques, steganography).FINITE FIELDS AND NUMBER
THEORY: Groups, Rings, Fields-Modular arithmetic-Euclid’s algorithm-Finite fields- Polynomial Arithmetic –Prime numbers-
Fermat’s and Euler’s theorem-Testing for primality -The Chinese remainder theorem- Discrete logarithms
Block ciphers & public key cryptography (UNIT 2)
Data Encryption Standard-Block cipher principles-block cipher modes of operation-Advanced Encryption Standard (AES)-Triple
DES-Blowfish-RC5 algorithm. Public key cryptography: Principles of public key cryptosystems-The RSA algorithm-Key
management - Diffie Hellman Key exchange-Elliptic curve arithmetic-Elliptic curve cryptography
S
Hash functions and digital signatures (UNIT 3)
yl Authentication requirement – Authentication function – MAC – Hash function – Security of hash function and MAC –MD5 -
SHA - HMAC – CMAC - Digital signature and authentication protocols – DSS – EI Gamal – Schnorr
b Firewalls for Trusted System: Roles of Firewalls – Firewall related terminology- Types of
Firewalls - Firewall designs - SET for E-Commerce Transactions. Intruder – Intrusion
detection system – Virus and related threats – Countermeasures – Firewalls design
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 50
Kerberos
• Greek mythology Kerberos - three headed
dog
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 51
How Kerberos Works?
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 52
X.509 Authentication Services
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 53
Tuesday, November 23, 2021 UNIT 3: Hash Functions and Digital Signatures 54