DCN-Unit IV
DCN-Unit IV
Unit-IV
Message Authentication
The threat that exist for data is the lack of message authentication. In this threat, the user
is not sure about the originator of the message. Message authentication can be provided
using the cryptographic techniques that use secret keys as done in case of encryption.
Message Authentication Code (MAC)
MAC algorithm is a symmetric key cryptographic technique to provide message
authentication. For establishing MAC process, the sender and receiver share a symmetric
key K.
Essentially, a MAC is an encrypted checksum generated on the underlying message that is
sent along with a message to ensure message authentication.
The process of using MAC for authentication is depicted in the following illustration −
Message Authentication
Let us now try to understand the entire process in detail −
The sender uses some publicly known MAC algorithm, inputs the message and the secret key
K and produces a MAC value.
Similar to hash, MAC function also compresses an arbitrary long input into a fixed length
output. The major difference between hash and MAC is that MAC uses secret key during the
compression.
The sender forwards the message along with the MAC. Here, we assume that the message is
sent in the clear, as we are concerned of providing message origin authentication, not
confidentiality. If confidentiality is required then the message needs encryption.
On receipt of the message and the MAC, the receiver feeds the received message and the
shared secret key K into the MAC algorithm and re-computes the MAC value.
The receiver now checks equality of freshly computed MAC with the MAC received from the
sender. If they match, then the receiver accepts the message and assures himself that the
message has been sent by the intended sender.
If the computed MAC does not match the MAC sent by the sender, the receiver cannot
determine whether it is the message that has been altered or it is the origin that has been
Message Authentication
Limitations of MAC
There are two major limitations of MAC, both due to its symmetric nature of operation −
Establishment of Shared Secret.
It can provide message authentication among pre-decided legitimate users who have shared key.
This requires establishment of shared secret prior to use of MAC.
Inability to Provide Non-Repudiation
Non-repudiation is the assurance that a message originator cannot deny any previously sent
messages and commitments or actions.
MAC technique does not provide a non-repudiation service. If the sender and receiver get
involved in a dispute over message origination, MACs cannot provide a proof that a message
was indeed sent by the sender.
Though no third party can compute the MAC, still sender could deny having sent the message
and claim that the receiver forged it, as it is impossible to determine which of the two parties
computed the MAC.
Both these limitations can be overcome by using the public key based digital signatures.
Hash Function
Hash functions are extremely useful and appear in almost all information security applications.
A hash function is a mathematical function that converts a numerical input value into another
compressed numerical value. The input to the hash function is of arbitrary length but output is always of
fixed length.
Values returned by a hash function are called message digest or simply hash values. The following
picture illustrated hash function −
Features of Hash Functions
The typical features of hash functions are −
Fixed Length Output (Hash Value)
Hash function coverts data of arbitrary length to a fixed length. This process is often referred to as hashing the
data.
In general, the hash is much smaller than the input data, hence hash functions are sometimes called compression
functions.
Since a hash is a smaller representation of a larger data, it is also referred to as a digest.
Hash function with n bit output is referred to as an n-bit hash function. Popular hash functions generate values
between 160 and 512 bits.
Efficiency of Operation
Generally for any hash function h with input x, computation of h(x) is a fast operation.
Hash Function
Properties of Hash Functions
In order to be an effective cryptographic tool, the hash function is desired to possess following properties −
Pre-Image Resistance
This property means that it should be computationally hard to reverse a hash function.
In other words, if a hash function h produced a hash value z, then it should be a difficult process to find any input value x that
hashes to z.
This property protects against an attacker who only has a hash value and is trying to find the input.
Second Pre-Image Resistance
This property means given an input and its hash, it should be hard to find a different input with the same hash.
In other words, if a hash function h for an input x produces hash value h(x), then it should be difficult to find any other input
value y such that h(y) = h(x).
This property of hash function protects against an attacker who has an input value and its hash, and wants to substitute
different value as legitimate value in place of original input value.
Collision Resistance
This property means it should be hard to find two different inputs of any length that result in the same hash. This property is
also referred to as collision free hash function.
In other words, for a hash function h, it is hard to find any two different inputs x and y such that h(x) = h(y).
Since, hash function is compressing function with fixed hash length, it is impossible for a hash function not to have collisions.
This property of collision free only confirms that these collisions should be hard to find.
This property makes it very difficult for an attacker to find two input values with the same hash.
Also, if a hash function is collision-resistant then it is second pre-image resistant.
Hash Function
Design of Hashing Algorithms
At the heart of a hashing is a mathematical function that operates on two fixed-size blocks
of data to create a hash code. This hash function forms the part of the hashing algorithm.
The size of each data block varies depending on the algorithm. Typically the block sizes
are from 128 bits to 512 bits. The following illustration demonstrates hash function-
Hashing algorithm involves rounds of above hash function like a block cipher. Each round
takes an input of a fixed size, typically a combination of the most recent message block
and the output of the last round.
This process is repeated for as many rounds as are required to hash the entire message.
Schematic of hashing algorithm is depicted in the following illustration
Hash Function
Design of Hashing Algorithms
Since, the hash value of first message block becomes an input to the second hash
operation, output of which alters the result of the third operation, and so on. This effect,
known as an avalanche effect of hashing.
Avalanche effect results in substantially different hash values for two messages that differ
by even a single bit of data.
Understand the difference between hash function and algorithm correctly. The hash
function generates a hash code by operating on two blocks of fixed-length binary data.
Hashing algorithm is a process for using the hash function, specifying how the message
will be broken up and how the results from previous message blocks are chained together.
Hash Function
Popular Hash Functions
Let us briefly see some popular hash functions −
Message Digest (MD)
MD5 was most popular and widely used hash function for quite some years.
The MD family comprises of hash functions MD2, MD4, MD5 and MD6. It was adopted
as Internet Standard RFC 1321. It is a 128-bit hash function.
MD5 digests have been widely used in the software world to provide assurance about
integrity of transferred file. For example, file servers often provide a pre-computed MD5
checksum for the files, so that a user can compare the checksum of the downloaded file to
it.
In 2004, collisions were found in MD5. An analytical attack was reported to be successful
only in an hour by using computer cluster. This collision attack resulted in compromised
MD5 and hence it is no longer recommended for use.
Hash Function
Popular Hash Functions
Secure Hash Function (SHA)
Family of SHA comprise of four SHA algorithms; SHA-0, SHA-1, SHA-2, and SHA-3. Though
from same family, there are structurally different.
The original version is SHA-0, a 160-bit hash function, was published by the National Institute of
Standards and Technology (NIST) in 1993. It had few weaknesses and did not become very
popular. Later in 1995, SHA-1 was designed to correct alleged weaknesses of SHA-0.
SHA-1 is the most widely used of the existing SHA hash functions. It is employed in several
widely used applications and protocols including Secure Socket Layer (SSL) security.
In 2005, a method was found for uncovering collisions for SHA-1 within practical time frame
making long-term employability of SHA-1 doubtful.
SHA-2 family has four further SHA variants, SHA-224, SHA-256, SHA-384, and SHA-512
depending up on number of bits in their hash value. No successful attacks have yet been reported
on SHA-2 hash function.
Though SHA-2 is a strong hash function. Though significantly different, its basic design is still
follows design of SHA-1. Hence, NIST called for new competitive hash function designs.
In October 2012, the NIST chose the Keccak algorithm as the new SHA-3 standard. Keccak offers
many benefits, such as efficient performance and good resistance for attacks.
Cyclic Redundancy Check (CRC)
Cyclic Redundancy Check (CRC) is a block code invented by W. Wesley Peterson in 1961. It is
commonly used to detect accidental changes to data transmitted via telecommunications networks and
storage devices.
CRC involves binary division of the data bits being sent by a predetermined divisor agreed upon by the
communicating system. The divisor is generated using polynomials. So, CRC is also called polynomial
code checksum.
The process is illustrated as follows −
Encoding using CRC
The communicating parties agrees upon the size of message block and the CRC divisor. For example, the
block chosen may be CRC (7, 4), where 7 is the total length of the block and 4 is the number of bits in
the data segment. The divisor chosen may be 1011.
The sender performs binary division of the data segment by the divisor.
It then appends the remainder called CRC bits to the end of data segment. This makes the resulting data
unit exactly divisible by the divisor.
Decoding
The receiver divides the incoming data unit by the divisor.
If there is no remainder, the data unit is assumed to be correct and is accepted.
Otherwise, it is understood that the data is corrupted and is therefore rejected. The receiver may then
RSA Cryptosystem
This cryptosystem is one the initial system. It remains most employed cryptosystem even
today. The system was invented by three scholars Ron Rivest, Adi Shamir, and Len
Adleman and hence, it is termed as RSA cryptosystem.
We will see two aspects of the RSA cryptosystem, firstly generation of key pair and
secondly encryption-decryption algorithms.
Generation of RSA Key Pair
Each person or a party who desires to participate in communication using encryption needs
to generate a pair of keys, namely public key and private key. The process followed in the
generation of keys is described below
Generate the RSA modulus (n)
Select two large primes, p and q.
Calculate n=p*q. For strong unbreakable encryption, let n be a large number, typically a
minimum of 512 bits.
RSA Cryptosystem
Find Derived Number (e)
Number e must be greater than 1 and less than (p − 1)(q − 1).
There must be no common factor for e and (p − 1)(q − 1) except for 1. In other words two
numbers e and (p – 1)(q – 1) are coprime.
Form the public key
The pair of numbers (n, e) form the RSA public key and is made public.
Interestingly, though n is part of the public key, difficulty in factorizing a large prime number
ensures that attacker cannot find in finite time the two primes (p & q) used to obtain n. This is
strength of RSA.
Generate the private key
Private Key d is calculated from p, q, and e. For given n and e, there is unique number d.
Number d is the inverse of e modulo (p - 1)(q – 1). This means that d is the number less than (p -
1)(q - 1) such that when multiplied by e, it is equal to 1 modulo (p - 1)(q - 1).
This relationship is written mathematically as follows −
ed = 1 mod (p − 1)(q − 1)
RSA Cryptosystem
Example
An example of generating RSA Key pair is given below. (For ease of understanding, the
primes p & q taken here are small values. Practically, these values are very high).
Let two primes be p = 7 and q = 13. Thus, modulus n = pq = 7 x 13 = 91.
Select e = 5, which is a valid choice since there is no number that is common factor of 5
and (p − 1)(q − 1) = 6 × 12 = 72, except for 1.
The pair of numbers (n, e) = (91, 5) forms the public key and can be made available to
anyone whom we wish to be able to send us encrypted messages.
Input p = 7, q = 13, and e = 5 to the Extended Euclidean Algorithm. The output will be d =
29.
Check that the d calculated is correct by computing −
de = 29 × 5 = 145 = 1 mod 72
Hence, public key is (91, 5) and private keys is (91, 29).
RSA Cryptosystem
RSA Encryption
Suppose the sender wish to send some text message to someone whose public key is (n, e).
The sender then represents the plaintext as a series of numbers less than n.
To encrypt the first plaintext P, which is a number modulo n. The encryption process is
simple mathematical step as −
C = Pe mod n
In other words, the ciphertext C is equal to the plaintext P multiplied by itself e times and
then reduced modulo n. This means that C is also a number less than n.
Returning to our Key Generation example with plaintext P = 10, we get ciphertext C −
C = 105 mod 91
RSA Cryptosystem
RSA Decryption
The decryption process for RSA is also very straightforward. Suppose that the receiver of
public-key pair (n, e) has received a ciphertext C.
Receiver raises C to the power of his private key d. The result modulo n will be the
plaintext P.
Plaintext = Cd mod n
Returning again to our numerical example, the ciphertext C = 82 would get decrypted to
number 10 using private key 29 −
Plaintext = 8229 mod 91 = 10
RSA Cryptosystem
RSA Analysis
The security of RSA depends on the strengths of two separate functions. The RSA
cryptosystem is most popular public-key cryptosystem strength of which is based on the
practical difficulty of factoring the very large numbers.
Encryption Function − It is considered as a one-way function of converting plaintext into
ciphertext and it can be reversed only with the knowledge of private key d.
Key Generation − The difficulty of determining a private key from an RSA public key is
equivalent to factoring the modulus n. An attacker thus cannot use knowledge of an RSA
public key to determine an RSA private key unless he can factor n. It is also a one way
function, going from p & q values to modulus n is easy but reverse is not possible.
If either of these two functions are proved non one-way, then RSA will be broken. In fact,
if a technique for factoring efficiently is developed then RSA will no longer be safe.
The strength of RSA encryption drastically goes down against attacks if the number p and
q are not large primes and/ or chosen public key e is a small number.
Diffie-Hellman Key Exchange
The question of key exchange was one of the first problems addressed by
a cryptographic protocol.
This was prior to the invention of public key cryptography.
The Diffie-Hellman key agreement protocol (1976) was the first practical
method for establishing a shared secret over an un secured
communication channel.
The point is to agree on a key that two parties can use for asymmetric
encryption, in such a way that an eavesdropper (Hacker) can not obtain the
key.
Diffie-Hellman Key Exchange