Unit - Iii

Download as pptx, pdf, or txt
Download as pptx, pdf, or txt
You are on page 1of 38

UNIT – III

DIGITAL
SIGNATURE AND
AUTHENTICATION
What is Symmetric Encryption?

Symmetric encryption
is a method where Key point: The same
one secret key (K) is key is used for both
used by both the encryption and
sender (A) and the decryption, and it
receiver (B) to must be kept secret
encrypt and decrypt between A and B.
messages.
• Sender (A) encrypts the message (M) using the
How Does It shared secret key (K).

Work? • The message becomes scrambled or ciphertext, which


looks like random letters and numbers. Receiver (B)
decrypts the ciphertext using the same key (K) to turn
it back into the original message (M).
• Confidentiality: If no one else knows the secret key
(K), only A and B can read the message.
• Authentication: Since only A has the secret key, B can
trust that the message came from A. This means B
knows the message is authentic.
ASCII
• ASCII stands for _____
• Let’s imagine you are sending a simple message: “HELLO”.
• Assign a numerical value to each letter:
• H = 72
• E = 69
• L = 76
• L = 76
• O = 79
• Sum the values:
• 72 + 69 + 76 + 76 + 79 = 372
• Generate the Checksum: 372.
• Send the message with the checksum: "HELLO" is sent along with the checksum 372.
How the Receiver Uses It:
• When the receiver gets the message "HELLO" and the checksum (372), they repeat the same
process:
• They calculate the sum of the letters:
• H = 72
• E = 69
• L = 76
• L = 76
• O = 79
• Sum = 372
• If the checksum matches (372 = 372), the receiver knows the message was not altered during
transmission.
• If the Message is Altered:
• Let’s say someone changes the message to "HELXO" (L changed to X):
• H = 72
• E = 69
• L = 76
• X = 88
• O = 79
• New sum = 384
• The checksum sent with the message is 372, but the receiver calculates 384. Since the two values
don’t match, the receiver knows the message was tampered with or corrupted during
transmission.
Order of Encryption and Error Detection

If done correctly, it
The order in which
makes it impossible
you add the
for an attacker to
checksum and
change the
perform encryption
message without
matters:
being detected.
1. Internal Check: Error detection is done within the encryption process
itself.
• What it means: The error detection happens inside the encryption process.

Two • How it works: The system automatically checks for errors while
encrypting or decrypting the message.

Classifications • This is built into the encryption method itself.


• Example: Imagine you write a secret code, and while you’re writing it,
you check for mistakes without having to stop and double-check your
work later.
2. External Check: Error detection is added before encryption and verified after
decryption.
• What it means: The error detection is done outside of the encryption process.

Two • How it works: A special code (checksum or error-detecting code) is added to the
message before encryption. When the receiver decrypts the message, they check
this code to make sure the message hasn’t been tampered with.

Classifications • Example: It’s like sealing an envelope, but before sealing it, you write a tracking
number on the letter. When the recipient gets the letter, they open the envelope
and check the tracking number to confirm the letter wasn’t switched or changed.
• Structured Messages: When we send data over a network, we
add extra structure to the message to make it more secure. This
helps with authentication (confirming the message is from the
right sender).
• Layered Protocols: TCP/IP uses layers to send data. Each layer
adds its own information to the message, like adding different
envelopes inside each other for security.

TCP • Shared Secret Key: If two computers (hosts) are


communicating, they share a secret key. Every message they

Segment exchange uses this same key for added security, no matter what
kind of data they’re sending (like email, files, etc.).
• TCP Header: The TCP header contains important information
such as:
• Checksum: A value used to detect errors in the header.
• Sequence Number: This keeps track of the order of the
message, so the receiver knows if all parts have arrived.
Message Authentication Code (MAC)
A MAC is a small piece of data (called a cryptographic
What is checksum) added to the message to ensure that it hasn’t been
altered and is from the correct sender.
a MAC? It is generated using a shared secret key between the sender
and receiver.

How Sender (A) creates a MAC:


• The MAC is calculated based on the message (M) and the shared key (K).
Does It • It’s like generating a unique stamp for each message using a formula:
MAC = C(K, M)

Work? • Here, C is the function that creates the MAC, K is the key, and M is the message.
Send the
message + • The sender sends both the message and the MAC to the receiver.

MAC:

Receiver • The receiver uses the same key (K) to recalculate the MAC on the
received message.
• If the received MAC matches the calculated MAC, the receiver knows:

(B) verifies • The message has not been tampered with.


• The message came from the correct sender.

the MAC:
• If there’s a sequence number, the receiver can check if messages
arrived in the correct order.
A) HMAC – Hash based MAC

MAC
• In MAC – Direct mac is generated.
• In HMAC – MAC is generated with help of message digest.
• With the help of MD5/SHA algorithm, generate a message digest.
• With the help of key, do encryption.

B) CMAC – Cipher based MAC


• It has a message limit; by extending the size limit you cannot perform
any action with that.
• Given message is divided into equal number of blocks and each block
is encrypted separately.
C1 = E(K, A1)
C2 = E(K, (A2 + C1))
C3 = E(K, (A3 + C2))
C4 = E(K, (A4 + C3))
:
:
Cn = E(K, (An + Cn-1))
Cn acts as MAC, this is final cipher text generated.
DES Algorithm
• Data encryption Standard
• Converts to plaintext to ciphertext
• Has total of 16 Rounds
• Text Size = 64 bits
• Key size = 48 bits (- 8 bits for parity and -8 bits for rearrangement)
• In each round, four steps are involved: Dividing bits 2 parts -32bits each.
- Bit shuffling
- Non-Linear substitutions
- Exclusive or operations
• In PC1, Initially 64 bits, 8 parity bit are to be removed from every 8th
position.
64 = (8*8) ie 56
• Then apply left circular shift after dividing 56 bits into 2 parts: Co and Do,
each having 28bits.
• D1 and C1 are obtained as result.
• Left circular shift – move the bit based on round number , for rounds 1, 2, 9,
16 – 1 bit shift, other rounds – 2 bit shift.
• In PC2, C1 and D1 are combined to form 56bits again permuted choice 2 is
applied, 56 bits are rearranged, permuted and 48 bits(key for round1) are
selected.
• Round 1 : Input – 64 bit + 48bitkey
AES Algorithm
• Advanced Encryption Standard
• It has Input array , state array and a key array.
A) Input array:
B) State Array:
C) Key Array:

 Each column represent 1


word, these 4 words expanded
into 44 words.

 4 Words  44 words.

K1 K5 K9 K13

K2 K6 K10 K14
W0 W1 W2 ……. W W W
K3 K7 K11 K15 4 4 4
1 2 3
K4 K8 K12 K16
Block Diagram
Kerberos Authentication Protocol
• A network authentication Protocol
• A client-server architecture, symmetric key algorithm, which requires
a 3rd party for key (KDC).
• KDC – A database of secret keys.
• KDC – Key Distributed centre, 2 types; Authentication server and
ticket granting server.
Hash Function
• A hash function is a function that takes an input (or ‘message’) and returns a
fixed-size string of bytes.
• The output, typically a number, is called the hash code or hash value.
• The main purpose of a hash function is to efficiently map data of arbitrary size to
fixed-size values, which are often used as indexes in hash tables.
• Hash Values are simply numbers but are often written in Hexadecimal. Computers
manage values as Binary. The hash value is also data and is often managed in
Binary.
• A hash function is basically performing some calculations in the
computer. Data values that are its output are of fixed length. Length
always varies according to the hash function. Value doesn’t vary even if
there is a large or small value.
• If given the same input, two hash functions will invariably produce the
same output. Even if input data entered differs by a single bit, huge
change in their output values. Even if input data entered differs huge,
there is a very minimal chance that the hash values produced will be
identical. If they are equal, it is known as “Hash Collision”.
• Converting Hash Codes to their original
value is an impossible task to perform.
This is the main difference between
Encryption as Hash Function.
Applications
Digital Signature Key

• Signature – proof of identity (Ex: When applying for passport /


any transaction).
• Working:
• Message and signature combined as a (single message) sent to receiver.
• Decryption process is done through public key (A) and the combined
message to verify it.
• Output is the message matches with the initial one’s it will say valid/not
with the help of digital signature verify algorithm.
X-509 Authentication Server
Version 1, 2, 3
Serial Number (For certificate)
Signature Algorithm Identifier (State the algorithm by the issuer)
Issuer Name V1

Validity Period ( from which date to time) V2


V3
Subject Name (Certificate of that person)
Public Key Information (related to the person)
Issuer Unique ID
Subject unique ID
Extensions ( optional)
 X-509 is a digital certificate accepted internationally.
 It does not generate any keys but provides a way to access public keys.
 These are several elements in X-509 certificate, it has 3 versions.
MD5 – Message Digest 5
• It is developed by Rivest, fast and produces 128bit message digest.
• Message digest means breaking into smaller block where the size of bit is
128.
• Working ( 4 – 6 steps):
• A) Padding:
Original message + padding (we’ll add extra bits at the end)
• When you add extra bits , the total length will be 64 bit less that exact
multiple of 512.
EX: O.M = 1000bits + padding
512 * 1 = 512 bits [512-64]
512 * 2 = 1024bits (1024-64 = 960)
512 * 3 = 1536bits (1536-64 = 1472)
• When you subtract -64 from the multiple of 512 bits, it is less than 1000bits.
So 512 * 1 is not valid, 512 * 2 is not valid , 512 * 3 is valid.
• 1536-64 => 1472 total length, 1472 is original message = 1000 bits.
• So, additionally, we must add 1000 + 472 bits.
• 1472bits  multiple of 512, which is also less than 64bits.

B)Appending:
- Append the original length before padding,
- calculate length mod 64 (1000 mod 64)
- Most of the cases, 64 bit is obtained (therefore, append is 64 bits)
- So, it again becomes multiple of 512.
C) Dividing : (each 512 bits)

D) Initializing : (4 Chaining variables)


- A, B, C, D, each has 32 bits, these values are predefined.
E) Processing : (512 bit blocks)
- Copy 4 chaining variables into some corresponding variables.
A=a, B=b, C=c, D=d
- Divide 512 bit blocks into 16 blocks each of size 32 bits.
16 * 32 = 512bits
- Four Rounds, 16 subblocks and a constant (k)
R1  a = b+((a + Process, P(b, c, d) + m[i] + t[k]))
R2 b = a+((b+ Process, P(a, c, d) + m[i] + t[k]))
R3 c = d+ ((d+ Process, P(d, a, b)+ m[i] + t[k]))
R4 d = c+ ((c+ Process, P(a, b, c)+m[i] + t[k]))
SHA – Secure Hash Algorithm
• Four rounds (each round = 20 steps)
THANK YOU

You might also like