Unit - Iii
Unit - Iii
Unit - Iii
DIGITAL
SIGNATURE AND
AUTHENTICATION
What is Symmetric Encryption?
Symmetric encryption
is a method where Key point: The same
one secret key (K) is key is used for both
used by both the encryption and
sender (A) and the decryption, and it
receiver (B) to must be kept secret
encrypt and decrypt between A and B.
messages.
• Sender (A) encrypts the message (M) using the
How Does It shared secret key (K).
If done correctly, it
The order in which
makes it impossible
you add the
for an attacker to
checksum and
change the
perform encryption
message without
matters:
being detected.
1. Internal Check: Error detection is done within the encryption process
itself.
• What it means: The error detection happens inside the encryption process.
Two • How it works: The system automatically checks for errors while
encrypting or decrypting the message.
Two • How it works: A special code (checksum or error-detecting code) is added to the
message before encryption. When the receiver decrypts the message, they check
this code to make sure the message hasn’t been tampered with.
Classifications • Example: It’s like sealing an envelope, but before sealing it, you write a tracking
number on the letter. When the recipient gets the letter, they open the envelope
and check the tracking number to confirm the letter wasn’t switched or changed.
• Structured Messages: When we send data over a network, we
add extra structure to the message to make it more secure. This
helps with authentication (confirming the message is from the
right sender).
• Layered Protocols: TCP/IP uses layers to send data. Each layer
adds its own information to the message, like adding different
envelopes inside each other for security.
Segment exchange uses this same key for added security, no matter what
kind of data they’re sending (like email, files, etc.).
• TCP Header: The TCP header contains important information
such as:
• Checksum: A value used to detect errors in the header.
• Sequence Number: This keeps track of the order of the
message, so the receiver knows if all parts have arrived.
Message Authentication Code (MAC)
A MAC is a small piece of data (called a cryptographic
What is checksum) added to the message to ensure that it hasn’t been
altered and is from the correct sender.
a MAC? It is generated using a shared secret key between the sender
and receiver.
Work? • Here, C is the function that creates the MAC, K is the key, and M is the message.
Send the
message + • The sender sends both the message and the MAC to the receiver.
MAC:
Receiver • The receiver uses the same key (K) to recalculate the MAC on the
received message.
• If the received MAC matches the calculated MAC, the receiver knows:
the MAC:
• If there’s a sequence number, the receiver can check if messages
arrived in the correct order.
A) HMAC – Hash based MAC
MAC
• In MAC – Direct mac is generated.
• In HMAC – MAC is generated with help of message digest.
• With the help of MD5/SHA algorithm, generate a message digest.
• With the help of key, do encryption.
4 Words 44 words.
K1 K5 K9 K13
K2 K6 K10 K14
W0 W1 W2 ……. W W W
K3 K7 K11 K15 4 4 4
1 2 3
K4 K8 K12 K16
Block Diagram
Kerberos Authentication Protocol
• A network authentication Protocol
• A client-server architecture, symmetric key algorithm, which requires
a 3rd party for key (KDC).
• KDC – A database of secret keys.
• KDC – Key Distributed centre, 2 types; Authentication server and
ticket granting server.
Hash Function
• A hash function is a function that takes an input (or ‘message’) and returns a
fixed-size string of bytes.
• The output, typically a number, is called the hash code or hash value.
• The main purpose of a hash function is to efficiently map data of arbitrary size to
fixed-size values, which are often used as indexes in hash tables.
• Hash Values are simply numbers but are often written in Hexadecimal. Computers
manage values as Binary. The hash value is also data and is often managed in
Binary.
• A hash function is basically performing some calculations in the
computer. Data values that are its output are of fixed length. Length
always varies according to the hash function. Value doesn’t vary even if
there is a large or small value.
• If given the same input, two hash functions will invariably produce the
same output. Even if input data entered differs by a single bit, huge
change in their output values. Even if input data entered differs huge,
there is a very minimal chance that the hash values produced will be
identical. If they are equal, it is known as “Hash Collision”.
• Converting Hash Codes to their original
value is an impossible task to perform.
This is the main difference between
Encryption as Hash Function.
Applications
Digital Signature Key
B)Appending:
- Append the original length before padding,
- calculate length mod 64 (1000 mod 64)
- Most of the cases, 64 bit is obtained (therefore, append is 64 bits)
- So, it again becomes multiple of 512.
C) Dividing : (each 512 bits)