Unit 4-Msg Authentication, Integrity-CNS
Unit 4-Msg Authentication, Integrity-CNS
& Integrity
Dr.S.Kalaivani
Assistant Professor/ Dept. of CSE
IRTT
*. Notes, pictures, algorithms and other details are used for educational
purpose only. It is collected from various web sites and text books for teaching
purpose only
Topics Covered
1. Authentication requirement
2. Authentication function
– MAC
– Hash function
– MAC Algorithms
• HMAC
• CMAC Unit 4– Message Authentication & Integrity 2
4. Digital signature and authentication protocols
– DSS
5. Entity Authentication
– Biometrics
– Passwords
– Challenge Response Protocols
6. Authentication applications
– Kerberos
– X.509 Authentication services
Unit 4– Message Authentication & Integrity 3
Message Authentication
• Use of secret key to generate a small fixed sized block of data known as
cryptographic check sum or MAC that is appended to message.
– MAC
• Computation resistance- Given one or more text MAC
pairs(x,Ck(x)) it is infeasible to compute any text MAC
pair (xi,Ck(xi)) for new input x≠xi
– SHA-1
• Secure Hash Algorithm
• Input of Variable Length and produces as output a 160 bit
message digest.
• Input is processed in 512 bit blocks
• Five register with 20 steps of 4 rounds
Unit 4– Message Authentication & Integrity 28
MD5 Overview
2. Append Length
3. Initialize MD buffer
5. Output
Unit 4– Message Authentication & Integrity 30
MD5 Overview – Append Padding bits
• Pad message so its length is congruent to 448 mod
512 (length ≡ 448 mod 512).
• Length of padded message is 64 bit less than an
integer multiple of 512 bits.
• Padding is always added even if message is already
of desired length.
• if message is 448 bits long, it is padded by 512 bits
to length of 960 bits.
• Padding means single 1 bit followed by necessary
number of 0 bits.
•If the length of the message is greater than 264, only the low-
order 64 bits will be used.
•The resulting message (after padding with bits and with b) has
a length that is an exact multiple of 512 bits.
WORD A: 01 23 45 67
WORD B: 89 AB CD EF
WORD C: FE DC BA 98
WORD D: 76 54 32 10
Unit 4– Message Authentication & Integrity 33
Process Message
• Heart of algorithm is compression function
• It consists of 4 rounds
• Four rounds have similar structure but uses
different primitive logic function referred as
F,G,H and I
• Each round take input of 512 bit block and 128
bit buffer value ABCD
• Output of fourth round is added to input of first
round to produce CVq+1
• Addition is done independently for each 4 words
Unit 4– Message Authentication & Integrity 34
Unit 4– Message Authentication & Integrity 35
Output
• After all L 512 bit blocks have processed, output from Lth stage is
128 bit message digest
CV0=IV
CVq+1= SUM 32[CVq,RFI(Yq,RFH(Yq,RFG(Yq,RFF(Yq,CVq))))]
MD= CVL-1
• ρ4(i) = 7i mod 16
2. Append Length
3. Initialize MD buffer
5. Output
Unit 4– Message Authentication & Integrity 46
SHA Overview
1. pad message so its length is 448 mod 512
2. append a 64-bit length value to message
3. initialise 5-word (160-bit) buffer (A,B,C,D,E) to
A=67452301,
B=EFCDAB89
C=98BADCFE
D=10325476
E=C3D2E1F0
4. process message in 16-word (512-bit) chunks:
– expand 16 words into 80 words by mixing & shifting
– use 4 rounds of processing of 20 steps each
– 4 primitive logic functions f1,f2,f3 and f4
5. output hash value is the final buffer value
Unit 4– Message Authentication & Integrity 47
SHA-1 Processing of single 512 bit block
Buffers 4 5
Additive Constant 64 4
Unit 4– Message Authentication & Integrity 58
Keyed Hash Functions as MACs
• want a MAC based on a hash function
– because hash functions are generally faster
– code for crypto hash functions widely available
• hash includes a key along with message
• original proposal:
KeyedHash = Hash(Key|Message)
– some weaknesses were found with this
• eventually led to development of HMAC
• CMAC
– Used in Govt and Industry
Note
A digital signature needs a public-key system.
The signer signs with her private key; the verifier
verifies with the signer’s public key.
Unit 4– Message Authentication & Integrity 75
Note
5. A B: E(Ks, f(N2))
5. A B: E(Ks, f(N1))
7. A B: E(Ks, Nb)
• Entity Authentication
– It happens at real time
– It authenticates entire duration of a session
– It is required when gets cash from ATM
Unit 4– Message Authentication & Integrity 106
Biometrics
• It is a measurement of physiological or
behavioral features that identify a person
• It cant by guessed, stolen, shared
• Components
– Capturing devices-measure biometric features
– Processors-change to data for saving
– Storage devices-save result of processing for
authentication
• Authentication
– It is done by verification or identification
– Verification
• A persons feature is matched against single record in
DB to find if she is who she is claiming to be.
– Identification
• A persons feature is matched against all records in DB
– One-time password
• It is a password that is used only once.
– Second Approach
• User and system agree to sequentially update the password
• Original password valid only for first access
• Second password given during that access
– Third Approach
• User and system creates sequentially updated password using a
hash function
Unit 4– Message Authentication & Integrity 116
Challenge-Response
• Entity whose identity needs to be proved is
called claimant
• In this approach, claimant proves that she
knows a secret without sending it.
• Claimant does not send secret to the verifier.
The verifier either has it or finds it
• In challenge-response, the claimant proves
that she knows a secret without sending it to
the verifier
Unit 4– Message Authentication & Integrity 117
• Challenge is a time varying value that is sent
by the verifier.
• Claimant applies a function to the challenge
and sends the result called a response.
• Approaches
– Using symmetric key cipher
– Using keyed hash function
– Using an asymmetric key cipher
– Using digital signature