Approaches to message Authentication Secure Hash Functions and
HMAC Public Key Cryptography Principles Public Key Cryptography
Algorithms 2NETWORK SECURITY By: Homera Durani
Slide 3
Approaches To Message Authentication Confidentiality protection
from passive attacks Authentication you are who you say you are
Integrity received as sent, no modifications, insertions, shuffling
or replays 3NETWORK SECURITY By: Homera Durani
Slide 4
Security Attacks Message authentication helps prevents these
Protection against attacks is known as message authentication.
MasqueradeDenial of service Active threats ReplayModification of
message contents 4NETWORK SECURITY By: Homera Durani
Slide 5
What is Message Authentication Its the source, of course!
Procedure that allows communicating parties to verify that received
messages are authentic Characteristics: source is authentic
masquerading contents unaltered message modification timely
sequencing replay 5NETWORK SECURITY By: Homera Durani
Slide 6
Use of Conventional Encryption? Only sender and receiver share
a key Include a time stamp Include error detection code and
sequence number 6NETWORK SECURITY By: Homera Durani
Slide 7
Message Authentication without Confidentiality Application that
broadcasts a message only one destination needs to monitor for
authentication Too heavy a load to decrypt random authentication
checking, messages are chosen at random for checking. Computer
executables and files checked when assurance required. 7NETWORK
SECURITY By: Homera Durani
Slide 8
Life Without Authentication 8NETWORK SECURITY By: Homera
Durani
Slide 9
Message Authentication Code Message Authentication Code (MAC)
use a secret key to generate a small block of data that is appended
to the message Assume: A and B share a common secret key K AB MAC M
= F(K AB,M) 9NETWORK SECURITY By: Homera Durani
Slide 10
10NETWORK SECURITY By: Homera Durani
Slide 11
Receiver assured that message is not altered no modification
Receiver assured that the message is from the alleged sender no
masquerading Include a sequence number, assured proper sequence no
replay 11NETWORK SECURITY By: Homera Durani
Slide 12
DES is used Need not be reversible Checksum Stands up to attack
But there is an alternative... 12NETWORK SECURITY By: Homera
Durani
Slide 13
One Way Hash Function Hash function accepts a variable size
message M as input and produces a fixed-size message digest H(M) as
output No secret key as input Message digest is sent with the
message for authentication Produces a fingerprint of the message
13NETWORK SECURITY By: Homera Durani
Digital signatureNo key distribution Less computation since
message does not have to be encrypted 15NETWORK SECURITY By: Homera
Durani
Slide 16
Encryption software is slow Encryption hardware costs arent
cheap Hardware optimized toward large data sizes Algorithms covered
by patents Algorithms subject to export control Thus ONE AVOID
ENCRYPTION 16NETWORK SECURITY By: Homera Durani
Slide 17
No encryption for message authentication Secret value never
sent; cant modify the message Important technique for Digital
Signatures Assumes secret value S AB MD M = H(S AB ||M) MD M ||M
17NETWORK SECURITY By: Homera Durani
Slide 18
18NETWORK SECURITY By: Homera Durani
Slide 19
HASH Function Requirements The purpose of a hash function is to
produce a fingerprint of a file, message, or other block of data, a
hash function H must have the following properties: 1. H can be
applied to a block of data at any size 2. H produces a fixed length
output 3. H(x) is easy to compute for any given x. 4. For any given
block x, it is computationally infeasible to find x such that H(x)
= h 5. For any given block x, it is computationally infeasible to
find with H(y) = H(x). 6. It is computationally infeasible to find
any pair (x, y) such that H(x) = H(y) 19NETWORK SECURITY By: Homera
Durani
Slide 20
20NETWORK SECURITY By: Homera Durani
Slide 21
One of the simplest hash functions is the bit by bit exclusive
OR(XOR) of every block which can be expressed as follows: Ci= bi1
bi2 bim. Where Ci= ith bit of the hash code, 1