Presentation on theme: "Sri Lanka Institute of Information Technology"— Presentation transcript:
1 Sri Lanka Institute of Information Technology - 2006 453 Network SecuritySection 3a: Message Authentication and Public-Key CryptographyDr. E.C. KulasekereSri Lanka Institute of Information Technology
3 Cryptography and Security Intruders, eavesdroppers and masqueraders in communication. A threat on message confidentiality and authentication
4 Confidentiality Vs. Authentication (1) Confidentiality safeguards your information from being viewed by others.This is protecting message content. Stop interception.Authentication verifies the integrity of data as well as verifying the sender.This can stop fabrication/Modification
5 Confidentiality Vs. Authentication (2) Authentication is arguably more important that message confidentiality (secrecy) in eCommerce applications.Generically encryption protects against passive attacks such as eavesdropping.Authentication provides protection against active attacks such as falsification and fabrication of data.
6 Authentication Without Confidentiality Is it desirable only to have authentication while ignoring message confidentiality?Example situation; civilian versus military .There are applications in which the same message is broadcast to a number of destinations. The content need not be secret but they need to be authenticated. Eg. ?
7 Example SituationsAnother scenario is if a system is handling a heavy load of messages and it cannot afford to spend time decrypting. The system will selectively decrypt to authenticate.Authentication of computer programs etc. Each time you use it its easier to authenticate a tag rather than go through a decryption program every time.
8 Primary Concerns of Authentication (1) Message came from apparent source or author – Source AuthenticationContents have not been altered – Message AuthenticationMessage timeliness or the sequence in which it was sent is not disturbed (it has not been artificially delayed or replayed).
9 Primary Concerns of Authentication (2) The above will be based on attacks such asDisclosureTraffic analysisMasqueradingFabricationSequence and timing modifications
10 Approaches to Message Authentication Broadly categorized into two methods, ones that uses encryption and ones that do not.ApproachesOne that uses a key and encryption of messageOne that does not use a key.One that uses a key but no encryption of the message
11 Authentication Categories Authentication using conventional encryption: Only the sender and receiver should share a key which will provide the necessary authentication.Message authentication without message encryption: An authentication tag is generated and attached to the message. Message confidentiality is not guaranteed since the message is not encrypted.Message Authentication code: Calculate the MAC as a function of the message and the key.
12 Authentication Based on Message Encryption message encryption by itself also provides a measure of authentication. The analysis differs for symmetric and asymmetric encryption schemes.if symmetric encryption is used then:receiver know sender must have created itsince only sender and receiver now key usedknow content cannot of been alteredif message has suitable structure, redundancy or a checksum to detect any changes
13 Authentication Based on Message Encryption … Symmetric encryption: confidentiality and authentication provided
14 Authentication Based on Message Encryption … if public-key encryption is used:encryption provides confidentiality but not authentication of sendersince anyone potentially knows public-keyhowever ifsender signs message using their private-keythen encrypts with recipients public keyhave both secrecy and authenticationagain need to recognize corrupted messagesMeasure of error control can be used.but at cost of two public-key used on message
15 Authentication Based on Message Encryption … This is the straightforward use of public key encryption. Source A uses the public key KUb of the destination to encrypt MThis scheme does not provide any authentication because any opponent could also use B’s public key to encrypt a message claiming to be AB can decrypt at the destination because he is the only one who has the private key KRb
16 Authentication Based on Message Encryption … To provide the authentication part A uses its private key to encrypt the message, and B uses A’s public key to decrypt to authenticate.The principle here is similar to the digital signature principle.The reasoning is that A should be the only one who as A’s private key to generate that ciphered text.However this does not provide confidentiality since anyone with A’s public key can decrypt and see the message.
17 Authentication Based on Message Encryption … To provide both confidentiality and authentication, A can encrypt M first using its private key (the digital signature), then use B’s public key which will provide confidentiality.The only disadvantage is that the public key algorithm, which is complex must be exercises four times rather than two in each communication.
18 Authentication Based on Message Authentication Code (MAC) generated by an algorithm that creates a small fixed-sized blockdepending on both message and some keylike encryption though need not be reversiblereceiver performs same computation on message and checks it matches the MAC. (Note that the MAC is not decoded hence cannot be used for anything).provides assurance that message is unaltered and comes from sender
20 Requirements for MAC Take into account the type of attacks Brute force attack may not be feasible to attack MAC code.See MAC write-up for reasonsNeed a MAC to satisfy the followingknowing a message and MAC, is infeasible to find another message with same MACMACs should be uniformly distributed.MAC should depend equally on all bits of the message.
21 Features of MAC As shown the MAC provides confidentiality. The receiver is assured that the message is not altered.The attacker cannot alter the message without altering the MAC.Since the secret key is not known MAC cannot be altered and will be found out at matching at receiver.As a result the receiver is assured that it came from the sender.
22 Features of MAC … can also use encryption for secrecy generally use separate keys for eachcan compute MAC either before or after encryptionis generally regarded as better done beforeThe message sequence number is also coded into the MAC, hence replay attacks and timing attacks are also not possible.
23 Features of MAC … why use a MAC? sometimes only authentication is neededsometimes need authentication to persist longer than the encryption (eg. archival use)Note that MAC is not a digital signature, rather a cryptographic checksum.
25 MAC Implementations Message Authentication and Confidentiality: Authentication Tied to plaintext
26 MAC Implementations Message Authentication and Confidentiality: Authentication Tied to ciphertext
27 MAC Based on DES Based on CBC with IV set to zero Block size is 64. The last block may be padded with zeros to make a 64-bit blockThe data authentication code (DAC) consists of all O_N blocks or the last one. It can also be the left most M bits of the last block too. Remember that the MAC need not be reversible as in the case of encryption. We need to compare only.
28 Authentication Based on Hash (1) Variation of MAC known as one way hash functions can be used for authentication.Unlike the MAC, the hash function does not require a secret key.The Hash function accepts a variable size message and outputs a fixed size message digest H(M).
29 Authentication Based on Hash (2) To authenticate a message, the message digest is sent with the message in such a way that the message digest is authentic.hash used to detect changes to messagecan use in various ways with messageUsing conventional encryptionUsing public-key encryptionUsing secret valueHash function itself is not considered to be secret. Hence systems described in the previous slides or the ones that follow have to be used to protect the hash.
30 One way Hash Authentication using Conventional Encryption Based on the assumption that only the sender and receiver have the secret key.Hence authenticity is assured.The entire message is not encrypted.
31 One-Way Hash Function Authentication Using Public-Key Encryption This will provide a digital signature as well as message authentication.Advantage is that it does not require the distribution of keys to communicating parties.The entire message is not encrypted.
32 One-Way Hash Function Authentication Using Secret Value No encryption for message authentication.The communicating parties share a common secret value that is coded into the message.Since the secret value itself is not sent, it is hard for the attacker to modify the intercepted message.Authentication is provided but no confidentiality is provided.
33 Variants of Hash Functions: Encrypt Message Plus Hash Code Both message and hash code encrypted.The message must have come from A if it is not altered (checked using hash) since only A and B have access to the secret key.Confidentiality is provided since the encryption is applied to both hash + normal message.
34 Variants of Hash Functions: Encrypted Hash Code – Shared Key Only hash code is encrypted using symmetric encryption.Authentication is provided but not confidentiality.Reduces processing burden for applications that do not require confidentiality.
35 Variants of Hash :Encrypt Hash Code Sender’s private key Only hash code is encrypted using the senders private key with public-key encryption.Authentication is provided but not confidentiality.Provides a digital signature.
36 Variants of Hash Functions: Encrypt Results of (c) – Shared secret key Message and the public-key encrypted hash code is encrypted using symmetric key.Confidentiality and digital signature is provided.
37 Variants of Hash Functions: Compute Hash Code of Message Plus Secret Value Assumes parties communicating have the secret value.No encryption.Source A computes the hash code over the concatenation of M and S and appends the result to M.Authentication is provided.
38 Variants of Hash Functions: Encrypt Result of (e) Confidentiality is added to the approach in (e) using symmetric key encryption.