1. CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Modern Cryptography

2. CIT 380: Securing Computer SystemsSlide #2 Overview 1.Cryptographic Checksums 1.Hash Functions 2.HMAC 2.Number Theory Review 3.Public Key Cryptography 1.One-Way Trapdoor Functions 2.Diffie-Helman 3.RSA 4.Modern Steganography

3. CIT 380: Securing Computer SystemsSlide #3 Hash Functions Checksum to verify data integrity. Hash Function h: A  B –Input A: variable length –Output B: fixed length “fingerprint” of input Many inputs produce same output. Example Hash Function –Sum 32-bit words of message mod 2 32.

4. CIT 380: Securing Computer SystemsSlide #4 Hash Function: ASCII Parity ASCII parity bit –ASCII has 7 bits; 8th bit is for “parity” –Even parity: even number of 1 bits –Odd parity: odd number of 1 bits Bob receives “10111101” as bits. –Sender is using even parity; 6 1 bits, so character was received correctly Note: could be garbled, but 2 bits would need to have been changed to preserve parity –Sender is using odd parity; even number of 1 bits, so character was not received correctly

5. CIT 380: Securing Computer SystemsSlide #5 Cryptographic Checksums Hash with authentication/integrity protection –Cannot obtain original message from hash. –Cannot find another message with same hash. Additional Names –Message Authentication Code –Message Digest

6. CIT 380: Securing Computer SystemsSlide #6 One-Way Function Function f easy to compute, hard to reverse –Given x, easy to calculate f(x). –Given f(x), hard to compute x. What’s easy and what’s hard? –easy: polynomial time –hard: exponential time –Are there any one-way functions?

7. CIT 380: Securing Computer SystemsSlide #7 Cryptographic Checksum Definition A function h: A  B such that: 1.For any x IN A, h(x) is easy to compute. 2.For any y IN B, it is computationally infeasible to find x IN A such that h(x) = y. 3.It is computationally infeasible to find x, x´ IN A such that x ≠ x´ and h(x) = h(x´).

8. CIT 380: Securing Computer SystemsSlide #8 Collisions If x ≠ x´ and h(x) = h(x´), x and x´ collide. –Pigeonhole principle: if there are n containers for n+1 objects, then at least one container will have 2 objects in it. –Application: suppose n = 5 and k = 3. Then there are 32 elements of A and 8 elements of B, so at least one element of B has at least 4 corresponding elements of A.

9. CIT 380: Securing Computer SystemsSlide #9 Hash Function Examples Input –“Cryptography” Output (base64 encoded): –http://www.xml-dev.com/blog/sha1.php –MD5 (128-bit) 64ef07ce3e4b420c334227eecb3b3f4c –SHA1 (160-bit) b804ec5a0d83d19d8db908572f51196505d09f98

10. MD5/ SHA-1 Hash Web site http://www.fileformat.info/tool/hash.htm CIT 380: Securing Computer SystemsSlide #10

11. CIT 380: Securing Computer SystemsSlide #11 Keyed Hash Function Hash function + secret key Why? –Authentication How? –HMAC algorithm Incorporate key into a keyless hash algorithm.

12. CIT 380: Securing Computer SystemsSlide #12 HMAC HMAC = Hash Function + Key Inputs: –h: keyless cryptographic checksum function that takes data in blocks of b bytes and outputs blocks of l bytes. –k: cryptographic key. –k´: k modified to be of length b. If short, pad with 0 bytes. If long, hash to length b.

13. CIT 380: Securing Computer SystemsSlide #13 HMAC HMAC-h(k, m) = h(k´  opad || h(k´  ipad || m)) –  exclusive or –|| concatenation –ipad is 00110110 repeated b times. –opad is 01011100 repeated b times. Security depends on security of hash function h.

14. CIT 380: Securing Computer SystemsSlide #14 Current State of Hash Functions MD4, MD5, SHA-0 Collisions (2004) SHA-1 Collisions (2005) –Effort required is 2 69 instead of 2 80. No effective pre-image attacks discovered yet. What’s the impact? –Attacker could create two documents. Document A requires payment of $500. Document B requires payment of $50,000. –Digital signatures sign MAC, not document. –Both documents have same MAC. Use SHA-256 for now.