Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Integrity and Message Digests CSCI 5857: Encoding and Encryption.

Published byRandolf Cobb Modified over 8 years ago

Similar presentations

Presentation on theme: "Information Integrity and Message Digests CSCI 5857: Encoding and Encryption."— Presentation transcript:

1 Information Integrity and Message Digests CSCI 5857: Encoding and Encryption

2 Outline Information integrity issues Message digests –Hash functions –Insuring information integrity Attacks on message digests –Preimage attacks –Collision attacks Properties of a good hash function Mathematical background –Pigeonhole principle –Birthday problem

3 3 Information Integrity Problems Content Modification : Adversary inserts/modifies/deletes message content Insert new record for Darth’s salary of $1,000,000 Salary Database ED E

4 4 Information Integrity Problems Masquerade: Adversary sends message claimed to be from someone else Masquerading as Alice “Give Darth a $10,000 raise -- Alice” E

5 5 Information Integrity Problems Timing Modification Adversary intercepts message and replays it later “Open the front gate. -- Alice” E

6 6 Modification Detection Simplest case: Detecting modification –Message M stored in public location –M not encrypted How can we prove/detect whether adversary has replaced message M with fake message M´ ? Public storage M M ´

7 7 Modification Detection One solution: store protected copy of M –Compare M to copy to detect changes –Implausible if M very large Public storage M M

8 8 Message Digests Created from message M using hashing function y = h(M) Like “fingerprint” for messages –Different messages  different fingerprints –Much more compact than messages: size of y << size of M –Plausible for secure storage/transmission

9 9 Message Digests Same concept as error detection in network transmission Error detection bits = function of message –Example: parity bit depends on even/odd of 1’s in message If error detection bits do not match message, request message resend Key difference: Unlike noise, adversary intelligent Message Error detection bits

10 10 Message Digests Used to detect modification –Apply hash to message in storage to get h(M´ ) –Compare with stored h(M) –If h(M´ )  h(M) message has been modified Public storage M ´ h(M´ ) h compare h(M)

11 11 Simple Example Hash Function Break message M into blocks b i Digest = XOR of all blocks h(b 1, b 2, b 3 … b n ) = b 1  b 2  b 3 …  b n Possible improvement: Rotate each block one bit before XOR (diffusion)

12 Attacks on Message Digests Goal of message digest: Detect when fake message Mʼ has been substituted for original message M Adversary goal: Substitute fake message Mʼ for original message M without being detected Types: –Preimage attack –Collision attack 12

13 13 Preimage Attack Adversary finds message M´ with same digest h(M´) = h(M) Impossible to detect or prove changes! Public storage M h(M´) h Same! h(M) M ´

14 14 Preimage Attack Adversary can “tweak” new message M´ until h(M´) = h(M) Example: Give Darth a salary increase of $1000 Award Mr. Vader some raise … $2000 Present Darth Vader … bonus $3000 … … … $4000 … “I’ll find some combination of these so they can’t detect the difference!”

15 15 Preimage Attack Simple XOR-based hash function vulnerable to preimage attack –Darth generates own message M′ –Darth adds some block b m to end so that h(M′)  b m = h(M) Problem: XOR is reversible –Can work backwards from desired message to create one with same hash as original message

16 16 Collision Attack Adversary finds two messages M 1 and M 2 with same message digest h(M 1 ) = h(M 2 ) M 1 is harmless message “We like kittens” M 2 has advantage for adversary “Give Darth a $5000 raise”

17 17 Collision Attack Darth gets job in organization –Presents M 1 to boss for approval –Boss stores h(M 1 ) –Darth actually stores/sends M 2 Boss has no way to prove he didn’t approve M 2 “We like kittens” h(“We like kittens”) “Give Darth a $5000 raise”

18 18 Good Properties of a Hash Must be “one way” –Easy to compute h(M) –No easy way to determine what other messages M would give same digest (h(M) = h(M )) –Otherwise adversary could easily create different messages with same hash Must produce hash large enough to prevent brute force attacks –Testing all possible alternative messages to find ones with same hash value

19 19 Mathematics of Message Digests Pigeonhole Principle: –Given n pigeons and m birdhouses, with n > m –At least one birdhouse with more than one pigeons Digest size |h(M)| < message size |M | Fewer possible digests h(M) than possible messages M –2 |h(M)| possible digests < 2 |M| possible messages Must exist messages M 1 and M 2 with same digest h(M 1 ) = h(M 2 ) –That is, cannot avoid collisions between different messages Example: 1 GB messages, 512 bit digest –Over 2,000,000 different messages with same digest!

20 20 Mathematics of Message Digests Best case: Hash function is random oracle model –h(M) like “random” function over all possible MDCs –Each possible MDC equally likely for a given M Minimizes likelihood that h(M 1 ) = h(M 2 ) for given M 1, M 2 Assumption used in birthday problem analysis

21 21 Birthday Problems and Digests 1.What is minimum number of students in class so that at least one has same birthday as instructor? 2.What is minimum number of students in class so that at least two have same birthday? In general: k students and N (that is, 365) possible birthdays Minimum k such that probability  50%: 1. k  0.69  N  253 for birthdays 2. k  1.18  N 1/2  23 for birthdays

22 22 Birthday Problems and Digests Birthday problems define vulnerability of message digests to exhaustive search attacks –Assume best case random oracle model N = number of possible message digests k = number of false messages tested by adversary in attacks How many false messages must adversary to have at least 50% of finding message with desired digest?

23 23 Birthday Problems and Digests First birthday problem = Preimage Attack Probability h(M´) = h(M) for any M´given some M Number of tests k  0.69  N (proportional to number of possible digests)

24 24 Birthday Problems and Digests Second birthday problem = Collision Attack Probability h(M 1 ) = h(M 2 ) for any M 1, M 2 Number of tests k  1.18  N 1/2 (proportional to square root of possible digests)

25 25 Birthday Problems and Digests Number of possible message digests N must be large enough to make attacks impractical –Difficulty of preimage attack proportional to N –Difficulty of collision attack proportional to N 1/2 Message digest of n bits  N = 2 n 2 n/2 must be large enough to prevent exhaustive search to find collision Current standard: 512 bits

Download ppt "Information Integrity and Message Digests CSCI 5857: Encoding and Encryption."

Similar presentations

Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.

Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.

1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 Room: EECS 6402, Tel: , Fax :
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
CSE331: Introduction to Networks and Security Lecture 21 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 21 Fall 2002.
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.

Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)

Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Diffie-Hellman Key Exchange

Diffie-Hellman Key Exchange
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.

1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.
Lecture 2: Message Authentication Anish Arora CSE5473 Introduction to Network Security.

Lecture 2: Message Authentication Anish Arora CSE5473 Introduction to Network Security.
Database Key Management CSCI 5857: Encoding and Encryption.

Database Key Management CSCI 5857: Encoding and Encryption.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
History and Background Part 1: Basic Concepts and Monoalphabetic Substitution CSCI 5857: Encoding and Encryption.

History and Background Part 1: Basic Concepts and Monoalphabetic Substitution CSCI 5857: Encoding and Encryption.
Section 3.6: An Introduction to Cryptography

Section 3.6: An Introduction to Cryptography
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.

Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.

Similar presentations

Ads by Google