Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Science and Engineering Computer System Security CSE 5339/7339 Lecture 11 September 23, 2004.

Published byAdelia Johnson Modified over 8 years ago

Similar presentations

Presentation on theme: "Computer Science and Engineering Computer System Security CSE 5339/7339 Lecture 11 September 23, 2004."— Presentation transcript:

1 Computer Science and Engineering Computer System Security CSE 5339/7339 Lecture 11 September 23, 2004

2 Computer Science and Engineering Contents (take good notes)  Assignment 2   Assignment 3   Cryptographic Hash Function  Electronic Signatures  Aamer’s Presentation

3 Computer Science and Engineering Cryptographic Hash Functions  Message Digest Functions  Protect integrity  Users create a message digest or fingerprint of a digital document  Message Authentication Codes (MACs)  Protect both integrity and authenticity  MACs produce fingerprints based on both a given document and a secret key

4 Computer Science and Engineering Message Digest Functions  Checksums  fingerprint of a message  If the message changes, the checksum will not match  Most checksums are good in detecting accidental changes made to a message  They are not designed to prevent an adversary from intentionally changing a message resulting a message with the same checksum  Message digests are designed to protect against this possibility

5 Computer Science and Engineering Hash Functions Example M = “Elvis” H(M) = (“E” + “L” + “V” + “I” + “S”) mod 26 H(M) = (5 + 12 + 22 + 9 + 19) mod 26 H(M) = 67 mod 26 H(M) = 15 H M H(M) = h

6 Computer Science and Engineering Collision Example x = “Viva” Y = “Vegas” H(x) = H(y) = 2 H xH(x) H yH(y) =

7 Computer Science and Engineering Collision-resistant, One-way hash functions  Given M, it is easy to compute h  Given any h, it is hard to find any M such that H(M) = h  Given M1, it is difficult to find M2 (not identical to M1) such that H(M1) = H(M2) Functions that satisfy these criteria are called message digest. They produce a fixed-length digest (fingerprint)

8 Computer Science and Engineering The Secure Hash Algorithm (SHA-1) SHA-1 A message composed of b bits 160-bit message digest

9 Computer Science and Engineering Step 1 -- Padding  Padding  the total length of a padded message is multiple of 512  Every message is padded even if its length is already a multiple of 512

10 Computer Science and Engineering Padding (cont.) MessageMessage length1zeros 64 bits Multiple of 512 1 bit

11 Computer Science and Engineering Padding (cont.) Padding is done by appending to the input:  A single bit, 1  Enough additional bits, all 0, to make the final 512 block exactly 448 bits long  A 64-bit integer representing the length of the original message in bits

12 Computer Science and Engineering Example  M = 01100010 11001010 1001 (20 bits)  Padding is done by appending to the input:  A single bit, 1  427 0s  A 64-bit integer representing 20  Pad(M) = 01100010 11001010 10011000 … 00010100

13 Computer Science and Engineering Example  Length of M = 500 bits  Padding is done by appending to the input:  A single bit, 1  459 0s  A 64-bit integer representing 500  Length of Pad(M) = 1024 bits

14 Computer Science and Engineering Initialize 85 32-bit words (Hexa)  H0 = 67452301  H1 = EFCDAB89  H2 = 98BADCFE  H3 = 10325476  H4 = C3D2E1F0  K0 – K19 = 5A827999  K20 – K39 = 6ED9EBA1  K40 – K59 = 8F1BBCDC  K60 – K79 = CA62C1D6

15 Computer Science and Engineering Step 2 -- Dividing Pad(M)  Pad (M) = B 1, B 2, B 3, …, B n  Each B i denote a 512-bit block  Each B i is divided into 16 32-bit words W 0, W 1, …, W 15

16 Computer Science and Engineering Step 3 – Use W 0 - W 15 to compute W 16 – W 79  To Compute word W j (16<=j<=79):  W j-3, W j-8, W j-14, W j-16 are XORed  The result is circularly left shifted one bit

17 Computer Science and Engineering Step 4 – Copy H0 – H4 into A,B,C,D,E  A = H0  B = H1  C = H2  D = H3  D = H4

18 Computer Science and Engineering Step 5 – Four functions  For j = 0, 19 f j (B,C,D) = (B AND C) OR ( B AND D) OR (C AND D)  For j = 20, 39 f j (B,C,D) = (B XOR C XOR D)  For j = 40, 59 f j (B,C,D) = (B AND C) OR ((NOT B) AND D)  For j = 60, 79 f j (B,C,D) = (B XOR C XOR D)

19 Computer Science and Engineering Step 6 – Loop For j = 0 to 79 Do TEMP = Circular_left_shift_5 (A) + f j (B,C,D) + E + W j + K j E = D; D = C; C = Circular_left_shift_30(B); B = A; A = TEMP Done +  addition (ignore overflow)

20 Computer Science and Engineering Step 7 – Final H0 = H0 + A H1 = H1 + B H2 = H2 + C H3 = H3 + D H4 = H4 + E

21 Computer Science and Engineering Done Once these steps have been performed on each 512-bit block (B 1, B 2, …, B n ) of the padded message in turn, the 160-bit message digest is given by H0 H1 H2 H3 H4

22 Computer Science and Engineering Message Authentication Codes (MACs)  A message authentication code (MAC) is a key- dependent message digest function: MAC(M,K) = h

23 Computer Science and Engineering A MAC Based on a Block Cipher M1 Encrypt K M1 Encrypt K XOR M1 Encrypt K XOR … MAC

24 Computer Science and Engineering Digital Signatures  Like handwritten signatures on physical documents, a digital signature can be interpreted as indicating the signer’s agreement with the contents of an electronic document  Asymmetric Cryptographic techniques are also well suited for creating digital signatures

25 Computer Science and Engineering Digital Signature Properties  A signature is produced only by the signer deliberately signing the document  Only the signer can produce his/her signature  A signature from one document cannot be moved to another document, nor can a signed document be altered without invalidating the signature  Signatures can be validated by other users, and the signer cannot reasonably claim that he/she did not sign a document bearing his/her signature

26 Computer Science and Engineering Digital Signature Using RSA  The RSA public-key cryptosystem can be used to create a digital signature for a message m.  The signer must have an RSA public/private key pair.

27 Computer Science and Engineering RSA Review -C = P e mod n -P = C d mod n -P = C d mod n = (P e ) d mod n = (P d ) e mod n

28 Computer Science and Engineering Key Choice (RSA Review) -We start by selecting n to be a very large integer (product of two large primes p and q) -Next a large integer e is chosen so that e is relatively prime to (p-1) * (q-1). -Finally, select d such that e * d = 1 mod (p-1) * (q-1)

29 Computer Science and Engineering Example (RSA Review) 1.Select primes p=11, q=3. 2.n = p* q = 11*3 = 33 3.Choose e = 3 Check gcd(e, p-1) = gcd(3, 10) = 1 (i.e. 3 and 10 have no common factors except 1), and check gcd(e, q-1) = gcd(3, 2) = 1 therefore gcd(e, (p-1)(q-1)) = gcd(3, 20) = 1 4.Compute d such that e* d = 1 (mod (p-1)*(q-1)) d = 7 5.Public key = (n, e) = (33, 3) Private key = (n, d) = (33, 7).

30 Computer Science and Engineering Signature Generation (Signer) Message SignaturePrivate Key Redundancy Function Formatted Message Encrypt

31 Computer Science and Engineering Signature Verification Message Signature Public Key Verify Formatted Message Decrypt

32 Computer Science and Engineering Example (generate signature S) -- Signer end d = 53 e = 413 n = 629 m = 250 Assume that R(X) = X S = R(m) e mod n S = 250 53 mod 629 = 411

33 Computer Science and Engineering Example (verify signature with message recovery) Public key (e) = 413 n = 629 S = 411 R(m) = S e mod n R(m) = 411 413 mod 629 = 250 The verifier then checks that R(m) has the proper redundancy created by R (none in this case) and recover the message: m = R -1 (m) = 250

34 Computer Science and Engineering Creating a forged signature Choose a random number between 0 and n-1 for S S = 323 Use the signer’s public key to decrypt S R(m) = 323 413 mod 629 = 85 Invert R(m) to m: m = 85 Note that a valid signature (323) has been created for a random message (85) without the knowledge of the signer’s private key. The choice of a poor redundancy function can make RSA vulnerable to forgery.

35 Computer Science and Engineering Selecting a Good Redundancy Function  A good redundancy function should make forging signatures much harder.

36 Computer Science and Engineering Example (generate signature S) -- Signer end d = 53 e = 413 n = 629 m = 7 Assume that R(X) = XX S = R(m) e mod n S = 77 53 mod 629 = 25

37 Computer Science and Engineering Example (verify signature with message recovery) Public key (e) = 413 n = 629 S = 25 R(m) = S e mod n R(m) = 25 413 mod 629 = 77 The verifier then checks that R(m) is of the form XX for some message X. It is, and we recover the message: m = R -1 (m) = 7

38 Computer Science and Engineering Forging signature (revisited) Choose a random number between 0 and n-1 for S S = 323 Use the signer’s public key to decrypt S R(m) = 323 413 mod 629 = 85 However, 85 is not a legal value for R(m), so S = 323 is not a valid signature

39 Computer Science and Engineering Simple Scenario of Digital Signature

40 Computer Science and Engineering Getting a Message Digest from a document Hash Message Digest

41 Computer Science and Engineering Generating Signature Message Digest Signature Encrypt using private key

42 Computer Science and Engineering Appending Signature to document Append Signature

43 Computer Science and Engineering Verifying Signature Hash Decrypt using public key Message Digest Message Digest

Download ppt "Computer Science and Engineering Computer System Security CSE 5339/7339 Lecture 11 September 23, 2004."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.

Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Cryptographic Security CS5204 – Operating Systems1.

Cryptographic Security CS5204 – Operating Systems1.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.

PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.

CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
CSE331: Introduction to Networks and Security Lecture 21 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 21 Fall 2002.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.

Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
Information Security and Management 11

Information Security and Management 11
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

Similar presentations

Ads by Google