IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes Only Revised: September 22, 2002

1 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Chapter 8: Context and Overview Types of Network Attacks Authentication Requirements Authentication Approaches Authentication Functions Message Encryption Authentication with Public-keys Ensuring Both Encryption and Authentication Message Authentication Code (MAC) Hash Functions - Hash Function Properties - Requirements for Hash Functions - One-Way Hash Functions (1&2) - Secure Hash Algorithm (SHA) - HMAC Security of Hash Functions and MACS Chapter 8/9 Outline

2 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Context and Overview Context [2]: Currently a plethora of tools, methods, and counter measures within the arena of network security. Overview [2]: Impossible to exhaust all of the cryptographic functions and protocols that have been proposed and/or implemented for message authentication and digital signatures. Chapter 8 presents an introduction to the requirements for authentication and digital signatures, and the types of attacks to be countered.

3 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Types of Network Attacks Types of Attacks [2]: Disclosure Traffic Analysis Masquerade Content Modification Sequence Modification Timing Modification Repudiation Counter Measures [2] Message Confidentiality: Disclosure, Traffic Analysis Message Authentication: Masquerade, Content Modification, Sequence Modification, Sequence Modification, Time Modification Digital Signatures: Repudiation

4 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Authentication Requirements Authentication Requirements: Requirements - must be able to verify that: -Message came from apparent source or author, - Contents have not been altered, - Sometimes, it was sent at a certain time or sequence. Protection against active attack (falsification of data and transactions)

5 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Authentication Approaches Authentication Approaches: Authentication Using Conventional Encryption – Only the sender and receiver should share a key Message Authentication without Message Encryption – An authentication tag is generated and appended to each message Message Authentication Code – Calculate the MAC as a function of the message and the key. MAC = F(K, M)

6 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Authentication Functions Authentication Functions [2]: Any message authentication or digital signature mechanism can be viewed as having fundamentally two levels of protocols: - Lower Level: Must produce an authenticator, i.e. a value to authenticate a message. - Higher Level: Enables a receiver to verify the authenticity of a message. Authenticators: Functions that may be used to produce an authenticator may be grouped in three classes: -Message Encryption -Message Authentication Code -Hash Function

7 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Message Encryption Definition: The Ciphertext of the entire message serves as its authenticator. Message encryption by itself can provide a measure of authentication. [2] Methods and Basic Encryption: Conventional Encryption: Confidentiality and Authentication Public-key Encryption: Confidentiality Public-key Encryption: Authentication and Signature Public-key Encryption: Confidentiality Authentication and Signature

8 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Authentication with Public-keys Authentication Process [2]: (1) Bob prepares a message to Alice and encrypts the message using his private key. (2) Alice decrypts Bob’s message by using his Public-key. (3) Since the message was encrypted using the sender’s private key, only the sender could have sent this message.

9 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Question: Given the two preceding processes, how are you able to ensure for both Encryption and Authentication? Solution: Encrypt first, followed by the signature. Signature first has the advantage that the signature can be verified by parties other than the Recipient. Ensuring Both Encryption and Authentication

10 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Message Authentication Code (MAC) MAC [2]: (1) Uses the secret key to generate a small fixed block of data, known as a checksum or MAC. The MAC is appended to the message. (2) Alice calculates the MAC as a function of the message and the secret key. The MAC is appended to the message and sent to Bob. (3) Bob uses his copy of the Key to generate a new MAC off of the message, and compares it with Alices’ appended MAC. Authentication with Public-keys

11 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Hash Functions Algorithm [2]: Check that provides data against modification. Hash value is generated by function: h = H(M) -M = Variable length message -H(M) = Fixed length hash value Hash value is appended to the message at the source at a time when the message is assumed to known to be correct. Receiver Authenticates the message by re-computing the hash value.

12 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Hash Function Properties Secure Hash Functions [2]: Purpose of the HASH function is to produce a ”fingerprint. Properties of a HASH function H : - H can be applied to a block of data at any size - H produces a fixed length output - H(x) is easy to compute for any given x. - For any given block x, it is computationally infeasible to find x such that H(x) = h - For any given block x, it is computationally infeasible to find with H(y) = H(x). - It is computationally infeasible to find any pair (x, y) such that H(x) = H(y)

13 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Requirements for Hash Functions Requirements for Hash Functions [2]: (1) H can be applied to a block of data of any size. (2) H produces a fixed length output. (3) H(x) is a relatively easy to compute for any given x, making both hardware and software implementations practical. (4) For any given code h, it is computationally infeasible to find x such that H(x) = h. This is sometimes referred to in literature as the one-way property. (5) For any given block x, it is computationally infeasible to find y != x with H(y) = H(x). This is sometimes referred to as weak collision resistance. (6) It is computationally infeasible to find any pair (x, y) such that H(x) = H(y). This is sometimes referred to as strong collision resistance.

14 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only One-Way Hash Functions (1) One Way Hash Functions [2]:

15 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only One-Way Hash Functions (2) One Way Hash Functions: Secret value is added before the hash and removed before transmission.

16 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Secure Hash Algorithm (SHA) SHA[2]: (1) Takes as an input a message with a max length of less than 2^64 bits and produces an output of a 160 bit message digest. (2) Input is processed in 512-bit blocks. - Step 1: Append Padding bits - Step 2: Append Length - Step 3: Initialize MD Buffer - Step 4: Process Message in 512- bit blocks - Step 5: Output Authentication with Public-keys

17 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only HMAC HMAC[2]: (1) Use a MAC derived from a cryptographic hash code, such as SHA-1. (2) Motivations: –Cryptographic hash functions executes faster in software than encryption algorithms such as DES –Library code for cryptographic hash functions is widely available –No export restrictions from the US Authentication with Public-keys

18 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Security of Hash Functions and MACS Brute-Force Attacks [2]: Hash Functions : The strength of the hash function against brute-force attacks depends solely on he length of the hash code produced by the algorithm. MAC : More difficult to crack than Hash Functions because it requires known message-MAC pairs. Cryptanalysis [2]: Hash Functions : In recent years, there has been considerable effort, and some successes in developing cryptanalytic attacks on has functions. MAC : More variety in the structure of MAC’s than in hash functions, so its more difficult to generalize.

19 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only [1] Pfleeger, Charles. Security In Computing, Prentice Hall, Chapter 4. [2] Stallings, William. Cryptography and Network Security, Prentice Hall, Chapter 4-5 Resources