Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authentication & digital signature Jen-Chang Liu Adapted from lecture slides by Lawrie Brown.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Authentication & digital signature Jen-Chang Liu Adapted from lecture slides by Lawrie Brown."— Presentation transcript:

1 Authentication & digital signature Jen-Chang Liu Adapted from lecture slides by Lawrie Brown

2 Model for Network Security

3 Type of attacks disclosure traffic analysis masquerade 偽裝 content modification sequence modification Insertion, deletion, reordering timing modification Delay or replay of message source repudiation destination repudiation Message confidentiality => ciphers Message authentication =>Message encryption, Message auth. code, Hash function 不可否認發出訊息 Digital signature 不可否認收到訊息

4 Outline Message authentication Message encryption Message authentication code: MAC=C k (M), k is a shared secret key, MAC is a fixed-length code Hash function: h=H(M), h is a fixed-length code Hash functions SHA (secure hash algorithm) Digital signature

5 Message Authentication message authentication is concerned with: protecting the integrity of a message validating identity of originator non-repudiation of origin (dispute resolution) Two-level approach Produce an authenticator: a value to be used to authenticate a message Authentication protocol (ch 13.2) 訊息 來源 來源不可否認發出訊息

6 Message Encryption message encryption by itself also provides a measure of authentication symmetric encryption is used: * A is the only party that possesses K * Y=D K (X), How to verify that Y is legitimate plaintext? Source: text file Source: binary file, such as compressed file, …

7 Symmetric encryption for authentication Constraint: the plaintext have some well- formed structure Example 1: frame check sequence (FCS) Error detection code Frame check sequence Hash function

8 Symmetric encryption for authentication (cont.) Example 2: TCP header

9 Public-key encryption for authentication Anyone can access public key – no authentication Only A has private key, M must be well-formed AB

10 Outline Message authentication Message encryption Message authentication code: MAC=C k (M), k is a shared secret key, MAC is a fixed-length code Hash function: h=H(M), h is a fixed-length code Hash functions SHA (secure hash algorithm) Digital signature

11 Message Authentication Code (MAC) MAC is a cryptographic checksum MAC=C K (M) condenses a variable-length message M using a secret key K to a fixed-sized authenticator

12 Message Authentication Codes (cont.) why use a MAC instead of message encryption? Sometimes only authentication is needed Ex. Broadcast of shut down message, check MAC is cheaper Ex. The receiver side cannot afford time to decrypt Ex. Authentication of a program in plaintext Separation of authentication and confidentiality Sometimes need authentication to persist longer than the encryption (eg. archival use) note that a MAC is not a digital signature Both sender and receiver share the same key

13 Requirements for MACs taking into account the types of attacks, we need the MAC to satisfy the following: 1. knowing a message and MAC, is infeasible to forge another message with same MAC 2. MACs should be uniformly distributed For random M and M ’, n-bit MAC, the prob. that C K (M)=C K (M ’ ) is 2 -n 3. MAC should depend equally on all bits of the message

14 Using Symmetric Ciphers for MACs Data Authentication Algorithm (DAA) is a widely used MAC based on DES-CBC using IV=0 and zero-pad of final block encrypt message using DES in CBC mode and send just the final block as the MAC or the leftmost M bits (16≤M≤64) of final block Cipher block chaining + IV=0

15 Message + MAC with confidentiality

16 Outline Message authentication Message encryption Message authentication code: MAC=C k (M), k is a shared secret key, MAC is a fixed-length code Hash function: h=H(M), h is a fixed-length code Hash functions (Ch. 12) SHA (secure hash algorithm) Digital signature

17 Hash Functions Hash function: h=H(M), h is a fixed-length code Also called as message digest or hash value usually assume that the hash function is public and not keyed. cf. MAC which is keyed MAC alone can be used for authentication; however, hash value alone can ’ t hash used to detect changes to message can use in various ways with message, most often to create a digital signature

18 Hash functions & symmetric encryption Hash code provide a structure for the message In fact, a MAC code

19 Hash functions & public-key encryptions In fact, a digital signature confidentiality

20 Hash functions & a shared secret value S Advantage: no encryption is necessary confidentiality

21 Requirements for Hash Functions 1. can be applied to any sized message M 2. produces fixed-length output h 3. is easy to compute h=H(M) for any message M 4. given h is infeasible to find x s.t. H(x)=h one-way property Important if a secret value is hashed. h = H(M || S) 5. given x is infeasible to find y s.t. H(y)=H(x) weak collision resistance Prevent forgery 6. is infeasible to find any x,y s.t. H(y)=H(x) strong collision resistance

22 Simple Hash Functions based on XOR of message blocks XOR * Too simple to fit the security requirements

23 Secure hash algorithm (SHA) SHA logic 512-bit block SHA 160 160-bit digest

24 SHA round for 512-bit block 4 different functions: Totally 80 steps 5 32- bit words

25 Elementary SHA operation 32 bits From 512-bit input block Fixed constant Circular left shift 5 bits

26 SHA bitswise functions StepFunction ValueComment 0≤t≤19 If B then C else D 20≤t≤39 Parity bit of B,C, and D 40≤t≤59 2 or 3 of B,C,D is true 60≤t≤79 Parity bit of B,C, and D

27 W[0-79] from input 512-bit block W[0-79]

28 Security of SHA Against brute-force attack Produce any message having a given SHA digest is on the order of 2 160 Against cryptanalysis No known attacks Speed Logic operation & addition modulo 2 32 Fast on 32-bit architecture Simple to implement

29 Hash Functions & MAC Security like block ciphers have: brute-force attacks exploiting strong collision resistance hash have cost 2 m / 2 have proposal for h/w MD5 cracker 128-bit hash looks vulnerable, 160-bit is better MACs with known message-MAC pairs can either attack keyspace (cf key search) or MAC at least 128-bit MAC is needed for security

30 Hash Functions & MAC Security (cont.) cryptanalytic attacks exploit structure like block ciphers want brute-force attacks to be the best alternative have a number of analytic attacks on iterated hash functions CV i = f[CV i-1, M i ]; H(M)=CV N typically focus on collisions in function f like block ciphers is often composed of rounds attacks exploit properties of round functions

31 Outline Message authentication Message encryption Message authentication code: MAC=C k (M), k is a shared secret key, MAC is a fixed-length code Hash function: h=H(M), h is a fixed-length code Hash functions SHA (secure hash algorithm) Digital signature Digital signature standard (DSS) : FIPS 186

32 Motivation Problem with message authentication: (John sends auth. message to Mary): Mary may forge a different message and claim that it came from John John can deny sending the message (source repudiation) JohnMary Authenticated message Secret K message MAC forgery

33 Digital signature digital signatures (analogous to the handwritten signature) provide the ability to: verify author, date & time of signature authenticate message contents be verified by third parties to resolve disputes hence include authentication function with additional capabilities

34 Hash functions & public-key encryptions In fact, a digital signature confidentiality

35 Digital Signature Properties must depend on the message signed must use information unique to sender to prevent both forgery and denial must be relatively easy to produce must be relatively easy to recognize & verify be computationally infeasible to forge with new message for existing digital signature with fraudulent digital signature for given message be practical save digital signature in storage

36 Digital signature standard (DSS) NIST published the DSS standard in 1992 One of the aims: to make DSS a free piece of digital signature software RSA is not free !!! Advantage of DSS: faster than (message digest + RSA)

37 DSS approach Random number s: 160 bits r: 160 bits – Does not dependent on input message  Can be computed ahead of time Global public-key A B r

38 Digital signature standard (DSS) creates a 320 bit signature (r, s), but with 512-1024 bit security security depends on difficulty of computing discrete logarithms 160 bits : public r = (g k mod p) mod q 160 bits512~1024 bits s=[k -1 (H(M)+xr)] mod q 160-bit user Private key * s is easy to compute

Download ppt "Authentication & digital signature Jen-Chang Liu Adapted from lecture slides by Lawrie Brown."

Similar presentations

Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Fall 2008CS 334: Computer Security1 Crypto Conclusion Message Authentication Codes Key Management.

Fall 2008CS 334: Computer Security1 Crypto Conclusion Message Authentication Codes Key Management.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.

First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Authentication & MD5 Jen-Chang Liu, Fall 2005 Adapted from lecture slides by Lawrie Brown.

Authentication & MD5 Jen-Chang Liu, Fall 2005 Adapted from lecture slides by Lawrie Brown.
Information Security and Management 11

Information Security and Management 11
SHA (secure hash algorithm) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.

SHA (secure hash algorithm) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 11. Chapter 11 – Message Authentication and Hash Functions At cats' green on the Sunday he took the message.

Cryptography and Network Security Chapter 11. Chapter 11 – Message Authentication and Hash Functions At cats' green on the Sunday he took the message.
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.

Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
1 Cryptography and Network Security (Various Hash Algorithms) Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Changed by Somesh Jha)

1 Cryptography and Network Security (Various Hash Algorithms) Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Changed by Somesh Jha)
1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.

1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

Similar presentations

Ads by Google