Presentation is loading. Please wait.

Presentation is loading. Please wait.

Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.

Published byDwain Jeremy Lee Modified over 8 years ago

Similar presentations

Presentation on theme: "Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application."— Presentation transcript:

1 Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application and Standards 5 th edition William Stallings Prentice Hall 2014 Network Security 1

2 Acknowledgements: William Stallings.William Stallings All rights Reserved Network Security Public Key Cryptography (PART 1)

3 Acknowledgements: William Stallings.William Stallings All rights Reserved Public Key Cryptography Agenda: Message authentication – authentication codes and hash functions Public key encryption – principles and algorithms Exchange of conventional keys Digital signatures Revisit key management

4 Acknowledgements: William Stallings.William Stallings All rights Reserved Recall Security Services Confidentiality – protection from passive attacks Authentication – you are who you say you are Integrity – received as sent, no modifications, insertions, shuffling or replays

5 Acknowledgements: William Stallings.William Stallings All rights Reserved Security Attacks Release of message contents Traffic analysis eavesdropping, monitoring transmissions conventional encryption helped here Passive threats

6 Acknowledgements: William Stallings.William Stallings All rights Reserved Security Attacks On the Internet, nobody knows you’re a dog - by Peter Steiner, New York, July 5, 1993

7 Acknowledgements: William Stallings.William Stallings All rights Reserved Security Attacks MasqueradeDenial of service Active threats ReplayModification of message contents Message authentication helps prevents these!

8 Acknowledgements: William Stallings.William Stallings All rights Reserved What Is Message Authentication It’s the “source,” of course! Procedure that allows communicating parties to verify that received messages are authentic Characteristics:  source is authentic – masquerading  contents unaltered – message modification  timely sequencing – replay

9 Acknowledgements: William Stallings.William Stallings All rights Reserved 9 Can We Use Conventional Encryption? Only sender and receiver share a key Include a time stamp Include error detection code and sequence number

10 Acknowledgements: William Stallings.William Stallings All rights Reserved Message Authentication Sans Encryption Append an authentication tag to a message Message read independent of authentication function No message confidentiality

11 Acknowledgements: William Stallings.William Stallings All rights Reserved Message Authentication w/o Confidentiality Application that broadcasts a message – only one destination needs to monitor for authentication Too heavy a load to decrypt – random authentication checking Computer executables and files – checked when assurance required

12 Acknowledgements: William Stallings.William Stallings All rights Reserved Life Without Authentication

13 Acknowledgements: William Stallings.William Stallings All rights Reserved Message Authentication Code Message Authentication Code (MAC) – use a secret key to generate a small block of data that is appended to the message Assume: A and B share a common secret key K AB MAC M = F(K AB,M)

14 Acknowledgements: William Stallings.William Stallings All rights Reserved Message Authentication Code

15 Acknowledgements: William Stallings.William Stallings All rights Reserved Message Authentication Code Receiver assured that message is not altered – no modification Receiver assured that the message is from the alleged sender – no masquerading If we include a sequence number, we’re assured proper sequence – no replay

16 Acknowledgements: William Stallings.William Stallings All rights Reserved Message Authentication Code DES is used Need not be reversible Checksum Stands up to attack But there is an alternative...

17 Acknowledgements: William Stallings.William Stallings All rights Reserved One Way Hash Function Hash function accepts a variable size message M as input and produces a fixed-size message digest H(M) as output No secret key as input Message digest is sent with the message for authentication Produces a fingerprint of the message

18 Acknowledgements: William Stallings.William Stallings All rights Reserved One Way Hash Function Message digest H(M)Shared key Authenticity is assured

19 Acknowledgements: William Stallings.William Stallings All rights Reserved One Way Hash Function Digital signatureNo key distribution Less computation since message does not have to be encrypted

20 Acknowledgements: William Stallings.William Stallings All rights Reserved One Way Hash Function Encryption software is slow Encryption hardware costs aren’t cheap Hardware optimized toward large data sizes Algorithms covered by patents Algorithms subject to export control Ideally We Would Like To Avoid Encryption

21 Acknowledgements: William Stallings.William Stallings All rights Reserved One Way Hash Function No encryption for message authentication Secret value never sent; can’t modify the message Important technique for Digital Signatures Assumes secret value S AB MD M = H(S AB ||M) MD M ||M

22 Acknowledgements: William Stallings.William Stallings All rights Reserved Hash Function Requirements 1. H can be applied to a block of data of any size 2. H produces a fixed length output 3. H(x) is relatively easy to compute 4. For any given code h, it is computationally infeasible to find x such that H(x) = h 5. For any given block x, it is computationally infeasible to find y  x with H(y) = H(x) 6. It is computationally infeasible to find any pair (x,y) such that H(x) = H(y) one way weak collision resistance weak strong

23 Acknowledgements: William Stallings.William Stallings All rights Reserved Simple Hash Functions Input: sequence of n -bit block Processed: one block at a time producing an n -bit hash function Simplest: Bit-by-bit XOR of every block Longitudinal redundancy check

24 Acknowledgements: William Stallings.William Stallings All rights Reserved Bitwise XOR Problem: Eliminate predictability of data One-bit circular shift for each block is used to randomize the input

25 Acknowledgements: William Stallings.William Stallings All rights Reserved SHA-1 Secure Hash Function Developed by NIST in 1995 Input is processed in 512-bit blocks Produces as output a 160-bit message digest Every bit of the hash code is a function of every bit of the input Very secure – so far!

26 Acknowledgements: William Stallings.William Stallings All rights Reserved SHA-1 Secure Hash Function append padding bits append length compression function output Every bit of the hash code is a function of every bit of the input!

27 Acknowledgements: William Stallings.William Stallings All rights Reserved SHA-1 Secure Hash Function

28 Acknowledgements: William Stallings.William Stallings All rights Reserved Other Hash Functions Most follow basic structure of SHA-1 This is also called an iterated hash function – Ralph Merkle 1979 If the compression function is collision resistant, then so is the resultant iterated hash function Newer designs simply refine this structure

29 Acknowledgements: William Stallings.William Stallings All rights Reserved MD5 Message Digest Ron Rivest - 1992 RFC 1321 Input: arbitrary Output: 128-bit digest Most widely used secure hash algorithm – until recently Security of 128-bit hash code has become questionable (1996, 2004)

30 Acknowledgements: William Stallings.William Stallings All rights Reserved RIPEMD-160 European RIPE Project – 1997 Same group launched an attack on MD5 Extended from 128 to 160-bit message digest

31 Acknowledgements: William Stallings.William Stallings All rights Reserved HMAC Effort to develop a MAC derived from a cryptographic hash code Executes faster in software No export restrictions Relies on a secret key RFC 2104 list design objectives Used in Ipsec Simultaneously verify integrity and authenticity

32 Acknowledgements: William Stallings.William Stallings All rights Reserved HMAC Structure Message, M By passing S i and S o through the hash algorithm, we have pseudo-randomly generated two keys from K. secret key output

33 Acknowledgements: William Stallings.William Stallings All rights Reserved Homework Read Chapter Three, Sections 1 & 2 Glance over Appendix A, Aspects of Number Theory 33

Download ppt "Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Public Key Cryptography & Message Authentication By Tahaei Fall 2012.

Public Key Cryptography & Message Authentication By Tahaei Fall 2012.
Information Security Principles & Applications Topic 4: Message Authentication 虞慧群

Information Security Principles & Applications Topic 4: Message Authentication 虞慧群
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.

First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.

Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
Information Security and Management 11

Information Security and Management 11
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Cryptography and Network Security Chapter 11. Chapter 11 – Message Authentication and Hash Functions At cats' green on the Sunday he took the message.

Cryptography and Network Security Chapter 11. Chapter 11 – Message Authentication and Hash Functions At cats' green on the Sunday he took the message.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.

Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.

1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS
Network Security Essentials Fifth Edition by William Stallings Fifth Edition by William Stallings.

Network Security Essentials Fifth Edition by William Stallings Fifth Edition by William Stallings.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Similar presentations

Ads by Google