Report

1. 2. 3. CRYPTOGRAPHIC HASH FUNCTIONS MESSAGE AUTHENTICATION CODES DIGITAL SIGNATURES 2 Applications of Cryptographic Hash Functions Two Simple Hash Functions Requirements and Security Hash Functions Based on Cipher Block Chaining Secure Hash Algorithm (SHA) SHA-3 3 A hash function maps a variable-length message into a fixed-length hash value, or message digest. Virtually all cryptographic hash functions involve the iterative use of a compression function. The compression function used in secure hash algorithms falls into one of two categories: a function specifically designed for the hash function or an algorithm based on a symmetric block cipher. SHA and Whirlpool are examples of these two approaches, respectively. 4 A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h=H(M). A “good” hash function has the property that the results of applying the function to a large set of inputs will produce outputs that are evenly distributed and apparently random. A cryptographic hash function is an algorithm for which it is computationally infeasible (because no attack is significantly more efficient than brute force) to find either (a) a data object that maps to a pre-specified hash result (the one-way property) or (b) two data objects that map to the same hash result (the collision-free property). 5 6 Message Authentication The message plus concatenated hash code is encrypted using symmetric encryption. Because only A and B share the secret key, the message must have come from A and has not been altered. The hash code provides the structure or redundancy required to achieve authentication. Because encryption is applied to the entire message plus hash code, confidentiality is also provided 7 Only the hash code is encrypted, using symmetric encryption. This reduces the processing burden for those applications that do not require confidentiality. 8 It is possible to use a hash function but no encryption for message authentication. The technique assumes that the two communicating parties share a common secret value S. A computes the hash value over the concatenation of M and S and appends the resulting hash value to M. Because B possesses S, it can recompute the hash value to verify. Because the secret value itself is not sent, an opponent cannot modify an intercepted message and cannot generate a false message. 9 Confidentiality can be added to the approach of method (c) by encrypting the entire message plus the hash code. 10 11 12 Message Authentication Requirements Message Authentication Functions Requirements for Message Authentication Codes Security of MACs MACs Based on Hash Functions: HMAC MACs Based on Block Ciphers: DAA and CMAC Authenticated Encryption: CCM and GCM Pseudorandom Number Generation Using Hash Functions and Macs 13 Message authentication is a mechanism or service used to verify the integrity of a message. Message authentication assures that data received are exactly as sent by (i.e., contain no modification, insertion, deletion, or replay) and that the purported identity of the sender is valid. Symmetric encryption provides authentication among those who share the secret key. 14 A message authentication code (MAC) is an algorithm that requires the use of a secret key. A MAC takes a variable-length message and a secret key as input and produces an authentication code. A recipient in possession of the secret key can generate an authentication code to verify the integrity of the message. One means of forming a MAC is to combine a cryptographic hash function in some fashion with a secret key. Another approach to constructing a MAC is to use a symmetric block cipher in such a way that it produces a fixed-length output for a variable-length input. 15 1. 2. 3. 4. Disclosure: Release of message contents to any person or process not possessing the appropriate cryptographic key. Traffic analysis: Discovery of the pattern of traffic between parties… Masquerade: Insertion of messages into the network from a fraudulent source … Content modification: Changes to the contents of a message, including insertion, deletion, transposition, and modification. 16 5. 6. 7. 8. Sequence modification: Any modification to a sequence of messages between parties, including insertion, deletion, and reordering. Timing modification: Delay or replay of messages. Source repudiation: Denial of transmission of message by source. Destination repudiation: Denial of receipt of message by destination. 17 Hash function: A function that maps a message of any length into a fixed-length hash value, which serves as the authenticator. Message encryption: The ciphertext of the entire message serves as its authenticator. Message authentication code (MAC): A function of the message and a secret key that produces a fixed-length value that serves as the authenticator. 18 19 20 21 22 Brute-Force Attacks Cryptanalysis 23 24 25 26 27 28 29 Digital Signatures ElGamal Digital Signature Scheme Schnorr Digital Signature Scheme Digital Signature Standard 30 A digital signature is an authentication mechanism that enables the creator of a message to attach a code that acts as a signature. Typically the signature is formed by taking the hash of the message and encrypting the message with the creator’s private key. The signature guarantees the source and integrity of the message. The digital signature standard (DSS) is an NIST standard that uses the secure hash algorithm (SHA). 31 32 33 34 35 36 37 38 39 40