1 / 19

Hash Algorithms

Hash Algorithms. Yuan Xue. Outline. Review of MAC Why we need hash function Requirement for hash function Hash function overview Hash function usage HMAC. Message Authentication – Lessons learned. Encryption can achieve data confidentiality

fedora
Download Presentation

Hash Algorithms

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hash Algorithms Yuan Xue

  2. Outline • Review of MAC • Why we need hash function • Requirement for hash function • Hash function overview • Hash function usage • HMAC

  3. Message Authentication – Lessons learned • Encryption can achieve data confidentiality • Using encryption for data integrity & source authentication faces the following issues • Without a structure, legitimate plaintext can not be identified automatically • Modes of operation provides no data integrity protection • Sometimes only data integrity is required but not confidentiality. And encrypting the whole message introduces unnecessary overhead

  4. Message Authentication – Lessons learned • Error detection code (non-cryptographic checksum) • Provides redundant information for automatically data integrity checking • Using the code directly can only provide integrity protection against data modification due to natural causes, but not malicious alteration • Encrypting the error detection code does not work either • Attackers can identify the messages that generate the same error detection code • Attackers can still change the message without being detected even without knowing the value of the code • Encrypting (message + EDC) still suffers from some attacks.

  5. Message Authentication Code • Cryptographic checksum • Utilize a key in generating the code • MAC = C(K, M) • Two approaches • CBC-based MAC generation algorithm • Hash-based MAC gneration

  6. Review Usage of MAC

  7. How about these two?

  8. Message Authentication Code • Summary of Limitations • Use of MAC needs a shared secret key between the communicating parties • MAC does not provide digital signature • CBC-based MAC generation still involves high computation overhead

  9. Motivation for Hash Algorithms • Intuition • Re-examine the non-cryptographic checksum. • Main Limitation • An attack is able to construct a message that matches the checksum • Goal • Design a code where the original message can not be inferred based on its checksum  design of hash algorithms.

  10. Requirements for Hash function • A hash function H takes a message M of variable length and transforms it into a fixed-length hash value h • h = H(M) • A hash function H must have the following properties: • One-way property: for any given value h, it is computationally infeasible to find x such that H(x) = h. • Weak collision resistance: for any given message x, it is computationally infeasible to find y ≠ x with H(y) = H(x) • Strong collision resistance: it is computationally infeasible to find any pair (x,y), such that H(x) = H(y).

  11. Overview of Hash Algorithms • MD5 • Message-Digest algorithm 5 • By Ronald Rivest in 1991 based on MD4 • Digest length: 128-bit • Weak collision resistance • Vulnerable to collision attack (no strong collision resistance) • SHA hash functions (all by NSA) • SHA-0 in 1993; 160-bit hash value • SHA-1 in 1995; 160-bit hash value • widely used, once considered as the successor to MD5 • SHA-2 • SHA-224, SHA-256; SHA384; SHA512 • Digest length (based on name) • SHA-0 and SHA-1 are vulnerable to collision attacks • Recent result on SHA-1: collision attack on SHA-1 that would allow an attacker to select at least parts of the message. Ref: http://en.wikipedia.org/wiki/MD5 http://en.wikipedia.org/wiki/SHA_hash_functions

  12. Hash Algorithm Design – MD5 2. Append length (64bits) 1. Append padding bits (to 448 mod 512) 3. Initialize MD buffer Word A = 01 23 45 67 Word B = 89 AB CD EF Word C = FE DC BA 98 Word D = 76 54 32 10

  13. Hash Algorithm Design – MD5 16 steps X[k] = M [q*16+k] (32 bit) Constructed from sine function

  14. The ith 32-bit word in matrix T, constructed from the sine function M [q*16+k] = the kth 32-bit word from the qth 512-bit block of the msg Single step

  15. Hash Function Usage • Used Alone • File integrity verification • Public key fingerprint • Passwd storage • Combined with encryption functions

  16. Confidentiality and authentication Authentication Authentication, digital signature

  17. Authentication, digital signature, confidentiality Authentication (no encryption needed!) Authentication, confidentiality

  18. HMAC • Hash function works with a symmetric key to provide message authentication • Two methods MAC (1) MAC = E [K, H(M)] (2) MAC = H [M||S] Idea for HMAC

  19. HMAC Structure • K+ = K padded with 0 • on the left (b bits in total) • ipad = 00110110 • repeated b/8 times • opad = 01011100 • repeated b/8 times 36 in hex repeated 5C in hex repeated HMAC(K,M) = H[(K+opad)||H[(K+ipad)||M]]

More Related