Agenda
Download
1 / 13

Agenda - PowerPoint PPT Presentation


  • 132 Views
  • Uploaded on

CS G513 / SS G513 Network Security. Agenda. Integrity – Hash Codes (Keyed and Unkeyed). Integrity. M is created (say by A) and sent (to B) or stored (in C). The message M’ received (by B) must be same as M. (Message Integrity)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Agenda ' - gazit


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Agenda

CS G513 / SS G513 Network Security

Agenda

Integrity –

Hash Codes (Keyed and Unkeyed)


Integrity
Integrity

  • M is created (say by A) and sent (to B) or stored (in C).

    • The message M’ received (by B) must be same as M. (Message Integrity)

    • Alternatively, The data M’ retrieved from C must be the same as M (Data Integrity)

  • Integrity is often achieved

    • By using an “essence” of the message (or the data) – also referred to as a message signature.

Sundar B.


Integrity1
Integrity

  • How do we extract such an “essence”?

  • How do we ensure the message cannot be forged given its “essence”?

    • Ideally, we need a one-way function (from message to its essence).

  • Typical solution:

    • A hash function: a function h, that is easy to compute and maps an input of arbitrary finite bitlength to an output of fixed bitlength.

Sundar B.


Hash functions definitions
Hash Functions - Definitions

  • Two functional categories:

    • Modification Detection Codes (MDCs)

      • a.k.a Manipulation Detection Codes or Message Integrity Codes

      • Purpose: provide a representative image or “hash” of a message satisfying additional properties for meeting integrity requirements

      • 2 sub-categories: 1-way hash functions, collision-resistant hash functions.

    • Message Authentication Codes (MACs)

      • Purpose: to facilitate (message) authentication i.e. Sender Identification + Integrity

Sundar B.


Hash functions definitions1
Hash Functions - Definitions

  • Two operational categories:

    • Keyed Hash functions

      • A cryptographic (typically secret) key is used for hashing

      • Message Authentication Codes (MACs) are a subclass of keyed hash functions

    • Un-Keyed Hash functions:

      • Hash function does not depend on a key (or a secret).

      • MDCs are a subclass of un-keyed hash functions.

Sundar B.


Hash functions properties
Hash Functions - Properties

  • 3 potential properties for an unkeyed hash function h with inputs x, x’ and outputs y, y’ :

    • Preimage resistance:

      • computationally infeasible to find a preimage x’ s.t h(x’) = y given any y for which a corresponding input is not known.

    • 2nd Preimage resistance:

      • computationally infeasible to find x’ s.t. x != x’ and h(x) = h(x’) for any given x. (a.k.a weak collision resistance)

    • Collision resistance:

      • computationally infeasible find two distinct inputs x,x’ s.t h(x) = h(x’)

Sundar B.


Hash functions definitions2
Hash Functions - Definitions

  • A 1-way hash function is a hash function offering preimage resistance and 2nd preimage resistance.

    • a.k.a weak 1-way hash functions

  • A collision-resistant hash function is a hash function offering 2nd-preimage resistance and collision resistance.

    • a.k.a Strong 1-way hash functions

  • Most of the definitions above are easily adapted for keyed hashing:

    • A keyed hash function is a family of hash functions hk, parameterized by secret key k.

Sundar B.


Attack objectives on mdcs
Attack Objectives: on MDCs

  • To attack a 1-way hash function:

    • Given a hash value y, find a preimage x s.t. h(x) = y

    • Given a pair (x, h(x)) find another preimage x’ s.t. h(x) = h(x’)

  • To attack a collision-resistant hash function

    • Find any two inputs x, x’ s.t. h(x) = h(x’)

Sundar B.


Attack objectives on macs
Attack Objectives: on MACs

  • To attack a MAC (without prior knowledge of key):

    • Compute a new text-MAC pair (x, hk(x)) for some text x<>xi given one or more pairs (xi, hk(xi)).

    • Computation Resistance sub-categories:

      • Known-text attack: one or more text-MAC pairs avail.

      • Chosen-text attack: one or more text-MAC pairs avail. for texts chosen by adversary.

      • Adaptive chosen-text: texts chosen by adversary as above, now allowing successive choices to based on the results of prior queries.

Sundar B.


Mac forgery degrees
MAC forgery – degrees

  • Selective forgery

    • Attacks where an adversary is able to produce a new text-MAC pair for a text of his choice

  • Existential forgery

    • Attacks where an adversary is able to produce a new text-MAC pair but with no control over the value of the text.

Sundar B.


One way functions
One-way functions

  • No known instances of 1-way functions

    • A proof of existence would establish P != NP.

  • There are known hash functions provably as secure as NP-complete problems.

    • E.g. g(x) = x*x (mod n) where n=pq for appropriate primes p and q kept secret.

    • Computing a preimage for g, i.e computing a square root mod n is computationally equivalent to factoring.

Sundar B.


Hash functions construction
Hash functions - construction

Fig. From Menezes

Sundar B.


Hash functions construction1
Hash functions - construction

Fig. From Menezes

H0 = IV; Hi = f(Hi-1, xi-1)


ad