1 / 117

CNS unit 4

Anna University - CS8792

jayaramb05
Download Presentation

CNS unit 4

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Profile • Have more than 11 years of teaching experience. And 2 years in Software Industry. • Published papers in 10 papers in international journals , 3 papers indexed in Scopus. • Publications in conference proceedings. • Published a patent in June 2018. • Life time member Professional body of ISTE. • Have obtained certification course on “Business Analytics & Data Mining Modelling using R Part II” conducted by IIT Roorkee under NPTEL by Mr. Gowrav Dixit during September 2019. • Have obtained certification “Foundations of Data Science” conducted by IIT Chennai named padhAI through OneFourth Labs, by Prof: Mithesh M Khapra and Prof: Pratyush Kumar from February 1st 2020. • Presently enrolled for B.Sc Data Science course from IIT Chennai about to start on January 2021. And presently undergoing preliminary eligibility course. • Area of interest: Data Analytics, Machine Learning. FDP ON HADOOP AND MACHINE LEARNING

  2. Cryptography and Network Security (CS8792) By B.Jayaram Assistant Professor, JNN Institute of Engineering Tiruvallur District - 601102

  3. UNIT 4 • Authentication requirement – Authentication function – MAC – Hash function – Security of hash function and MAC – SHA –Digital signature and authentication protocols – DSS- Entity Authentication: Biometrics, Passwords, Challenge Response protocols- Authentication applications - Kerberos, X.509

  4. Authentication Requirement • Disclosure: Release of message contents to any person or process not possessing the appropriate cryptographic key. • Traffic Analysis: The number of length of messages between parties. (connectionless or connection-oriented) • Masquerade: Insertion of messages into the network from a fraudulent source. Fraudulent acknowledgment also to be noted • Content modification: Changes to the contents of a message. • Sequence modification: Any modification to a sequence of messages between parties • Timing modification: Delay or replay of messages.( Based on connectionless or connection-oriented) • Source repudiation: Denial of transmission of message by source. • Destination repudiation: Denial of receipt of message by destination.

  5. Authentication Requirement • In summary, message authentication is a procedure to verify that received messages come from the alleged source and have not been altered. Message authentication may also verify sequencing and timeliness. A digital signature is an authentication technique that also includes measures to counter repudiation by the source.

  6. Authentication Function • Message authentication or digital signature mechanism has two levels of functionality. • One function as a Authenticator as function to send messages. • Second one as Authentication protocol: to verify message from the receiver. • This section consists of 3 types of functions to produce a authenticator • Message Encryption: The ciphertext of the entire message serves as its authenticator • Message authentication code (MAC): A function of the message and a secret keythat produces a fixed-length value that serves as the authenticator • Hash Function: A function that maps a message of any length into a fixed-length hash value, which serves as the authenticator

  7. Message Encryption • Message encryption by itself can provide a measure of authentication. • The analysis differs for symmetric and public-key encryption schemes.

  8. Basic uses of Message Encryption

  9. Symmetric Encryption (Fig 11.1 a)

  10. Public Key Encryption (Fig 11.1 b)- Confidentiality

  11. Public Key Encryption (Fig 11.1 c)- Authentication and Signature

  12. Public Key Encryption (Fig 11.1 d)- Confidentiality, Authentication and Signature

  13. Message Encryption • It may be difficult to determine automatically if incoming ciphertext decrypts to intelligible plaintext. If the plaintext is, say, a binary object file or digitized X-rays, determination of properly formed and therefore authentic plaintext may be difficult. • For this purpose FCS(Frame Check Sequence) or checksum is used in each message before encryption. • Internal and External Error Control: • In internal error control, an error detecting code also known as frame check sequence or checksum. External error control: In external error control, error detecting codes are appended after encryption

  14. Internal and External Error Control

  15. Error Control • Error control is done by some protocols. Eg: TCP/IP

  16. Message authentication code (MAC) • two communicating parties, say A and B, share a common secret key K. When A has a message to send to B, it calculates the MAC as a function of the message and the key:MAC = C(K,M), where • M = input message • C = MAC function • K = shared secret key • MAC = message authentication code

  17. Basic Uses of Message Authentication Code (MAC)

  18. Message Authentication (Fig 11.4 a)

  19. Message Authentication and Confidentiality – Authentication to plain text - Fig 11.4 b

  20. Message Authentication and Confidentiality – Authentication to Cipher text - Fig 11.4 C

  21. Message Authentication Code • In general, the MAC function is a many-to-one function. The domain of the function consists of messages of some arbitrary length, whereas the range consists of all possible MACs and all possible keys. If an n-bit MAC is used, then there are 2 power n possible MACs, whereas there are N possible messages with N >> 2 power n. • MAC does not provide a digital signature because both sender and receiver share the same key.

  22. Hash Function • Hash function accepts a variable-size message M as input and produces a fixed size output, referred to as a hash code H(M). Unlike a MAC, a hash code does not use a key but is a function only of the input message. The hash code is also referred to as a message digest or hash value.

  23. Requirements of Hash Function • Hash function must satisfy the following properties • Hash function can be applied to a block of data of any size. • Hash function produces a fixed length output. • H(x) is relatively easy to compute for any given x, making both hardware and software implementations practical. • For any given value h, it is computationally infeasible to find x such that H(x) = h. This is sometimes referred to in the literature as the one-way property. • For any given block x, it is computationally infeasible to find y not equal to x such that H(y) = H(x). This is sometimes referred to as weak collision resistance. • It is computationally infeasible to find any pair (x, y) such that H(x) = H(y). This is sometimes referred to as strong collision resistance.

  24. Simple Hash Functions • are several proposals for simple functions • based on XOR of message blocks • not secure since can manipulate any message to produce a given hash • need a stronger cryptographic function (next chapter)

  25. Birthday Attacks • might think a 64-bit hash is secure • but by Birthday Paradox is not • birthday attack works thus: • opponent generates 2m/2variations of a valid message all with essentially the same meaning • opponent also generates 2m/2 variations of a desired fraudulent message • two sets of messages are compared to find pair with same hash (probability > 0.5 by birthday paradox) • have user sign the valid message, then substitute the forgery which will have a valid signature • conclusion is that need to use larger MACs

  26. Block Ciphers as Hash Functions • can use block ciphers as hash functions • using H0=0 and zero-pad of final block • compute: Hi = EMi [Hi-1] • and use final block as the hash value • similar to CBC but without a key • resulting hash is too small (64-bit) • due to direct birthday attack and variants

  27. Hash Functions & MAC Security • like block ciphers have: • brute-force attacks exploiting • strong collision resistance hash have cost 2m/2 • 128-bit hash looks vulnerable, 160-bits better • MACs with known message-MAC pairs • can either attack keyspace (cf key search) or MAC • Min(2k, 2n) • at least 128-bit MAC and 128-bit key is needed for security

  28. Hash Functions & MAC Security • cryptanalytic attacks exploit structure • like block ciphers want brute-force attacks to be the best alternative • have a number of analytic attacks on iterated hash functions • CVi = f[CVi-1, Mi]; H(M)=CVN • typically focus on collisions in function f • like block ciphers is often composed of rounds • attacks exploit properties of round functions

  29. Secure Hash Algorithm (SHA) • The Secure Hash Algorithm (SHA) was developed by the National Institute of Standards and Technology (NIST) and published as a federal information processing standard (FIPS 180) in 1993; a revised version was issued as FIPS 180-1 in 1995 and is generally referred to as SHA-1. • SHA is based on the hash function MD4 and its design closely models MD4. SHA-1 is also specified in RFC 3174, which essentially duplicates the material in FIPS 180-1, but addsa C code implementation.

  30. Message Digest Generation Using SHA-512

  31. Message Digest Generation Using SHA-512 • Step 1: Append padding bits. Paddingis always added, even if the message is already of the desired length. Thus, the number of padding bits is in the range of 1 to 1024. The padding consists of a single 1-bit followed by the necessary number of 0-bits. • Step 2: Append length. A block of 128 bits is appended to the message. This block is treated as an unsigned 128-bit integer (most significant byte first) and contains the length of the original message (before the padding).

  32. Message Digest Generation Using SHA-512 • Step 3: Initialize hash buffer. A 512-bit buffer is used to hold intermediate and final results of the hash function. The buffer can be represented as eight 64-bit registers (a, b, c, d, e, f, g, h). • a = 6A09E667F3BCC908 • b = BB67AE8584CAA73B • c = 3C6EF372FE94F82B • c = A54FF53A5F1D36F1 • e = 510E527FADE682D1 • f = 9B05688C2B3E6C1F • g = 1F83D9ABFB41BD6B • h = 5BE0CDI9137E2179

  33. Message Digest Generation Using SHA-512 • Step 4: Process message in 1024-bit (128-word) blocks. The heart of the algorithm is a module that consists of 80 rounds; • Step 5: After all N 1024-bit blocks have been processed, the output from the Nth stage is the 512-bit message digest. We can summarize the behavior of SHA-512 as follows: • H0 = IV • Hi = SUM64(Hi-1, abcdefghi) • MD = HN, where • IV = initial value of the abcdefgh buffer, defined in step 3 • abcdefghi= the output of the last round of processing of the ith message block • N = the number of blocks in the message (including padding and length fields) • SUM = Addition modulo 264 performed separately on each word of the pair of inputs • MD = final message digest value

  34. SHA-512 Processing of a Single 1024-Bit Block

  35. Creation of 80-word Input Sequence for SHA-512 Processing of single block

  36. UNIT 4 • Authentication requirement – Authentication function – MAC – Hash function – Security of hash function and MAC – SHA –Digital signature and authentication protocols – DSS- Entity Authentication: Biometrics, Passwords, Challenge Response protocols- Authentication applications - Kerberos, X.509

  37. Digital Signatures • A digital signature is an authentication mechanism that enables the creator of a message to attach a code that acts as a signature. The signature is formed by taking the hash of the message and encrypting the message with the creator's private key. The signature guarantees the source and integrity of the message. • Mutual authentication protocols enable communicating parties to satisfy themselves mutually about each other's identity and to exchange session keys. • The digital signature standard (DSS) is an NIST standard that uses the secure hash algorithm (SHA).

  38. Properties for Digital Signature • It must verify the author and the date and time of the signature. • It must to authenticate the contents at the time of the signature. • It must be verifiable by third parties, to resolve disputes.

  39. Requirements for Digital Signature • The signature must be a bit pattern that depends on the message being signed. • The signature must use some information unique to the sender, to prevent both forgery and denial. • It must be relatively easy to produce the digital signature. • It must be relatively easy to recognize and verify the digital signature. • It must be computationally infeasible to forge a digital signature, either by constructing a new message for an existing digital signature or by constructing a fraudulent digital signature for a given message. • It must be practical to retain a copy of the digital signature in storage.

  40. Direct Digital Signature • The direct digital signature involves only the communicating parties (source, destination). It is assumed that the destination knows the public key of the source. A digital signature may be formed by encrypting the entire message with the sender's private key or by encrypting a hash code of the message with the sender's private key. Disadvantage: • The validity of the scheme depends on the security of the sender's private key. (i.e) the sender can send denial information. • Private key might actually be stolen from X at time T. The opponent can then send a message signed with X's signature and stamped with a time before or equal to T.

  41. Arbitrated Digital Signature Techniques • Every signed message from a sender X to a receiver Y goes first to an arbiter A, who subjects the message and its signature to a number of tests to check its origin and content. • The message is then dated and sent to Y with an indication that it has been verified to the satisfaction of the arbiter.

  42. Arbitrated Digital Signature Techniques X = Sender Y = Recipient A = Arbiter M = Message T = Time Stamp

More Related