Message authentication and hash functions
This presentation is the property of its rightful owner.
Sponsored Links
1 / 27

Message Authentication and Hash Functions PowerPoint PPT Presentation


  • 138 Views
  • Uploaded on
  • Presentation posted in: General

Message Authentication and Hash Functions. Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of Hash Functions and MACs. Authentication Requirements. Kind of attacks (threats) in the context of communications across a network

Download Presentation

Message Authentication and Hash Functions

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Message authentication and hash functions

Message Authentication and Hash Functions

  • Authentication Requirements

  • Authentication Functions

  • Message Authentication Codes

  • Hash Functions

  • Security of Hash Functions and MACs


Authentication requirements

Authentication Requirements

  • Kind of attacks (threats) in the context of communications across a network

    • Disclosure

    • Traffic analysis

    • Masquerade

    • Content modification

    • Sequence modification

    • Timing modification

    • Repudiation

  • Measures to deal with first two attacks:

    • In the realm of message confidentiality, and are addressed with encryption

  • Measures to deal with items 3 thru 6

    • Message authentication

  • Measures to deal with items 7

    • Digital signature


Authentication requirements1

Authentication Requirements

  • Message authentication

    • A procedure to verify that messages come from the alleged source and have not been altered

    • Message authentication may also verify sequencing and timeliness

  • Digital signature

    • An authentication technique that also includes measures to counter repudiation by either source or destination


Authentication functions

Authentication Functions

Authentication Functions

  • Message authentication or digital signature mechanism can be viewed as having two levels

    • At lower level: there must be some sort of functions producing an authenticator – a value to be used to authenticate a message

    • This lower level functions is used as primitive in a higher level authentication protocol


Authentication functions1

Authentication Functions

Authentication Functions

  • Three classes of functions that may be used to produce an authenticator

    • Message encryption

      • Ciphertext itself serves as authenticator

    • Message authentication code (MAC)

      • A public function of the message and a secret key that produces a fixed-length value that serves as the authenticator

    • Hash function

      • A public function that maps a message of any length into a fixed-length hash value, which serves as the authenticator


Message encryption

Authentication Functions

Message Encryption

  • Conventional encryption can serve as authenticator

    • Conventional encryption provides authentication as well as confidentiality

    • Requires recognizable plaintext or other structure to distinguish between well-formed legitimate plaintext and meaningless random bits

      • e.g., ASCII text, an appended checksum, or use of layered protocols


Basic uses of message encryption

Authentication Functions

Basic Uses of Message Encryption


Message authentication and hash functions

Authentication Functions

Ways of Providing Structure

  • Append an error-detecting code (frame check sequence (FCS)) to each message


Message authentication and hash functions

Authentication Functions

Ways of Providing Structure - 2

  • Suppose all the datagrams except the IP header is encrypted.

  • If an opponent substituted some arbitrary bit pattern for the encrypted TCP segment, the resulting plaintext would not include a meaningful header


Message authentication and hash functions

Authentication Functions

Confidentiality and Authentication Implications of Message Encryption


Message authentication code

Authentication Functions

Message Authentication Code

  • Uses a shared secret key to generate a fixed-size block of data (known as a cryptographic checksum or MAC) that is appended to the message

  • MAC = CK(M)

  • Assurances:

    • Message has not been altered

    • Message is from alleged sender

    • Message sequence is unaltered (requires internal sequencing)

  • Similar to encryption but MAC algorithm needs not be reversible


Message authentication and hash functions

Authentication Functions

Basic Uses of MAC


Message authentication and hash functions

Authentication Functions

Basic Uses of MAC


Why use macs

Authentication Functions

Why Use MACs?

  • i.e., why not just use encryption?

  • Cleartext stays clear

  • MAC might be cheaper

  • Broadcast

  • Authentication of executable codes

  • Architectural flexibility

  • Separation of authentication check from message use


  • Hash function

    Authentication Functions

    Hash Function

    • Converts a variable size message M into fixed size hash code H(M) (Sometimes called a message digest)

    • Can be used with encryption for authentication

      • E(M || H)

      • M || E(H)

      • M || signed H

      • E( M || signed H ) gives confidentiality

      • M || H( M || K )

      • E( M || H( M || K ) )


    Message authentication and hash functions

    Authentication Functions

    Basic Uses of Hash Function


    Message authentication and hash functions

    Authentication Functions

    Basic Uses of Hash Function


    Message authentication and hash functions

    Authentication Functions

    Basic Uses of Hash Function


    Message authentication codes

    MACs

    Message Authentication Codes

    • MAC= CK(M)

    • Key length requirements

      • Sufficient key length to thwart brute force attack


    Hash functions

    Hash Functions

    Hash Functions

    • h = H(M)

    • M is a variable-length message, h is a fixed-length hash value, H is a hash function

    • The hash value is appended at the source

    • The receiver authenticates the message by recomputing the hash value

    • Because the hash function itself is not considered to be secret, some means is required to protect the hash value


    Hash function requirements

    Hash Functions

    Hash Function Requirements

    • H can be applied to any size data block

    • H produces fixed-length output

    • H(x) is relatively easy to compute for any given x

    • H is one-way, i.e., given h, it is computationally infeasible to find any x s.t. h = H(x)

    • H is weakly collision resistant: given x, it is computationally infeasible to find any y  x s.t. H(x) = H(y)

    • H is strongly collision resistant: it is computationally infeasible to find any x and y s.t. H(x) = H(y)


    Hash function requirements1

    Hash Functions

    Hash Function Requirements

    • One-way property is essential for authentication

    • Weak collision resistance is necessary to prevent forgery

    • Strong collision resistance is important for resistance to birthday attack


    Simple hash functions

    Hash Functions

    Simple Hash Functions

    • Operation of hash functions

      • The input is viewed as a sequence of n-bit blocks

      • The input is processed one block at a time in an iterative fashion to produce an n-bit hash function

    • Simplest hash function: Bitwise XOR of every block

      • Ci = bi1 bi2 …  bim

        • Ci = i-th bit of the hash code, 1  i  n

        • m = number of n-bit blocks in the input

        • bij = i-th bit in j-th block

      • Known as longitudinal redundancy check


    Simple hash functions1

    Hash Functions

    Simple Hash Functions

    • Improvement over the simple bitwise XOR

      • Initially set the n-bit hash value to zero

      • Process each successive n-bit block of data as follows

        • Rotate the current hash value to the left by one bit

        • XOR the block into the hash value


    Birthday attack

    Birthday Attack

    Birthday Attack

    • If the adversary can generate 2m/2 variants of a valid message and an equal number of fraudulent messages

    • The two sets are compared to find one message from each set with a common hash value

    • The valid message is offered for signature

    • The fraudulent message with the same hash value is inserted in its place

    • If a 64-bit hash code is used, the level of effort is only on the order of 232

    • Conclusion: the length of the hash code must be substantial


    Message authentication and hash functions

    Birthday Attack

    Generating 2m/2 Variants of Valid Messages

    • Insert a number of

    • “space-backspace-space”

    • character pairs between

    • words throughout the

    • document.

    • Variations could then be

    • generated by substituting

    • “space-backspace-space”

    • in selected instances

    • Alternatively, simply

    • reword the message but

    • retain the meaning


    Brute force attack of hash functions

    Security of Hash Functions and MACs

    Brute-Force Attack of Hash Functions

    • Three desirable properties of hash functions

      • One-way: For any given code h, it is computationally infeasible to find x s.t. H(x) = h

      • Weak collision resistance: For any given block x, it is computationally infeasible to find y  x s.t. H(y) = H(x)

      • Strong collision resistance: It is computationally infeasible to find any pair (x, y) s.t. H(y) = H(x)

    • Brute-force attack on n-bit hash code

      • One-way and weak collision require 2n effort

      • Strong collision requires 2n/2 effort

      •  If strong collision resistance is required (and this is desirable for a general-purpose secure hash code), 2n/2 determines the strength of hash code against brute-force attack

      • Currently, two most popular hash codes, SHA-1 and RIPEMD-160, provide a 160-bit hash code length


  • Login