1 / 40

CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS. Contents. CRYPTOGRAPHIC HASH FUNCTIONS MESSAGE AUTHENTICATION CODES DIGITAL SIGNATURES. 1. CRYPTOGRAPHIC HASH FUNCTIONS. Applications of Cryptographic Hash Functions Two Simple Hash Functions Requirements and Security

sinjin
Download Presentation

CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

  2. Contents • CRYPTOGRAPHIC HASH FUNCTIONS • MESSAGE AUTHENTICATION CODES • DIGITAL SIGNATURES

  3. 1. CRYPTOGRAPHIC HASH FUNCTIONS • Applications of Cryptographic Hash Functions • Two Simple Hash Functions • Requirements and Security • Hash Functions Based on Cipher Block Chaining • Secure Hash Algorithm (SHA) • SHA-3

  4. KEY POINTS • A hash function maps a variable-length message into a fixed-length hash value, or message digest. • Virtually all cryptographic hash functions involve the iterative use of a compression function. • The compression function used in secure hash algorithms falls into one of two categories: a function specifically designed for the hash function or an algorithm based on a symmetric block cipher. SHA and Whirlpool are examples of these two approaches, respectively.

  5. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h=H(M). A “good” hash function has the property that the results of applying the function to a large set of inputs will produce outputs that are evenly distributed and apparently random. • A cryptographic hash function is an algorithm for which it is computationally infeasible (because no attack is significantly more efficient than brute force) to find either (a) a data object that maps to a pre-specified hash result (the one-way property) or (b) two data objects that map to the same hash result (the collision-free property).

  6. APPLICATIONS OF CRYPTOGRAPHIC HASH FUNCTIONS Message Authentication The message plus concatenated hash code is encrypted using symmetric encryption. Because only A and B share the secret key, the message must have come from A and has not been altered. The hash code provides the structure or redundancy required to achieve authentication. Because encryption is applied to the entire message plus hash code, confidentiality is also provided

  7. Message Authentication (cont.) • Only the hash code is encrypted, using symmetric encryption. This reduces the processing burden for those applications that do not require confidentiality.

  8. Message Authentication (cont.) • It is possible to use a hash function but no encryption for message authentication. The technique assumes that the two communicating parties share a common secret value S. A computes the hash value over the concatenation of M and S and appends the resulting hash value to M. Because B possesses S, it can recompute the hash value to verify. Because the secret value itself is not sent, an opponent cannot modify an intercepted message and cannot generate a false message.

  9. Message Authentication (cont.) • Confidentiality can be added to the approach of method (c) by encrypting the entire message plus the hash code.

  10. Digital Signatures

  11. SECURE HASH ALGORITHM (SHA)

  12. 2. MESSAGE AUTHENTICATION CODES • Message Authentication Requirements • Message Authentication Functions • Requirements for Message Authentication Codes • Security of MACs • MACs Based on Hash Functions: HMAC • MACs Based on Block Ciphers: DAA and CMAC • Authenticated Encryption: CCM and GCM • Pseudorandom Number Generation Using Hash Functions and Macs

  13. KEY POINTS • Message authentication is a mechanism or service used to verify the integrity of a message. Message authentication assures that data received are exactly as sent by (i.e., contain no modification, insertion, deletion, or replay) and that the purported identity of the sender is valid. • Symmetric encryption provides authentication among those who share the secret key.

  14. KEY POINTS (cont.) • A message authentication code (MAC) is an algorithm that requires the use of a secret key. A MAC takes a variable-length message and a secret key as input and produces an authentication code. A recipient in possession of the secret key can generate an authentication code to verify the integrity of the message. • One means of forming a MAC is to combine a cryptographic hash function in some fashion with a secret key. • Another approach to constructing a MAC is to use a symmetric block cipher in such a way that it produces a fixed-length output for a variable-length input.

  15. MESSAGE AUTHENTICATION REQUIREMENTS • Disclosure: Release of message contents to any person or process not possessing the appropriate cryptographic key. • Traffic analysis: Discovery of the pattern of traffic between parties… • Masquerade: Insertion of messages into the network from a fraudulent source … • Content modification: Changes to the contents of a message, including insertion, deletion, transposition, and modification.

  16. MESSAGE AUTHENTICATION REQUIREMENTS (cont.) • Sequence modification: Any modification to a sequence of messages between parties, including insertion, deletion, and reordering. • Timing modification: Delay or replay of messages. • Source repudiation: Denial of transmission of message by source. • Destination repudiation: Denial of receipt of message by destination.

  17. MESSAGE AUTHENTICATION FUNCTIONS • Hash function: A function that maps a message of any length into a fixed-length hash value, which serves as the authenticator. • Message encryption: The ciphertext of the entire message serves as its authenticator. • Message authentication code (MAC): A function of the message and a secret key that produces a fixed-length value that serves as the authenticator.

  18. Basic Uses of Message Encryption

  19. Message Authentication Code

  20. Basic Uses of Message Authentication code (MAC)

  21. SECURITY OF MACS • Brute-Force Attacks • Cryptanalysis

  22. MACS BASED ON HASH FUNCTIONS: HMAC

  23. Security of HMAC

  24. MACS BASED ON BLOCK CIPHERS: DAA AND CMAC

  25. Cipher-Based Message Authentication Code (CMAC)

  26. AUTHENTICATED ENCRYPTION: CCM AND GCMCounter with Cipher Block Chaining-Message Authentication Code (CCM)

  27. Counter with Cipher Block Chaining-Message Authentication Code (CCM) (cont.)

  28. 3. DIGITAL SIGNATURES • Digital Signatures • ElGamal Digital Signature Scheme • Schnorr Digital Signature Scheme • Digital Signature Standard

  29. KEY POINTS • A digital signature is an authentication mechanism that enables the creator of a message to attach a code that acts as a signature. Typically the signature is formed by taking the hash of the message and encrypting the message with the creator’s private key. The signature guarantees the source and integrity of the message. • The digital signature standard (DSS) is an NIST standard that uses the secure hash algorithm (SHA).

  30. DIGITAL SIGNATURES

  31. Simplified Depiction of Essential Elements of Digital Signature Process

  32. ELGAMAL DIGITAL SIGNATURE SCHEME

  33. DIGITAL SIGNATURE STANDARD

  34. The Digital Signature Algorithm (DSA)

More Related