1 / 21

Theory of Computation II

Theory of Computation II. Topic presented by: Alberto Aguilar Gonzalez. Problem. You are designing a banking application that will be accessed by thousands of users. Security of passwords is a key factor. Protect from people outside and inside the organization

suchi
Download Presentation

Theory of Computation II

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Theory of Computation II Topic presented by: Alberto Aguilar Gonzalez

  2. Problem • You are designing a banking application that will be accessed by thousands of users. • Security of passwords is a key factor. • Protect from people outside and inside the organization • How do you store passwords in the database?

  3. One Approach • Encrypt passwords using a key. • When the information is needed, decrypt it using same key! • Example (very simple): • Given a character, encrypt it by replacing it with other. What is the idea? IDEA: “hi” = decrypt(encrypt(“hi”))

  4. What is the problem with this approach? • If someone accesses this database and knows the key (even people from IT or support), all passwords would be revealed!

  5. A better approach One-way hash functions (The talk is about this) ONEWAY

  6. One way function • A function y = f(x) is one way if it is easy to compute y from x but “hard” to compute x from y • However, nobody has proved that such function exist! • A possible definition is: • f(x) can be obtained in polynomial time • f -1(x) is NP-hard

  7. An example of one-way functions • Unique factorization Theorem: Every integer has a unique factorization as product of primes. • Factoring Given two large prime numbers u, v, consider y = f(u, v) = u * v. It is polynomial time computable. • However, given y, can we calculate u and v easily? NO

  8. Hash function • Map a message of variable length m to a fingerprint of fixed n bits, and m >= n • Fundamental properties: • Compression • Easy to compute • Can be used to detect changes since a modification (even a bit) would change the hash value.

  9. One-way hash functions Input • y = h(x) where • Given x, calculating h(x) is easy • Given y, calculating anyx such that y=h(x) is hard, AND • y is fixed length independent of the size of x (a compression function is needed for large inputs) Output

  10. Two questions • Is it easy to come up with new one-way hash functions? • What do we need to build such functions? • Easy to compute (in general, it is a public algorithm) • Hard to invert (2n different output!) • Compression function • Collision resistant

  11. Collision • Given x1, x2, and a hash function h, a collision exists if h(x1) = h(x2) • Is this possible? • YES, why? • It is a many-to-one function! The input domain is greater that the output domain. • Therefore, good one-way hash functions should be collision resistant! Collision resistant?

  12. The Birthday paradox • Consider the probability Q1(n, d) that no two people out of a group of n will have matching birthdays out of d equally possible birthdays. Probabilty that two do have same birthday • In general, let Qi(n, d) denote the probability that a birthday is shared by i people out of a group of n people, then the probability that a birthday is shared by k or more people. http://mathworld.wolfram.com/BirthdayProblem.html

  13. …birthday paradox • An approximation for the minimum number of people needed to get 50-50 chance that two have a match within k days out of d possible is given by: • How many people do we need in this classroom for a 50-50 chance? What about OWHFs? (Sevast'yanov 1972, Diaconis and Mosteller 1989).

  14. Birthday attacks for OWHFs • Given y = h(x), where y is length-fixed of n bits, 2n outputs can be obtained. • Since x is of variable length, and |x| > |y| in some cases. h(x) is a many-to-one function! • How many attempts are necessary so that h(x1)=h(x2) (probability of success >= 0.5)? • Use the formula we just explained! • Let d = 2n, and k = 0

  15. To be collision resistant, how big should n be? • 64-bits is now regarded as too small, 128-512 proposed

  16. General structure of OWHF’s arbitrary length input Input iterated compression function optional transformation Output fixed length output output

  17. Details original input x preprocessing append padding bits append length block formatted input x1, x2... xt iterated processing compression function f xi  Hi Hi-1 H0=IV Ht g output h(x)=g(Ht)

  18. Two known OWHF’s • MD5 • From Ronald Rivest (the R from RSA) [1992] • Produce a 128-bit hash value • MD5 is widely used, however collisions were detected (Wang, 2004). • SHA1 • Designed by the National Institute of Standards and Technology (NIST), as an “upgrade” from MD5 • Produces 160-bit hash values

  19. Going back to our problem • Save a pair <user, hash_of_passw> • <user01, 9dd4e461268c8034f5c8564e155c67a6> • Now, if somebody (inside or outside) access passwords table each entry should be attacked individually! • An authentication algorithm would look as follows: if MD5(passw_typed) == hash_of_passw CorrectPassword = true else CorrectPassword = false

  20. Other uses • Digital signatures • Antivirus • Software validation • Used to store passwords in some Linux implementations

  21. Thank you Questions? What #$!@ is he talking about? mmm… Z Z z…

More Related