200 likes | 411 Views
Hash Algorithms. Yuan Xue. Outline. Review of MAC Why we need hash function Requirement for hash function Hash function overview Hash function usage HMAC. Message Authentication – Lessons learned. Encryption can achieve data confidentiality
E N D
Hash Algorithms Yuan Xue
Outline • Review of MAC • Why we need hash function • Requirement for hash function • Hash function overview • Hash function usage • HMAC
Message Authentication – Lessons learned • Encryption can achieve data confidentiality • Using encryption for data integrity & source authentication faces the following issues • Without a structure, legitimate plaintext can not be identified automatically • Modes of operation provides no data integrity protection • Sometimes only data integrity is required but not confidentiality. And encrypting the whole message introduces unnecessary overhead
Message Authentication – Lessons learned • Error detection code (non-cryptographic checksum) • Provides redundant information for automatically data integrity checking • Using the code directly can only provide integrity protection against data modification due to natural causes, but not malicious alteration • Encrypting the error detection code does not work either • Attackers can identify the messages that generate the same error detection code • Attackers can still change the message without being detected even without knowing the value of the code • Encrypting (message + EDC) still suffers from some attacks.
Message Authentication Code • Cryptographic checksum • Utilize a key in generating the code • MAC = C(K, M) • Two approaches • CBC-based MAC generation algorithm • Hash-based MAC gneration
Message Authentication Code • Summary of Limitations • Use of MAC needs a shared secret key between the communicating parties • MAC does not provide digital signature • CBC-based MAC generation still involves high computation overhead
Motivation for Hash Algorithms • Intuition • Re-examine the non-cryptographic checksum. • Main Limitation • An attack is able to construct a message that matches the checksum • Goal • Design a code where the original message can not be inferred based on its checksum design of hash algorithms.
Requirements for Hash function • A hash function H takes a message M of variable length and transforms it into a fixed-length hash value h • h = H(M) • A hash function H must have the following properties: • One-way property: for any given value h, it is computationally infeasible to find x such that H(x) = h. • Weak collision resistance: for any given message x, it is computationally infeasible to find y ≠ x with H(y) = H(x) • Strong collision resistance: it is computationally infeasible to find any pair (x,y), such that H(x) = H(y).
Overview of Hash Algorithms • MD5 • Message-Digest algorithm 5 • By Ronald Rivest in 1991 based on MD4 • Digest length: 128-bit • Weak collision resistance • Vulnerable to collision attack (no strong collision resistance) • SHA hash functions (all by NSA) • SHA-0 in 1993; 160-bit hash value • SHA-1 in 1995; 160-bit hash value • widely used, once considered as the successor to MD5 • SHA-2 • SHA-224, SHA-256; SHA384; SHA512 • Digest length (based on name) • SHA-0 and SHA-1 are vulnerable to collision attacks • Recent result on SHA-1: collision attack on SHA-1 that would allow an attacker to select at least parts of the message. Ref: http://en.wikipedia.org/wiki/MD5 http://en.wikipedia.org/wiki/SHA_hash_functions
Hash Algorithm Design – MD5 2. Append length (64bits) 1. Append padding bits (to 448 mod 512) 3. Initialize MD buffer Word A = 01 23 45 67 Word B = 89 AB CD EF Word C = FE DC BA 98 Word D = 76 54 32 10
Hash Algorithm Design – MD5 16 steps X[k] = M [q*16+k] (32 bit) Constructed from sine function
The ith 32-bit word in matrix T, constructed from the sine function M [q*16+k] = the kth 32-bit word from the qth 512-bit block of the msg Single step
Hash Function Usage • Used Alone • File integrity verification • Public key fingerprint • Passwd storage • Combined with encryption functions
Confidentiality and authentication Authentication Authentication, digital signature
Authentication, digital signature, confidentiality Authentication (no encryption needed!) Authentication, confidentiality
HMAC • Hash function works with a symmetric key to provide message authentication • Two methods MAC (1) MAC = E [K, H(M)] (2) MAC = H [M||S] Idea for HMAC
HMAC Structure • K+ = K padded with 0 • on the left (b bits in total) • ipad = 00110110 • repeated b/8 times • opad = 01011100 • repeated b/8 times 36 in hex repeated 5C in hex repeated HMAC(K,M) = H[(K+opad)||H[(K+ipad)||M]]