CIT 380: Securing Computer Systems

1. CIT 380: Securing Computer Systems Modern Cryptography CIT 380: Securing Computer Systems

2. Overview • Cryptographic Checksums • Hash Functions • HMAC • Number Theory Review • Public Key Cryptography • One-Way Trapdoor Functions • Diffie-Helman • RSA • Modern Steganography CIT 380: Securing Computer Systems

3. Hash Functions Checksum to verify data integrity. Hash Function h: AB • Input A: variable length • Output B: fixed length “fingerprint” of input Many inputs produce same output. Example Hash Function • Sum 32-bit words of message mod 232. CIT 380: Securing Computer Systems

4. Hash Function: ASCII Parity ASCII parity bit • ASCII has 7 bits; 8th bit is for “parity” • Even parity: even number of 1 bits • Odd parity: odd number of 1 bits Bob receives “10111101” as bits. • Sender is using even parity; 6 1 bits, so character was received correctly • Note: could be garbled, but 2 bits would need to have been changed to preserve parity • Sender is using odd parity; even number of 1 bits, so character was not received correctly CIT 380: Securing Computer Systems

5. Cryptographic Checksums Hash with authentication/integrity protection • Cannot obtain original message from hash. • Cannot find another message with same hash. Additional Names • Message Authentication Code • Message Digest CIT 380: Securing Computer Systems

6. One-Way Function Function f easy to compute, hard to reverse • Given x, easy to calculate f(x). • Given f(x), hard to compute x. What’s easy and what’s hard? • easy: polynomial time • hard: exponential time • Are there any one-way functions? CIT 380: Securing Computer Systems

7. Cryptographic Checksum Definition A function h: AB such that: • For any x IN A, h(x) is easy to compute. • For any y IN B, it is computationally infeasible to find x IN A such that h(x) = y. • It is computationally infeasible to find x, x´ IN A such that x ≠ x´ and h(x) = h(x´). CIT 380: Securing Computer Systems

8. Collisions If x ≠ x´ and h(x) = h(x´), x and x´ collide. • Pigeonhole principle: if there are n containers for n+1 objects, then at least one container will have 2 objects in it. • Application: suppose n = 5 and k = 3. Then there are 32 elements of A and 8 elements of B, so at least one element of B has at least 4 corresponding elements of A. CIT 380: Securing Computer Systems

9. Hash Function Examples Input • “Cryptography” Output (base64 encoded): • http://www.xml-dev.com/blog/sha1.php • MD5 (128-bit) • 64ef07ce3e4b420c334227eecb3b3f4c • SHA1 (160-bit) • b804ec5a0d83d19d8db908572f51196505d09f98 CIT 380: Securing Computer Systems

10. MD5/ SHA-1 Hash Web site • http://www.fileformat.info/tool/hash.htm CIT 380: Securing Computer Systems

11. Keyed Hash Function Hash function + secret key Why? • Authentication How? • HMAC algorithm • Incorporate key into a keyless hash algorithm. CIT 380: Securing Computer Systems

12. HMAC HMAC = Hash Function + Key Inputs: • h: keyless cryptographic checksum function that takes data in blocks of b bytes and outputs blocks of l bytes. • k:cryptographic key. • k´: k modified to be of length b. • If short, pad with 0 bytes. • If long, hash to length b. CIT 380: Securing Computer Systems

13. HMAC HMAC-h(k, m) = h(k´  opad || h(k´  ipad || m)) •  exclusive or • || concatenation • ipad is 00110110 repeated b times. • opad is 01011100 repeated b times. Security depends on security of hash function h. CIT 380: Securing Computer Systems

14. Current State of Hash Functions MD4, MD5, SHA-0 Collisions (2004) SHA-1 Collisions (2005) • Effort required is 269 instead of 280. No effective pre-image attacks discovered yet. What’s the impact? • Attacker could create two documents. • Document A requires payment of $500. • Document B requires payment of $50,000. • Digital signatures sign MAC, not document. • Both documents have same MAC. Use SHA-256 for now. CIT 380: Securing Computer Systems