1 / 26

MESSAGE AUTHENTICATION and HASH FUNCTIONS - Chapter 11

• Masquerade – message insertion, fraud, ACK • Content Modification • Sequence Modification – insertion, deletion, re-ordering • Timing Modification – delay, replay. MESSAGE AUTHENTICATION and HASH FUNCTIONS - Chapter 11.

lowri
Download Presentation

MESSAGE AUTHENTICATION and HASH FUNCTIONS - Chapter 11

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. • Masquerade – message insertion, fraud, ACK • Content Modification • Sequence Modification – insertion, deletion, re-ordering • Timing Modification – delay, replay MESSAGE AUTHENTICATION and HASH FUNCTIONS - Chapter 11

  2. • Message Encryption – EK (M) • Message Authentication Code (MAC) – CK(M) • Hash Function – H(M) AUTHENTICATION

  3. BASIC USES OF MESSAGE ENCRYPTION

  4. INTERNAL AND EXTERNAL ERROR CONTROL

  5. Fig 11.1a : Legitimacy test at B (intelligible) - small subset of plaintext legitimate - structured Fig 11.2a : Structured redundancy via FCS - internal ECC - authentication Fig 11.2b : External ECC – opponent can construct code words - authentication Any ’structure’ will do e.g. Fig 11.3 STRUCTURE

  6. BASIC USES OF MESSAGE ENCRYPTION

  7. Fig 11.1b : Confidentiality Fig 11.1c : Authentication - plaintext needs structure Signature - only A could have sent, not even B Fig 11.1 : Confidentality / Authentication Table 11.1 PUBLIC-KEY

  8. TCP SEGMENT

  9. BASIC USES of MESSAGE AUTHENTICATION CODE (MAC)

  10. A, B share key, K MAC =CK(M) Transmit message + MAC (Fig 11.4a) MAC not necessarily reversible - less vulnerable than encryption MAC

  11. BASIC USES of MESSAGE AUTHENTICATION CODE (MAC)

  12. Figs 11.4b and 11.4c - Two separate keys (Table 11.2) - Fig 11.4b preferred Use MAC, not conventional Encryption - MAC gives no signature - sender/receiver share key Authentication + Confidentiality

  13. Broadcast message – one destination monitors authenticity • 2. Heavy load – selective authentication • 3. SporadicAuthentication of computer program • 4. Secrecy Unimportant • 5. Separation of authentication and confidentiality • - flexible • 6. Prolong protection against modification Authentication + ConfidentialitySCENARIOS

  14. BASIC USES OF HASH FUNCTION

  15. BASIC USES OF HASH FUNCTION

  16. HASH FUNCTIONS variable size  fixed size M  H(M)  M|H(M) (error detection) Fig 11.5 – Table 11-3 (b) and (c) require less computation (e) - no encryption

  17. FOR AUTHENTICATION: COMPARE HASH WITH ENCRYPTION • Encryption is: • Slow • Costly in hardware • Optimised for large data blocks • Patented • Export control

  18. MAC MAC = CK(M) many-to-one, domain is arbitrary length Attack: MAC collisions : 2k keys, 2n MACs, 2n < 2k Many keys for one MAC : opponent cannot choose Opponent must iterate attack for many MACs: Round 1 : 2k-n keys Round 2 : 2k-2n keys .. .. .. Round r : 1 key

  19. MAC PROPERTIES Given M and CK(M), too much work to construct M’ such that, CK(M’) = CK(M) 2. CK(M) uniformly distributed: pr(CK(M) = CK(M’)) = 2-n

  20. DATA AUTHENTICATION ALGORITHM (CBC Mode)

  21. HASH FUNCTIONS h = H(x) - file fingerprint Properties: 1. Any size input 2. Fixed-size output 3. H(x) easy to compute 4. Infeasible to compute x given h – (one-way) – 2n 5. (Weak Collision Resistance) – 2n Given x, infeasible to compute y not equal to x such that, H(y) = H(x) - prevents forgery 6. (Strong Collision Resistance) – 2n/2 Infeasible to find (x,y) such that H(x) = H(y) - Birthday Attack

  22. BIRTHDAY ATTACK Given M , find M’ such that H(M’) = H(M) ~ 2n-1 hashes But (Fig 11.5c), • Prepare 2n/2 variations of M • Prepare 2n/2 variations of M’ • Search for H(M) = H(M’) • Pr(success) > 0.5 using 2n/2 hashes • A signs M  H(M) • Opponent substitutes M’ for M • A encrypts M’|H(M)

  23. MEET-IN-THE-MIDDLE ATTACK • Block Chaining Given M = M1 | M2 | ………| MN H0 = init Hi = EMi[Hi-1] G = HN Opponent has M and encrypted signature, G • Construct arbitrary message Q1 | Q2 | …….| QN-2 • Compute Hi = EQi[Hi-1] up to HN-2 • Find X,Y such that EX[HN-2] = DY[G] (prob 2n/2) • Construct Q1 | Q2 | ….| QN-2 | X | Y = M’ • Substitute M’ for M

  24. BRUTE-FORCE ATTACKS Hash : 2n/2 MAC : min(2k,2n) - like symmetric encryp.

  25. SECURE HASH CODE If compression function collision-resistant then so is iterated hash function

  26. THE BIRTHDAY PARADOX

More Related