1 / 35

Lecture 8 Overview

Lecture 8 Overview. Secure Hash Algorithm (SHA). SHA-0 1993 SHA-1 1995 SHA-2 2002 SHA-224, SHA-256, SHA-384, SHA-512. SHA-1. 160-bit message digest. A message composed of b bits. Step 1 -- Padding. Padding  the total length of a padded message is multiple of 512

terena
Download Presentation

Lecture 8 Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 8 Overview

  2. Secure Hash Algorithm (SHA) • SHA-0 1993 • SHA-1 1995 • SHA-2 2002 • SHA-224, SHA-256, SHA-384, SHA-512 SHA-1 160-bit message digest A message composed of b bits CS 450/650 Lecture 8: Secure Hash Algorithm

  3. Step 1 -- Padding • Padding the total length of a padded message is multiple of 512 • Every message is padded even if its length is already a multiple of 512 • Padding is done by appending to the input • A single bit, 1 • Enough additional bits, all 0, to make the final 512 block exactly 448 bits long • A 64-bit integer representing the length of the original message in bits CS 450/650 Lecture 8: Secure Hash Algorithm

  4. Padding (cont.) Message 1 0…0 Message length 1 bit 64 bits Multiple of 512 CS 450/650 Lecture 8: Secure Hash Algorithm

  5. Example • M = 01100010 11001010 1001 (20 bits) • Padding is done by appending to the input • A single bit, 1 • 427 0s • A 64-bit integer representing 20 • Pad(M) = 01100010 11001010 10011000 … 00010100 CS 450/650 Lecture 8: Secure Hash Algorithm

  6. Example • Length of M = 500 bits • Padding is done by appending to the input: • A single bit, 1 • 459 0s • A 64-bit integer representing 500 • Length of Pad(M) = 1024 bits CS 450/650 Lecture 8: Secure Hash Algorithm

  7. Step 2 -- Dividing Pad(M) • Pad (M) = B1, B2, B3, …, Bn • Each Bi denote a 512-bit block • Each Bi is divided into 16 32-bit words • W0, W1, …, W15 CS 450/650 Lecture 8: Secure Hash Algorithm

  8. Step 3 – Compute W16 – W79 • To Compute word Wj (16<=j<=79) • Wj-3, Wj-8, Wj-14 , Wj-16 are XORed • The result is circularly left shifted one bit CS 450/650 Lecture 8: Secure Hash Algorithm

  9. Step 4 – Initialize A,B,C,D,E • A = H0 • B = H1 • C = H2 • D = H3 • E = H4 CS 450/650 Lecture 8: Secure Hash Algorithm

  10. Initialize 32-bit words • H0 = 67452301 • H1 = EFCDAB89 • H2 = 98BADCFE • H3 = 10325476 • H4 = C3D2E1F0 • K0 – K19 = 5A827999 • K20 – K39 = 6ED9EBA1 • K40 – K49 = 8F1BBCDC • K60 – K79 = CA62C1D6 CS 450/650 Lecture 8: Secure Hash Algorithm

  11. Step 5 – Loop For j = 0 … 79 TEMP = CircLeShift_5 (A) + fj(B,C,D) + E + Wj + Kj E = D; D = C; C = CircLeShift_30(B); B = A; A = TEMP Done +  addition (ignore overflow) CS 450/650 Lecture 8: Secure Hash Algorithm

  12. Four functions • For j = 0 … 19 • fj(B,C,D) = (B AND C) OR ( B AND D) OR (C AND D) • For j = 20 … 39 • fj(B,C,D) = (B XOR C XOR D) • For j = 40 … 59 • fj(B,C,D) = (B AND C) OR ((NOT B) AND D) • For j = 60 … 79 • fj(B,C,D) = (B XOR C XOR D) CS 450/650 Lecture 8: Secure Hash Algorithm

  13. Step 6 – Final • H0 = H0 + A • H1 = H1 + B • H2 = H2 + C • H3 = H3 + D • H4 = H4 + E CS 450/650 Lecture 8: Secure Hash Algorithm

  14. Done • Once these steps have been performed on each 512-bit block (B1, B2, …, Bn) of the padded message, • the 160-bit message digest is given by H0 H1 H2 H3 H4 CS 450/650 Lecture 8: Secure Hash Algorithm

  15. SHA CS 450/650 Lecture 8: Secure Hash Algorithm

  16. Lecture 9 Digital Signatures CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Hesham El-Rewini

  17. Digital Signatures • A digital signature can be interpreted as indicating the signer’s agreement with the contents of an electronic document • Similar to handwritten signatures on physical documents CS 450/650 Lecture 9: Digital Signatures

  18. Digital Signature Properties • Unforgeable: Only the signer can produce his/her signature • Authentic: A signature is produced only by the signer deliberately signing the document CS 450/650 Lecture 9: Digital Signatures

  19. Digital Signature Properties • Non-Alterable: A signed document cannot be altered without invalidating the signature • Non-Reusable: A signature from one document cannot be moved to another document • Signatures can be validated by other users • the signer cannot reasonably claim that he/she did not sign a document bearing his/her signature CS 450/650 Lecture 9: Digital Signatures

  20. Digital Signature Using RSA • The RSA public-key cryptosystem can be used to create a digital signature for a message m • Asymmetric Cryptographic techniques are well suited for creating digital signatures • The signer must have an RSA public/private key pair • c = Me mod n • M = cd mod n CS 450/650 Lecture 9: Digital Signatures

  21. Signature Generation (Signer) Message Redundancy Function Formatted Message Encrypt Private Key Signature CS 450/650 Lecture 9: Digital Signatures

  22. Signature Verification Signature Public Key Decrypt Formatted Message Verify Message CS 450/650 Lecture 9: Digital Signatures

  23. Example • Generate signature S • d = 53 • e = 413 • n = 629 • m = 250 • Assume that R(X) = X • S = R(m)e mod n • S = 25053 mod 629 = 411 CS 450/650 Lecture 9: Digital Signatures

  24. Example • Verify signature with message recovery • Public key (e) = 413 • n = 629 • S = 411 • R(m) = Se mod n • R(m) = 411413 mod 629 = 250 • Verifier checks that R(m) has proper redundancy created by R (none in this case) • m = R-1(m) = 250 CS 450/650 Lecture 9: Digital Signatures

  25. Creating a forged signature • Choose a random number between 0 and n-1 for S • S = 323 • Use the signer’s public key to decrypt S • R(m) = 323413 mod 629 = 85 • Invert R(m) to m: m = 85 • A valid signature (323) has been created for a random message (85) CS 450/650 Lecture 9: Digital Signatures

  26. Redundancy Function • The choice of a poor redundancy function can make RSA vulnerable to forgery • A good redundancy function should make forging signatures much harder CS 450/650 Lecture 9: Digital Signatures

  27. Example • generate signature S • d = 53 • e = 413 • n = 629 • m = 7 • Assume that R(X) = XX • S = R(m)e mod n • S = 7753 mod 629 = 25 CS 450/650 Lecture 9: Digital Signatures

  28. Example • verify signature with message recovery • Public key (e) = 413 • n = 629 • S = 25 • R(m) = Se mod n • R(m) = 25413 mod 629 = 77 • The verifier then checks that R(m) is of the form XX for some message X • m = R-1(m) = 7 CS 450/650 Lecture 9: Digital Signatures

  29. Forging signature (revisited) • Choose a random number between 0 and n-1 for S • S = 323 • Use the signer’s public key to decrypt S • R(m) = 323413 mod 629 = 85 • However, 85 is not a legal value for R(m) • so S = 323 is not a valid signature CS 450/650 Lecture 9: Digital Signatures

  30. Privacy • Signature provides only authenticity. • How can we provide privacy in addition? CS 450/650 Fundamentals of Integrated Computer Security

  31. Simple Scenario of Digital Signature

  32. Getting a Message Digest from a document Hash Message Digest CS 450/650 Lecture 9: Digital Signatures

  33. Generating Signature Message Digest Signature Encrypt using private key CS 450/650 Lecture 9: Digital Signatures

  34. Appending Signature to document Append Signature CS 450/650 Lecture 9: Digital Signatures

  35. Verifying Signature Hash Message Digest Message Digest Decrypt using public key CS 450/650 Lecture 9: Digital Signatures

More Related