2.3: Hash Functions Message Digest (MD) MD2, MD4, MD5. Chapter 4: Security on the Application Layer Chapter 5: Security Concepts for Networks

Similar documents
Network Security. Security. Security Services. Crytographic algorithms. privacy authenticity Message integrity. Public key (RSA) Message digest (MD5)

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Message Authentication

Computer Security: Principles and Practice

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Authentication requirement Authentication function MAC Hash function Security of

Public Key Cryptography Overview

Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015

Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

SECURITY IN NETWORKS

Client Server Registration Protocol

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Network Security. HIT Shimrit Tzur-David

An Introduction to Cryptography as Applied to the Smart Grid

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

Overview of Symmetric Encryption

CSE/EE 461 Lecture 23

Cryptography and Network Security Chapter 11. Fourth Edition by William Stallings

Chapter 7: Network security

Introduction to Computer Security

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

Public Key (asymmetric) Cryptography

Cryptography and Network Security Chapter 12

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

AN IMPLEMENTATION OF HYBRID ENCRYPTION-DECRYPTION (RSA WITH AES AND SHA256) FOR USE IN DATA EXCHANGE BETWEEN CLIENT APPLICATIONS AND WEB SERVICES

Lecture 9: Application of Cryptography

Properties of Secure Network Communication

CRYPTOGRAPHY IN NETWORK SECURITY

Hash Functions. Integrity checks

IT Networks & Security CERT Luncheon Series: Cryptography

Monitoring Data Integrity while using TPA in Cloud Environment

The Misuse of RC4 in Microsoft Word and Excel

Application Layer (1)

Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

Cryptography Lecture 8. Digital signatures, hash functions

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

SSL A discussion of the Secure Socket Layer

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 13

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Network Security Technology Network Management

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key

Encryption, Data Integrity, Digital Certificates, and SSL. Developed by. Jerry Scott. SSL Primer-1-1

Network Security: Secret Key Cryptography

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

4.2: Kerberos Kerberos V4 Kerberos V5. Chapter 5: Security Concepts for Networks. Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme

How To Protect Your Data From Attack

Chapter 10. Network Security

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch

PGP - Pretty Good Privacy

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

WIRELESS LAN SECURITY FUNDAMENTALS

Common Pitfalls in Cryptography for Software Developers. OWASP AppSec Israel July The OWASP Foundation

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

Network Security. Omer Rana

Implementation and Comparison of Various Digital Signature Algorithms. -Nazia Sarang Boise State University

What is network security?

Network Security. Modes of Operation. Steven M. Bellovin February 3,

Chapter 8 Security. IC322 Fall Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Message Authentication Codes

Using etoken for SSL Web Authentication. SSL V3.0 Overview

7! Cryptographic Techniques! A Brief Introduction

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

CS 758: Cryptography / Network Security

CSCE 465 Computer & Network Security

Principles of Network Security

CSCE 465 Computer & Network Security

Keywords : audit, cloud, integrity, station to station protocol, SHA-2, third party auditor, XOR. GJCST-B Classification : C.2.4, H.2.

Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols

Cryptographic Hash Functions Message Authentication Digital Signatures

CIS433/533 - Computer and Network Security Cryptography

4.1: Securing Applications Remote Login: Secure Shell (SSH) PEM/PGP. Chapter 5: Security Concepts for Networks

Public Key Cryptography and RSA. Review: Number Theory Basics

Fundamentals of Computer Security

Practice Questions. CS161 Computer Security, Fall 2008

CS Computer Security Eleventh topic: Hashes and sign

AStudyofEncryptionAlgorithmsAESDESandRSAforSecurity

Techniques of Asymmetric File Encryption. Alvin Li Thomas Jefferson High School For Science and Technology Computer Systems Lab

Chapter 8 Network Security. Slides adapted from the book and Tomas Olovsson

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

Cryptography & Digital Signatures

Lukasz Pater CMMS Administrator and Developer

Advanced Authentication

IPsec Details 1 / 43. IPsec Details

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Authentication, digital signatures, PRNG

An Introduction to Cryptography and Digital Signatures

Digital Signature For Text File

Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

How To Understand And Understand The History Of Cryptography

CSCI-E46: Applied Network Security. Class 1: Introduction Cryptography Primer 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING

Kerberos. Login via Password. Keys in Kerberos

Lecture 6 - Cryptography

Public Key Cryptography: RSA and Lots of Number Theory

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Transcription:

Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer 2.3: Hash Functions Message Digest (MD) MD2, MD4, MD5 Chapter 4: Security on the Application Layer Chapter 5: Security Concepts for Networks Page 1

Hash Functions Lehrstuhl für Informatik 4 A cryptographic hash function (also called message digest) is a one-way transformation: h: message m of arbitrary length fixed length value h(m) Properties: For any message m, it is easy to compute h(m) Given h(m), there is no way (cheaper than brute force) to find a m that hashes to h(m) It is computationally impossible to find two different m and m which hash to the same value h(m) It is necessary for the transformation that the output must not be predictable: If 1000 inputs are selected at random, any particular bit in the 1000 resulting outputs should be 1 about half the time Each output should have about 50% of 1 bits (with high probability) If two inputs differ only by one bit, the outputs should look like independently chosen random numbers Message k Message 2 Message 1 hash value Many messages map to the same hash value Page 2

Message Digest The output should not be predictable But: It is still possible that two outputs have the same value although the inputs were different Birthday Problem: For a single person P1, there are n = 365 possible birthdays The probability p 1 of having birthday at one of the days is n/n For the second person P2, there are 364 (i.e. n-1) possibilities to have birthday at n ( n 1) a day different from P1; the probability for this is p2 = n n Generailzing - the probability of having birthday on different days for r people: p r n! = r ( n r )! n The probability of a match is 1 - p r On the average, a match will occur after n steps p r ½forr 23 (for the birthday problem) Page 3

Message Digest If the message digest has k bits (i.e. 2 k different message digests exist), it would take 2 k/2 messages, chosen at random, to create two outputs with identical values k 128 because it was considered infeasible to test 2 64 messages with brute force If somebody is able (or maybe by pure luck) to create two different messages with the same 128 bit MD, the whole algorithm for MD construction is considered null and void! History With RSA it is possible to digitally sign a message (signature encrypt a message with the private key) But: computing a signature for a long message with RSA is slow Idea: sign message digest rather than the original message Message digest algorithms started with public key cryptography (after the invention of RSA) Note: MD is even used when the message is transmitted in plain text just to ensure integrity Page 4

Application of a Message Digest: Authentication Authentication using a message digest: Alice and Bob share a secret K AB Alice wants to know, if Bob is still alive : Alice sends a challenge r A (a random number) Bob concatenates the secret K AB with r A and calculates a message digest MD(K AB r A ) Bob sends MD(K AB r A ) to Alice, and Alice checks the result (apply the same procedure) Same procedure is applied in the other direction with a challenge r B Alice Bob r A MD(K AB r A ) r B MD(K AB r B ) Page 5

Application of a Message Digest: Message Integrity Code Use Message Digest to generate a MIC: Only the appropriate sender is able to compute the appropriate MIC for a message m Obviously, MD(m) is not a MIC for m, since anyone can compute MD(m) Compute a MIC considering a secret key K AB (same trick as for authentication): Alice m, MD(m K AB ) Bob ok or error The MIC can only be computed if K AB is known, i.e. can only be computed and checked for correctness by Alice and Bob Page 6

Application of a Message Digest: Encryption Use Message Digest for encryption: Problem: Message digest algorithms are not reversible Idea: Generate (pseudo) random numbers using Message Digest and use Vernam Cipher (XOR message and random bit stream) Alice and Bob need a shared secret K AB : b 1 = MD(K AB IV) c 1 = m 1 b 1 b 2 = MD(K AB b 1 ) c 2 = m 2 b 2 b 3 = MD(K AB b 2 ) c 3 = m 3 b 3.................. b n = MD(K AB b n-1 ) c n = m n b n Necessary: partition of the message into chunks m 1, m 2,... whose length is identical to the MD length Alice and Bob can compute b i in advance and need a different IV for further encryption, since it is not secure to use the same bit stream twice Variant: use c i in computing the MD rather than b i Page 7

How to compute a Message Digest? First idea: convert a secret key algorithm into a message digest algorithm for arbitrary messages Used e.g. to store hashes of UNIX passwords instead of the passwords itselves Given: A secret key algorithm with key bits and message block length b bits (e.g. DES: k=56 and b=64). Chunk 1 Chunk 2 m 1 m 2 key key constant of length k encrypt encrypt Algorithm: Split message m into k-bit chunks m 1, m 2,... : : Use m 1 as a key to encrypt a constant Use m 2 to encrypt the previous result message digest... Use the final b-bit result as message digest Problem: 64 bit message digest is too short (see birthday problem) Generate a second 64-bit quantity using the chunks m 1, m 2,... e.g. in reverse order Page 8

Message Digest 2 (MD2) Need for a cryptographically secure message digest function Ron Rivest developed MD2 (RFC 1319), MD4 (RFC 1320), MD5 (RFC 1321) Later: SHS (Secure Hash Standard) MD was proprietary and was never published, MD3 was superseeded by MD4 MD2 overview: The Input to MD is a message with an arbitrary number of bytes The message is padded to be a multiple of 16 bytes A 16-byte quantity called checksum is appended The MD is computed in a final pass Page 9

MD2 Padding Lehrstuhl für Informatik 4 There must always be padding (even if the length of the original message is a multiple of 16 bytes) If the length of message is a multiple of 16 bytes then add 16 bytes of padding Else add the necessary number of bytes to make the message a multiple of 16 bytes Each padding byte contains the number of padding bytes: original message padding r Bytes (1 r 16) each containing r This trick allows to detect the end of the message multiple of 16 bytes... 5 5 5 5 5 43 bytes End of the message, begin of padding Page 10

MD2 Checksum Computation The checksum is similar to a message digest, but not cryptographically secure It is a 16-byte value C = C 0 C 1 C 15, computed as follows: C is set to 0 Process message one byte M n a time Let m = n mod 16. Byte C m of the checksum depends on byte M n of the message, byte C m-1 of the checksum and the previous value of byte C m : padded message M n n-th byte π substitution checksum 16-byte checksum (n - 1 mod 16)-th byte Cm-1 Cm C m := C m π(c m-1 M n ) after processing whole message, append final checksum The MD2 π substitution is specified in a certain table Page 11

MD2 Final Pass Lehrstuhl für Informatik 4 Input: the message M with 16-byte checksum Algorithm: Initialize a 48-byte block X = X 0, X 1, X 2,,X 47 Initialize the first 16 bytes of X to 0 Process M in 16-byte chunks: Set the second 16 bytes in X to the current message chunk Set the last 16 byte in X to the XOR of the former both parts. Use a compression function to compute an intermediate state for X: perform 18 passes, in each pass modifying all 48 byte Repeat for each 16-byte chunk in M with the result for X 0...X 15 from the previous round Output after processing all chunks in M: MD = X 0...X 15 Page 12

MD2 Compression Function 16-byte message chunk padded message with appended 16-byte checksum Initial value = 0 X 0 X 15 = MD intermediate X 16 X 31 X 32 X 47 = X 0 X 15 X 16 X 31 perform for each message chunk: Byte -1 : Initial value: 0 After pass i: Byte -1 = Byte 47 + i mod 256 + pass number (0-17) Byte n-1 Byte n Byte 47 π substitution for n = 0 to 47 C n := C n π(c n-1 ) for next message block discarded Final MD2 after 18 passes for each message chunk Page 13

MD4 Works on 32-bit-words (faster processing on modern CPUs than MD2) The MD has a length of 128 bit Message has to be a multiple of 512 bit (sixteen 32-bit-words): The original message is padded by adding a '1' bit, followed by '0' bits A 64-bit length value for the unpadded message, mod 2 64, is appended padding original message 1-512 bit 64 bit 100 000 message length in bit multiple of 512 bit The message is processed in 512-bit chunks (sixteen 32-bit words) The message digest is initialized with a defined intermediate value Each step in the message digest computation takes the current intermediate digest value and modifies it using the next chunk of the message Each step consists of three passes Page 14

MD4 Passes Lehrstuhl für Informatik 4 Pass 1: Selection function Calculation bases on function F(x,y,z) = (x y) (~x z) ~xis the bitwise complement of x F operates on three parameters of 32 bit, thus one chunk is processed in 16 parts Pass 2: Majority function Output of pass 1 is used as input for pass 2 Calculation bases on function G(x,y,z) = (x y) (x z) (y z) Pass 3: Final function Output of pass 2 is used as input of pass 3 Calculation bases on function H(x,y,z) = x y z The output of pass 3 is used as input for pass 1 for processing the next message chunk Page 15

MD5 Somebody found a weakness in MD4 if only two passes were uese Thus: develop stronger algorithm: MD5 MD5 is very similar to MD4, but was designed to be less performant regarding speed and more concerned with security Padding in MD5 is identical to the padding in MD4 The major differences are: MD4 consists of three passes for each 16-byte chunk of the message. MD5 makes four passes for each 16-byte chunk. The functions are slightly different, e.g. number of bits in shift operations MD4 has two constants, one in pass 2, and another in pass 3. MD5 uses a different constant T i for each message word on each pass. Since there are 4 passes, each of which covers 16 messages, there are 64 32-bit constants used in MD5: T i = 2 32 sin(i) for i = 1.. 64 Page 16

MD5 Passes Lehrstuhl für Informatik 4 Pass 1: Selection function Calculation bases on function F(x,y,z) = (x y) (~x z) Pass 2: Second selection function Calculation bases on function G(x,y,z) = (x z) (y ~z) Pass 3: First modification function Calculation bases on function H(x,y,z) = x y z Pass 4: Second modification function Calculation bases on function I(x,y,z) = y (x ~z) MD5 is seen as more secure than MD4, but: why exactly 4 passes were chosen? Page 17

Intermediate Conclusion Several basic security techniques are well researched: Secret Key Cryptography Encryption of messages based on a symmetric key Standard methods: DES, 3DES, AES Public Key Cryptography Usage of an asymmetric key E.g. RSA Slower than secret key cryptography, thus not useful in encryption Useful for secret key exchange, digital signatures, authentication Hash functions Computation of a message digest, e.g. for message integrity, authentication E.g. MD5 But: how to construct authentication systems which can make use of these techniques? Page 18

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information