Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Similar documents
Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Hash Functions. Integrity checks

Message Authentication

Cryptography and Network Security Chapter 12

Computer Security: Principles and Practice

Authentication requirement Authentication function MAC Hash function Security of

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Lecture 9: Application of Cryptography

IT Networks & Security CERT Luncheon Series: Cryptography

Cryptography and Network Security Chapter 11. Fourth Edition by William Stallings

Cryptography and Network Security Digital Signature

CIS433/533 - Computer and Network Security Cryptography

Public Key Cryptography Overview

lundi 1 octobre 2012 In a set of N elements, by picking at random N elements, we have with high probability a collision two elements are equal

Network Security. Security. Security Services. Crytographic algorithms. privacy authenticity Message integrity. Public key (RSA) Message digest (MD5)

Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Introduction to Computer Security

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

HASH CODE BASED SECURITY IN CLOUD COMPUTING

Cryptographic Hash Functions Message Authentication Digital Signatures

Cryptography and Network Security Chapter 11

Message Authentication Codes

Network Security. HIT Shimrit Tzur-David

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

Designing Hash functions. Reviewing... Message Authentication Codes. and message authentication codes. We have seen how to authenticate messages:

CS Computer Security Eleventh topic: Hashes and sign

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Message Authentication Codes. Lecture Outline

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

Message authentication and. digital signatures

Overview of Symmetric Encryption

Fundamentals of Computer Security

Implementation and Comparison of Various Digital Signature Algorithms. -Nazia Sarang Boise State University

Announcement. Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed.

Recommendation for Applications Using Approved Hash Algorithms

Authentication, digital signatures, PRNG

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

SHA3 WHERE WE VE BEEN WHERE WE RE GOING

How To Attack A Block Cipher With A Key Key (Dk) And A Key (K) On A 2Dns) On An Ipa (Ipa) On The Ipa 2Ds (Ipb) On Pcode)

CSE/EE 461 Lecture 23

Secure Shell SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwarding. It can automatically encrypt,

Cryptography & Digital Signatures

SECURITY IN NETWORKS

SSL Firewalls

Table of Contents. Bibliografische Informationen digitalisiert durch

Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms

Chapter 7: Network security

CSCI-E46: Applied Network Security. Class 1: Introduction Cryptography Primer 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING

Remotely Keyed Encryption Using Non-Encrypting Smart Cards

One-Way Encryption and Message Authentication

Recommendation for Applications Using Approved Hash Algorithms

Modes of Operation of Block Ciphers

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

Introduction to Cryptography CS 355

Block encryption. CS-4920: Lecture 7 Secret key cryptography. Determining the plaintext ciphertext mapping. CS4920-Lecture 7 4/1/2015

Network Security. Modes of Operation. Steven M. Bellovin February 3,

CS155. Cryptography Overview

Digital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem

Message authentication

Project: Simulated Encrypted File System (SEFS)

An Introduction to Cryptography as Applied to the Smart Grid

Secure Network Communications FIPS Non Proprietary Security Policy

Security Protocols/Standards

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1


Digital Signatures. Meka N.L.Sneha. Indiana State University. October 2015

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

SeChat: An AES Encrypted Chat

Network Security: Secret Key Cryptography

Symmetric Crypto MAC. Pierre-Alain Fouque

Lecture 6 - Cryptography

CS 758: Cryptography / Network Security

Provable-Security Analysis of Authenticated Encryption in Kerberos

Network Security Part II: Standards

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Symmetric Mechanisms for Authentication in IDRP

The Misuse of RC4 in Microsoft Word and Excel

Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

The Keyed-Hash Message Authentication Code (HMAC)

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

Length extension attack on narrow-pipe SHA-3 candidates

NETWORK SECURITY. Farooq Ashraf. Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia

Network Authentication X Secure the Edge of the Network - Technical White Paper

Network Security Technology Network Management

What is network security?

Active Domain Expansion for Narrow-pipe Hash

Cryptography and Security

Digital Signature For Text File

Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg

Overview. SSL Cryptography Overview CHAPTER 1

7! Cryptographic Techniques! A Brief Introduction

Overview of SSL. Outline. CSC/ECE 574 Computer and Network Security. Reminder: What Layer? Protocols. SSL Architecture

Lecture 4 Data Encryption Standard (DES)

SAMPLE EXAM QUESTIONS MODULE EE5552 NETWORK SECURITY AND ENCRYPTION ECE, SCHOOL OF ENGINEERING AND DESIGN BRUNEL UNIVERSITY UXBRIDGE MIDDLESEX, UK

Cryptography Lecture 8. Digital signatures, hash functions

Chapter 7 Transport-Level Security

Analysis of Software Realized DSA Algorithm for Digital Signature

Transcription:

CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1

Hashes and Message Digests What hashes can do MD2 MD4, MD5, SHA-1 HMAC 2

Hash Functions Aka: message digests, one-way transformations Take a message m of arbitrary length (transformed into a string of bits) and computes from it a fixed-length (short) number h(m) Properties: - easy-to-compute: for any message m, it is relatively easy to compute h(m) - non-reversible: given h(m), there is no way to find an m that hashes to h(m) except trying all possibilities of m - computationally infeasible to find m and m such that h(m)=h(m ) and m!=m 3

Notion of Randomness Any particular bit in the outputs should have 50% chance to be on Each output should have about half the bits on, w.h.p Any two outputs should be completely uncorrelated, no matter how similar the inputs are 4

General Structure Repeated use of a compression function, f, that takes two inputs (the chaining variable and input block), and produces an n-bit output 5

Birthday Paradox If there are 23 or more people in a room, there is better than 50% chance that two of them will have the same birthday Assume n inputs (number of people) and k possible outputs (365 days) If n > k 1/2, there is a good chance of finding a matching pair 6

Length of Digest If the length of the digest is n-bit long: It takes O(2 n ) to find a message with a given digest It takes O(2 n/2 ) to find two messages with the same digest (the length of digest should be sufficient to resist this attack) 7

Length of Digest (Cont d) Due to birthday attack, the length of the digest in general should be twice the length of the key in block ciphers For example, SHA-256, SHA-384, and SHA-512 to match the key lengths 128, 192, and 256 in AES 8

What Hashes Can Do Authentication Integrity check (MAC) Encryption 9

Authentication Authentication with SKC (previous example) Authentication with message digest 10

Message Authentication Code (MAC) MD (KAB m): only those knowing the secret KAB can compute/verify the MAC (Problem?) See Problem With Keyed Hash and Solutions 11

Encryption Generate one-time pad: (similar to OFB) b1 = MD(KAB IV), b2 = MD(KAB b1), b3 = MD(KAB b2), XOR the message with the one-time pad bit sequence (Problem with one-time pad?) Mixing in the plaintext: (similar to CFB) b1 = MD(KAB IV), c1 = m1 XOR b1, b2 = MD(KAB c1), c2 = m2 XOR b2, b3 = MD(KAB c2), c3 = m3 XOR b3, 12

Replacing Hash with SKC Unix password hash: password is converted into a secret key, which is input into DES to encrypt the constant 0, producing a hashed password Hashing large messages: (Problem? See Figure 5-2, pp. 128) 13

MD2, MD4, MD5, SHA-1 Message digest (MD), designed by Ron Rivest MD2: 1989, operates on 8-bit octets MD4: 1990, operates on 32-bit words MD5: 1991, operates on 32-bit words Secure hash algorithm (SHA), proposed by NIST SHA-1: 1995, operates on 32-bit words 14

MD2 Input: arbitrary number of octets Output: 128-bit message digest Step 1: Pad the message to be a multiple of 16 octets Step 2: Append a 16-octet checksum to the message Step 3: Process the message, 16 octets at a time, to produce the message digest 15

Step 1: Padding 16 octets of padding are added if the message is initially a multiple of 16 octets Otherwise, r octets of padding are added to make the message a multiple of 16 octets 16

Step 2: Checksum Computation Checksum: 16-octet quantity, appended to the message m m checksum is processed by MD2 to obtain the actual message digest 17

π Substitution Table 18

Final Pass: Producing Digest 19

MD4, MD5, SHA-1 Input: arbitrary number of bits Output: 128 bits for MD4 and MD5, 160 bits for SHA-1 Step 1: Pad the message to be a multiple of 512 bits (16 words, 64 octets) Step 2: Process the message, 512 bits at a time, to produce the message digest 20

Step 1: Padding Padding for MD4, MD5, SHA-1 21

Step 2: Producing Message Digest Overview of MD4, MD5, SHA-1 22

SHA-1 vs. MD5 SHA-1 has 160-bit digest and MD5 128-bit, making SHA-1 more secure against brute-force SHA-1 involves more stages and bigger buffer, and thus executes more slowly than MD5 MD5 is considered broken in 2004 SHA-1 is considered broken in 2005 SHA-2: four digest sizes 224, 256, 384, 512 bits 23

Problem With Keyed Hash Keyed hash: h(key m) An attacker gets m and h(key m) First pads m according to the used hash function, and then adds another message m at the end, the result is m pad m h(key m pad m ) can be calculated from h(key m pad) which is the intermediate digest 24

Solutions Use h(m key) Use only half the bits of h(key m) Use h(key m key) HMAC 25

HMAC 26

Reading Assignments [Kaufman] Chapter 5 27

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information