Cryptography and Network Security Chapter 11



Similar documents
Authentication requirement Authentication function MAC Hash function Security of

Message Authentication

Cryptography and Network Security Chapter 11. Fourth Edition by William Stallings

Cryptography and Network Security Chapter 12

Computer Security: Principles and Practice

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

Cryptographic Hash Functions Message Authentication Digital Signatures

Cryptography and Network Security Chapter 3

Digital Signature. Raj Jain. Washington University in St. Louis

Public Key Cryptography Overview

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

Hash Functions. Integrity checks

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

SHA3 WHERE WE VE BEEN WHERE WE RE GOING

Digital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem

HASH CODE BASED SECURITY IN CLOUD COMPUTING

Introduction to Computer Security

Introduction to Cryptography CS 355

CIS433/533 - Computer and Network Security Cryptography

One-Way Encryption and Message Authentication

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Recommendation for Applications Using Approved Hash Algorithms

Cryptography and Network Security Chapter 9

Analysis of Software Realized DSA Algorithm for Digital Signature

Length extension attack on narrow-pipe SHA-3 candidates

How To Encrypt With A 64 Bit Block Cipher

Authentication, digital signatures, PRNG

Fundamentals of Computer Security

Cryptography Lecture 8. Digital signatures, hash functions

CSCI-E46: Applied Network Security. Class 1: Introduction Cryptography Primer 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING

Cryptographic Algorithms and Key Size Issues. Çetin Kaya Koç Oregon State University, Professor

Message Authentication Codes

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

Table of Contents. Bibliografische Informationen digitalisiert durch

lundi 1 octobre 2012 In a set of N elements, by picking at random N elements, we have with high probability a collision two elements are equal

Message Authentication Codes. Lecture Outline

Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015

EXAM questions for the course TTM Information Security May Part 1

SECURITY IN NETWORKS

CSE/EE 461 Lecture 23

Randomized Hashing for Digital Signatures

Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

Elliptic Curve Hash (and Sign)

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Communications security

Digital Signatures. (Note that authentication of sender is also achieved by MACs.) Scan your handwritten signature and append it to the document?

Message authentication and. digital signatures

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

Secret File Sharing Techniques using AES algorithm. C. Navya Latha Garima Agarwal Anila Kumar GVN

How To Attack A Block Cipher With A Key Key (Dk) And A Key (K) On A 2Dns) On An Ipa (Ipa) On The Ipa 2Ds (Ipb) On Pcode)

Lecture 6 - Cryptography

Lecture 4 Data Encryption Standard (DES)

Transport Level Security

Hash Function JH and the NIST SHA3 Hash Competition

Evaluation of Digital Signature Process

A Novel Secure Hash Algorithm for Public Key Digital Signature Schemes

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

A PPENDIX H RITERIA FOR AES E VALUATION C RITERIA FOR

AN IMPLEMENTATION OF HYBRID ENCRYPTION-DECRYPTION (RSA WITH AES AND SHA256) FOR USE IN DATA EXCHANGE BETWEEN CLIENT APPLICATIONS AND WEB SERVICES

Remotely Keyed Encryption Using Non-Encrypting Smart Cards

Lecture 9: Application of Cryptography

CRYPTOGRAPHY IN NETWORK SECURITY

Network Security Essentials Chapter 5

Lecture 9 - Message Authentication Codes

Cryptography and Network Security Chapter 10

Network Security Technology Network Management

2. Cryptography 2.4 Digital Signatures

Cryptography and Network Security

Common Pitfalls in Cryptography for Software Developers. OWASP AppSec Israel July The OWASP Foundation

Digital Signature For Text File

Cryptography and Network Security

Network Security. Security. Security Services. Crytographic algorithms. privacy authenticity Message integrity. Public key (RSA) Message digest (MD5)

Overview Most of the documentation out there on the transition from SHA-1 certificates to SHA-2 certificates will tell you three things:

The Misuse of RC4 in Microsoft Word and Excel

Introduction. Digital Signature

The Keyed-Hash Message Authentication Code (HMAC)

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

C O M P U T E R S E C U R I T Y

M.S. Project Proposal. SAT Based Attacks on SipHash

CSCE 465 Computer & Network Security

National Security Agency Perspective on Key Management

Lecture Note 8 ATTACKS ON CRYPTOSYSTEMS I. Sourav Mukhopadhyay

Data integrity and data origin authentication

CrypTool Claudia Eckert / Thorsten Clausius Bernd Esslinger / Jörg Schneider / Henrik Koy

Recommendation for Applications Using Approved Hash Algorithms

Chapter 1 On the Secure Hash Algorithm family

Public Key (asymmetric) Cryptography

CS 758: Cryptography / Network Security

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Cryptography and Network Security Block Cipher

Digital Signature Standard (DSS)

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

ARCHIVED PUBLICATION

Network Security Part II: Standards

Transcription:

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 11 Cryptographic Hash Functions Each of the messages, like each one he had ever read of Stern's commands, began with a number and ended with a number or row of numbers. No efforts on the part of Mungo or any of his experts had been able to break Stern's code, nor was there any clue as to what the preliminary number and those ultimate numbers signified. Talking to Strange Men, Ruth Rendell will consider: hash functions Outline uses, requirements, security hash functions based on block ciphers SHA-1, SHA-2, SHA-3 Hash Functions condenses arbitrary message to fixed size h = H(M) usually assume hash function is public hash used to detect changes to message want a cryptographic hash function computationally infeasible to find data mapping to specific hash (one-way property) computationally infeasible to find two different data with same hash (collision-free property)

Cryptographic Hash Function Hash Functions & Message Authent- ication Hash Functions & Digital Signatures Other Hash Function Uses to create a one-way password file store hash of password not actual password for intrusion detection and virus detection keep & check hash of files on system pseudorandom function (PRF) or pseudorandom number generator (PRNG)

Two Simple Insecure Hash Functions consider two simple insecure hash functions bit-by by-bit bit exclusive-or (XOR) of every block C i =b i1 XORb i2 XOR......XORb im a longitudinal redundancy check reasonably effective as data integrity check one-bit circular shift on hash value for each successive n-bitn block rotate current hash value left by 1 bit and XOR block good for data integrity but useless for security 06/03/10 Hash Function Requirements Attacks on Hash Functions have brute-force attacks and cryptanalysis a preimage or second preimage attack find y s.t. H(y) equals a given hash value collision resistance find two messages x and y with same hash H(x)=H(y H(y) hence value 2 m/2 determines strength of hash code against brute-force attacks 128-bits inadequate, 160-bits suspect

Birthday Attacks 06/03/10 might think a 64-bit hash is secure but by Birthday Paradox is not birthday attack works thus: given user prepared to sign a valid message x opponent generates 2 m / 2 variations x x of x, all with essentially the same meaning, and saves them opponent generates 2 m / 2 variations y y of a desired fraudulent message y two sets of messages are compared to find pair with same hash (probability > 0.5 by birthday paradox) have user sign the valid message, then substitute the forgery which will have a valid signature conclusion is that need to use larger MAC/hash 06/03/10 06/03/10

Hash Function Cryptanalysis cryptanalytic attacks exploit some property of alg,, so faster than exhaustive search hash functions use iterative structure process message in blocks (incl( length) attacks focus on collisions in function f Block Ciphers as Hash Functions can use block ciphers as hash functions using H 0 = 0 and zero-pad of final block compute: H i =E m i (H i-1) and use final block as the hash value similar to CBC but without a key resulting hash is too small (64-bit) both due to direct birthday attack and to meet-in-the-middle attack other variants also susceptible to attack Secure Hash Algorithm SHA originally designed by NIST & NSA in 1993 was revised in 1995 as SHA-1 US standard for use with DSA signature scheme standard is FIPS 180-1 1 1995, also Internet RFC3174 nb.. the algorithm is SHA, the standard is SHS based on design of MD4 with key differences produces 160-bit hash values recent 2005 results on security of SHA-1 1 have raised concerns on its use in future applications

Revised Secure Hash Standard SHA Versions NIST issued revision FIPS 180-2 2 in 2002 adds 3 additional versions of SHA SHA-256, SHA-384, SHA-512 designed for compatibility with increased security provided by the AES cipher structure and detail is similar to SHA-1 hence analysis should be similar but security levels are rather higher SHA-512 Compression Function SHA-512 Overview heart of the algorithm processing message in 1024-bit blocks consists of 80 rounds per block updating a 512-bit buffer using a 64-bit value Wt derived from the current message block and a round constant based on cube root of first 80 prime numbers

H i Initial Values Processing one 1024 bit block 06/03/10 06/03/10 K i SHA-512 Round Function Bitw. If-t-e Bitw. Maj vote XOR of 3 ROTR Addition mod 2 64 06/03/10

SHA-512 Round Function SHA-3 XOR of 3 ROTR/SHR Addition mod 2 64 In hashes, nothing secret, easier to attack SHA-1 1 not yet broken,, but similar to MD5 and SHA-0, so considered insecure SHA-2 2 (esp. SHA-512) seems secure shares same structure and mathematical operations as predecessors so have concern NIST announced in 2007 a competition for the SHA-3 3 next gen NIST hash function goal to have in place by 2012 but not fixed SHA-3 3 Requirements replace SHA-2 2 with SHA-3 3 in any use so use same hash sizes preserve the online nature of SHA-2 so must process small blocks (512 / 1024 bits) evaluation criteria security close to theoretical max for hash sizes cost in time and memory characteristics: such as flexibility and simplicity

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information