Message authentication and. digital signatures

Similar documents
Authentication requirement Authentication function MAC Hash function Security of

CSE/EE 461 Lecture 23

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Message Authentication

Cryptography and Network Security Chapter 11. Fourth Edition by William Stallings

Cryptography and Network Security Digital Signature

IT Networks & Security CERT Luncheon Series: Cryptography

Part 2 D(E(M, K),K ) E(M, K) E(M, K) Plaintext M. Plaintext M. Decrypt with private key. Encrypt with public key. Ciphertext

Chapter 4. Authentication Applications. COSC 490 Network Security Annie Lu 1

Electronic Mail Security. Security. is one of the most widely used and regarded network services currently message contents are not secure

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

Cryptography and Network Security

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

Introduction to Computer Security

Chapter 7: Network security

Cryptography and Network Security Chapter 15

Chapter 9 Key Management 9.1 Distribution of Public Keys Public Announcement of Public Keys Publicly Available Directory

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Cryptography and Network Security Chapter 12

Message Authentication Codes

SECURITY IN NETWORKS

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

Authentication, digital signatures, PRNG

What is network security?

Public Key Cryptography Overview

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security Essentials Chapter 7

Cryptography and Network Security Chapter 14

Communication Security for Applications

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Authentication Application

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

CPS Computer Security Lecture 9: Introduction to Network Security. Xiaowei Yang

Common security requirements Basic security tools. Example. Secret-key cryptography Public-key cryptography. Online shopping with Amazon

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

Key Management and Distribution

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Hash Functions. Integrity checks

Chapter 8 Security. IC322 Fall Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

Key Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University

EXAM questions for the course TTM Information Security May Part 1

Introduction to Network Security Key Management and Distribution

Digital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem

Introduction to Cryptography

CS155. Cryptography Overview

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key

PGP from: Cryptography and Network Security

Application Layer (1)

CSCE 465 Computer & Network Security

Information Security

Cryptography & Digital Signatures

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Introduction to Cryptography CS 355

Chapter 14. Key management and Distribution. Symmetric Key Distribution Using Symmetric Encryption

CS549: Cryptography and Network Security

CRYPTOGRAPHY IN NETWORK SECURITY

Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Savitribai Phule Pune University

Network Security Technology Network Management

CS 758: Cryptography / Network Security

Lecture 9: Application of Cryptography

Cryptography and Network Security Chapter 14. Key Distribution. Key Management and Distribution. Key Distribution Task 4/19/2010

Overview of Public-Key Cryptography

Authenticity of Public Keys

Chapter 10. Network Security

Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg

Overview Keys. Overview

An Introduction to Cryptography and Digital Signatures

An Introduction to Cryptography as Applied to the Smart Grid

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Message Authentication Codes. Lecture Outline

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Key Management and Distribution

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Lecture 9 - Network Security TDTS (ht1)

Principles of Network Security

Ciphire Mail. Abstract

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Cryptography and Network Security Sicurezza delle reti e dei sistemi informatici SSL/TSL

Authentication Applications

Cryptography and Security

to hide away details from prying eyes. Pretty Good Privacy (PGP) utilizes many

Chapter 17. Transport-Level Security

Overview. SSL Cryptography Overview CHAPTER 1

SSL Protect your users, start with yourself

Security: Focus of Control. Authentication

2. Cryptography 2.4 Digital Signatures

Key Management and Distribution

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

Chapter 6 Electronic Mail Security

Communication Systems SSL

Network Security Part II: Standards

Chapter 15 User Authentication

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution.

Public Key Infrastructure. A Brief Overview by Tim Sigmon

Transcription:

Message authentication and " Message authentication digital signatures verify that the message is from the right sender, and not modified (incl message sequence) " Digital signatures in addition, non!repudiation " Two levels: authentication function authentication protocol (using auth. function)

Authentication functions " Message encryption the whole ciphertext is the authenticator " Message Authentication Code (MAC) C k (m) => fix length value (the MAC) " Hash function H(m) => fix length hash value

Authentication by encryption " Conventional encryption B receives c = E k (m) from A, where k is secret " confidentiality: only A and B know k " authentication: only A could have sent it, cannot have been altered " but B can forge messages, and A can deny them If arbitrary data is sent, how do we know a plaintexti " add a checksum to the message E k (m + f(m))! internal error control E k (m) + f(e k (m))! external error control " can be forged!

Authentication by encryption " Public!key encryption c = E db (m) gives confidentiality but no authentication c = E ea (m) gives authentication but no confidentiality c = E db (E ea (m)) gives both B cannot forge messages, and A cannot deny them Still needs checksum for arbitrary data

Message Authentication Code " Cryptographic checksum MAC = C k (m), where k shared secret key send both m and MAC recipient computes C k (m) and compares with MAC confidentiality: " E r (m+c k (m))! plaintext authenticated " E r (m)+c k (E r (m))! ciphertext authenticated " C k need not be reversible many m may have same MAC

MAC (cont) " Advantages to encryption faster broadcast msgs can be checked at only one place random tests possible MAC can be kept and checked again any number of times can give authentication without confidentiality conf. and auth. can be handled at different levels decryption loses authentication " Fraud possible: A and B share k

MAC attacks " C maps m of arbitrary length and 2 m m!bit keys to 2 n n!bit MAC values: collisions possible (likey) " Brute force attack to find k is no less difficult than finding a decryption key of same length

Requirements on a MAC fcn " given m and C k (m), infeasible to construct m s.t. C k (m ) = C k (m) cannot fake a MAC " C k (m) uniformly distributed: random m collide with probability 1/2 n thwarts brute!force chosen!plaintext attack " For random m, C k (m) = C k (f(m)) with probability 1/2 n no weak spots

MAC based on DES " Data Authentication Algorithm (DAA) ANSI standard " CBC with initialization vector 0 pad last plaintext block with zeros MAC is leftmost 16!64 bits of last cipherblock

Hash functions " One!way hash function takes variable!length m and produces fix!length hash value H(m), a "fingerprint" of m. " Requirements one!way: given x, can t find m s.t. x=h(m) " difficulty 2 n weak collision resistance: given x, can t find y!x s.t. H(x)=H(y) " difficulty 2 n strong collision resistance: can t find pair (x,y) s.t. H(x)=H(y) " difficulty 2 n/2

Hash usage 1. m+h(m)! no confidentiality or authentication 2. E k (m+h(m))! auth&conf 3. m+e k (H(m))! same as MAC 4. m+e ea (H(m))! authentication (digital signature) 5. E k (m+e ea (H(m)))! and confidentiality 6. m+h(m+k)! authentication without encryption 7. E k (m+h(m+k))! and confidentiality

Hash algorithms " MD5 widely used (e.g. PGP) 128!bit hash values: collisions found "in 24 days" " SHA!1 and RIPEMD!160 160!bit hash values now preferred over MD5 (e.g. in PGP) " (see chapter 9)

Digital signatures " MAC is not enough recipient can fake it since he knows k sender can therefore deny messages " Digital signatures verify the author, time and date authenticates the contents verifiable by third party

Varieties of digital signatures " Direct only source and destination involved ex: use PKS!encrypted hash values " problem: sender can claim private key stolen (cf. credit card loss), even with timestamp " Arbitrated signed messages sent through trusted server " c sends id X +E ex (id X +E dy (E ex (m))) to arbitrer A " A checks c s keys and sends E ea (id X +E dy (E ex (m))+t) to e " e can find id X encrypted with A s private key " A doesn t see the message m

Digital Signature Standard " DSS uses SHA!1 for hash value Digital Signature Algorithm (DSA) " based on ElGamal " can be fast: possible to precalculate slow things " DSS can be used in PGP

Authentication protocols " Mutual authentication both parties ensure each other s identities and, e.g., exchange session keys " One!way authentication recipient ensures sender is authentic e.g. for email

Mutual authentication " Confidentiality and timeliness important replay attacks could break confidentiality and/or authenticity use timestamps or nonces (use!once random values) " Conventional encryption requires trusted Key Distribution Center each user has a secret Master Key, shared with KDC " Public!key encryption possible with or without KDC

One!way authentication " Desirable to avoid handshake protocols " Conventional encryption: use KDC " Public!key encrypt whole message twice for conf & auth faster: combine PK and conventional " send E db (k S )+E ks (m)! confidentiality " send m+e ea (m)! "authenticity" (cf. man!in!the!middle) " send E db (k S )+E ks (m+e ea (m))! auth+conf (PGP)

Key management for PKS " Distribution of public keys Public announcement " forgery possible Public directory run by trusted authority " keys submitted in secure+authentic way " keys retrieved from directory using authentic paper directory electronically from authority using PKS

Public!key certificates " Avoid bottleneck at directory authority Use Certificate Authority (CA) " Requirements anyone can find the name and public key of the certificate owner in the certificate anyone can verify that the certificate was made by CA anyone can verify the certificate is current only the CA can create/update certificates

Certificates " A certificate consists of the owner s name, public key, and a timestamp, encrypted with the CA s private key C A = E eca (id A,d A,T) " To start communication, A sends his cert to B B can decrypt using CA s public key, validate the timestamp, check id A, and use d A

X.509 Certificate Standard " Used in SSL/TLS, S/MIME, SET, Ipsec,... " Uses PKS and digital signatures doesn t specify which algorithms (but recommends) " Kernel format of certificates (fig 11.3) CA hierarchy (fig 11.4) revocation of certificates " CA has list of revoked certificates one!, two!, and three!way authentication procedures

PGP key management " Each user has two key!rings private key ring " private keys (encrypted), public key ID,... public key ring " public keys (own and others), user id, trust, signatures,... " Key trust and validity: distributed keys signed to certify their validity a key is valid if signed by n (1) fully trusted user, or by m (3) semi!trusted users " Keys distributed by key servers

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information