Message Authentication Codes



Similar documents
Authentication requirement Authentication function MAC Hash function Security of

Cryptography and Network Security Chapter 12

Message Authentication

Cryptographic Hash Functions Message Authentication Digital Signatures

Cryptography and Network Security Chapter 11. Fourth Edition by William Stallings

Designing Hash functions. Reviewing... Message Authentication Codes. and message authentication codes. We have seen how to authenticate messages:

Public Key Cryptography Overview

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

Message Authentication Codes. Lecture Outline

Message authentication

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Content Teaching Academy at James Madison University

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths

Chapter 10. Network Security

Compter Networks Chapter 9: Network Security

Network Security. Modes of Operation. Steven M. Bellovin February 3,

Symmetric Crypto MAC. Pierre-Alain Fouque

CSE/EE 461 Lecture 23

Chapter 6 Electronic Mail Security

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

Introduction to Computer Security

Message authentication and. digital signatures

CS155. Cryptography Overview

IT Networks & Security CERT Luncheon Series: Cryptography

Cryptography and Network Security Chapter 15

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

SECURITY IN NETWORKS

The Misuse of RC4 in Microsoft Word and Excel

Common Pitfalls in Cryptography for Software Developers. OWASP AppSec Israel July The OWASP Foundation

CIS433/533 - Computer and Network Security Cryptography

OOo Digital Signatures. Malte Timmermann Technical Architect Sun Microsystems GmbH

Fundamentals of Computer Security

Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch

Announcement. Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed.

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm By Mihir Bellare and Chanathip Namprempre

Chapter 8. Network Security

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Provable-Security Analysis of Authenticated Encryption in Kerberos

XML Encryption Syntax and Processing. Duan,Limiao 07,12,2006

Information Security

Chapter 7: Network security

Network Security Essentials Chapter 7

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Overview. SSL Cryptography Overview CHAPTER 1

Hash Functions. Integrity checks

Transport Level Security

An Introduction to Cryptography as Applied to the Smart Grid

Lecture 9: Application of Cryptography

Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015

lundi 1 octobre 2012 In a set of N elements, by picking at random N elements, we have with high probability a collision two elements are equal

Network Security Technology Network Management

Principles of Network Security

Authentication, digital signatures, PRNG

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt

CSCI-E46: Applied Network Security. Class 1: Introduction Cryptography Primer 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING

CSCE 465 Computer & Network Security

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

Chapter 7 Transport-Level Security

Chapter 17. Transport-Level Security

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Error oracle attacks and CBC encryption. Chris Mitchell ISG, RHUL

Advanced Authentication

Savitribai Phule Pune University

Symmetric Key cryptosystem

Network Security. HIT Shimrit Tzur-David

PGP from: Cryptography and Network Security

Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

Recommendation for Cryptographic Key Generation

CSCE 465 Computer & Network Security

Cryptography & Network Security

Computer Security: Principles and Practice

Lecture 9 - Network Security TDTS (ht1)

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Authenticated encryption

Practice Questions. CS161 Computer Security, Fall 2008

CRYPTOGRAPHY IN NETWORK SECURITY

ETSI TS V1.2.1 ( )

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

Security (II) ISO : Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

Client Server Registration Protocol

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Chapter 3. Network Domain Security

Network Security Part II: Standards

How To Encrypt With A 64 Bit Block Cipher

Recommendation for Applications Using Approved Hash Algorithms

Transcription:

2 MAC Message Authentication Codes : and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l08, Steve/Courses/2013/s2/css322/lectures/mac.tex, r2965 1 Contents Message Authentication Requirements and MAC Authentication using Symmetric Key Authentication with Message Authentication Codes of MACs MAC

4 MAC Attacks on Communications across Network 1. Disclosure: encryption 2. Traffic analysis: encryption 3. Masquerade: message authentication 4. Content modification: message authentication 5. Sequence modification: message authentication 6. Timing modification: message authentication 7. Source repudiation: digital signatures 8. Destination repudiation: digital signatures 3 MAC Authentication Receiver wants to verify: 1. Contents of the message have not been modified (data authentication) 2. Source of message is who they claim to be (source authentication) Different approaches available: Symmetric Key Message Authentication Codes (MACs) Hash Public Key (i.e. Digital Signatures)

6 Contents Message Authentication Requirements and MAC Authentication using Symmetric Key Authentication with Message Authentication Codes of MACs MAC 5 Symmetric for Authentication MAC Credit: Figure 12.1(a) in Stallings, Cryptography and Network, 5th Ed., Pearson 2011 Confidentiality: only B (and A) can recover plaintext Source Authentication: A is only other user with key; must have come from A Data Authentication: successfully decrypted; data has not been modified Assumption: decryptor can recognise correct plaintext

8 MAC Recognising Correct Plaintext Example 1 B receives ciphertext (supposedly from A, using shared secret key K): DPNFCTEJLYONCJAEZRCLASJTDQFY B decrypts with key K to obtain plaintext: SECURITYANDCRYPTOGRAPHYISFUN Was the plaintext encrypted with key K (and hence sent by A)? Is the ciphertext received the same as the ciphertext sent by A? 7 MAC Recognising Correct Plaintext Example 2 B receives ciphertext (supposedly from A, using shared secret key K): QEFPFPQEBTOLKDJBPPXDBPLOOVX B decrypts with key K to obtain plaintext: FTUEUEFTQIDAZSYQEEMSQEADDKM Was the plaintext encrypted with key K (and hence sent by A)? Is the ciphertext received the same as the ciphertext sent by A?

MAC Recognising Correct Plaintext Example 3 B receives ciphertext (supposedly from A, using shared secret key K): 0110100110101101010110111000010 B decrypts with key K to obtain plaintext: 0101110100001101001010100101110 Was the plaintext encrypted with key K (and hence sent by A)? Is the ciphertext received the same as the ciphertext sent by A? 9 MAC Recognising Correct Plaintext Example 1 Assume the message is English Plaintext had expected structure; assume the plaintext is correct Sent by A and has not been modified Example 2 Assume the message is English Plaintext had no structure in expected language; assume plaintext is incorrect Either not sent by A or modified Example 3 Binary data, e.g. image, compressed file Cannot know whether correct or incorrect 10

12 MAC Recognising Correct Plaintext Valid plaintexts should be small subset of all possible messages E.g. 26 n possible messages of length n; only small subset are valid English phrases Plaintext messages have structure BUT automatically detecting structure can be difficult Add structure to make it easier, e.g. Error detecting code or Frame Check Sequence Packet header 11 Contents Message Authentication Requirements and MAC Authentication using Symmetric Key Authentication with Message Authentication Codes of MACs MAC

MAC Authentication with Message Authentication Codes Append small, fixed-size block of data to message: cryptographic checksum or MAC T = MAC(K, M) M = input message MAC = MAC function K = shared secret key of k bits T = message authentication code (or tag) of n bits MAC function also called keyed hash function MAC function similar to encryption, but does not need to be reversible Easier to design stronger MAC functions than encryption functions 13 Example Uses of MAC MAC Credit: Figure 12.4 in Stallings, Cryptography and Network, 5th Ed., Pearson 2011 14

16 Contents Message Authentication Requirements and MAC Authentication using Symmetric Key Authentication with Message Authentication Codes of MACs MAC 15 MAC Requirement of MACs Objective of Attacker Assume MAC function is known, key K is not For valid MAC code for given message x Requirement of MAC Function Computation Resistance : given one or more text-mac pairs [x i, MAC(K, x i )], computationally infeasible to compute any text-mac pair [x, MAC(K, x)] for new input x x i

18 MAC of MACs Brute Force Attack on Key Attacker knows [x 1, T 1 ] where T 1 = MAC(K, x 1 ) Key size of k bits: brute force on key, 2 k But... many tags match T 1 For keys that produce tag T 1, try again with [x 2, T 2 ] Effort to find K is approximately 2 k Brute Force Attack on MAC value For x m, find T m without knowing K Similar effort required as one-way/weak collision resistant property for hash functions For n bit MAC value length, effort is 2 n Effort to break MAC: min(2 k, 2 n ) 17 MAC of MACs Cryptanalysis Many different MAC algorithms; attacks specific to algorithms MAC algorithms generally considered secure

20 Contents Message Authentication Requirements and MAC Authentication using Symmetric Key Authentication with Message Authentication Codes of MACs MAC 19 MAC MACs Based on Block Ciphers Data Authentication Algorithm (DAA): based on DES; considered insecure Cipher-Based Message Authentication Code (CMAC): mode of operation used with Triple-DES and AES OMAC, PMAC, UMAC, VMAC,...

MAC HMAC MAC function derived from cryptographic hash functions MD5/SHA are fast in software (compared to block ciphers) Libraries for hash functions widely available HMAC(K, M) = H((K opad) H((K ipad) M)) where ipad= 00110110 repeated, opad= 01011100 repeated of HMAC depends on security of hash function used 21

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information