Public Key distribution and HMAC

1. Distribution of Public Keys and HMAC
Presented by:
Anurag Jagetiya
Astt. Prof. MLV Textile & Engineering
College, Bhilwara

2. Objective
• Understand the technique use for distribution
of Public keys.
• Understanding of MAC.

3. Prerequisite
• Understanding of Network Security Principles

4. Outline
• Background
• Key Distribution
– RSA approach
– Publicly available directory
– Public key authority
– Public key certificate
• Hash base Message Authentication Code (HMAC)

5. Background
"Cryptography, defined as "the science and study of
secret writing" concerns the ways in which
communications and data can be encoded to prevent
disclosure of their contents through eavesdropping
or message interception, using codes, ciphers and
other methods, so that only certain people can see
the real message.“
- Yamen Akdeniz

6. The Need for Cryptography
Cryptography is required to ensure:
• Confidentiality
• Authentication
• Authorization
• Data Integrity
• Non-Repudiation

7. Types of Cryptography
• Private key (Symmetric) Cryptography
• Public Key (Asymmetric)Cryptography

8. Private key Cryptography
• Sender and the Recipient share a key that
must be kept private to them.
• Same key is used to encrypt and decrypt the
message.
• Example: DES, Triple DES, IDEA, blowfish, RC4

9. Problem: Private key Cryptography
• Every pair of user needs a unique key, thus
number of keys are very large.
• Number of keys for N users are N(N-1)/2.
• Key distribution is a big problem: cannot trust
upon third party
• Solution: Public Key Cryptography

10. Public Key Cryptography
• Sender & Receiver both has two sets of keys
Public key and Private key.
• Both the keys can be used for encryption/
decryption.
• Public key is publically available to everyone
wish to send secret message.
• Private key remains secret to user.
• Example: RSA, ECC, etc

11. Key Distribution
Distribution of Public Keys

12. RSA
• Based upon mathematics that it is easier to
multiply two large prime numbers but it’s very
difficult to find its factor.
• e.g. 40259, find its factors
• Public key is the product of two long prime
numbers
• Considered very secure but may suffer from
man in middle attack
317 *217

13. Publicly available directory
• directory must be trusted with properties:
– contain {name, public-key} entries
– participants register securely with directory
– participants can replace key at any time
– directory is periodically published
• Still vulnerable: trusted party can be attacked.
Or if intruder somehow know the private key
of any participant, she can pass counterfeit
key information to the directory.

14. Public key authority
• Authority provides its public keys to participants
• Participants can request for their keys in an
encrypted manner that can be decrypted by the
private key of the authority.
• Danger of tempering with authority is still
prevailing
• Dependency upon Authority is an overhead.

15. Public key certificate
• Digitally signed electronic certificates are used by the
participants to exchange public keys safely.
• These certificates are assigned by the certificate
authority like: VeriSign etc.
• Nobody other than the trusted certificate authority
can generate the certificates.
• Popular TLS protocol uses the services of X.509
directory authentication service for the same.

16. HMAC: Background
• Authentication techniques ensures
– Message is from alleged sender
– And, its integrity is preserved
• Hash functions are used to produce a fixed
length digest of the input message
• It is known as message digest or message
authentication code

17. Contd…
• Hash functions are known as one way
function i.e. easy in one direction but difficult
in another direction.
• for any two different messages it’s impossible
to get similar digest.
• Common hash algorithms
– MD5 produces fixed 128 bit digest
– SHA-1 produces 160 bit bits

18. HMAC Introduction
• HMAC uses popular cryptographic hash
function like MD-5 or SHA-1 to generate
strong and secure MAC.
• HMAC uses a secret key for the calculation
and verification of the MACs.
• HMAC is specified in RFC 2104

19. Contd…
• To use available and approved cryptographic hash
functions whose:
– Cryptographic strength has been proved effectively.
– Code is freely available and they perform well in software.
• Old embedded hash functions can be easily replaced
with new hash functions, when developed.
• To make a simple use of keys

20. HMAC Algorithm: Parameters and symbols
M Input Message to HMAC (With necessary padding)
B Block Size (In Bytes) of Input Message
H Embedded hash function
Ipad Inner Pad: the byte 0x36 (In hexadecimal) repeated B times
K Secret Key (Shared by only sender and receiver)
K0 Key K after necessary pre-processing (i.e. padded with zeros
on the left) to form a B byte key
Opad Outerpad: 0x5C (In hexadecimal) repeated B times
L Length of the hash code (in bytes)
|| Concatenation
Exclusive or

21. HMAC Algorithm: Cryptographic Key
• The size of secret key K used in HMAC shall be
equal to or greater than L/2
• Here L is the size of Hash function output
• If key size greater than input block size (B
bytes), first apply the key to hash function (H)
than the resultant L byte string is used as key
• Key should be chosen at random using key
generation algorithms and change
periodically.

22. HMAC Algorithm
1. If K = B than Set K0:= K. Go to step 4
2. If K < B than K is padded with zeros in the left that form B byte string K0.
Go to step 4.
3. If K> B than hash the key K through H to get L byte string than add B-L
zeros to get a B byte string. (i.e. K0=H (K) || 0000…) Go to step 4
4. XOR K0 and ipad to generate a B byte string: K0 ipad
5. Append the input message to the output string of step 4. (K0 ipad) || M
6. Apply H to the stream generate in step 5. H ((K0 ipad) || M)
7. XOR K0 and opad: K0 opad
8. Append the result of step 6 to result of step 7:
9. (K0 opad)|| H ((K0 ipad) || M)
10. Apply H to the stream generated in step 8 to get the final output:
11. H((K0 opad)|| H ((K0 ipad) || M))

23. Graphical representation of HMAC Algorithm
Image Source: http://blog.mousavi.net/2013/01/23/hmac-the-keyed-hash-based-
mac-function/

24. • XORing of ipad and opad with key K result in
the flipping of half of its key bits.
• But the flipped value will be different for ipad
and opad respectively.
• Thus two keys are pseudo randomly
generated by key K.

25. References
• Anurag Jagetiya, C. Ramakrishna, “Secure Socket Layer-A
Boon to E-commerce”, CSI Communications, May-2013.
• William Stallings, Cryptography and Network Security
Principles and Practices, Pearson Publication, 4th Edition.