3. .
• Message authentication
• Security requirements and attacks
• Authentication Functions:-
a. Message encryption
b. Message authentication code (MAC)
c. Hash functions
• Practice and real life applications:-
Overviewing concepts
Capturing traffic using BURP SUIT
Intercept network traffic
Hashing function in PHP
4. Message Authentication
message authentication is concerned with:
protecting the integrity of a message
validating identity of originator
non-repudiation of origin (dispute resolution)
5. CS526
Topic
5:
Hash
Functions
and
Message
Authentication
5
Data Integrity and Source
Authentication
• Encryption does not protect data from modification
by another party.
• Why?
• Need a way to ensure that data arrives at destination
in its original form as sent by the sender and it is
coming from an authenticated source.
7. Security attacks
In the context of communications across a network, the
following attacks can be identified:
• disclosure
• traffic analysis
• masquerade
• content modification
• sequence modification
• timing modification
• source repudiation
• destination repudiation
8. Security attacks…….
• Disclosure: Release of message contents to any person or
process not possessing the appropriate cryptographic key.
• Traffic analysis: Discovery of the pattern of traffic between
parties. In a connection-oriented application, the frequency
and duration of connections could be determined. In either a
connection-oriented or connectionless environment, the
number and length of messages between parties could be
determined.
9. Security attacks…….
• Masquerade: Insertion of messages into the network from a
fraudulent source. This includes the creation of messages by
an opponent that are purported to come from an authorized
entity. Also included are fraudulent acknowledgments of
message receipt or nonreceipt by someone other than the
message recipient.
10. Security attacks…….
• Content modification: Changes to the contents of a message,
including insertion, deletion, transposition, and modification.
• Sequence modification: Any modification to a sequence of
messages between parties, including insertion, deletion, and
reordering.
11. Security attacks…….
• Timing modification: Delay or replay of messages. In a
connection-oriented application, an entire session or
sequence of messages could be a replay of some previous
valid session, or individual messages in the sequence could be
delayed or replayed. In a connectionless application, an
individual message (e.g., datagram) could be delayed or
replayed.
12. Security attacks…….
• Source repudiation: Denial of transmission of message by
source.
• Destination repudiation: Denial of receipt of message by
destination.
13. Authentication Functions
• Any message authentication or digital signature mechanism
has two levels of functionality.
• At the lower level, there must be some sort of function that
produces an authenticator: a value to be used to authenticate
a message. This lower-level function is then used as a
primitive in a higher-level authentication protocol that enables
a receiver to verify the authenticity of a message.
14. Authentication Functions..
This section is concerned with the types of functions that may
be used to produce an authenticator. These may be grouped
into three classes, as follows:
● Message encryption: The ciphertext of the entire message
serves as its authenticator
● Message authentication code (MAC): A function of the
message and a secret key that produces a fixed-length value that
serves as the authenticator
● Hash function: A function that maps a message of any length
into a fixed-length hash value, which serves as the authenticator
15. Message Encryption
• message encryption by itself also provides a measure of
authentication
• if symmetric encryption is used then:
• receiver know sender must have created it
• since only sender and receiver now key used
• know content cannot of been altered
• if message has suitable structure, redundancy or a checksum to
detect any changes
16. Message Encryption
• if public-key encryption is used:
• encryption provides no confidence of sender
• since anyone potentially knows public-key
• however if
• sender signs message using their private-key
• then encrypts with recipients public key
• have both secrecy and authentication
• again need to recognize corrupted messages
• but at cost of two public-key uses on message
17. Message Authentication Code
(MAC)
• generated by an algorithm that creates a small fixed-sized
block
• depending on both message and some key
• like encryption though need not be reversible
• appended to message as a signature
• receiver performs same computation on message and checks
it matches the MAC
• provides assurance that message is unaltered and comes from
sender
18. Message Authentication Codes
Keyed hash function.
Authenticate origin of messages
Symmetric key, shared between sender and receiver. Both sender and
receiver can create and verify MAC.
Integrity protection of messages
Message changes in transit are detected.
An ordinary (key-less) hash function does not provide this. (why?)
Two known designs:
HMAC (based on hash function)
CBC-MAC (based on block cipher in CBC-mode)
Are these good constructions?
MACk (m) = h (kkm).
MACk (m) = h (mkk).
22 / 26
20. Message Authentication Codes
as shown the MAC provides authentication
can also use encryption for secrecy
generally use separate keys for each
can compute MAC either before or after encryption
is generally regarded as better done before
why use a MAC?
sometimes only authentication is needed
sometimes need authentication to persist longer than
the encryption (eg. archival use)
note that a MAC is not a digital signature
21. MAC Properties
• a MAC is a cryptographic checksum
MAC = CK(M)
• condenses a variable-length message M
• using a secret key K
• to a fixed-sized authenticator
• is a many-to-one function
• potentially many messages have same MAC
• but finding these needs to be very difficult
22. Requirements for MACs
• taking into account the types of attacks
• need the MAC to satisfy the following:
1. knowing a message and MAC, is infeasible to find another
message with same MAC
2. MACs should be uniformly distributed
3. MAC should depend equally on all bits of the message
23. Hash Functions
A cryptographic hash function h is a function which takes arbitrary
length bit strings as input and produces a fixed length bit string as
output, the hash value.
A cryptographic hash function should be one-way: given any string y
from the range of h, it should be computationally infeasible to find any
value x in the domain of h such that
h(x) = y.
Given a hash function with outputs of n bits, we would like a function
for which finding preimages requires O(2n) time.
23 /
24. Hash Functions
• condenses arbitrary message to fixed size
h = H(M)
• usually assume that the hash function is public and not keyed
• cf. MAC which is keyed
• hash used to detect changes to message
• can use in various ways with message
• most often to create a digital signature
25. Requirements for a HashFunction
• The purpose of a hash function is to produce a "fingerprint" of
a file, message, or other block of data. To be useful for
message authentication, a hash function H must have the
following properties.
1. H can be applied to a block of data of any size.
2. H produces a fixed-length output.
26. HashFunction requirement
3. H(x) is relatively easy to compute for any given x, making both
hardware and software implementations practical.
4. For any given value h, it is computationally infeasible to find x
such that H(x) = h. This is sometimes referred to in the literature
as the one-way property.
27. HashFunction requirement….
5. For any given block x, it is computationally infeasible to find y x
such that H(y) = H(x). This is sometimes referred to as weak
collision resistance.
6.It is computationally infeasible to find any pair (x, y) such that
H(x) = H(y). This is sometimes referred to as strong collision
resistance
30. Birthday Attacks
might think a 64-bit hash is secure
but by Birthday Paradox is not
birthday attack works thus:
opponent generates 2
m/2 variations of a valid message
all with essentially the same meaning
opponent also generates 2
m/2 variations of a desired
fraudulent message
two sets of messages are compared to find pair with
same hash (probability > 0.5 by birthday paradox)
have user sign the valid message, then substitute the
forgery which will have a valid signature
conclusion is that need to use larger MAC/hash
31. Some Popular HashAlgorithms
Information 3
MD5
(Rivest
)
◦ 128-bit output
◦ Most popular
SHA-1 (NIST-
NSA)
◦ US gov’t standard
◦ 160-bit output
RIPEMD-160
◦ Euro.RIPE project.
◦ 160-bit output
Algorithm Speed (MByte/s.)
MD5 205
SHA-1 72
RIPEMD-160 51
Crypto++ 5.1 benchmarks,2.1 GHz
P4
32. Usage of hash functions
• Commit to message by disclosing hash of message, later
showing the message
• If collision resistant, you cannot cheat (change message).
• Consider playing rock, paper, scissors remotely with a hash function.
Or rock-paper-scissors-lizard-Spock.
• Verify integrity of downloaded files.
• Digital signatures.
• SSL/TLS for integrity protection.
• Storing passwords in operating systems and web servers.
21 /
33. Security of Hash Functions and
Macs
• Just as with symmetric and public-key encryption, we can
group attacks on hash functions and MACs into two
categories: brute-force attacks and cryptanalysis
34. Brute-Force Attacks
• The nature of brute-force attacks differs somewhat for hash
functions and MACs.
Hash Functions
• The strength of a hash function against brute-force attacks
depends solely on the length of the hash
• code produced by the algorithm. Recall from our discussion of
hash functions that there are three
35. desirable properties:
● One-way: For any given code h, it is computationally infeasible
to find x such that H(x) = h.
● Weak collision resistance: For any given block x, it is
computationally infeasible to find y x with H(y) = H(x).
● Strong collision resistance: It is computationally infeasible to
find any pair (x, y) such that H (x) = H(y).
36. Hash Functions & MAC
Security
cryptanalytic attacks exploit structure
like block ciphers want brute-force attacks to be the
best alternative
have a number of analytic attacks on iterated
hash functions
CVi = f[CVi-1, Mi]; H(M)=CVN
typically focus on collisions in function f
like block ciphers is often composed of rounds
attacks exploit properties of round functions