SlideShare une entreprise Scribd logo

Message authentication and hash function

Télécharger en tant que PPT, PDF
O
omarShiekh1

this presents message authentication code and Hash function

Technologie
1  sur  38
Network Security Presentation Chapter 11 Message authentication and hash function
. • Names IDs 1) Abdiqadir Osman mohamud 204326915 2) Rita Abdalla Hussein 214306913 3) Omar Ahmed Salad 214306912 4) Abdinasir Abdullahi Dahir 214326902 5) Abdifatah Ismail Sulub 214326917 6) Mohamed Sharif Hussein 214306908
. • Message authentication • Security requirements and attacks • Authentication Functions:- a. Message encryption b. Message authentication code (MAC) c. Hash functions • Practice and real life applications:- Overviewing concepts Capturing traffic using BURP SUIT Intercept network traffic Hashing function in PHP
Message Authentication message authentication is concerned with: protecting the integrity of a message validating identity of originator non-repudiation of origin (dispute resolution)
CS526 Topic 5: Hash Functions and Message Authentication 5 Data Integrity and Source Authentication • Encryption does not protect data from modification by another party. • Why? • Need a way to ensure that data arrives at destination in its original form as sent by the sender and it is coming from an authenticated source.
Communication without authentication Shared key k to generate authenticate message Alice M Bob Eve M’ Very easy.. Eve can simply change the message
Security attacks In the context of communications across a network, the following attacks can be identified: • disclosure • traffic analysis • masquerade • content modification • sequence modification • timing modification • source repudiation • destination repudiation
Security attacks……. • Disclosure: Release of message contents to any person or process not possessing the appropriate cryptographic key. • Traffic analysis: Discovery of the pattern of traffic between parties. In a connection-oriented application, the frequency and duration of connections could be determined. In either a connection-oriented or connectionless environment, the number and length of messages between parties could be determined.
Security attacks……. • Masquerade: Insertion of messages into the network from a fraudulent source. This includes the creation of messages by an opponent that are purported to come from an authorized entity. Also included are fraudulent acknowledgments of message receipt or nonreceipt by someone other than the message recipient.
Security attacks……. • Content modification: Changes to the contents of a message, including insertion, deletion, transposition, and modification. • Sequence modification: Any modification to a sequence of messages between parties, including insertion, deletion, and reordering.
Security attacks……. • Timing modification: Delay or replay of messages. In a connection-oriented application, an entire session or sequence of messages could be a replay of some previous valid session, or individual messages in the sequence could be delayed or replayed. In a connectionless application, an individual message (e.g., datagram) could be delayed or replayed.
Security attacks……. • Source repudiation: Denial of transmission of message by source. • Destination repudiation: Denial of receipt of message by destination.
Authentication Functions • Any message authentication or digital signature mechanism has two levels of functionality. • At the lower level, there must be some sort of function that produces an authenticator: a value to be used to authenticate a message. This lower-level function is then used as a primitive in a higher-level authentication protocol that enables a receiver to verify the authenticity of a message.
Authentication Functions.. This section is concerned with the types of functions that may be used to produce an authenticator. These may be grouped into three classes, as follows: ● Message encryption: The ciphertext of the entire message serves as its authenticator ● Message authentication code (MAC): A function of the message and a secret key that produces a fixed-length value that serves as the authenticator ● Hash function: A function that maps a message of any length into a fixed-length hash value, which serves as the authenticator
Message Encryption • message encryption by itself also provides a measure of authentication • if symmetric encryption is used then: • receiver know sender must have created it • since only sender and receiver now key used • know content cannot of been altered • if message has suitable structure, redundancy or a checksum to detect any changes
Message Encryption • if public-key encryption is used: • encryption provides no confidence of sender • since anyone potentially knows public-key • however if • sender signs message using their private-key • then encrypts with recipients public key • have both secrecy and authentication • again need to recognize corrupted messages • but at cost of two public-key uses on message
Message Authentication Code (MAC) • generated by an algorithm that creates a small fixed-sized block • depending on both message and some key • like encryption though need not be reversible • appended to message as a signature • receiver performs same computation on message and checks it matches the MAC • provides assurance that message is unaltered and comes from sender
Message Authentication Codes Keyed hash function. Authenticate origin of messages Symmetric key, shared between sender and receiver. Both sender and receiver can create and verify MAC. Integrity protection of messages Message changes in transit are detected. An ordinary (key-less) hash function does not provide this. (why?) Two known designs: HMAC (based on hash function) CBC-MAC (based on block cipher in CBC-mode) Are these good constructions? MACk (m) = h (kkm). MACk (m) = h (mkk). 22 / 26
Message Authentication Code
Message Authentication Codes as shown the MAC provides authentication can also use encryption for secrecy generally use separate keys for each can compute MAC either before or after encryption is generally regarded as better done before why use a MAC? sometimes only authentication is needed sometimes need authentication to persist longer than the encryption (eg. archival use) note that a MAC is not a digital signature
MAC Properties • a MAC is a cryptographic checksum MAC = CK(M) • condenses a variable-length message M • using a secret key K • to a fixed-sized authenticator • is a many-to-one function • potentially many messages have same MAC • but finding these needs to be very difficult
Requirements for MACs • taking into account the types of attacks • need the MAC to satisfy the following: 1. knowing a message and MAC, is infeasible to find another message with same MAC 2. MACs should be uniformly distributed 3. MAC should depend equally on all bits of the message
Hash Functions A cryptographic hash function h is a function which takes arbitrary length bit strings as input and produces a fixed length bit string as output, the hash value. A cryptographic hash function should be one-way: given any string y from the range of h, it should be computationally infeasible to find any value x in the domain of h such that h(x) = y. Given a hash function with outputs of n bits, we would like a function for which finding preimages requires O(2n) time. 23 /
Hash Functions • condenses arbitrary message to fixed size h = H(M) • usually assume that the hash function is public and not keyed • cf. MAC which is keyed • hash used to detect changes to message • can use in various ways with message • most often to create a digital signature
Requirements for a HashFunction • The purpose of a hash function is to produce a "fingerprint" of a file, message, or other block of data. To be useful for message authentication, a hash function H must have the following properties. 1. H can be applied to a block of data of any size. 2. H produces a fixed-length output.
HashFunction requirement 3. H(x) is relatively easy to compute for any given x, making both hardware and software implementations practical. 4. For any given value h, it is computationally infeasible to find x such that H(x) = h. This is sometimes referred to in the literature as the one-way property.
HashFunction requirement…. 5. For any given block x, it is computationally infeasible to find y x such that H(y) = H(x). This is sometimes referred to as weak collision resistance. 6.It is computationally infeasible to find any pair (x, y) such that H(x) = H(y). This is sometimes referred to as strong collision resistance
Hash Functions & Digital Signatures
Example Operation of Hash Functions Information 2
Birthday Attacks might think a 64-bit hash is secure but by Birthday Paradox is not birthday attack works thus: opponent generates 2 m/2 variations of a valid message all with essentially the same meaning opponent also generates 2 m/2 variations of a desired fraudulent message two sets of messages are compared to find pair with same hash (probability > 0.5 by birthday paradox) have user sign the valid message, then substitute the forgery which will have a valid signature conclusion is that need to use larger MAC/hash
Some Popular HashAlgorithms Information 3  MD5 (Rivest ) ◦ 128-bit output ◦ Most popular  SHA-1 (NIST- NSA) ◦ US gov’t standard ◦ 160-bit output  RIPEMD-160 ◦ Euro.RIPE project. ◦ 160-bit output Algorithm Speed (MByte/s.) MD5 205 SHA-1 72 RIPEMD-160 51 Crypto++ 5.1 benchmarks,2.1 GHz P4
Usage of hash functions • Commit to message by disclosing hash of message, later showing the message • If collision resistant, you cannot cheat (change message). • Consider playing rock, paper, scissors remotely with a hash function. Or rock-paper-scissors-lizard-Spock. • Verify integrity of downloaded files. • Digital signatures. • SSL/TLS for integrity protection. • Storing passwords in operating systems and web servers. 21 /
Security of Hash Functions and Macs • Just as with symmetric and public-key encryption, we can group attacks on hash functions and MACs into two categories: brute-force attacks and cryptanalysis
Brute-Force Attacks • The nature of brute-force attacks differs somewhat for hash functions and MACs. Hash Functions • The strength of a hash function against brute-force attacks depends solely on the length of the hash • code produced by the algorithm. Recall from our discussion of hash functions that there are three
desirable properties: ● One-way: For any given code h, it is computationally infeasible to find x such that H(x) = h. ● Weak collision resistance: For any given block x, it is computationally infeasible to find y x with H(y) = H(x). ● Strong collision resistance: It is computationally infeasible to find any pair (x, y) such that H (x) = H(y).
Hash Functions & MAC Security cryptanalytic attacks exploit structure like block ciphers want brute-force attacks to be the best alternative have a number of analytic attacks on iterated hash functions CVi = f[CVi-1, Mi]; H(M)=CVN typically focus on collisions in function f like block ciphers is often composed of rounds attacks exploit properties of round functions
Practical applications.. • Hashing passwords • PHP server analysis • Burp suit capturing • message authentication code.pptx
. • .

Recommandé

MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication CodesDarshanPatil82
 
Message authentication
Message authenticationMessage authentication
Message authenticationCAS
 
Message AUthentication Code
Message AUthentication CodeMessage AUthentication Code
Message AUthentication CodeKeval Bhogayata
 
Hash Function
Hash FunctionHash Function
Hash FunctionSiddharth Srivastava
 
Substitution techniques
Substitution techniquesSubstitution techniques
Substitution techniquesvinitha96
 
Web Security
Web SecurityWeb Security
Web SecurityDr.Florence Dayana
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key CryptosystemDevakumar Kp
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSADr.Florence Dayana
 

Recommandé

MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication CodesDarshanPatil82
 
Message authentication
Message authenticationMessage authentication
Message authenticationCAS
 
Message AUthentication Code
Message AUthentication CodeMessage AUthentication Code
Message AUthentication CodeKeval Bhogayata
 
Hash Function
Hash FunctionHash Function
Hash FunctionSiddharth Srivastava
 
Substitution techniques
Substitution techniquesSubstitution techniques
Substitution techniquesvinitha96
 
Web Security
Web SecurityWeb Security
Web SecurityDr.Florence Dayana
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key CryptosystemDevakumar Kp
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSADr.Florence Dayana
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMACKrishna Gehlot
 
DES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationDES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationsarhadisoftengg
 
Cs8792 cns - unit v
Cs8792 cns - unit vCs8792 cns - unit v
Cs8792 cns - unit vArthyR3
 
Message Authentication
Message AuthenticationMessage Authentication
Message Authenticationchauhankapil
 
Email security
Email securityEmail security
Email securityIndrajit Sreemany
 
5. message authentication and hash function
5. message authentication and hash function5. message authentication and hash function
5. message authentication and hash functionChirag Patel
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and CryptographyAdam Reagan
 
Asymmetric Cryptography
Asymmetric CryptographyAsymmetric Cryptography
Asymmetric CryptographyUTD Computer Security Group
 
Data Encryption Standard (DES)
Data Encryption Standard (DES)Data Encryption Standard (DES)
Data Encryption Standard (DES)Haris Ahmed
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesDr.Florence Dayana
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanismsRajapriya82
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail securityDr.Florence Dayana
 
block ciphers
block ciphersblock ciphers
block ciphersAsad Ali
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
How Hashing Algorithms Work
How Hashing Algorithms WorkHow Hashing Algorithms Work
How Hashing Algorithms WorkCheapSSLsecurity
 
Hash function
Hash function Hash function
Hash function Salman Memon
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1RAMESHBABU311293
 
Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric keyTriad Square InfoSec
 
Cs8792 cns - unit iv
Cs8792 cns - unit ivCs8792 cns - unit iv
Cs8792 cns - unit ivArthyR3
 
Cs8792 cns - unit iv
Cs8792 cns - unit ivCs8792 cns - unit iv
Cs8792 cns - unit ivArthyR3
 

Contenu connexe

Tendances

Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMACKrishna Gehlot
 
DES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationDES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationsarhadisoftengg
 
Cs8792 cns - unit v
Cs8792 cns - unit vCs8792 cns - unit v
Cs8792 cns - unit vArthyR3
 
Message Authentication
Message AuthenticationMessage Authentication
Message Authenticationchauhankapil
 
5. message authentication and hash function
5. message authentication and hash function5. message authentication and hash function
5. message authentication and hash functionChirag Patel
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and CryptographyAdam Reagan
 
Data Encryption Standard (DES)
Data Encryption Standard (DES)Data Encryption Standard (DES)
Data Encryption Standard (DES)Haris Ahmed
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesDr.Florence Dayana
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanismsRajapriya82
 
block ciphers
block ciphersblock ciphers
block ciphersAsad Ali
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
How Hashing Algorithms Work
How Hashing Algorithms WorkHow Hashing Algorithms Work
How Hashing Algorithms WorkCheapSSLsecurity
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1RAMESHBABU311293
 

Tendances (20)

Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMAC
 
DES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationDES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentation
 
Cs8792 cns - unit v
Cs8792 cns - unit vCs8792 cns - unit v
Cs8792 cns - unit v
 
Message Authentication
Message AuthenticationMessage Authentication
Message Authentication
 
Email security
Email securityEmail security
Email security
 
5. message authentication and hash function
5. message authentication and hash function5. message authentication and hash function
5. message authentication and hash function
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and Cryptography
 
Asymmetric Cryptography
Asymmetric CryptographyAsymmetric Cryptography
Asymmetric Cryptography
 
Data Encryption Standard (DES)
Data Encryption Standard (DES)Data Encryption Standard (DES)
Data Encryption Standard (DES)
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniques
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanisms
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail security
 
block ciphers
block ciphersblock ciphers
block ciphers
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
How Hashing Algorithms Work
How Hashing Algorithms WorkHow Hashing Algorithms Work
How Hashing Algorithms Work
 
Hash function
Hash function Hash function
Hash function
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacy
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
 
Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric key
 

Similaire à Message authentication and hash function

Cs8792 cns - unit iv
Cs8792 cns - unit ivCs8792 cns - unit iv
Cs8792 cns - unit ivArthyR3
 
Cs8792 cns - unit iv
Cs8792 cns - unit ivCs8792 cns - unit iv
Cs8792 cns - unit ivArthyR3
 
UNIT3_class (1).ppt CRYPTOGRAPHY NOTES AND NETWORK
UNIT3_class (1).ppt CRYPTOGRAPHY NOTES AND NETWORKUNIT3_class (1).ppt CRYPTOGRAPHY NOTES AND NETWORK
UNIT3_class (1).ppt CRYPTOGRAPHY NOTES AND NETWORKjeevasreemurali
 
Information and data security cryptography and network security
Information and data security cryptography and network securityInformation and data security cryptography and network security
Information and data security cryptography and network securityMazin Alwaaly
 
unit - III.pptx
unit - III.pptxunit - III.pptx
unit - III.pptxsandyBS
 
BAIT1103 Chapter 2
BAIT1103 Chapter 2BAIT1103 Chapter 2
BAIT1103 Chapter 2limsh
 
Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3koolkampus
 
Information and network security 41 message authentication code
Information and network security 41 message authentication codeInformation and network security 41 message authentication code
Information and network security 41 message authentication codeVaibhav Khanna
 
Distribution of public keys and hmac
Distribution of public keys and hmacDistribution of public keys and hmac
Distribution of public keys and hmacanuragjagetiya
 
Information and data security cryptographic hash functions
Information and data security cryptographic hash functionsInformation and data security cryptographic hash functions
Information and data security cryptographic hash functionsMazin Alwaaly
 
Cryptography and network_security
Cryptography and network_securityCryptography and network_security
Cryptography and network_securityJanani Satheshkumar
 

Similaire à Message authentication and hash function (20)

Cs8792 cns - unit iv
Cs8792 cns - unit ivCs8792 cns - unit iv
Cs8792 cns - unit iv
 
Cs8792 cns - unit iv
Cs8792 cns - unit ivCs8792 cns - unit iv
Cs8792 cns - unit iv
 
Cns
CnsCns
Cns
 
UNIT3_class (1).ppt CRYPTOGRAPHY NOTES AND NETWORK
UNIT3_class (1).ppt CRYPTOGRAPHY NOTES AND NETWORKUNIT3_class (1).ppt CRYPTOGRAPHY NOTES AND NETWORK
UNIT3_class (1).ppt CRYPTOGRAPHY NOTES AND NETWORK
 
Information and data security cryptography and network security
Information and data security cryptography and network securityInformation and data security cryptography and network security
Information and data security cryptography and network security
 
unit - III.pptx
unit - III.pptxunit - III.pptx
unit - III.pptx
 
BAIT1103 Chapter 2
BAIT1103 Chapter 2BAIT1103 Chapter 2
BAIT1103 Chapter 2
 
ch11.ppt
ch11.pptch11.ppt
ch11.ppt
 
Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3
 
Information and network security 41 message authentication code
Information and network security 41 message authentication codeInformation and network security 41 message authentication code
Information and network security 41 message authentication code
 
ch11.ppt
ch11.pptch11.ppt
ch11.ppt
 
Ch11
Ch11Ch11
Ch11
 
Unit 3
Unit 3Unit 3
Unit 3
 
Distribution of public keys and hmac
Distribution of public keys and hmacDistribution of public keys and hmac
Distribution of public keys and hmac
 
CRYPTOGRAPHY & NETWORK SECURITY- Cryptographic Hash Functions
CRYPTOGRAPHY & NETWORK SECURITY- Cryptographic Hash FunctionsCRYPTOGRAPHY & NETWORK SECURITY- Cryptographic Hash Functions
CRYPTOGRAPHY & NETWORK SECURITY- Cryptographic Hash Functions
 
Message Authentication: MAC, Hashes
Message Authentication: MAC, HashesMessage Authentication: MAC, Hashes
Message Authentication: MAC, Hashes
 
Information and data security cryptographic hash functions
Information and data security cryptographic hash functionsInformation and data security cryptographic hash functions
Information and data security cryptographic hash functions
 
Cryptography and network_security
Cryptography and network_securityCryptography and network_security
Cryptography and network_security
 
Iss lecture 4
Iss lecture 4Iss lecture 4
Iss lecture 4
 
final ppt TS.pptx
final ppt TS.pptxfinal ppt TS.pptx
final ppt TS.pptx
 

Dernier

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Dernier (20)

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

Message authentication and hash function

  • 1. Network Security Presentation Chapter 11 Message authentication and hash function
  • 2. . • Names IDs 1) Abdiqadir Osman mohamud 204326915 2) Rita Abdalla Hussein 214306913 3) Omar Ahmed Salad 214306912 4) Abdinasir Abdullahi Dahir 214326902 5) Abdifatah Ismail Sulub 214326917 6) Mohamed Sharif Hussein 214306908
  • 3. . • Message authentication • Security requirements and attacks • Authentication Functions:- a. Message encryption b. Message authentication code (MAC) c. Hash functions • Practice and real life applications:- Overviewing concepts Capturing traffic using BURP SUIT Intercept network traffic Hashing function in PHP
  • 4. Message Authentication message authentication is concerned with: protecting the integrity of a message validating identity of originator non-repudiation of origin (dispute resolution)
  • 5. CS526 Topic 5: Hash Functions and Message Authentication 5 Data Integrity and Source Authentication • Encryption does not protect data from modification by another party. • Why? • Need a way to ensure that data arrives at destination in its original form as sent by the sender and it is coming from an authenticated source.
  • 6. Communication without authentication Shared key k to generate authenticate message Alice M Bob Eve M’ Very easy.. Eve can simply change the message
  • 7. Security attacks In the context of communications across a network, the following attacks can be identified: • disclosure • traffic analysis • masquerade • content modification • sequence modification • timing modification • source repudiation • destination repudiation
  • 8. Security attacks……. • Disclosure: Release of message contents to any person or process not possessing the appropriate cryptographic key. • Traffic analysis: Discovery of the pattern of traffic between parties. In a connection-oriented application, the frequency and duration of connections could be determined. In either a connection-oriented or connectionless environment, the number and length of messages between parties could be determined.
  • 9. Security attacks……. • Masquerade: Insertion of messages into the network from a fraudulent source. This includes the creation of messages by an opponent that are purported to come from an authorized entity. Also included are fraudulent acknowledgments of message receipt or nonreceipt by someone other than the message recipient.
  • 10. Security attacks……. • Content modification: Changes to the contents of a message, including insertion, deletion, transposition, and modification. • Sequence modification: Any modification to a sequence of messages between parties, including insertion, deletion, and reordering.
  • 11. Security attacks……. • Timing modification: Delay or replay of messages. In a connection-oriented application, an entire session or sequence of messages could be a replay of some previous valid session, or individual messages in the sequence could be delayed or replayed. In a connectionless application, an individual message (e.g., datagram) could be delayed or replayed.
  • 12. Security attacks……. • Source repudiation: Denial of transmission of message by source. • Destination repudiation: Denial of receipt of message by destination.
  • 13. Authentication Functions • Any message authentication or digital signature mechanism has two levels of functionality. • At the lower level, there must be some sort of function that produces an authenticator: a value to be used to authenticate a message. This lower-level function is then used as a primitive in a higher-level authentication protocol that enables a receiver to verify the authenticity of a message.
  • 14. Authentication Functions.. This section is concerned with the types of functions that may be used to produce an authenticator. These may be grouped into three classes, as follows: ● Message encryption: The ciphertext of the entire message serves as its authenticator ● Message authentication code (MAC): A function of the message and a secret key that produces a fixed-length value that serves as the authenticator ● Hash function: A function that maps a message of any length into a fixed-length hash value, which serves as the authenticator
  • 15. Message Encryption • message encryption by itself also provides a measure of authentication • if symmetric encryption is used then: • receiver know sender must have created it • since only sender and receiver now key used • know content cannot of been altered • if message has suitable structure, redundancy or a checksum to detect any changes
  • 16. Message Encryption • if public-key encryption is used: • encryption provides no confidence of sender • since anyone potentially knows public-key • however if • sender signs message using their private-key • then encrypts with recipients public key • have both secrecy and authentication • again need to recognize corrupted messages • but at cost of two public-key uses on message
  • 17. Message Authentication Code (MAC) • generated by an algorithm that creates a small fixed-sized block • depending on both message and some key • like encryption though need not be reversible • appended to message as a signature • receiver performs same computation on message and checks it matches the MAC • provides assurance that message is unaltered and comes from sender
  • 18. Message Authentication Codes Keyed hash function. Authenticate origin of messages Symmetric key, shared between sender and receiver. Both sender and receiver can create and verify MAC. Integrity protection of messages Message changes in transit are detected. An ordinary (key-less) hash function does not provide this. (why?) Two known designs: HMAC (based on hash function) CBC-MAC (based on block cipher in CBC-mode) Are these good constructions? MACk (m) = h (kkm). MACk (m) = h (mkk). 22 / 26
  • 20. Message Authentication Codes as shown the MAC provides authentication can also use encryption for secrecy generally use separate keys for each can compute MAC either before or after encryption is generally regarded as better done before why use a MAC? sometimes only authentication is needed sometimes need authentication to persist longer than the encryption (eg. archival use) note that a MAC is not a digital signature
  • 21. MAC Properties • a MAC is a cryptographic checksum MAC = CK(M) • condenses a variable-length message M • using a secret key K • to a fixed-sized authenticator • is a many-to-one function • potentially many messages have same MAC • but finding these needs to be very difficult
  • 22. Requirements for MACs • taking into account the types of attacks • need the MAC to satisfy the following: 1. knowing a message and MAC, is infeasible to find another message with same MAC 2. MACs should be uniformly distributed 3. MAC should depend equally on all bits of the message
  • 23. Hash Functions A cryptographic hash function h is a function which takes arbitrary length bit strings as input and produces a fixed length bit string as output, the hash value. A cryptographic hash function should be one-way: given any string y from the range of h, it should be computationally infeasible to find any value x in the domain of h such that h(x) = y. Given a hash function with outputs of n bits, we would like a function for which finding preimages requires O(2n) time. 23 /
  • 24. Hash Functions • condenses arbitrary message to fixed size h = H(M) • usually assume that the hash function is public and not keyed • cf. MAC which is keyed • hash used to detect changes to message • can use in various ways with message • most often to create a digital signature
  • 25. Requirements for a HashFunction • The purpose of a hash function is to produce a "fingerprint" of a file, message, or other block of data. To be useful for message authentication, a hash function H must have the following properties. 1. H can be applied to a block of data of any size. 2. H produces a fixed-length output.
  • 26. HashFunction requirement 3. H(x) is relatively easy to compute for any given x, making both hardware and software implementations practical. 4. For any given value h, it is computationally infeasible to find x such that H(x) = h. This is sometimes referred to in the literature as the one-way property.
  • 27. HashFunction requirement…. 5. For any given block x, it is computationally infeasible to find y x such that H(y) = H(x). This is sometimes referred to as weak collision resistance. 6.It is computationally infeasible to find any pair (x, y) such that H(x) = H(y). This is sometimes referred to as strong collision resistance
  • 28. Hash Functions & Digital Signatures
  • 29. Example Operation of Hash Functions Information 2
  • 30. Birthday Attacks might think a 64-bit hash is secure but by Birthday Paradox is not birthday attack works thus: opponent generates 2 m/2 variations of a valid message all with essentially the same meaning opponent also generates 2 m/2 variations of a desired fraudulent message two sets of messages are compared to find pair with same hash (probability > 0.5 by birthday paradox) have user sign the valid message, then substitute the forgery which will have a valid signature conclusion is that need to use larger MAC/hash
  • 31. Some Popular HashAlgorithms Information 3  MD5 (Rivest ) ◦ 128-bit output ◦ Most popular  SHA-1 (NIST- NSA) ◦ US gov’t standard ◦ 160-bit output  RIPEMD-160 ◦ Euro.RIPE project. ◦ 160-bit output Algorithm Speed (MByte/s.) MD5 205 SHA-1 72 RIPEMD-160 51 Crypto++ 5.1 benchmarks,2.1 GHz P4
  • 32. Usage of hash functions • Commit to message by disclosing hash of message, later showing the message • If collision resistant, you cannot cheat (change message). • Consider playing rock, paper, scissors remotely with a hash function. Or rock-paper-scissors-lizard-Spock. • Verify integrity of downloaded files. • Digital signatures. • SSL/TLS for integrity protection. • Storing passwords in operating systems and web servers. 21 /
  • 33. Security of Hash Functions and Macs • Just as with symmetric and public-key encryption, we can group attacks on hash functions and MACs into two categories: brute-force attacks and cryptanalysis
  • 34. Brute-Force Attacks • The nature of brute-force attacks differs somewhat for hash functions and MACs. Hash Functions • The strength of a hash function against brute-force attacks depends solely on the length of the hash • code produced by the algorithm. Recall from our discussion of hash functions that there are three
  • 35. desirable properties: ● One-way: For any given code h, it is computationally infeasible to find x such that H(x) = h. ● Weak collision resistance: For any given block x, it is computationally infeasible to find y x with H(y) = H(x). ● Strong collision resistance: It is computationally infeasible to find any pair (x, y) such that H (x) = H(y).
  • 36. Hash Functions & MAC Security cryptanalytic attacks exploit structure like block ciphers want brute-force attacks to be the best alternative have a number of analytic attacks on iterated hash functions CVi = f[CVi-1, Mi]; H(M)=CVN typically focus on collisions in function f like block ciphers is often composed of rounds attacks exploit properties of round functions
  • 37. Practical applications.. • Hashing passwords • PHP server analysis • Burp suit capturing • message authentication code.pptx