SlideShare a Scribd company logo

Hash Function

Download as PPTX, PDF
Siddharth Srivastava
Siddharth Srivastava

Hash Function in Cryptography

Education
1 of 32
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci
Message Authentication • message authentication is concerned with: – protecting the integrity of a message – validating identity of originator – non-repudiation of origin (dispute resolution) • considers a set of security requirements • Three alternative functions used: – message encryption – message authentication code (MAC) – hash function
A Set of Security Requirements • disclosure • traffic analysis • masquerade • content modification • sequence modification • timing modification • source repudiation • destination repudiation
Message Encryption • message encryption by itself also provides a measure of authentication • if symmetric encryption is used then: – receiver knows sender must have created it – since only sender and receiver now key used – they know that content cannot have been altered by others than themselves
Message Encryption • If public-key encryption is used: – encryption provides no confidence of sender – since anyone potentially knows public-key – however if • sender signs message using their private-key • then encrypts with recipients public key • thus, have both secrecy and authentication
Message Authentication Code (MAC) • generated by an algorithm that creates a small fixed- sized block – depending on both message and some key – like encryption though need not be reversible • appended to message as a signature • receiver performs same computation on message and checks it matches the MAC • provides assurance that message is unaltered and comes from certain sender
Message Authentication Code A MAC is not a digital signature
Message Authentication Codes • as shown the MAC provides authentication • can also use encryption for secrecy – generally use separate keys for each – can compute MAC either before or after encryption – is generally regarded as better done before • why use a MAC? – sometimes only authentication is needed – sometimes we need authentication to persist longer than the encryption (eg. archival use)
MAC Properties • A MAC is a cryptographic checksum MAC = CK(M) condenses a variable-length message M using a secret key K to a fixed-sized authenticator • is a many-to-one function – potentially many messages have same MAC – but finding these can be very difficult
Requirements for MACs • Taking into account the types of attacks we need the MAC to satisfy the following: 1. knowing a message and MAC, is infeasible to find another message with same MAC 2. MACs should be uniformly distributed 3. MAC should depend equally on all bits of the message
Using Symmetric Ciphers for MACs • can use any block cipher chaining mode and use final block as a MAC • Data Authentication Algorithm (DAA) is a widely used MAC based on DES-CBC – using IV=0 and zero-pad of final block – encrypt message using DES in CBC mode – and send just the final block as the MAC • or the leftmost M bits (16≤M≤64) of final block • but final MAC is now too small for security!
Data Authentication Algorithm (FIPS PUB 113) 1 1 2 2 1 3 2 1 ( , ) ( ,[ ]) ( ,[ 3 ]) . . . ( ,[ ])N N N O E K D O E K D O O E K D O O E K D O
Data Authentication Algorithm
Hash Functions • condenses arbitrary message to fixed size h = H(M) • usually assume that the hash function is public and not keyed • hash used to detect changes to message • can use in various ways with message • most often to create a digital signature
Hash Functions & Digital Signatures
Requirements for Hash Functions 1. can be applied to any sized message M 2. produces fixed-length output h 3. is easy to compute h=H(M) for any message M 4. one-way property: given h is infeasible to find x s.t. H(x)=h 5. weak collision resistance: given x is infeasible to find y s.t. H(y)=H(x) 6. strong collision resistance: is infeasible to find any x,y s.t. H(y)=H(x)
Simple Hash Functions • There are several proposals for simple functions • based on XOR of message blocks • not secure since can manipulate any message and either not change hash or change hash also • need a stronger cryptographic function
Secure Hash Algorithm • SHA originally designed by NIST & NSA in 1993 • was revised in 1995 as SHA-1 • US standard for use with DSA signature scheme – standard is FIPS 180-1 1995, also Internet RFC3174 • based on design of MD4 with key differences • produces 160-bit hash values • recent 2005 results on security of SHA-1 have raised concerns on its use in future applications
Secure Hash Function 0 1 1 i Initial n-bit value ( , ) ( ) th input block, L= # of input blocks, CV = var i i i L i CV IV CV f CV Y H M CV Y i Chaining iable
Hash Algorithm Structure
Revised Secure Hash Standard • NIST issued revision FIPS 180-2 in 2002 • adds 3 additional versions of SHA – SHA-256, SHA-384, SHA-512 • designed for compatibility with increased security provided by the AES cipher • structure & detail is similar to SHA-1 • hence analysis should be similar • but security levels are rather higher
SHA-512 Overview
Keyed Hash Functions as MACs • want a MAC based on a hash function – because hash functions are generally faster – code for crypto hash functions widely available • hash includes a key along with message • original proposal: KeyedHash = Hash(Key|Message) – some weaknesses were found with this • eventually led to development of HMAC
HMAC • specified as Internet standard RFC2104 • uses hash function on the message: HMACK = Hash[(K+ XOR opad) || Hash[(K+ XOR ipad)||M)]] • where K+ is the key padded out to size • and opad (5C Hex), ipad (36 Hex) are specified padding constants • overhead is just 3 more hash calculations than the message needs alone • any hash function can be used – eg. MD5, SHA-1, RIPEMD-160, Whirlpool
HMAC Overview
HMAC Security • proved security of HMAC relates to that of the underlying hash algorithm • attacking HMAC requires either: – brute force attack on key used – birthday attack (but since keyed would need to observe a very large number of messages) • choose hash function used based on speed verses security constraints
Henric Johnson 27 X.509 Authentication Service • Distributed set of servers that maintains a database about users. • Each certificate contains the public key of a user and is signed with the private key of a CA. • Is used in S/MIME, IP Security, SSL/TLS and SET. • RSA is recommended to use.
Henric Johnson 28 X.509 Formats
Henric Johnson 29 Typical Digital Signature Approach
Henric Johnson 30 Obtaining a User’s Certificate • Characteristics of certificates generated by CA: – Any user with access to the public key of the CA can recover the user public key that was certified. – No part other than the CA can modify the certificate without this being detected.
Henric Johnson 31 X.509 CA Hierarchy
Henric Johnson 32 Revocation of Certificates • Reasons for revocation: – The users secret key is assumed to be compromised. – The user is no longer certified by this CA. – The CA’s certificate is assumed to be compromised.

Recommended

5. message authentication and hash function
5. message authentication and hash function5. message authentication and hash function
5. message authentication and hash functionChirag Patel
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash functionMijanur Rahman Milon
 
SHA- Secure hashing algorithm
SHA- Secure hashing algorithmSHA- Secure hashing algorithm
SHA- Secure hashing algorithmRuchi Maurya
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithmSunita Kharayat
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMACKrishna Gehlot
 
MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication CodesDarshanPatil82
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key CryptographyGopal Sakarkar
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHMShashank Shetty
 

Recommended

5. message authentication and hash function
5. message authentication and hash function5. message authentication and hash function
5. message authentication and hash functionChirag Patel
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash functionMijanur Rahman Milon
 
SHA- Secure hashing algorithm
SHA- Secure hashing algorithmSHA- Secure hashing algorithm
SHA- Secure hashing algorithmRuchi Maurya
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithmSunita Kharayat
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMACKrishna Gehlot
 
MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication CodesDarshanPatil82
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key CryptographyGopal Sakarkar
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHMShashank Shetty
 
Secret key cryptography
Secret key cryptographySecret key cryptography
Secret key cryptographyPrabhat Goel
 
Message authentication
Message authenticationMessage authentication
Message authenticationCAS
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographySeema Goel
 
DES
DESDES
DESNaga Srimanyu Timmaraju
 
Key management
Key managementKey management
Key managementSujata Regoti
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptUday Meena
 
IP Security
IP SecurityIP Security
IP SecurityDr.Florence Dayana
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distributionRiya Choudhary
 
Hash function
Hash functionHash function
Hash functionHarry Potter
 
Message authentication and hash function
Message authentication and hash functionMessage authentication and hash function
Message authentication and hash functionomarShiekh1
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1RAMESHBABU311293
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tlsRana assad ali
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its UsesMohsin Ali
 
Public Key Encryption & Hash functions
Public Key Encryption & Hash functionsPublic Key Encryption & Hash functions
Public Key Encryption & Hash functionsDr.Florence Dayana
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherNiloy Biswas
 
Hash function
Hash function Hash function
Hash function Salman Memon
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key CryptosystemDevakumar Kp
 
Web Security
Web SecurityWeb Security
Web SecurityDr.Florence Dayana
 
Digital signature
Digital signatureDigital signature
Digital signatureAJAL A J
 
Pgp smime
Pgp smimePgp smime
Pgp smimeTania Agni
 

More Related Content

What's hot

Secret key cryptography
Secret key cryptographySecret key cryptography
Secret key cryptographyPrabhat Goel
 
Message authentication
Message authenticationMessage authentication
Message authenticationCAS
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographySeema Goel
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptUday Meena
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distributionRiya Choudhary
 
Message authentication and hash function
Message authentication and hash functionMessage authentication and hash function
Message authentication and hash functionomarShiekh1
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1RAMESHBABU311293
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its UsesMohsin Ali
 
Public Key Encryption & Hash functions
Public Key Encryption & Hash functionsPublic Key Encryption & Hash functions
Public Key Encryption & Hash functionsDr.Florence Dayana
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherNiloy Biswas
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key CryptosystemDevakumar Kp
 

What's hot (20)

Secret key cryptography
Secret key cryptographySecret key cryptography
Secret key cryptography
 
Message authentication
Message authenticationMessage authentication
Message authentication
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
DES
DESDES
DES
 
Key management
Key managementKey management
Key management
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
 
IP Security
IP SecurityIP Security
IP Security
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
 
Hash function
Hash functionHash function
Hash function
 
Message authentication and hash function
Message authentication and hash functionMessage authentication and hash function
Message authentication and hash function
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tls
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its Uses
 
Public Key Encryption & Hash functions
Public Key Encryption & Hash functionsPublic Key Encryption & Hash functions
Public Key Encryption & Hash functions
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipher
 
Hash function
Hash function Hash function
Hash function
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key Cryptosystem
 
Web Security
Web SecurityWeb Security
Web Security
 

Viewers also liked

Digital signature
Digital signatureDigital signature
Digital signatureAJAL A J
 
Advanced Encryption Standard (AES)
Advanced Encryption Standard (AES)Advanced Encryption Standard (AES)
Advanced Encryption Standard (AES)Hardik Manocha
 
Data Encryption Standard
Data Encryption StandardData Encryption Standard
Data Encryption StandardAmirul Wiramuda
 
Advanced Encryption Standard (AES) Implementaion using Java
Advanced Encryption Standard (AES) Implementaion using JavaAdvanced Encryption Standard (AES) Implementaion using Java
Advanced Encryption Standard (AES) Implementaion using JavaSunil Kumar R
 
Data encryption standard (des)
Data encryption standard (des)Data encryption standard (des)
Data encryption standard (des)Mecheko Sha
 
Trible data encryption standard (3DES)
Trible data encryption standard (3DES)Trible data encryption standard (3DES)
Trible data encryption standard (3DES)Ahmed Mohamed Mahmoud
 
Data encryption standard
Data encryption standardData encryption standard
Data encryption standardPrasad Prabhu
 
Advanced Encryption Standard (AES)
Advanced Encryption Standard (AES)Advanced Encryption Standard (AES)
Advanced Encryption Standard (AES)Amir Masinaei
 
Introduction to Digital signatures
Introduction to Digital signaturesIntroduction to Digital signatures
Introduction to Digital signaturesRohit Bhat
 
Digital Signature
Digital SignatureDigital Signature
Digital Signaturesaurav5884
 

Viewers also liked (20)

Digital signature
Digital signatureDigital signature
Digital signature
 
Pgp smime
Pgp smimePgp smime
Pgp smime
 
Cryptography
CryptographyCryptography
Cryptography
 
Advanced Encryption Standard (AES)
Advanced Encryption Standard (AES)Advanced Encryption Standard (AES)
Advanced Encryption Standard (AES)
 
AES Cryptosystem
AES CryptosystemAES Cryptosystem
AES Cryptosystem
 
Data Encryption Standard
Data Encryption StandardData Encryption Standard
Data Encryption Standard
 
Advanced Encryption Standard (AES) Implementaion using Java
Advanced Encryption Standard (AES) Implementaion using JavaAdvanced Encryption Standard (AES) Implementaion using Java
Advanced Encryption Standard (AES) Implementaion using Java
 
Data encryption standard (des)
Data encryption standard (des)Data encryption standard (des)
Data encryption standard (des)
 
Aes
AesAes
Aes
 
Trible data encryption standard (3DES)
Trible data encryption standard (3DES)Trible data encryption standard (3DES)
Trible data encryption standard (3DES)
 
cns 2marks
cns 2markscns 2marks
cns 2marks
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Data encryption standard
Data encryption standardData encryption standard
Data encryption standard
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Aes
AesAes
Aes
 
Advanced Encryption Standard (AES)
Advanced Encryption Standard (AES)Advanced Encryption Standard (AES)
Advanced Encryption Standard (AES)
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
 
Introduction to Digital signatures
Introduction to Digital signaturesIntroduction to Digital signatures
Introduction to Digital signatures
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
 
Substitution Cipher
Substitution CipherSubstitution Cipher
Substitution Cipher
 

Similar to Hash Function

UNIT3_class (1).ppt CRYPTOGRAPHY NOTES AND NETWORK
UNIT3_class (1).ppt CRYPTOGRAPHY NOTES AND NETWORKUNIT3_class (1).ppt CRYPTOGRAPHY NOTES AND NETWORK
UNIT3_class (1).ppt CRYPTOGRAPHY NOTES AND NETWORKjeevasreemurali
 
Cs8792 cns - unit iv
Cs8792 cns - unit ivCs8792 cns - unit iv
Cs8792 cns - unit ivArthyR3
 
Cs8792 cns - unit iv
Cs8792 cns - unit ivCs8792 cns - unit iv
Cs8792 cns - unit ivArthyR3
 
CNIT 141: 7. Keyed Hashing
CNIT 141: 7. Keyed HashingCNIT 141: 7. Keyed Hashing
CNIT 141: 7. Keyed HashingSam Bowne
 
CNIT 1417. Keyed Hashing
CNIT 1417. Keyed HashingCNIT 1417. Keyed Hashing
CNIT 1417. Keyed HashingSam Bowne
 
Message Authentication
Message AuthenticationMessage Authentication
Message Authenticationchauhankapil
 
CNIT 141 7. Keyed Hashing
CNIT 141 7. Keyed HashingCNIT 141 7. Keyed Hashing
CNIT 141 7. Keyed HashingSam Bowne
 
Information and data security cryptography and network security
Information and data security cryptography and network securityInformation and data security cryptography and network security
Information and data security cryptography and network securityMazin Alwaaly
 
IS413 Topic 5.pptx
IS413 Topic 5.pptxIS413 Topic 5.pptx
IS413 Topic 5.pptxWarrenPhiri4
 
Information and network security 42 security of message authentication code
Information and network security 42 security of message authentication codeInformation and network security 42 security of message authentication code
Information and network security 42 security of message authentication codeVaibhav Khanna
 
Information and data security cryptographic hash functions
Information and data security cryptographic hash functionsInformation and data security cryptographic hash functions
Information and data security cryptographic hash functionsMazin Alwaaly
 
Distribution of public keys and hmac
Distribution of public keys and hmacDistribution of public keys and hmac
Distribution of public keys and hmacanuragjagetiya
 
Message Authentication Requirement-MAC
Message Authentication Requirement-MACMessage Authentication Requirement-MAC
Message Authentication Requirement-MACSou Jana
 
TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006Nate Lawson
 
Lecture 3b public key_encryption
Lecture 3b public key_encryptionLecture 3b public key_encryption
Lecture 3b public key_encryptionrajakhurram
 
BAIT1103 Chapter 2
BAIT1103 Chapter 2BAIT1103 Chapter 2
BAIT1103 Chapter 2limsh
 
Cryptography and network_security
Cryptography and network_securityCryptography and network_security
Cryptography and network_securityJanani Satheshkumar
 

Similar to Hash Function (20)

UNIT3_class (1).ppt CRYPTOGRAPHY NOTES AND NETWORK
UNIT3_class (1).ppt CRYPTOGRAPHY NOTES AND NETWORKUNIT3_class (1).ppt CRYPTOGRAPHY NOTES AND NETWORK
UNIT3_class (1).ppt CRYPTOGRAPHY NOTES AND NETWORK
 
ch11.ppt
ch11.pptch11.ppt
ch11.ppt
 
Cs8792 cns - unit iv
Cs8792 cns - unit ivCs8792 cns - unit iv
Cs8792 cns - unit iv
 
Cs8792 cns - unit iv
Cs8792 cns - unit ivCs8792 cns - unit iv
Cs8792 cns - unit iv
 
Cns
CnsCns
Cns
 
CNIT 141: 7. Keyed Hashing
CNIT 141: 7. Keyed HashingCNIT 141: 7. Keyed Hashing
CNIT 141: 7. Keyed Hashing
 
CNIT 1417. Keyed Hashing
CNIT 1417. Keyed HashingCNIT 1417. Keyed Hashing
CNIT 1417. Keyed Hashing
 
Message Authentication
Message AuthenticationMessage Authentication
Message Authentication
 
CNIT 141 7. Keyed Hashing
CNIT 141 7. Keyed HashingCNIT 141 7. Keyed Hashing
CNIT 141 7. Keyed Hashing
 
Information and data security cryptography and network security
Information and data security cryptography and network securityInformation and data security cryptography and network security
Information and data security cryptography and network security
 
IS413 Topic 5.pptx
IS413 Topic 5.pptxIS413 Topic 5.pptx
IS413 Topic 5.pptx
 
Information and network security 42 security of message authentication code
Information and network security 42 security of message authentication codeInformation and network security 42 security of message authentication code
Information and network security 42 security of message authentication code
 
ch11.ppt
ch11.pptch11.ppt
ch11.ppt
 
Information and data security cryptographic hash functions
Information and data security cryptographic hash functionsInformation and data security cryptographic hash functions
Information and data security cryptographic hash functions
 
Distribution of public keys and hmac
Distribution of public keys and hmacDistribution of public keys and hmac
Distribution of public keys and hmac
 
Message Authentication Requirement-MAC
Message Authentication Requirement-MACMessage Authentication Requirement-MAC
Message Authentication Requirement-MAC
 
TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006
 
Lecture 3b public key_encryption
Lecture 3b public key_encryptionLecture 3b public key_encryption
Lecture 3b public key_encryption
 
BAIT1103 Chapter 2
BAIT1103 Chapter 2BAIT1103 Chapter 2
BAIT1103 Chapter 2
 
Cryptography and network_security
Cryptography and network_securityCryptography and network_security
Cryptography and network_security
 

Recently uploaded

HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptxmary850239
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxCarlos105
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxSherlyMaeNeri
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfphamnguyenenglishnb
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 

Recently uploaded (20)

TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptxLEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptx
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 

Hash Function

  • 1. Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci
  • 2. Message Authentication • message authentication is concerned with: – protecting the integrity of a message – validating identity of originator – non-repudiation of origin (dispute resolution) • considers a set of security requirements • Three alternative functions used: – message encryption – message authentication code (MAC) – hash function
  • 3. A Set of Security Requirements • disclosure • traffic analysis • masquerade • content modification • sequence modification • timing modification • source repudiation • destination repudiation
  • 4. Message Encryption • message encryption by itself also provides a measure of authentication • if symmetric encryption is used then: – receiver knows sender must have created it – since only sender and receiver now key used – they know that content cannot have been altered by others than themselves
  • 5. Message Encryption • If public-key encryption is used: – encryption provides no confidence of sender – since anyone potentially knows public-key – however if • sender signs message using their private-key • then encrypts with recipients public key • thus, have both secrecy and authentication
  • 6. Message Authentication Code (MAC) • generated by an algorithm that creates a small fixed- sized block – depending on both message and some key – like encryption though need not be reversible • appended to message as a signature • receiver performs same computation on message and checks it matches the MAC • provides assurance that message is unaltered and comes from certain sender
  • 7. Message Authentication Code A MAC is not a digital signature
  • 8. Message Authentication Codes • as shown the MAC provides authentication • can also use encryption for secrecy – generally use separate keys for each – can compute MAC either before or after encryption – is generally regarded as better done before • why use a MAC? – sometimes only authentication is needed – sometimes we need authentication to persist longer than the encryption (eg. archival use)
  • 9. MAC Properties • A MAC is a cryptographic checksum MAC = CK(M) condenses a variable-length message M using a secret key K to a fixed-sized authenticator • is a many-to-one function – potentially many messages have same MAC – but finding these can be very difficult
  • 10. Requirements for MACs • Taking into account the types of attacks we need the MAC to satisfy the following: 1. knowing a message and MAC, is infeasible to find another message with same MAC 2. MACs should be uniformly distributed 3. MAC should depend equally on all bits of the message
  • 11. Using Symmetric Ciphers for MACs • can use any block cipher chaining mode and use final block as a MAC • Data Authentication Algorithm (DAA) is a widely used MAC based on DES-CBC – using IV=0 and zero-pad of final block – encrypt message using DES in CBC mode – and send just the final block as the MAC • or the leftmost M bits (16≤M≤64) of final block • but final MAC is now too small for security!
  • 12. Data Authentication Algorithm (FIPS PUB 113) 1 1 2 2 1 3 2 1 ( , ) ( ,[ ]) ( ,[ 3 ]) . . . ( ,[ ])N N N O E K D O E K D O O E K D O O E K D O
  • 14. Hash Functions • condenses arbitrary message to fixed size h = H(M) • usually assume that the hash function is public and not keyed • hash used to detect changes to message • can use in various ways with message • most often to create a digital signature
  • 15. Hash Functions & Digital Signatures
  • 16. Requirements for Hash Functions 1. can be applied to any sized message M 2. produces fixed-length output h 3. is easy to compute h=H(M) for any message M 4. one-way property: given h is infeasible to find x s.t. H(x)=h 5. weak collision resistance: given x is infeasible to find y s.t. H(y)=H(x) 6. strong collision resistance: is infeasible to find any x,y s.t. H(y)=H(x)
  • 17. Simple Hash Functions • There are several proposals for simple functions • based on XOR of message blocks • not secure since can manipulate any message and either not change hash or change hash also • need a stronger cryptographic function
  • 18. Secure Hash Algorithm • SHA originally designed by NIST & NSA in 1993 • was revised in 1995 as SHA-1 • US standard for use with DSA signature scheme – standard is FIPS 180-1 1995, also Internet RFC3174 • based on design of MD4 with key differences • produces 160-bit hash values • recent 2005 results on security of SHA-1 have raised concerns on its use in future applications
  • 19. Secure Hash Function 0 1 1 i Initial n-bit value ( , ) ( ) th input block, L= # of input blocks, CV = var i i i L i CV IV CV f CV Y H M CV Y i Chaining iable
  • 21. Revised Secure Hash Standard • NIST issued revision FIPS 180-2 in 2002 • adds 3 additional versions of SHA – SHA-256, SHA-384, SHA-512 • designed for compatibility with increased security provided by the AES cipher • structure & detail is similar to SHA-1 • hence analysis should be similar • but security levels are rather higher
  • 23. Keyed Hash Functions as MACs • want a MAC based on a hash function – because hash functions are generally faster – code for crypto hash functions widely available • hash includes a key along with message • original proposal: KeyedHash = Hash(Key|Message) – some weaknesses were found with this • eventually led to development of HMAC
  • 24. HMAC • specified as Internet standard RFC2104 • uses hash function on the message: HMACK = Hash[(K+ XOR opad) || Hash[(K+ XOR ipad)||M)]] • where K+ is the key padded out to size • and opad (5C Hex), ipad (36 Hex) are specified padding constants • overhead is just 3 more hash calculations than the message needs alone • any hash function can be used – eg. MD5, SHA-1, RIPEMD-160, Whirlpool
  • 26. HMAC Security • proved security of HMAC relates to that of the underlying hash algorithm • attacking HMAC requires either: – brute force attack on key used – birthday attack (but since keyed would need to observe a very large number of messages) • choose hash function used based on speed verses security constraints
  • 27. Henric Johnson 27 X.509 Authentication Service • Distributed set of servers that maintains a database about users. • Each certificate contains the public key of a user and is signed with the private key of a CA. • Is used in S/MIME, IP Security, SSL/TLS and SET. • RSA is recommended to use.
  • 29. Henric Johnson 29 Typical Digital Signature Approach
  • 30. Henric Johnson 30 Obtaining a User’s Certificate • Characteristics of certificates generated by CA: – Any user with access to the public key of the CA can recover the user public key that was certified. – No part other than the CA can modify the certificate without this being detected.
  • 31. Henric Johnson 31 X.509 CA Hierarchy
  • 32. Henric Johnson 32 Revocation of Certificates • Reasons for revocation: – The users secret key is assumed to be compromised. – The user is no longer certified by this CA. – The CA’s certificate is assumed to be compromised.