SlideShare a Scribd company logo

Message authentication and hash function

Download as PPT, PDF
O
omarShiekh1

The document discusses message authentication and hash functions. It covers security requirements including integrity, authentication and non-repudiation. It describes different authentication functions such as message encryption, message authentication codes (MACs), and hash functions. It provides examples of how hash functions work and evaluates the security of hash functions and MACs against brute force and cryptanalytic attacks.

Technology
1 of 38
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Most read
15
16
17
Most read
18
19
20
21
22
23
24
25
Most read
26
27
28
29
30
31
32
33
34
35
36
37
38
Network Security Presentation Chapter 11 Message authentication and hash function
. • Names IDs 1) Abdiqadir Osman mohamud 204326915 2) Rita Abdalla Hussein 214306913 3) Omar Ahmed Salad 214306912 4) Abdinasir Abdullahi Dahir 214326902 5) Abdifatah Ismail Sulub 214326917 6) Mohamed Sharif Hussein 214306908
. • Message authentication • Security requirements and attacks • Authentication Functions:- a. Message encryption b. Message authentication code (MAC) c. Hash functions • Practice and real life applications:- Overviewing concepts Capturing traffic using BURP SUIT Intercept network traffic Hashing function in PHP
Message Authentication message authentication is concerned with: protecting the integrity of a message validating identity of originator non-repudiation of origin (dispute resolution)
CS526 Topic 5: Hash Functions and Message Authentication 5 Data Integrity and Source Authentication • Encryption does not protect data from modification by another party. • Why? • Need a way to ensure that data arrives at destination in its original form as sent by the sender and it is coming from an authenticated source.
Communication without authentication Shared key k to generate authenticate message Alice M Bob Eve M’ Very easy.. Eve can simply change the message
Security attacks In the context of communications across a network, the following attacks can be identified: • disclosure • traffic analysis • masquerade • content modification • sequence modification • timing modification • source repudiation • destination repudiation
Security attacks……. • Disclosure: Release of message contents to any person or process not possessing the appropriate cryptographic key. • Traffic analysis: Discovery of the pattern of traffic between parties. In a connection-oriented application, the frequency and duration of connections could be determined. In either a connection-oriented or connectionless environment, the number and length of messages between parties could be determined.
Security attacks……. • Masquerade: Insertion of messages into the network from a fraudulent source. This includes the creation of messages by an opponent that are purported to come from an authorized entity. Also included are fraudulent acknowledgments of message receipt or nonreceipt by someone other than the message recipient.
Security attacks……. • Content modification: Changes to the contents of a message, including insertion, deletion, transposition, and modification. • Sequence modification: Any modification to a sequence of messages between parties, including insertion, deletion, and reordering.
Security attacks……. • Timing modification: Delay or replay of messages. In a connection-oriented application, an entire session or sequence of messages could be a replay of some previous valid session, or individual messages in the sequence could be delayed or replayed. In a connectionless application, an individual message (e.g., datagram) could be delayed or replayed.
Security attacks……. • Source repudiation: Denial of transmission of message by source. • Destination repudiation: Denial of receipt of message by destination.
Authentication Functions • Any message authentication or digital signature mechanism has two levels of functionality. • At the lower level, there must be some sort of function that produces an authenticator: a value to be used to authenticate a message. This lower-level function is then used as a primitive in a higher-level authentication protocol that enables a receiver to verify the authenticity of a message.
Authentication Functions.. This section is concerned with the types of functions that may be used to produce an authenticator. These may be grouped into three classes, as follows: ● Message encryption: The ciphertext of the entire message serves as its authenticator ● Message authentication code (MAC): A function of the message and a secret key that produces a fixed-length value that serves as the authenticator ● Hash function: A function that maps a message of any length into a fixed-length hash value, which serves as the authenticator
Message Encryption • message encryption by itself also provides a measure of authentication • if symmetric encryption is used then: • receiver know sender must have created it • since only sender and receiver now key used • know content cannot of been altered • if message has suitable structure, redundancy or a checksum to detect any changes
Message Encryption • if public-key encryption is used: • encryption provides no confidence of sender • since anyone potentially knows public-key • however if • sender signs message using their private-key • then encrypts with recipients public key • have both secrecy and authentication • again need to recognize corrupted messages • but at cost of two public-key uses on message
Message Authentication Code (MAC) • generated by an algorithm that creates a small fixed-sized block • depending on both message and some key • like encryption though need not be reversible • appended to message as a signature • receiver performs same computation on message and checks it matches the MAC • provides assurance that message is unaltered and comes from sender
Message Authentication Codes Keyed hash function. Authenticate origin of messages Symmetric key, shared between sender and receiver. Both sender and receiver can create and verify MAC. Integrity protection of messages Message changes in transit are detected. An ordinary (key-less) hash function does not provide this. (why?) Two known designs: HMAC (based on hash function) CBC-MAC (based on block cipher in CBC-mode) Are these good constructions? MACk (m) = h (kkm). MACk (m) = h (mkk). 22 / 26
Message Authentication Code
Message Authentication Codes as shown the MAC provides authentication can also use encryption for secrecy generally use separate keys for each can compute MAC either before or after encryption is generally regarded as better done before why use a MAC? sometimes only authentication is needed sometimes need authentication to persist longer than the encryption (eg. archival use) note that a MAC is not a digital signature
MAC Properties • a MAC is a cryptographic checksum MAC = CK(M) • condenses a variable-length message M • using a secret key K • to a fixed-sized authenticator • is a many-to-one function • potentially many messages have same MAC • but finding these needs to be very difficult
Requirements for MACs • taking into account the types of attacks • need the MAC to satisfy the following: 1. knowing a message and MAC, is infeasible to find another message with same MAC 2. MACs should be uniformly distributed 3. MAC should depend equally on all bits of the message
Hash Functions A cryptographic hash function h is a function which takes arbitrary length bit strings as input and produces a fixed length bit string as output, the hash value. A cryptographic hash function should be one-way: given any string y from the range of h, it should be computationally infeasible to find any value x in the domain of h such that h(x) = y. Given a hash function with outputs of n bits, we would like a function for which finding preimages requires O(2n) time. 23 /
Hash Functions • condenses arbitrary message to fixed size h = H(M) • usually assume that the hash function is public and not keyed • cf. MAC which is keyed • hash used to detect changes to message • can use in various ways with message • most often to create a digital signature
Requirements for a HashFunction • The purpose of a hash function is to produce a "fingerprint" of a file, message, or other block of data. To be useful for message authentication, a hash function H must have the following properties. 1. H can be applied to a block of data of any size. 2. H produces a fixed-length output.
HashFunction requirement 3. H(x) is relatively easy to compute for any given x, making both hardware and software implementations practical. 4. For any given value h, it is computationally infeasible to find x such that H(x) = h. This is sometimes referred to in the literature as the one-way property.
HashFunction requirement…. 5. For any given block x, it is computationally infeasible to find y x such that H(y) = H(x). This is sometimes referred to as weak collision resistance. 6.It is computationally infeasible to find any pair (x, y) such that H(x) = H(y). This is sometimes referred to as strong collision resistance
Hash Functions & Digital Signatures
Example Operation of Hash Functions Information 2
Birthday Attacks might think a 64-bit hash is secure but by Birthday Paradox is not birthday attack works thus: opponent generates 2 m/2 variations of a valid message all with essentially the same meaning opponent also generates 2 m/2 variations of a desired fraudulent message two sets of messages are compared to find pair with same hash (probability > 0.5 by birthday paradox) have user sign the valid message, then substitute the forgery which will have a valid signature conclusion is that need to use larger MAC/hash
Some Popular HashAlgorithms Information 3  MD5 (Rivest ) ◦ 128-bit output ◦ Most popular  SHA-1 (NIST- NSA) ◦ US gov’t standard ◦ 160-bit output  RIPEMD-160 ◦ Euro.RIPE project. ◦ 160-bit output Algorithm Speed (MByte/s.) MD5 205 SHA-1 72 RIPEMD-160 51 Crypto++ 5.1 benchmarks,2.1 GHz P4
Usage of hash functions • Commit to message by disclosing hash of message, later showing the message • If collision resistant, you cannot cheat (change message). • Consider playing rock, paper, scissors remotely with a hash function. Or rock-paper-scissors-lizard-Spock. • Verify integrity of downloaded files. • Digital signatures. • SSL/TLS for integrity protection. • Storing passwords in operating systems and web servers. 21 /
Security of Hash Functions and Macs • Just as with symmetric and public-key encryption, we can group attacks on hash functions and MACs into two categories: brute-force attacks and cryptanalysis
Brute-Force Attacks • The nature of brute-force attacks differs somewhat for hash functions and MACs. Hash Functions • The strength of a hash function against brute-force attacks depends solely on the length of the hash • code produced by the algorithm. Recall from our discussion of hash functions that there are three
desirable properties: ● One-way: For any given code h, it is computationally infeasible to find x such that H(x) = h. ● Weak collision resistance: For any given block x, it is computationally infeasible to find y x with H(y) = H(x). ● Strong collision resistance: It is computationally infeasible to find any pair (x, y) such that H (x) = H(y).
Hash Functions & MAC Security cryptanalytic attacks exploit structure like block ciphers want brute-force attacks to be the best alternative have a number of analytic attacks on iterated hash functions CVi = f[CVi-1, Mi]; H(M)=CVN typically focus on collisions in function f like block ciphers is often composed of rounds attacks exploit properties of round functions
Practical applications.. • Hashing passwords • PHP server analysis • Burp suit capturing • message authentication code.pptx
. • .

More Related Content

PPTX
Public Key Cryptography
Gopal Sakarkar
 
PPTX
Public Key Cryptosystem
Devakumar Kp
 
PDF
2. public key cryptography and RSA
Dr.Florence Dayana
 
PDF
symmetric key encryption algorithms
Rashmi Burugupalli
 
PPTX
MD5 ALGORITHM.pptx
Rajapriya82
 
PDF
Electronic mail security
Dr.Florence Dayana
 
PPT
DES (Data Encryption Standard) pressentation
sarhadisoftengg
 
PPT
Message Authentication Code & HMAC
Krishna Gehlot
 
Public Key Cryptography
Gopal Sakarkar
 
Public Key Cryptosystem
Devakumar Kp
 
2. public key cryptography and RSA
Dr.Florence Dayana
 
symmetric key encryption algorithms
Rashmi Burugupalli
 
MD5 ALGORITHM.pptx
Rajapriya82
 
Electronic mail security
Dr.Florence Dayana
 
DES (Data Encryption Standard) pressentation
sarhadisoftengg
 
Message Authentication Code & HMAC
Krishna Gehlot
 

What's hot (20)

PPTX
Hash Function
Siddharth Srivastava
 
PPTX
Hash Function
ssuserdfb2da
 
PPTX
Kerberos
RafatSamreen
 
PPT
block ciphers
Asad Ali
 
PPT
Message authentication
CAS
 
PPT
DES
Naga Srimanyu Timmaraju
 
PDF
Block Ciphers and the Data Encryption Standard
Dr.Florence Dayana
 
PPTX
MAC-Message Authentication Codes
DarshanPatil82
 
PDF
Asymmetric Cryptography
UTD Computer Security Group
 
PPTX
Cryptography.ppt
Uday Meena
 
PPTX
Cryptography and Information Security
Dr Naim R Kidwai
 
PDF
CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
PDF
Transposition cipher
Antony Alex
 
PPTX
SHA- Secure hashing algorithm
Ruchi Maurya
 
PPTX
Kerberos
Sutanu Paul
 
PPT
Cryptography and Network Security William Stallings Lawrie Brown
Information Security Awareness Group
 
PDF
RSA ALGORITHM
Dr. Shashank Shetty
 
PPTX
Principles of public key cryptography and its Uses
Mohsin Ali
 
PPTX
Cryptography
Jens Patel
 
PPTX
RSA Algorithm
Srinadh Muvva
 
Hash Function
Siddharth Srivastava
 
Hash Function
ssuserdfb2da
 
Kerberos
RafatSamreen
 
block ciphers
Asad Ali
 
Message authentication
CAS
 
DES
Naga Srimanyu Timmaraju
 
Block Ciphers and the Data Encryption Standard
Dr.Florence Dayana
 
MAC-Message Authentication Codes
DarshanPatil82
 
Asymmetric Cryptography
UTD Computer Security Group
 
Cryptography.ppt
Uday Meena
 
Cryptography and Information Security
Dr Naim R Kidwai
 
CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
Transposition cipher
Antony Alex
 
SHA- Secure hashing algorithm
Ruchi Maurya
 
Kerberos
Sutanu Paul
 
Cryptography and Network Security William Stallings Lawrie Brown
Information Security Awareness Group
 
RSA ALGORITHM
Dr. Shashank Shetty
 
Principles of public key cryptography and its Uses
Mohsin Ali
 
Cryptography
Jens Patel
 
RSA Algorithm
Srinadh Muvva
 
Ad

Similar to Message authentication and hash function (20)

PDF
BAIT1103 Chapter 2
limsh
 
PPT
cryptography and network security by william stallings
HimaniP19CSE013
 
PPT
ch11.ppt
ssuser4198c4
 
DOCX
Cryptography and Network Security Principles and PracticeSeve.docx
mydrynan
 
PPT
UNIT3_class (1).ppt CRYPTOGRAPHY NOTES AND NETWORK
jeevasreemurali
 
PDF
Cs8792 cns - unit iv
ArthyR3
 
PDF
Cs8792 cns - unit iv
ArthyR3
 
PPTX
Meessage authentication and hash functions.pptx
JohnLagman3
 
PDF
Cns
ArthyR3
 
PPT
ch11.ppt
SomuPatil8
 
PPTX
Unit 3
tamil arasan
 
PPT
Message Authentication: MAC, Hashes
Shafaan Khaliq Bhatti
 
PPTX
unit - III.pptx
sandyBS
 
PPT
Message Authentication
chauhankapil
 
PPT
NSC_Unit-III_final.ppt
DrVASAVIBANDE
 
PPT
Ch11
Joe Christensen
 
PPT
Iss lecture 4
Ali Habeeb
 
PPTX
Unit 4
KRAMANJANEYULU1
 
PPT
SHA New Revised Version - SHA-512 Syllabus Module 3
AnantNimkar1
 
PDF
Message Authentication and Hash Function.pdf
sunil sharma
 
BAIT1103 Chapter 2
limsh
 
cryptography and network security by william stallings
HimaniP19CSE013
 
ch11.ppt
ssuser4198c4
 
Cryptography and Network Security Principles and PracticeSeve.docx
mydrynan
 
UNIT3_class (1).ppt CRYPTOGRAPHY NOTES AND NETWORK
jeevasreemurali
 
Cs8792 cns - unit iv
ArthyR3
 
Cs8792 cns - unit iv
ArthyR3
 
Meessage authentication and hash functions.pptx
JohnLagman3
 
Cns
ArthyR3
 
ch11.ppt
SomuPatil8
 
Unit 3
tamil arasan
 
Message Authentication: MAC, Hashes
Shafaan Khaliq Bhatti
 
unit - III.pptx
sandyBS
 
Message Authentication
chauhankapil
 
NSC_Unit-III_final.ppt
DrVASAVIBANDE
 
Ch11
Joe Christensen
 
Iss lecture 4
Ali Habeeb
 
Unit 4
KRAMANJANEYULU1
 
SHA New Revised Version - SHA-512 Syllabus Module 3
AnantNimkar1
 
Message Authentication and Hash Function.pdf
sunil sharma
 
Ad

Recently uploaded (20)

PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
KodekX | Application Modernization Development
KodekX
 
Encapsulation theory and applications.pdf
gurumoop
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Teaching material agriculture food technology
LiaRayya
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 

Message authentication and hash function

  • 1. Network Security Presentation Chapter 11 Message authentication and hash function
  • 2. . • Names IDs 1) Abdiqadir Osman mohamud 204326915 2) Rita Abdalla Hussein 214306913 3) Omar Ahmed Salad 214306912 4) Abdinasir Abdullahi Dahir 214326902 5) Abdifatah Ismail Sulub 214326917 6) Mohamed Sharif Hussein 214306908
  • 3. . • Message authentication • Security requirements and attacks • Authentication Functions:- a. Message encryption b. Message authentication code (MAC) c. Hash functions • Practice and real life applications:- Overviewing concepts Capturing traffic using BURP SUIT Intercept network traffic Hashing function in PHP
  • 4. Message Authentication message authentication is concerned with: protecting the integrity of a message validating identity of originator non-repudiation of origin (dispute resolution)
  • 5. CS526 Topic 5: Hash Functions and Message Authentication 5 Data Integrity and Source Authentication • Encryption does not protect data from modification by another party. • Why? • Need a way to ensure that data arrives at destination in its original form as sent by the sender and it is coming from an authenticated source.
  • 6. Communication without authentication Shared key k to generate authenticate message Alice M Bob Eve M’ Very easy.. Eve can simply change the message
  • 7. Security attacks In the context of communications across a network, the following attacks can be identified: • disclosure • traffic analysis • masquerade • content modification • sequence modification • timing modification • source repudiation • destination repudiation
  • 8. Security attacks……. • Disclosure: Release of message contents to any person or process not possessing the appropriate cryptographic key. • Traffic analysis: Discovery of the pattern of traffic between parties. In a connection-oriented application, the frequency and duration of connections could be determined. In either a connection-oriented or connectionless environment, the number and length of messages between parties could be determined.
  • 9. Security attacks……. • Masquerade: Insertion of messages into the network from a fraudulent source. This includes the creation of messages by an opponent that are purported to come from an authorized entity. Also included are fraudulent acknowledgments of message receipt or nonreceipt by someone other than the message recipient.
  • 10. Security attacks……. • Content modification: Changes to the contents of a message, including insertion, deletion, transposition, and modification. • Sequence modification: Any modification to a sequence of messages between parties, including insertion, deletion, and reordering.
  • 11. Security attacks……. • Timing modification: Delay or replay of messages. In a connection-oriented application, an entire session or sequence of messages could be a replay of some previous valid session, or individual messages in the sequence could be delayed or replayed. In a connectionless application, an individual message (e.g., datagram) could be delayed or replayed.
  • 12. Security attacks……. • Source repudiation: Denial of transmission of message by source. • Destination repudiation: Denial of receipt of message by destination.
  • 13. Authentication Functions • Any message authentication or digital signature mechanism has two levels of functionality. • At the lower level, there must be some sort of function that produces an authenticator: a value to be used to authenticate a message. This lower-level function is then used as a primitive in a higher-level authentication protocol that enables a receiver to verify the authenticity of a message.
  • 14. Authentication Functions.. This section is concerned with the types of functions that may be used to produce an authenticator. These may be grouped into three classes, as follows: ● Message encryption: The ciphertext of the entire message serves as its authenticator ● Message authentication code (MAC): A function of the message and a secret key that produces a fixed-length value that serves as the authenticator ● Hash function: A function that maps a message of any length into a fixed-length hash value, which serves as the authenticator
  • 15. Message Encryption • message encryption by itself also provides a measure of authentication • if symmetric encryption is used then: • receiver know sender must have created it • since only sender and receiver now key used • know content cannot of been altered • if message has suitable structure, redundancy or a checksum to detect any changes
  • 16. Message Encryption • if public-key encryption is used: • encryption provides no confidence of sender • since anyone potentially knows public-key • however if • sender signs message using their private-key • then encrypts with recipients public key • have both secrecy and authentication • again need to recognize corrupted messages • but at cost of two public-key uses on message
  • 17. Message Authentication Code (MAC) • generated by an algorithm that creates a small fixed-sized block • depending on both message and some key • like encryption though need not be reversible • appended to message as a signature • receiver performs same computation on message and checks it matches the MAC • provides assurance that message is unaltered and comes from sender
  • 18. Message Authentication Codes Keyed hash function. Authenticate origin of messages Symmetric key, shared between sender and receiver. Both sender and receiver can create and verify MAC. Integrity protection of messages Message changes in transit are detected. An ordinary (key-less) hash function does not provide this. (why?) Two known designs: HMAC (based on hash function) CBC-MAC (based on block cipher in CBC-mode) Are these good constructions? MACk (m) = h (kkm). MACk (m) = h (mkk). 22 / 26
  • 20. Message Authentication Codes as shown the MAC provides authentication can also use encryption for secrecy generally use separate keys for each can compute MAC either before or after encryption is generally regarded as better done before why use a MAC? sometimes only authentication is needed sometimes need authentication to persist longer than the encryption (eg. archival use) note that a MAC is not a digital signature
  • 21. MAC Properties • a MAC is a cryptographic checksum MAC = CK(M) • condenses a variable-length message M • using a secret key K • to a fixed-sized authenticator • is a many-to-one function • potentially many messages have same MAC • but finding these needs to be very difficult
  • 22. Requirements for MACs • taking into account the types of attacks • need the MAC to satisfy the following: 1. knowing a message and MAC, is infeasible to find another message with same MAC 2. MACs should be uniformly distributed 3. MAC should depend equally on all bits of the message
  • 23. Hash Functions A cryptographic hash function h is a function which takes arbitrary length bit strings as input and produces a fixed length bit string as output, the hash value. A cryptographic hash function should be one-way: given any string y from the range of h, it should be computationally infeasible to find any value x in the domain of h such that h(x) = y. Given a hash function with outputs of n bits, we would like a function for which finding preimages requires O(2n) time. 23 /
  • 24. Hash Functions • condenses arbitrary message to fixed size h = H(M) • usually assume that the hash function is public and not keyed • cf. MAC which is keyed • hash used to detect changes to message • can use in various ways with message • most often to create a digital signature
  • 25. Requirements for a HashFunction • The purpose of a hash function is to produce a "fingerprint" of a file, message, or other block of data. To be useful for message authentication, a hash function H must have the following properties. 1. H can be applied to a block of data of any size. 2. H produces a fixed-length output.
  • 26. HashFunction requirement 3. H(x) is relatively easy to compute for any given x, making both hardware and software implementations practical. 4. For any given value h, it is computationally infeasible to find x such that H(x) = h. This is sometimes referred to in the literature as the one-way property.
  • 27. HashFunction requirement…. 5. For any given block x, it is computationally infeasible to find y x such that H(y) = H(x). This is sometimes referred to as weak collision resistance. 6.It is computationally infeasible to find any pair (x, y) such that H(x) = H(y). This is sometimes referred to as strong collision resistance
  • 28. Hash Functions & Digital Signatures
  • 29. Example Operation of Hash Functions Information 2
  • 30. Birthday Attacks might think a 64-bit hash is secure but by Birthday Paradox is not birthday attack works thus: opponent generates 2 m/2 variations of a valid message all with essentially the same meaning opponent also generates 2 m/2 variations of a desired fraudulent message two sets of messages are compared to find pair with same hash (probability > 0.5 by birthday paradox) have user sign the valid message, then substitute the forgery which will have a valid signature conclusion is that need to use larger MAC/hash
  • 31. Some Popular HashAlgorithms Information 3  MD5 (Rivest ) ◦ 128-bit output ◦ Most popular  SHA-1 (NIST- NSA) ◦ US gov’t standard ◦ 160-bit output  RIPEMD-160 ◦ Euro.RIPE project. ◦ 160-bit output Algorithm Speed (MByte/s.) MD5 205 SHA-1 72 RIPEMD-160 51 Crypto++ 5.1 benchmarks,2.1 GHz P4
  • 32. Usage of hash functions • Commit to message by disclosing hash of message, later showing the message • If collision resistant, you cannot cheat (change message). • Consider playing rock, paper, scissors remotely with a hash function. Or rock-paper-scissors-lizard-Spock. • Verify integrity of downloaded files. • Digital signatures. • SSL/TLS for integrity protection. • Storing passwords in operating systems and web servers. 21 /
  • 33. Security of Hash Functions and Macs • Just as with symmetric and public-key encryption, we can group attacks on hash functions and MACs into two categories: brute-force attacks and cryptanalysis
  • 34. Brute-Force Attacks • The nature of brute-force attacks differs somewhat for hash functions and MACs. Hash Functions • The strength of a hash function against brute-force attacks depends solely on the length of the hash • code produced by the algorithm. Recall from our discussion of hash functions that there are three
  • 35. desirable properties: ● One-way: For any given code h, it is computationally infeasible to find x such that H(x) = h. ● Weak collision resistance: For any given block x, it is computationally infeasible to find y x with H(y) = H(x). ● Strong collision resistance: It is computationally infeasible to find any pair (x, y) such that H (x) = H(y).
  • 36. Hash Functions & MAC Security cryptanalytic attacks exploit structure like block ciphers want brute-force attacks to be the best alternative have a number of analytic attacks on iterated hash functions CVi = f[CVi-1, Mi]; H(M)=CVN typically focus on collisions in function f like block ciphers is often composed of rounds attacks exploit properties of round functions
  • 37. Practical applications.. • Hashing passwords • PHP server analysis • Burp suit capturing • message authentication code.pptx