Distribution of public keys and hmac
anuragjagetiya
7,738 views
25 slides
May 13, 2015
Slide 1 of 25
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
About This Presentation
Public Key distribution and HMAC
Slide Content
Distribution of Public Keys and HMAC
Presented by:
Anurag Jagetiya
Astt. Prof. MLV Textile & Engineering
College, Bhilwara
Presented by:
Anurag Jagetiya
Astt. Prof. MLV Textile & Engineering
College, Bhilwara
Objective
•Understand the technique use for distribution
of Public keys.
•Understanding of MAC.
•Understand the technique use for distribution
of Public keys.
•Understanding of MAC.
Prerequisite
•Understanding of Network Security Principles
•Understanding of Network Security Principles
Outline
•Background
•Key Distribution
–RSA approach
–Publicly available directory
–Public key authority
–Public key certificate
•Hash base Message Authentication Code (HMAC)
•Background
•Key Distribution
–RSA approach
–Publicly available directory
–Public key authority
–Public key certificate
•Hash base Message Authentication Code (HMAC)
Background
"Cryptography, defined as "the science and study of
secret writing" concerns the ways in which
communications and data can be encoded to prevent
disclosure of their contents through eavesdropping
or message interception, using codes, ciphers and
other methods, so that only certain people can see
the real message.“
- Yamen Akdeniz
"Cryptography, defined as "the science and study of
secret writing" concerns the ways in which
communications and data can be encoded to prevent
disclosure of their contents through eavesdropping
or message interception, using codes, ciphers and
other methods, so that only certain people can see
the real message.“
- Yamen Akdeniz
The Need for Cryptography
Cryptography is required to ensure:
•Confidentiality
•Authentication
•Authorization
•Data Integrity
•Non-Repudiation
Cryptography is required to ensure:
•Confidentiality
•Authentication
•Authorization
•Data Integrity
•Non-Repudiation
Types of Cryptography
•Private key (Symmetric) Cryptography
•Public Key (Asymmetric)Cryptography
•Private key (Symmetric) Cryptography
•Public Key (Asymmetric)Cryptography
Private key Cryptography
• Sender and the Recipient share a key that
must be kept private to them.
•Same key is used to encrypt and decrypt the
message.
•Example: DES, Triple DES, IDEA, blowfish, RC4
• Sender and the Recipient share a key that
must be kept private to them.
•Same key is used to encrypt and decrypt the
message.
•Example: DES, Triple DES, IDEA, blowfish, RC4
Problem: Private key Cryptography
•Every pair of user needs a unique key, thus
number of keys are very large.
•Number of keys for N users are N(N-1)/2.
•Key distribution is a big problem: cannot trust
upon third party
•Solution: Public Key Cryptography
•Every pair of user needs a unique key, thus
number of keys are very large.
•Number of keys for N users are N(N-1)/2.
•Key distribution is a big problem: cannot trust
upon third party
•Solution: Public Key Cryptography
Public Key Cryptography
•Sender & Receiver both has two sets of keys
Public key and Private key.
•Both the keys can be used for encryption/
decryption.
•Public key is publically available to everyone
wish to send secret message.
•Private key remains secret to user.
•Example: RSA, ECC, etc
•Sender & Receiver both has two sets of keys
Public key and Private key.
•Both the keys can be used for encryption/
decryption.
•Public key is publically available to everyone
wish to send secret message.
•Private key remains secret to user.
•Example: RSA, ECC, etc
Key Distribution
Distribution of Public Keys
Distribution of Public Keys
RSA
•Based upon mathematics that it is easier to
multiply two large prime numbers but it’s very
difficult to find its factor.
• e.g. 40259, find its factors
•Public key is the product of two long prime
numbers
•Considered very secure but may suffer from
man in middle attack
317 *217
•Based upon mathematics that it is easier to
multiply two large prime numbers but it’s very
difficult to find its factor.
• e.g. 40259, find its factors
•Public key is the product of two long prime
numbers
•Considered very secure but may suffer from
man in middle attack
317 *217
Publicly available directory
•directory must be trusted with properties:
–contain {name, public-key} entries
–participants register securely with directory
–participants can replace key at any time
–directory is periodically published
•Still vulnerable: trusted party can be attacked.
Or if intruder somehow know the private key
of any participant, she can pass counterfeit
key information to the directory.
•directory must be trusted with properties:
–contain {name, public-key} entries
–participants register securely with directory
–participants can replace key at any time
–directory is periodically published
•Still vulnerable: trusted party can be attacked.
Or if intruder somehow know the private key
of any participant, she can pass counterfeit
key information to the directory.
Public key authority
•Authority provides its public keys to participants
•Participants can request for their keys in an
encrypted manner that can be decrypted by the
private key of the authority.
•Danger of tempering with authority is still
prevailing
•Dependency upon Authority is an overhead.
•Authority provides its public keys to participants
•Participants can request for their keys in an
encrypted manner that can be decrypted by the
private key of the authority.
•Danger of tempering with authority is still
prevailing
•Dependency upon Authority is an overhead.
Public key certificate
•Digitally signed electronic certificates are used by the
participants to exchange public keys safely.
•These certificates are assigned by the certificate
authority like: VeriSign etc.
•Nobody other than the trusted certificate authority
can generate the certificates.
•Popular TLS protocol uses the services of X.509
directory authentication service for the same.
•Digitally signed electronic certificates are used by the
participants to exchange public keys safely.
•These certificates are assigned by the certificate
authority like: VeriSign etc.
•Nobody other than the trusted certificate authority
can generate the certificates.
•Popular TLS protocol uses the services of X.509
directory authentication service for the same.
HMAC: Background
•Authentication techniques ensures
– Message is from alleged sender
–And, its integrity is preserved
•Hash functions are used to produce a fixed
length digest of the input message
•It is known as message digest or message
authentication code
•Authentication techniques ensures
– Message is from alleged sender
–And, its integrity is preserved
•Hash functions are used to produce a fixed
length digest of the input message
•It is known as message digest or message
authentication code
Contd…
•Hash functions are known as one way
function i.e. easy in one direction but difficult
in another direction.
•for any two different messages it’s impossible
to get similar digest.
•Common hash algorithms
–MD5 produces fixed 128 bit digest
–SHA-1 produces 160 bit bits
•Hash functions are known as one way
function i.e. easy in one direction but difficult
in another direction.
•for any two different messages it’s impossible
to get similar digest.
•Common hash algorithms
–MD5 produces fixed 128 bit digest
–SHA-1 produces 160 bit bits
HMAC Introduction
•HMAC uses popular cryptographic hash
function like MD-5 or SHA-1 to generate
strong and secure MAC.
•HMAC uses a secret key for the calculation
and verification of the MACs.
•HMAC is specified in RFC 2104
•HMAC uses popular cryptographic hash
function like MD-5 or SHA-1 to generate
strong and secure MAC.
•HMAC uses a secret key for the calculation
and verification of the MACs.
•HMAC is specified in RFC 2104
Contd…
•To use available and approved cryptographic hash
functions whose:
–Cryptographic strength has been proved effectively.
–Code is freely available and they perform well in software.
•Old embedded hash functions can be easily replaced
with new hash functions, when developed.
•To make a simple use of keys
•To use available and approved cryptographic hash
functions whose:
–Cryptographic strength has been proved effectively.
–Code is freely available and they perform well in software.
•Old embedded hash functions can be easily replaced
with new hash functions, when developed.
•To make a simple use of keys
HMAC Algorithm: Parameters and symbols
M Input Message to HMAC (With necessary padding)
B Block Size (In Bytes) of Input Message
H Embedded hash function
Ipad Inner Pad: the byte 0x36 (In hexadecimal) repeated B times
K Secret Key (Shared by only sender and receiver)
K0 Key K after necessary pre-processing (i.e. padded with zeros
on the left) to form a B byte key
Opad Outerpad: 0x5C (In hexadecimal) repeated B times
L Length of the hash code (in bytes)
|| Concatenation
Exclusive or
M Input Message to HMAC (With necessary padding)
B Block Size (In Bytes) of Input Message
H Embedded hash function
Ipad Inner Pad: the byte 0x36 (In hexadecimal) repeated B times
K Secret Key (Shared by only sender and receiver)
K0 Key K after necessary pre-processing (i.e. padded with zeros
on the left) to form a B byte key
Opad Outerpad: 0x5C (In hexadecimal) repeated B times
L Length of the hash code (in bytes)
|| Concatenation
Exclusive or
HMAC Algorithm: Cryptographic Key
•The size of secret key K used in HMAC shall be
equal to or greater than L/2
•Here L is the size of Hash function output
•If key size greater than input block size (B
bytes), first apply the key to hash function (H)
than the resultant L byte string is used as key
•Key should be chosen at random using key
generation algorithms and change
periodically.
•The size of secret key K used in HMAC shall be
equal to or greater than L/2
•Here L is the size of Hash function output
•If key size greater than input block size (B
bytes), first apply the key to hash function (H)
than the resultant L byte string is used as key
•Key should be chosen at random using key
generation algorithms and change
periodically.
HMAC Algorithm
1.If K = B than Set K0:= K. Go to step 4
2.If K < B than K is padded with zeros in the left that form B byte string K0.
Go to step 4.
3.If K> B than hash the key K through H to get L byte string than add B-L
zeros to get a B byte string. (i.e. K0=H (K) || 0000…) Go to step 4
4.XOR K0 and ipad to generate a B byte string: K0 ipad
5.Append the input message to the output string of step 4. (K0 ipad) || M
6.Apply H to the stream generate in step 5. H ((K0 ipad) || M)
7.XOR K0 and opad: K0 opad
8.Append the result of step 6 to result of step 7:
9.(K0 opad)|| H ((K0 ipad) || M)
10.Apply H to the stream generated in step 8 to get the final output:
11.H((K0 opad)|| H ((K0 ipad) || M))
1.If K = B than Set K0:= K. Go to step 4
2.If K < B than K is padded with zeros in the left that form B byte string K0.
Go to step 4.
3.If K> B than hash the key K through H to get L byte string than add B-L
zeros to get a B byte string. (i.e. K0=H (K) || 0000…) Go to step 4
4.XOR K0 and ipad to generate a B byte string: K0 ipad
5.Append the input message to the output string of step 4. (K0 ipad) || M
6.Apply H to the stream generate in step 5. H ((K0 ipad) || M)
7.XOR K0 and opad: K0 opad
8.Append the result of step 6 to result of step 7:
9.(K0 opad)|| H ((K0 ipad) || M)
10.Apply H to the stream generated in step 8 to get the final output:
11.H((K0 opad)|| H ((K0 ipad) || M))
Graphical representation of HMAC Algorithm
Image Source: http://blog.mousavi.net/2013/01/23/hmac-the-keyed-hash-based-
mac-function/
Image Source: http://blog.mousavi.net/2013/01/23/hmac-the-keyed-hash-based-
mac-function/
•XORing of ipad and opad with key K result in
the flipping of half of its key bits.
•But the flipped value will be different for ipad
and opad respectively.
•Thus two keys are pseudo randomly
generated by key K.
the flipping of half of its key bits.
•But the flipped value will be different for ipad
and opad respectively.
•Thus two keys are pseudo randomly
generated by key K.
References
•Anurag Jagetiya, C. Ramakrishna, “Secure Socket Layer-A
Boon to E-commerce”, CSI Communications, May-2013.
•William Stallings, Cryptography and Network Security
Principles and Practices, Pearson Publication, 4th Edition.
•Anurag Jagetiya, C. Ramakrishna, “Secure Socket Layer-A
Boon to E-commerce”, CSI Communications, May-2013.
•William Stallings, Cryptography and Network Security
Principles and Practices, Pearson Publication, 4th Edition.
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 7,738
- Slides 25
- Favorites 2
- Age 3862 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
35 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
38 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
34 views
14
Fertility awareness methods for women in the society
Isaiah47
31 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
30 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
31 views