Message authentication
29,343 views
22 slides
Apr 24, 2017
Slide 1 of 22
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
About This Presentation
1. MESSAGE SECURITY REQUIREMENTS
2. MESSAGE AUTHENTICATION
3. MESSAGE ENCRYPTION
4. HASH FUNCTIONS
5. MESSAGE AUTHENTICATION CODE (MAC)
6. HMAC
Slide Content
COMPUTER SECURITY
MESSAGE AUTHENTICATION
Mr. RAJASEKAR RAMALINGAM
Faculty - Department of IT
College of Applied Sciences – Sur,
Sultanate of Oman.
[email protected]
MESSAGE AUTHENTICATION
Mr. RAJASEKAR RAMALINGAM
Faculty - Department of IT
College of Applied Sciences – Sur,
Sultanate of Oman.
[email protected]
CONTENT
1. MESSAGE SECURITY REQUIREMENTS
2. MESSAGE AUTHENTICATION
3. MESSAGE ENCRYPTION
4. HASH FUNCTIONS
5. MESSAGE AUTHENTICATION CODE (MAC)
6. HMAC
2MESSAGE AUTHENTICATION
1. MESSAGE SECURITY REQUIREMENTS
2. MESSAGE AUTHENTICATION
3. MESSAGE ENCRYPTION
4. HASH FUNCTIONS
5. MESSAGE AUTHENTICATION CODE (MAC)
6. HMAC
2MESSAGE AUTHENTICATION
1. MESSAGE SECURITY REQUIREMENTS
•In communications from a computer to computer, the following
attacks could be identified:
•Disclosure: Release of message contents
•Traffic analysis: Discovery of the pattern of traffic between parties
•Masquerade: Insertion of messages into the network from a
fraudulent source
•Content modification: Modification of the contents of a message
•Sequence modification: Modification to a sequence of messages
between parties
•Timing modification: Delay or replay of messages
•Source repudiation: Denial of transmission of message by source
•Destination repudiation: Denial of receipt of message by destination
3MESSAGE AUTHENTICATION
•In communications from a computer to computer, the following
attacks could be identified:
•Disclosure: Release of message contents
•Traffic analysis: Discovery of the pattern of traffic between parties
•Masquerade: Insertion of messages into the network from a
fraudulent source
•Content modification: Modification of the contents of a message
•Sequence modification: Modification to a sequence of messages
between parties
•Timing modification: Delay or replay of messages
•Source repudiation: Denial of transmission of message by source
•Destination repudiation: Denial of receipt of message by destination
3MESSAGE AUTHENTICATION
2. MESSAGE AUTHENTICATION
•Message authentication is concerned with:
•Protecting the integrity of a message
•Validating identity of originator
•Non-repudiation of origin (dispute resolution)
•Will consider the security requirements
•Three alternative functions used:
•Message encryption
•Hash functions
•Message Authentication Code (MAC)
4MESSAGE AUTHENTICATION
•Message authentication is concerned with:
•Protecting the integrity of a message
•Validating identity of originator
•Non-repudiation of origin (dispute resolution)
•Will consider the security requirements
•Three alternative functions used:
•Message encryption
•Hash functions
•Message Authentication Code (MAC)
4MESSAGE AUTHENTICATION
3. MESSAGE ENCRYPTION
3.1 SYMMETRIC MESSAGE ENCRYPTION
•Encryption can also provides authentication
•If symmetric encryption is used then:
•Receiver know sender must have created it
•Since only sender and receiver now key used
•Know content cannot of been altered
•If message has suitable structure, redundancy or a checksum to
detect any changes
5MESSAGE AUTHENTICATION
3.1 SYMMETRIC MESSAGE ENCRYPTION
•Encryption can also provides authentication
•If symmetric encryption is used then:
•Receiver know sender must have created it
•Since only sender and receiver now key used
•Know content cannot of been altered
•If message has suitable structure, redundancy or a checksum to
detect any changes
5MESSAGE AUTHENTICATION
3.2 PUBLIC-KEY MESSAGE ENCRYPTION
•If public-key encryption is used:
•Encryption provides no confidence of sender
•Since anyone potentially knows public-key
However if
•Sender signs message using their private-key
•Then encrypts with recipients public key
•Have both secrecy and authentication
•Again need to recognize corrupted messages
•But at cost of two public-key uses on message
6MESSAGE AUTHENTICATION
•If public-key encryption is used:
•Encryption provides no confidence of sender
•Since anyone potentially knows public-key
However if
•Sender signs message using their private-key
•Then encrypts with recipients public key
•Have both secrecy and authentication
•Again need to recognize corrupted messages
•But at cost of two public-key uses on message
6MESSAGE AUTHENTICATION
4. HASH FUNCTIONS
Condenses arbitrary message to fixed size
h = H(M)
Usually assume hash function is public
Hash used to detect changes to message
Want a cryptographic hash function
Computationally infeasible to find data mapping to specific
hash (one-way property)
Computationally infeasible to find two data to same hash
(collision-free property)
7MESSAGE AUTHENTICATION
Condenses arbitrary message to fixed size
h = H(M)
Usually assume hash function is public
Hash used to detect changes to message
Want a cryptographic hash function
Computationally infeasible to find data mapping to specific
hash (one-way property)
Computationally infeasible to find two data to same hash
(collision-free property)
7MESSAGE AUTHENTICATION
4.1 CRYPTOGRAPHIC HASH FUNCTION
•Figure depicts the general operation
of a cryptographic hash function.
•The input is padded out to an integer
multiple of some fixed length (e.g.,
1024 bits) and the padding includes
the value of the length of the original
message in bits.
•The length field is a security
measure to increase the difficulty for
an attacker to produce an alternative
message with the same hash value.
8MESSAGE AUTHENTICATION
•Figure depicts the general operation
of a cryptographic hash function.
•The input is padded out to an integer
multiple of some fixed length (e.g.,
1024 bits) and the padding includes
the value of the length of the original
message in bits.
•The length field is a security
measure to increase the difficulty for
an attacker to produce an alternative
message with the same hash value.
8MESSAGE AUTHENTICATION
4.2 HASH FUNCTIONS & MESSAGE AUTHENTICATION
•Message authentication is a mechanism or service used to verify
the integrity of a message, by assuring that the data received are
exactly as sent.
•Figure A, B, C and D illustrates a variety of ways in which a
hash code can be used to provide message authentication, as
follows:
9MESSAGE AUTHENTICATION
•Message authentication is a mechanism or service used to verify
the integrity of a message, by assuring that the data received are
exactly as sent.
•Figure A, B, C and D illustrates a variety of ways in which a
hash code can be used to provide message authentication, as
follows:
9MESSAGE AUTHENTICATION
•The message plus concatenated hash code is encrypted using
symmetric encryption. Since only A and B share the secret key,
the message must have come from A and has not been altered.
•The hash code provides the structure or redundancy required to
achieve authentication.
A
10MESSAGE AUTHENTICATION
symmetric encryption. Since only A and B share the secret key,
the message must have come from A and has not been altered.
•The hash code provides the structure or redundancy required to
achieve authentication.
A
10MESSAGE AUTHENTICATION
•Only the hash code is encrypted, using symmetric encryption. This
reduces the processing burden for those applications not requiring
confidentiality.
B
11MESSAGE AUTHENTICATION
reduces the processing burden for those applications not requiring
confidentiality.
B
11MESSAGE AUTHENTICATION
C
•Shows the use of a hash function but no encryption for message authentication.
•The technique assumes that the two communicating parties share a common
secret value S.
•A computes the hash value over the concatenation of M and S and appends the
resulting hash value to M.
•Because B possesses S, it can re-compute the hash value to verify.
•Because the secret value itself is not sent, an opponent cannot modify an
intercepted message and cannot generate a false message.
12MESSAGE AUTHENTICATION
•Shows the use of a hash function but no encryption for message authentication.
•The technique assumes that the two communicating parties share a common
secret value S.
•A computes the hash value over the concatenation of M and S and appends the
resulting hash value to M.
•Because B possesses S, it can re-compute the hash value to verify.
•Because the secret value itself is not sent, an opponent cannot modify an
intercepted message and cannot generate a false message.
12MESSAGE AUTHENTICATION
•Confidentiality can be added to the approach of (c) by encrypting
the entire message plus the hash code.
D
13MESSAGE AUTHENTICATION
the entire message plus the hash code.
D
13MESSAGE AUTHENTICATION
5. MESSAGE AUTHENTICATION CODE (MAC)
•Generated by an algorithm that creates a small fixed-sized block
•Depending on both message and some key
•Like encryption though need not be reversible
•Appended to message as a signature
•Receiver performs same computation on message and checks it
matches the MAC
•Provides assurance that message is unaltered and comes from
sender
14MESSAGE AUTHENTICATION
•Generated by an algorithm that creates a small fixed-sized block
•Depending on both message and some key
•Like encryption though need not be reversible
•Appended to message as a signature
•Receiver performs same computation on message and checks it
matches the MAC
•Provides assurance that message is unaltered and comes from
sender
14MESSAGE AUTHENTICATION
Message Authentication Code…
•A small fixed-sized block of data
•Generated from message + secret key
•MAC = C(K,M)
•Appended to message when sent
15MESSAGE AUTHENTICATION
•A small fixed-sized block of data
•Generated from message + secret key
•MAC = C(K,M)
•Appended to message when sent
15MESSAGE AUTHENTICATION
5.1 MESSAGE AUTHENTICATION CODES
•As shown the MAC provides authentication
•Why use a MAC?
•sometimes only authentication is needed
•sometimes need authentication to persist longer than the
encryption (eg. archival use)
•Can also use encryption for secrecy
•generally use separate keys for each
•can compute MAC either before or after encryption
•is generally regarded as better done before
16MESSAGE AUTHENTICATION
•As shown the MAC provides authentication
•Why use a MAC?
•sometimes only authentication is needed
•sometimes need authentication to persist longer than the
encryption (eg. archival use)
•Can also use encryption for secrecy
•generally use separate keys for each
•can compute MAC either before or after encryption
•is generally regarded as better done before
16MESSAGE AUTHENTICATION
5.2 MAC PROPERTIES
•A MAC is a cryptographic checksum
MAC = C
K
(M)
•condenses a variable-length message M
•using a secret key K
•to a fixed-sized authenticator
•Is a many-to-one function
•potentially many messages have same MAC
•but finding these needs to be very difficult
17MESSAGE AUTHENTICATION
•A MAC is a cryptographic checksum
MAC = C
K
(M)
•condenses a variable-length message M
•using a secret key K
•to a fixed-sized authenticator
•Is a many-to-one function
•potentially many messages have same MAC
•but finding these needs to be very difficult
17MESSAGE AUTHENTICATION
6. HMAC
6.1 HMAC DESIGN OBJECTIVES
Use, without modifications, hash functions
Allow for easy re-placeability of embedded hash function
Preserve original performance of hash function without significant
degradation
Use and handle keys in a simple way.
Have well understood cryptographic analysis of authentication
mechanism strength
18MESSAGE AUTHENTICATION
6.1 HMAC DESIGN OBJECTIVES
Use, without modifications, hash functions
Allow for easy re-placeability of embedded hash function
Preserve original performance of hash function without significant
degradation
Use and handle keys in a simple way.
Have well understood cryptographic analysis of authentication
mechanism strength
18MESSAGE AUTHENTICATION
HMAC…
•Uses hash function on the message:
HMAC
K
(M)= Hash[(K
+
XOR opad) ||
Hash[(K
+
XOR ipad) || M)] ]
•where K
+
is the key padded out to
size
•opad, ipad are specified padding
constants
•Overhead is just 3 more hash
calculations than the message needs
alone
•Any hash function can be used
•eg. MD5, SHA-1, RIPEMD-160,
Whirlpool
19MESSAGE AUTHENTICATION
•Uses hash function on the message:
HMAC
K
(M)= Hash[(K
+
XOR opad) ||
Hash[(K
+
XOR ipad) || M)] ]
•where K
+
is the key padded out to
size
•opad, ipad are specified padding
constants
•Overhead is just 3 more hash
calculations than the message needs
alone
•Any hash function can be used
•eg. MD5, SHA-1, RIPEMD-160,
Whirlpool
19MESSAGE AUTHENTICATION
HMAC Overview
Figure Illustrates the overall operation of HMAC:
HMAC
K
= Hash[(K
+
XOR opad) || Hash[(K
+
XOR ipad) || M)]
where:
K
+
is K padded with zeros on the left so that the result is b bits in length
ipad is a pad value of 36 hex repeated to fill block
opad is a pad value of 5C hex repeated to fill block
M is the message input to HMAC (including the padding specified in the embedded
hash function)
Note that the XOR with ipad results in flipping one-half of the bits of K. Similarly,
the XOR with opad results in flipping one-half of the bits of K, but a different set of
bits.
In effect, pseudo randomly generated two keys from K.
MESSAGE AUTHENTICATION 20
Figure Illustrates the overall operation of HMAC:
HMAC
K
= Hash[(K
+
XOR opad) || Hash[(K
+
XOR ipad) || M)]
where:
K
+
is K padded with zeros on the left so that the result is b bits in length
ipad is a pad value of 36 hex repeated to fill block
opad is a pad value of 5C hex repeated to fill block
M is the message input to HMAC (including the padding specified in the embedded
hash function)
Note that the XOR with ipad results in flipping one-half of the bits of K. Similarly,
the XOR with opad results in flipping one-half of the bits of K, but a different set of
bits.
In effect, pseudo randomly generated two keys from K.
MESSAGE AUTHENTICATION 20
•HMAC should execute in approximately the same time as the embedded
hash function for long messages.
•HMAC adds three executions of the hash compression function (for Si, So,
and the block produced from the inner hash).
•A more efficient implementation is possible by precomputing the internal
hash function on (K
+
XOR opad) and (K
+
XOR ipad) and inserting the
results into the hash processing at start & end.
•With this implementation, only one additional instance of the compression
function is added to the processing normally produced by the hash
function.
•This is especially worthwhile if most of the messages for which a MAC is
computed are short.
21MESSAGE AUTHENTICATION
hash function for long messages.
•HMAC adds three executions of the hash compression function (for Si, So,
and the block produced from the inner hash).
•A more efficient implementation is possible by precomputing the internal
hash function on (K
+
XOR opad) and (K
+
XOR ipad) and inserting the
results into the hash processing at start & end.
•With this implementation, only one additional instance of the compression
function is added to the processing normally produced by the hash
function.
•This is especially worthwhile if most of the messages for which a MAC is
computed are short.
21MESSAGE AUTHENTICATION
6.2 HMAC SECURITY
•Proved security of HMAC relates to that of the underlying hash
algorithm
•Attacking HMAC requires either:
•Brute force attack on key used
•Birthday attack (but since keyed would need to observe a very large
number of messages)
•Choose hash function used based on speed verses security
constraints
MESSAGE AUTHENTICATION 22
•Proved security of HMAC relates to that of the underlying hash
algorithm
•Attacking HMAC requires either:
•Brute force attack on key used
•Birthday attack (but since keyed would need to observe a very large
number of messages)
•Choose hash function used based on speed verses security
constraints
MESSAGE AUTHENTICATION 22
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 29,343
- Slides 22
- Favorites 18
- Age 3145 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
34 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
31 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
28 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views