Unit 4 - Integrity and Authenticity-V1.pptx
heaughfrds1
0 views
54 slides
Sep 19, 2025
Slide 1 of 54
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
About This Presentation
CYBER SECURITY AND CRYPTOGRAPHY
Slide Content
Unit – 4 Integrity & Authentication Algorithms Cryptography and Cyber Security
Message Authentication Message authentication is concerned with: protecting the integrity of a message validating identity of originator non-repudiation of origin (dispute resolution) considers a set of security requirements T hree alternative functions used: message encryption message authentication code (MAC) hash function
A Set of Security Requirements disclosure traffic analysis masquerade content modification sequence modification timing modification source repudiation destination repudiation
Message Encryption message encryption by itself also provides a measure of authentication if symmetric encryption is used then: receiver know s sender must have created it since only sender and receiver now key used they know that content cannot have been altered by others than themselves
Message Encryption I f public-key encryption is used: encryption provides no confidence of sender since anyone potentially knows public-key however if sender signs message using their private-key then encrypts with recipients public key thus, have both secrecy and authentication
Message Authentication Code (MAC) generated by an algorithm that creates a small fixed-sized block depending on both message and some key like encryption though need not be reversible appended to message as a signature receiver performs same computation on message and checks it matches the MAC provides assurance that message is unaltered and comes from certain sender
Message Authentication Code A MAC is not a digital signature
Message Authentication Codes as shown the MAC provides authentication can also use encryption for secrecy generally use separate keys for each can compute MAC either before or after encryption is generally regarded as better done before why use a MAC? sometimes only authentication is needed sometimes we need authentication to persist longer than the encryption ( eg. archival use)
MAC Properties A MAC is a cryptographic checksum MAC = C K (M) condenses a variable-length message M using a secret key K to a fixed-sized authenticator is a many-to-one function potentially many messages have same MAC but finding these can be very difficult
Requirements for MACs T aking into account the types of attacks we need the MAC to satisfy the following: knowing a message and MAC, is infeasible to find another message with same MAC MACs should be uniformly distributed MAC should depend equally on all bits of the message
Using Symmetric Ciphers for MACs can use any block cipher chaining mode and use final block as a MAC Data Authentication Algorithm (DAA) is a widely used MAC based on DES-CBC using IV=0 and zero-pad of final block encrypt message using DES in CBC mode and send just the final block as the MAC or the leftmost M bits (16 ≤M≤64) of final block but final MAC is now too small for security !
Data Authentication Algorithm (FIPS PUB 113)
Data Authentication Algorithm
Hash Functions condenses arbitrary message to fixed size h = H(M) usually assume that the hash function is public and not keyed hash used to detect changes to message can use in various ways with message most often to create a digital signature
Hash Functions & Digital Signatures
Requirements for Hash Functions can be applied to any sized message M produces fixed-length output h is easy to compute h=H(M) for any message M one-way property : given h is infeasible to find x s.t. H(x)=h weak collision resistance : given x is infeasible to find y s.t . H(y)=H(x) strong collision resistance : is infeasible to find any x,y s.t . H(y)=H(x)
Simple Hash Functions There are several proposals for simple functions based on XOR of message blocks not secure since can manipulate any message and either not change hash or change hash also need a stronger cryptographic function
Secure Hash Algorithm SHA originally designed by NIST & NSA in 1993 was revised in 1995 as SHA-1 US standard for use with DSA signature scheme standard is FIPS 180-1 1995, also Internet RFC3174 based on design of MD4 with key differences produces 160-bit hash values recent 2005 results on security of SHA-1 have raised concerns on its use in future applications
Secure Hash Function
Hash Algorithm Structure
Revised Secure Hash Standard NIST issued revision FIPS 180-2 in 2002 adds 3 additional versions of SHA SHA-256, SHA-384, SHA-512 designed for compatibility with increased security provided by the AES cipher structure & detail is similar to SHA-1 hence analysis should be similar but security levels are rather higher
SHA-512 Overview
Keyed Hash Functions as MACs want a MAC based on a hash function because hash functions are generally faster code for crypto hash functions widely available hash includes a key along with message original proposal: KeyedHash = Hash(Key|Message) some weaknesses were found with this eventually led to development of HMAC
HMAC
HMAC
HMAC
HMAC specified as Internet standard RFC2104 uses hash function on the message: HMAC K = Hash[(K + XOR opad ) || Hash[(K + XOR ipad )||M)]] where K + is the key padded out to size and opad (5C Hex ) , ipad (36 Hex ) are specified padding constants overhead is just 3 more hash calculations than the message needs alone any hash function can be used eg. MD5, SHA-1, RIPEMD-160
HMAC Overview
HMAC Security proved security of HMAC relates to that of the underlying hash algorithm attacking HMAC requires either: brute force attack on key used birthday attack (but since keyed would need to observe a very large number of messages) choose hash function used based on speed verses security constraints
30 X.509 Authentication Service Distributed set of servers that maintains a database about users. Each certificate contains the public key of a user and is signed with the private key of a CA. Is used in S/MIME, IP Security, SSL/TLS and SET. RSA is recommended to use.
Henric Johnson 31 X.509 Formats
32 Typical Digital Signature Approach
33 Obtaining a User’s Certificate Characteristics of certificates generated by CA: Any user with access to the public key of the CA can recover the user public key that was certified. No part other than the CA can modify the certificate without this being detected.
Henric Johnson 34 X.509 CA Hierarchy
35 Revocation of Certificates Reasons for revocation: The users secret key is assumed to be compromised. The user is no longer certified by this CA. The CA’s certificate is assumed to be compromised.
36 Digital Signatures
37 Digital Signatures – How It Works
38 Digital Signatures – How It Works
39 Digital Signatures - Attacks where "A" is the user and "C" is the attacker, we can classify these attacks in increasing order of severity based on the level of access, information, or impact required for a successful forgery.
40 Digital Signatures - Attacks
41 Digital Signatures - Attacks
42 Digital Signatures - Attacks
43 Digital Signatures - Attacks
44 Digital Signatures - Attacks
45 Digital Signatures - Attacks
46 Digital Signatures - Forgeries
47 Digital Signatures - Forgeries
48 Elgamal Digital Signature Scheme Asymmetric encryption system based on the Diffie-Hellman key exchange. Provides confidentiality and digital signatures. Relies on the difficulty of the Discrete Logarithm Problem (DLP).
49 Elgamal Digital Signature Scheme
50 Elgamal - Application Digital signatures (e.g., in DSA). Encrypted messaging and communications. Privacy-preserving computations (homomorphic encryption). Examples like secure communication or secure voting system icons.
51 Assignment – Unit 1 1. Case Study on Steganography (5 Marks) Research a real-world case where steganograph y was used (e.g., to hide data in images, audio, or video). Describe the type of steganography, its purpose, and the techniques used. Analyze the effectiveness of the method, including any detection or extraction techniques applied. Briefly evaluate the ethical and legal implications, and suggest alternative approaches or improvements. 2. Case Study on Cryptanalysis (5 Marks) Research a real-world case where cryptanalysis was used to break or weaken encryption (e.g., breaking a cipher or cracking a security protocol). Describe the encryption method targeted, the cryptanalysis techniques used, and the outcome. Analyze the effectiveness of the cryptanalysis approach and any countermeasures employed. Briefly discuss the ethical and legal implications of the cryptanalysis in this case, and propose any alternative solutions or improvements.
52 Assignment – Unit 2 2. Case Study on RC4 (5 Marks) Research a real-world application or attack involving the RC4 stream cipher . Describe how RC4 was implemented in the scenario, including its purpose and the encryption process. Analyze any vulnerabilities or weaknesses that were exploited, and the consequences of those flaws. Discuss the ethical, legal, or security implications of using RC4, and propose alternative encryption methods or improvements. 1. Case Study on Symmetric Ciphers (5 Marks) Select a real-world case involving the use of a symmetric cipher (e.g., AES, DES). Describe how the cipher was implemented and the purpose it served in securing communication or data. Analyze any weaknesses or attacks that targeted this cipher and the outcomes. Discuss the security implications and suggest alternative encryption methods or improvements to the implementation.
53 Assignment – Unit 4 Scenario 1 (5 Marks) "Imagine your university has implemented the Kerberos authentication protocol to secure access to its online student portal. You are an IT consultant tasked with explaining how the system ensures secure login for students accessing their accounts. Describe the process from the moment a student enters their credentials to the point where they gain access to the portal. Make sure to include how the Key Distribution Center (KDC) and Ticket Granting Ticket (TGT) play a role. Additionally, identify any potential weaknesses in this setup and propose recommendations to enhance security based on your understanding of Kerberos ."
54 Assignment – Unit 4 Scenario 2 (5 Marks) "Your company is setting up a secure communication system for its internal web applications using X.509 certificates . As a network security specialist, you are responsible for ensuring that these certificates are properly implemented and managed. Explain the role of X.509 certificates in establishing secure connections using SSL/TLS. Detail the structure of an X.509 certificate and describe the information it contains. Furthermore, outline the process of verifying the authenticity of an X.509 certificate and discuss potential risks associated with compromised certificates. Provide recommendations for maintaining the integrity of the certificate management process within the company."
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 0
- Slides 54
- Age 74 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
45 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
45 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
20 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
24 views