Your SlideShare is downloading. ×
0
Message Authentication
Message Authentication
Message Authentication
Message Authentication
Message Authentication
Message Authentication
Message Authentication
Message Authentication
Message Authentication
Message Authentication
Message Authentication
Message Authentication
Message Authentication
Message Authentication
Message Authentication
Message Authentication
Message Authentication
Message Authentication
Message Authentication
Message Authentication
Message Authentication
Message Authentication
Message Authentication
Message Authentication
Message Authentication
Message Authentication
Message Authentication
Message Authentication
Message Authentication
Message Authentication
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Message Authentication

1,377

Published on

Unit 5 Of ACN

Unit 5 Of ACN

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,377
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
33
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Message Authentication
  • 2. Message authentication
    • Procedure to verify that
      • Recvd message is from alleged source
      • Message has not been altered
      • There is no change in message sequence
      • message is not delayed or a replay
    • Includes mechanism for non-repudiation by source
  • 3. Authentication functions
    • Lower level function
      • Authenticator or value
    • Higher level function
      • Use authenticator to verify authenticity of message
    • Functions to produce authenticator
      • Message encryption
        • cirhertext
      • Message authentication code ( MAC)
        • F(K,M) -> fixed length value
      • Hash Function
        • Mapping of message -> fixed length value
  • 4.  
  • 5.  
  • 6. Message Authentication codes ( MAC)
    • MAC also known as cryptographic checksum
      • MAC = C k (M)
      • M : variable length message
      • K : Shared key between sender and receiver
      • C k (M) : Fixed length authenticator
    • MAC is appended to the message at src
    • Receiver verifies by re-computing MAC
  • 7.  
  • 8. MAC attacks
    • In encryption
      • security depends on length of key
      • brute force attack requires 2 k-1 combinations of k bit key
    • Mac is many to one function
    • Known M1 and MAC1
    • If k > n ( length of MAC)
      • Brute force attack can result in 2 k-n matches
      • ==  C k-n (M1) = MAC1
  • 9. MAC attack to find Key
    • Round 1:
      • given M1, MAC1 = C k (M1)
      • Compute MAC i = Ck i (M i ) for all 2 k keys
      • Number of matches ~ 2 k-n
    • Round 2:
      • given M2, MAC2 = C k (M2)
      • Compute MAC i = Ck i (M i ) for all 2 k-n keys
      • Number of matches ~ 2 k-2n
    • And so on…….
    • Brute force over many rounds
  • 10. Mac attack without finding key
    • Mac algo
      • M = X1||X2||…||Xm --  Xi = 64 bit blocks
      •  M = X1  X2  ….  Xm
      • C k (M) = E k (  M) encryption by DES ECB
    • Attack
      • Replace X1..Xm-1 by Y1..Ym-1
      • Ym = Y1  Y2  ….  Ym-1  M
    • Attacker inserts new message which will be authenticated correctly by receiver
  • 11. MAC requirements
    • Knowing M and Ck(M) it should not be possible to make M’-> Ck(M’) = Ck(M)
    • For any random M, M’; Pr[Ck(M) =Ck(M’)] should be 2 -n for n MAC bits
    • If M’ = f(M); Pr[Ck(M) =Ck(M’)] should be 2 -n
  • 12. MAC based on DES
  • 13. HASH functions
    • h = H(M)
      • M = variable length message
      • H(M) is fixed length hash value
      • Hash is appended to M by sender
      • Receiver re-computes hash to verify M
  • 14. Requirements of Hash function
    • Applied on any length of block of data
    • Output fixed length
    • H(x) easy to compute
    • H(x) should exhibit one way property
    • For given x, infeasible to find y!=x with H(y) = H(x): weak collision resistance
    • Infeasible to find any pair (x,y) such that H(y) = H(x)
  • 15.  
  • 16.  
  • 17. What is Birthday attack?
    • Derived from "birthday paradox“
      • A lthough there are 365 days in a year
      • T he probability is greater than 1/2 that
      • T wo of more people share the same birthday in any randomly chosen group of 23 people.
  • 18. Birthday Attack
    • A class of attacks against cryptographic functions
      • including both encryption functions and hash functions.
      • The attacks take advantage of a statistical property:
        • Given a cryptographic function having an N-bit output
        • for 2 N/2 randomly chosen inputs
        • the function will produce at least two outputs that are identical
        • With a probability greater than1/2
  • 19. More on Birthday attacker
    • Birthday attacks enable an attacker to find two inputs for which a cryptographic /hash function produces the same cipher text
      • M uch faster than a brute-force attack can
      • N o birthday attack can enable an a ttacker
        • T o decrypt a given cipher text or find a hash input that results in a given hash result
        • any faster than a brute-force attack can.
  • 20. MD5
  • 21. MD5 processing steps
    • Step 1: Appending padding bits
      • To ensure each block size is 512 bit
      • Min 1 bit to max 512 bit padding
      • Padding bits : 10000…..
      • (Msg + pad bits + 64 bit for length) = n x 512
    • Step 2: Append length
      • 64 bit long filed for length of message
    • Step 3: Initialize MD buffer
      • A,B,C,D buffers of 32 bit size each
    • Step 4: Process message in 512-bit blocks
      • 16 words of 32 bit each
    • Step 5: output 128 bit ( also fed back to input)
  • 22.  
  • 23. Step 4
    • Four rounds
    • 16 steps in each round
    • Details of each round
      • Inputs
        • A,B,C,D ( 32 bits each)
        • 512 bit block Message ( 16 x 32)
        • T[ i ] 32 bit array of cont from sin value
      • Processing
        • F,G,H &I functions in each round
      • Output
        • A,B,C,D
  • 24.  
  • 25.  
  • 26. SHA-1
  • 27. SHA-1 processing steps
    • Step 1: Appending padding bits
      • To ensure each block size is 512 bit
      • Min 1 bit to max 512 bit padding
      • Padding bits : 10000…..
      • (Msg + pad bits + 64 bit for length) = n x 512
    • Step 2: Append length
      • 64 bit long filed for length of message
    • Step 3: Initialize MD buffer
      • A,B,C,D,E buffers of 32 bit size each
    • Step 4: Process message in 512-bit blocks
      • 20 words of 32 bit each
    • Step 5: output 128 bit ( also fed back to input)
  • 28.  
  • 29.  
  • 30.  

×