2. Authentication
• Requirements - must be able to verify that:
Message came from apparent source or author Authentic
Contents have not been altered message
Sometimes, it was sent at a certain time or sequence
• Protection against active attack (falsification of data and
transactions)
2
ET2437 - Network Security
RAJA M KHURRAM SHAHZAD
3. Approaches to Message Authentication
• Authentication Using Conventional Encryption
Only the sender and receiver should share a key
• Message Authentication without Message Encryption
An authentication tag is generated and appended to each message
• Message Authentication Code - MAC
The use of secret key to generate a small block of data, MAC
Or
Calculate the MAC as a function of the message and the key.
MAC = F(K, M)
3
ET2437 - Network Security
RAJA M KHURRAM SHAHZAD
4. Message Authentication Code
• Need not to be reversible
• A & B Share a common secret key KAB
• A send message to B
A calculates message authentication code as a function of the message
and the key.
MACM1 = F(KAB, M)
The message + MAC are transmitted to B.
B performs the same calculation on the recieved message, using same
KAB
MACM2 = F(KAB, M)
If MACM1 = F(KAB, M) = MACM2 = F(KAB, M)
– Message has not been altered
– From intended sender 4
– Addition of sequence number, give more surity
6. One-way HASH function
• Alternative to MAC
• Input: A variable size message
• Output: Fixed size message digest H(M)
• No secret Key
• Message digest is sent with message in such a way that message
digest is authentic
Using conventional encryption
Using Public-Key encryption
Using Secret Value
6
8. One-way HASH function cont.
• Secret value (known to sender and receiver both) is added before
calculating the hash and removed before transmission.
• Variation of this technique is HMAC
8
ET2437 - Network Security
RAJA M KHURRAM SHAHZAD
9. Secure HASH Functions
• Purpose of the one-way or secure HASH function is to produce a
”fingerprint” of a file, message or block of data
• Properties of a HASH function H :
§ H can be applied to a block of data at any size
§ H produces a fixed length output
§ H(x) is easy to compute for any given x.
§ For any given value h, it is computationally in-feasible to find x such
that H(x) = h one-way property / pre-image resistant
§ For any given block x, it is computationally infeasible to find
y ≠ x with H(y) = H(x) weak collision resistance
§ It is computationally infeasible to find any pair (x, y) such that
H(x) = H(y) strong collision resistance
9
ET2437 - Network Security
RAJA M KHURRAM SHAHZAD
10. Block cipher VS Hash function
• Block cipher – symmetric encryption method:
input: blocks of plain-text of a fixed length
output: blocks of cipher-text of the same length
• Hash function – both symmetric and asymmetric encryption method
input: binary string of arbitrary length
output: string of some fixed length
10
ET2437 - Network Security
RAJA M KHURRAM SHAHZAD
11. Other Secure HASH functions
SHA-1 MD5 RIPEMD-160
Digest length 160 bits 128 bits 160 bits
Basic unit of 512 bits 512 bits 512 bits
processing
Number of steps 80 (4 rounds of 64 (4 rounds of 160 (5 paired
20) 16) rounds of 16)
Maximum message 264-1 bits
size
11
ET2437 - Network Security
RAJA M KHURRAM SHAHZAD
12. HMAC
• A keyed-hash message authentication code, or HMAC, is a type of
message authentication code (MAC) calculated using a cryptographic
hash function in combination with a secret key.
• The cryptographic strength of the HMAC depends upon the cryptographic
strength of the underlying hash function and on the size and quality of the
key.
• An iterative hash function breaks up a message into blocks of a fixed size
and iterates over them with a compression function.
• Motivations:
Cryptographic hash functions executes faster in software than encryption
algorithms such as DES
Library code for cryptographic hash functions is widely available
No export restrictions from the US
12
ET2437 - Network Security
RAJA M KHURRAM SHAHZAD
13. HMAC
HMACK(m) = h((K ⊕ opad) ‖ h((K ⊕ ipad) ‖ m ))
• h is an iterated hash function,
• K is a secret key padded with extra zeros to the block size of the
hash function
• m is the message to be authenticated.
• ‖ denotes concatenation
• ⊕ denotes Exclusive Or (XOR)
• The two constants ipad and opad, each one block long, are defined
as ipad = 0x363636...3636 and opad = 0x5c5c5c...5c5c. That is, if
block size of the hash function is 512, ipad and opad are 64
repetitions of the (hexadecimal) bytes 0x36 and 0x5c respectively
13
ET2437 - Network Security
RAJA M KHURRAM SHAHZAD
14. HMAC Structure
Initialization Vector (IV):
a fixed-size input to a
cryptographic function. IV
is typically random or
pseudorandom
14
HMACK(m) = h((K ⊕ opad) ‖ h((K ⊕ ipad) ‖ m ))
ET2437 - Network Security
15. Public Key / Asymmetric Encryption
• Based on mathematical functions.
• The use of two separate keys has consequences in:
key distribution
confidentiality
authentication
• The scheme has six ingredients
Plain-text Encryption algorithm
Public Key Private Key
Cipher text Decryption algorithm
15
ET2437 - Network Security
RAJA M KHURRAM SHAHZAD
17. Encryption with Private Key (Authentication)
17
ET2437 - Network Security
RAJA M KHURRAM SHAHZAD
18. Applications for Asymmetric Encryption
• Encryption/Decryption: The sender encrypts a message with the
recipient’s public key.
• Digital signature: The sender ”signs” a message with its private
key.
• Key exchange: Both sides (i.e. Sender & Reciever) co-operate to
exchange a session key
18
ET2437 - Network Security
RAJA M KHURRAM SHAHZAD
19. Requirements for Asymmetric Encryption
1. Computationally easy for a party B to generate a pair (PUblic key
PUb, PRivate key PRb)
2. Easy for sender to generate cipher-text: C = E(Pub, M)
3. Easy for the receiver to decrypt cipher-text using private key:
M = D(PRb, C) = D[PRb, E(PUb, M)]
5. Computationally in-feasible to determine Private Key (PRb) knowing
Public Key (PUb)
6. Computationally infeasible to recover message M, knowing PUb and
cipher-text C
7. Either of the two related keys can be used for encryption, with the
other used for decryption:
19
M = D[PUb, E(PRb,M) = D[PRb, E(PUb,M)]
ET2437 - Network Security
RAJA M KHURRAM SHAHZAD
20. Asymmetric Cryptographic Algorithms
• RSA - Ron Rivest, Adi Shamir and Len Adleman at MIT, in 1977.
Published in 1978
RSA is a block cipher in which plaintext and ciphertext are integers
between 0 and n-1 for some n.
The most widely implemented
• Diffie-Hellman
Enable two users to exchange a secret key securely that can be used
for subsequent encryption message
Algorithm itself is limited to exchange of keys
Compute discrete logarithms
20
ET2437 - Network Security
RAJA M KHURRAM SHAHZAD
21. The RSA Algorithm
Encryption
• Plain-text: M<n
• Cipher-text: C = Me (mod n)
Decryption
• Cipher-text: C
• Plain-text: M = Cd (mod n) = Med mod n
• Both sender and reciever must know the values of n and e
• Only reciever knows the value of d
• Public Key PU = {e,n} and Private Key PR= {d,n}
21
ET2437 - Network Security
RAJA M KHURRAM SHAHZAD
22. The RSA Algorithm - Key Generation
Select p,q p and q both prime p=17, q=11
Calculate n=pxq 17 x 11 = 187
Calculate 16 x 10 = 160
Select integer e e=7
Calculate d d = 23
Public Key PU = {e,n} 7,187
Private key PR = {d,n} 23,187
22
23. Example of the RSA Algorithm
23
ET2437 - Network Security
RAJA M KHURRAM SHAHZAD
24. Other Algorithms
• Digital Signature Standard (DSS)
Makes use of the SHA-1
Not for encryption or key exchange
• Elliptic-Curve Cryptography (ECC)
Good for smaller bit size
Low confidence level, compared with RSA
Very complex
Decryption algorithm
24
ET2437 - Network Security
RAJA M KHURRAM SHAHZAD
25. 25
ET2437 - Network Security
RAJA M KHURRAM SHAHZAD