3. Message Authentication
• Message authentication is another form of security.
• Similar to data encryption to ensure data confidentiality, the message
authentication data security feature:
• Provides services to ensure the integrity of data.
• Provides end-to-end protection of data, which does not require support from
intermediate nodes.
• Message authentication can be achieved using cryptographic
methods which further make use of keys.
4. Message Authentication Codes
• MAC algorithm is a symmetric key cryptographic technique to provide
message authentication.
• For establishing MAC process, the sender and receiver share a
symmetric key K.
• Essentially, a MAC is an encrypted checksum generated on the
underlying message that is sent along with a message to ensure
message authentication.
6. Message Authentication Codes
• The sender uses some publicly known MAC algorithm, inputs the
message and the secret key K and produces a MAC value.
• The sender forwards the message along with the MAC.
• On receipt of the message and the MAC, the receiver feeds the
received message and the shared secret key K into the MAC algorithm
and re-computes the MAC value.
• The receiver now checks equality of freshly computed MAC with the
MAC received from the sender.
• If they match, then the receiver accepts the message otherwise
message is consider as not genuine.
7. Hash Functions
• Hash functions are one-way functions that take an input (message)
and produce a fixed-size output (hash value).
• By applying a hash function to a message, a sender can create a digest
or checksum of the message.
• The receiver can then independently compute the hash of the
received message and compare it with the sender's hash to verify if
the message has been altered.
9. Hash Functions
• The typical features of hash functions are −
• Fixed Length Output (Hash Value)
• Hash function coverts data of arbitrary length to a fixed length. This process is often
referred to as hashing the data.
• In general, the hash is much smaller than the input data, hence hash functions are
sometimes called compression functions.
• Since a hash is a smaller representation of a larger data, it is also referred to as
a digest.
• Hash function with n bit output is referred to as an n-bit hash function. Popular
hash functions generate values between 160 and 512 bits.
• Efficiency of Operation
• Generally for any hash function h with input x, computation of h(x) is a fast
operation.
• Computationally hash functions are much faster than a symmetric encryption.
10. Message Digest
• MD stands for Message Digest, and it is often followed by a number
to denote a specific algorithm.
• These hash functions take an input message of any length and
produce a fixed-size output, often referred to as the digest or hash
value.
• The most well-known algorithms in the MD family are MD2, MD4,
MD5, and MD6.
• However, MD2 and MD4 are considered to be weak and have been
largely replaced by more secure hash functions.
11. Message Digest 4
• MD4 hash function which digests an arbitrary length message to 128 bits
• Initialization:
Given a message 𝑚𝑚0𝑚𝑚1𝑚𝑚2……………… 𝑚𝑚𝑏𝑏−1(b-bit);
Step 1: append padding bits and get 𝑚𝑚0𝑚𝑚1𝑚𝑚2……………… 𝑚𝑚𝑏𝑏−1 10...0 ( b' bits , b' ≡ 448 mod 512);
Step 2: append 64 bits and get 𝑚𝑚0𝑚𝑚1𝑚𝑚2……………… 𝑚𝑚𝑏𝑏−1 10...0 𝑏𝑏0𝑏𝑏1𝑏𝑏2……………… 𝑏𝑏63
(𝑏𝑏0𝑏𝑏1𝑏𝑏2……………… 𝑏𝑏63) is the 64-bit representation of b );
Step 3: divide it to N words as 𝑚𝑚0𝑚𝑚1𝑚𝑚2……………… 𝑚𝑚𝑁𝑁−1 (N is a multiple of 16);
Step 4: Initialize 4 MD buffers A, B, C, D, each of them is a 32-bit register,
word A: 01 23 45 67
word B: 89 ab cd ef
word C: fe dc ba 98
word D: 76 54 32 10
and save as A°, B°, C°, D°
12. Message Digest 4
Processing 48 rounds
16 rounds
F(B, C, D) =BC V ( neg B)D // V -> Disjunction/ OR Operation
i = 0 ,1.....15
𝑘𝑘𝑖𝑖= 0
s = 3, 7, 11, 19, 3, 7, 11, 19, 3, 7, 11, 19
16 rounds
F(B, C, D) =BC V BD V CD
i = 0, 4, 8, 12, 1, 5, 9, 13, 2, 6, 10, 14, 3, 7, 11, 15
𝑘𝑘𝑖𝑖 =5A827999
s = 3, 5, 9, 13, 3, 5, 9, 13, 3, 5, 9, 13, 3, 5, 9, 13
16 rounds
F(B, C, D) = B ⊕ C ⊕ D
i = 0, 8, 4, 12, 2, 10, 6, 14, 1, 9, 5, 13, 3, 11, 7, 15
𝑘𝑘𝑖𝑖 = 6ED9EBA1
s = 3, 9, 11, 15, 3, 9, 11, 15, 3, 9, 11, 15, 3, 9, 11, 15
Compute
A = A + A°
B = B + B°
C = C + C°
D= D + D°
and output A B C D as the result
13. Message Digest 4
it consists in 5 steps that are as follow:
1. Append Padding bits
2. Append Length
3. Initialize MD buffer
4. Process the message in 16-Word blocks
5. Output
14. Message Digest 4
1. Append Padding bits:
• The message is expanded so that its length in bits modulo 512 is 448. Thus,
as a result of the expansion, the message lacks 64 bits to a length that is a
multiple of 512 bits.
• The expansion is done as follows: one bit equal to 1 is added to the
message, and then bits equal to 0 are added until the length of the message
is 448 modulo 512.
• In the end, at least 1 bit is added to the message, and as a maximum of 512
15. Message Digest 4
2. Adding the length
• The 64-bit representation of b is added to the result of the previous step.
• In the unlikely event that b is greater than 2 to the 64th power, only the
least significant 64 bits are used.
• These bits are added as two 32-bit words, and the word containing the least
significant bits is appended first.
• At this stage (after adding the bits and the message length), we get a
message that is a multiple of 512 bits. It is equivalent to the message being a
multiple of 16 32-bit words.
16. Message Digest 4
3. Initializing the MD buffer:
• To calculate the message hash buffer consisting of 4 words (A, B, C, D) (32-bit
registers) is used.
• These registers are initialized with the following hexadecimal numbers (LSB
first):
word A: 01 23 45 67;
word B: 89 ab cd ef;
word C: fe dc ba 98;
word D: 76 54 32 10.
17. Message Digest 4
4. Process the message in 16-Word blocks:
• let’s define three auxiliary functions, each of which receives three 32-bit words as
input and calculates one 32-bit word from them.
• For each bit position, F acts as a conditional expression: if X, then Y; otherwise Z.
The function F could have been defined using instead of V since XY and XZ cannot
equal 1, at the same time.
• G acts on each bit position as a function of the maximum value. If at least two
words of X, Y, and Z have corresponding bits equal to 1 then G will output a 1 in that
bit. Otherwise, G will output a bit equal to 0.
• It is interesting to note that if the X, Y, and Z bits are statistically independent, then
the F (X, Y, Z) and G (X, Y, Z) bits will also be statistically independent. Function H
implements bitwise xor and has the same property as F and G.
18. Message Digest 4
4. Output:
• The result (hash function) is obtained as ABCD.
• It means we write out 128 bits, starting with the least significant bit of A and
ending with the most significant bit of D.
19. Message Digest 5
• MD5 (Message Digest Method 5) is a cryptographic hash algorithm
used to generate a 128-bit digest from a string of any length.
• It represents the digests as 32 digit hexadecimal numbers.
• The digest size is always 128 bits, and thanks to hashing function
guidelines, a minor change in the input string generate a drastically
different digest.
• This is essential to prevent similar hash generation as much as
possible, also known as a hash collision.
20. Message Digest 5
Steps in MD5 Algorithm
• Padding Bits
• When you receive the input string, you have to make sure the size is 64 bits
short of a multiple of 512.
• When it comes to padding the bits, you must add one(1) first, followed by
zeroes to round out the extra characters.
21. Message Digest 5
Steps in MD5 Algorithm
• Padding Length:
• You need to add a few more characters to make your final string a multiple
of 512.
• To do so, take the length of the initial input and express it in the form of 64
bits.
• On combining the two, the final string is ready to be hashed.
22. Message Digest 5
Steps in MD5 Algorithm
• Initialize MD Buffer:
• The entire string is converted into multiple blocks of 512 bits each.
• You also need to initialize four different buffers, namely A, B, C, and D.
• These buffers are 32 bits each and are initialized as follows:
A = 01 23 45 67
B = 89 ab cd ef
C = fe dc ba 98
D = 76 54 32 10
23. Message Digest 5
Steps in MD5 Algorithm
• Process Each Block:
• Each 512-bit block gets broken down further into 16 sub-blocks of 32 bits
each. There are four rounds of operations, with each round utilizing all the
sub-blocks, the buffers, and a constant array value.
• It perform 64 rounds.
• This constant array can be denoted as T[1] -> T[64].
• Each of the sub-blocks are denoted as M[0] -> M[15].
24. Message Digest 5
Steps in MD5 Algorithm
• Process Each Block:
• It passes B, C, and D onto a non-linear process.
• The result is added with the value present at
A.
• It adds the sub-block value to the result above.
• Then, it adds the constant value for that
particular iteration.
• There is a circular shift applied to the string.
• As a final step, it adds the value of B to the
string and is stored in buffer A.
• The steps mentioned above are run for every
buffer and every sub-block. When the last
block’s final buffer is complete, you will
receive the MD5 digest.
25. Message Digest 5
Steps in MD5 Algorithm
• Process Each Block:
• The non-linear process above is
different for each round of the
sub-block.
• Round 1: (b AND c) OR ((NOT b) AND (d))
• Round 2: (b AND d) OR (c AND (NOT d))
• Round 3: b XOR c XOR d
• Round 4: c XOR (b OR (NOT d))
26. Message Digest 5
Steps in MD5 Algorithm
• Process Each Block:
• Each round has a repeating
sequence of 4 shift amounts (s in
[abcd k s i]) :
• 7, 12, 17 and 22 for the round 1
• 5, 9, 14 and 20 for the round 2
• 4, 11, 16 and 23 for the round 3
• 6, 10, 15 and 21 for the round 4
27. Message Digest 5
Advantage of MD5 Algorithm
• Easy to Compare:
• Unlike the latest hash algorithm families, a 32 digit digest is relatively easier to compare
when verifying the digests.
• Storing Passwords:
• Passwords need not be stored in plaintext format, making them accessible for hackers and
malicious actors. When using digests, the database also gets a boost since the size of all
hash values will be the same.
• Low Resource:
• A relatively low memory footprint is necessary to integrate multiple services into the same
framework without a CPU overhead.
• Integrity Check:
• You can monitor file corruption by comparing hash values before and after transit. Once the
hashes match, file integrity checks are valid, and it avoids data corruption.
28. SHA-1
• Secure Hash Algorithm 1, or SHA-1, was developed in 1993 by the U.S. government's standards
agency National Institute of Standards and Technology (NIST).
• It is widely used in security applications and protocols, including TLS, SSL, PGP, SSH, IPsec, and
S/MIME.
• SHA-1 works by feeding a message as a bit string of length less than 264 bits, and producing a
160-bit hash value known as a message digest.
• There are two methods to encrypt messages using SHA-1. Although one of the methods saves the
processing of sixty-four 32-bit words, it is more complex and time-consuming to execute.
• At the end of the execution, the algorithm outputs blocks of 16 words, where each word is made
up of 16 bits, for a total of 256 bits.
29. SHA 1
• The hash function consist of 80
rounds
• Which is divided into four stages
of 20 rounds.
• details of the SHA-1 algorithm:
• Input
• Padding
• Initialization
• Message digest Calculation
• Output
30. Sha-1
• The message is padded by appending a 1, followed by enough 0s until the
message is 448 bits. The length of the message represented by 64 bits is then
added to the end, producing a message that is 512 bits long:
• The padded input obtained above, M, is then divided into 512-bit chunks, and
each chunk is further divided into sixteen 32-bit words, W0…W15.
• initialize five random strings of hex characters that will serve as part of the hash
function:
H0=67DE2A01
H1=BB03E28C
H2=011EF1DC
h3=9293E9E2
h4=CDEF23A9.
31. Sha-1
• For each chunk, begin the 80 iterations, i, necessary for hashing (80 is
the determined number for SHA-1), and execute the following steps
on each chunk, Mn:
• For iterations 16 through 79, where 16≤i≤79, perform the following
operation:
W(i)=S1(W(i−3)⊕W(i−8)⊕W(i−14)⊕W(i−16))
32. Sha-1
F (logical functions )
A sequence of logical functions are used in SHA-1, depending on the value
of i, where 0 ≤ i ≤ 79, and on three 32-bit words B, C, and D, in order to
produce a 32-bit output.
f(i;B,C,D) = (B ∧ C)∨((¬B)∧D) for 0 ≥ i ≥ 19
f(i;B,C,D) = B ⊕ C ⊕ D for 20 ≥ i ≥ 39
f(i;B,C,D) = (B ∧ C) ∨ (B ∧ D)∨ (C ∧ D) for 40 ≥ i ≥ 59
f(i;B,C,D) = B⊕ C ⊕ D for 60 ≥ i ≥ 79
33. Sha-1
𝐾𝐾𝑡𝑡 (constant words)
a sequence of constant words, shown in hex below, is used in the formulas:
K(i) = 5A827999 for 0 ≥ i ≥ 19
K(i) = 6ED9EBA1 for 20 ≥ i ≥ 39
K(i) = 8F1BBCDC for 40 ≥ i ≥ 59
K(i) = CA62C1D6 for 60 ≥ i ≥ 79
34. Sha-1
Circular Shift Operation (<<<): Now, the circular shift operation 𝑆𝑆𝑛𝑛(𝑋𝑋) on
the word X by n bits, n being an integer between 0 and 32, is defined by
= ( X ≪ n ) OR ( X ≫ 32 − n )
where X << n is the left-shift operation, obtained by discarding the
leftmost n bits of X and padding the result with n zeroes on the right.
X>>32−n is the right-shift operation obtained by discarding the
rightmost n bits of X and padding the result with n zeroes on the left. Thus
𝑆𝑆𝑛𝑛(X) is equivalent to a circular shift of X by n positions, and in this case the
circular left-shift is used.
35. Sha-1
Output:
• Perform 80 rounds of operations on the words W[0] to W[79].
• In each round, the temporary variables are updated based on a
combination of logical functions (bitwise operations) and bitwise
rotations.
• After 80 rounds, the final values of A, B, C, D, and E represent the
message digest.
• The message digest generated by SHA-1 is a 160-bit (20-byte) hash
value.
36. HMAC
• HMAC is a cryptographic method that guarantees the integrity of the
message between two parties.
• HMAC algorithm consists of a secret key and a hash function.
• The secret key is a unique piece of information or a string of
characters. It is known both by the sender and the receiver of the
message.
• The hash function is a mapping algorithm that converts one sequence
to another sequence.
37. HMAC
• HMAC provides the following security properties:
• Data Integrity: Any modification to the message or the secret key will result in
a different HMAC value, allowing the receiver to detect tampering.
• Authenticity: The possession of the secret key is necessary to generate a valid
HMAC, ensuring that only authorized parties can generate and verify the
HMAC.
38. HMAC
• Using key K (0 < K < b), K+ is
generated by padding 0’s on left side
of key K until length becomes b bits.
• b bits is the block size of plain text.
• There are two predefined padding
bits called ipad and opad.
• ipad - 00110110
• opad - 01011100
39. HMAC
1. Select K.
2. If K < b, pad 0’s on left until k=b. K is between 0 and b ( 0 < K < b )
3. EXOR K+ with ipad equivalent to b bits producing S1 bits.
4. Append S1 with plain text M
5. Apply SHA-512 on ( S1 || M )
6. Pad n-bits until length is equal to b-bits
7. EXOR K+ with opad equivalent to b bits producing S2 bits.
8. Append S2 with output of step 5.
9. Apply SHA-512 on step 7 to output n-bit hash code.
40. HMAC
• Advantages
• HMACs are ideal for high-performance systems like routers due to the use of
hash functions which are calculated and verified quickly unlike the public key
systems.
• Digital signatures are larger than HMACs, yet the HMACs provide comparably
higher security.
• HMACs are used in administrations where public key systems are prohibited.
• Disadvantages
• HMACs uses shared key which may lead to non-repudiation. If either sender
or receiver’s key is compromised then it will be easy for attackers to create
unauthorized messages.
41. Digital Signatures
• Digital signatures use asymmetric cryptography to provide message
authentication.
• The sender uses their private key to sign the message, creating a
digital signature.
• The receiver can verify the signature using the sender's public key.
• If the signature is valid, it guarantees the integrity and authenticity of
the message.
44. Digital Signatures
The following points explain the entire process in detail −
• Each person adopting this scheme has a public-private key pair.
• Generally, the key pairs used for encryption/decryption and signing/verifying are different. The
private key used for signing is referred to as the signature key and the public key as the verification
key.
• Signer feeds data to the hash function and generates hash of data.
• Hash value and signature key are then fed to the signature algorithm which produces the digital
signature on given hash. Signature is appended to the data and then both are sent to the verifier.
• Verifier feeds the digital signature and the verification key into the verification algorithm. The
verification algorithm gives some value as output.
• Verifier also runs same hash function on received data to generate hash value.
• For verification, this hash value and output of verification algorithm are compared. Based on the
comparison result, verifier decides whether the digital signature is valid.
• Since digital signature is created by ‘private’ key of signer and no one else can have this key; the
signer cannot repudiate signing the data in future.
45. Importance of Digital Signature
• Message authentication
• When the verifier validates the digital signature using public key of a sender, he is
assured that signature has been created only by sender who possess the
corresponding secret private key and no one else.
• Data Integrity:
• In case an attacker has access to the data and modifies it, the digital signature
verification at receiver end fails. The hash of modified data and the output provided
by the verification algorithm will not match. Hence, receiver can safely deny the
message assuming that data integrity has been breached.
• Non-repudiation:
• Since it is assumed that only the signer has the knowledge of the signature key, he
can only create unique signature on a given data. Thus the receiver can present data
and the digital signature to a third party as evidence if any dispute arises in the
future
