3. One of the key aspect of cryptography –
authentication.
Many ways to authenticate the user.
It helps to establish trust – by identifying
the particular user.
Best and popular method – user id and password
So, modern password based authentication follows encryption and
randomness mechanism to protect password from attackers.
Note Password – when travel across network - dangerous
4. Authentication Requirements
In the context of communications across a network, the
following attacks are identified
1. Disclosure
2. Traffic analysis
3. Masquerade
4. Content modification
5. Sequence modification
6. Timing modification
7. Source repudiation
8. Destination repudiation
Authentication Requirements
5. 1. Disclosure : Release of message contents to any person, not
possessing the appropriate the cryptographic key
2. Traffic analysis : Discovers traffic between parties.
In connection oriented applications, frequency and duration of
connections can be determined.
In connection oriented or connectionless, the number and length
of messages can be identified
3. Masquerade : Insertion of messages into the network from the
fraudulent source.
6. 4. Content modification : changes to the content of the message
including insertion, deletion, transposition and modification.
5. Sequence Modification : Any modification to the sequence of
messages b/w parties including insertion, deletion and reordering.
6. Timing Modification : Delay or replay of messages.
In connection oriented application, either entire sequence of
messages or entire session can be delayed.
In connectionless application, individual message can be delayed
7. 7. Source Repudiation : Denial of transmission of message by
Source
8.Destination Repudiation : Denial of receipt of message by
Destination
The security measures for the following attacks…
1 and 2 ------> Message Confidentiality
3, 4, 5, 6 ------> Message Authentication
7 ------> Digital Signatures
8 -------> Digital Signatures + protocol
designed to counter this attack
8. Authentication Requirements - Summary
Message authentication
A procedure to verify that received messages come
from the alleged source and have not been altered
Message authentication may also verify sequencing
and timeliness
Digital signature
An authentication technique that also includes
measures to counter repudiation by the source
9. Authentication Functions
Message authentication or digital signature mechanism can
be viewed as having two levels
At lower level: there must be some sort of functions producing
an authenticator – a value to be used to authenticate a message
This lower level functions is used as primitive in a higher level
authentication protocol
10. Types of Functions used to
produce an Authenticator
Three classes of functions that may be used to produce an
authenticator
1. Message encryption
- Cipher text itself serves as authenticator
2. Message authentication code (MAC)
- A public function of the message and a secret key that produces a
fixed-length value that serves as the authenticator
3. Hash function
- A function that maps a message of any length into a fixed-length hash
value that serves as the authenticator
12. Message Encryption
K is shared both by A and B.
No other person know the key(K)
No other party recover the plain text except A and B.
M - Original Message. E - Encryption
K - Secret Key D - Decryption
14. Solution to the plain text attack.
To avoid the plain text, give some other structure to the
plain text, to avoid replication of message or duplication
of the message.
A prepares a plain text message M and then provides
this input to the function F that produces an FCS
For this, Append an error-detecting code (frame check
sequence (FCS) or checksum) to each message before
encryption
B decrypts the incoming block
15. M - Original Message E – Encryption
K - Secret Key D – Decryption
FCS – Frame check sequence || - concatenation operator
16. Contd…
FCS is performed before encryption [internal error
control] and after encryption [external error control]
respectively.
In both the methods, if the calculated FCS at the
destination side is generated FCS at the sender side, the
message transmitted is considered as an authentic
message.
21. Message Authentication Code
Uses a shared secret key to generate a fixed-size
block of data (known as a cryptographic
checksum or MAC) that is appended to the
message
The MAC is appended to the message at the source at
a time when the message is assumed or known to be
correct.
The receiver authenticates that message by
recomputing the MAC
MAC = CK(M),
where C is a MAC function & M is a variable length message
22. Contd…
Note:
MAC is Similar to encryption but MAC algorithm need not be
reversible
-- > this MAC function is a many to one function
-- > the domain of the function consists of some arbitrary length,
whereas the range consists of all possible Macs and all possible
keys.
23.
24.
25.
26. Contd…
Assurances:
Message has not been altered
Message is from the alleged sender
Message sequence is unaltered
(requires internal sequencing)
If we assume that the sender and the receiver know
the identity of the secret key and if the received MAC
matches the calculated MAC, we assure the following
27. MAC Properties
a MAC is a cryptographic checksum
MAC = CK(M)
condenses a variable-length message M
using a secret key K
to a fixed-sized authenticator
is a many-to-one function
potentially many messages have same MAC
but finding these needs to be very difficult
28. REQUIREMENTS FOR MACs
First, the security of MAC algorithm depends on the
bit length of the key
Suppose the key size(K) is greater than the MAC
size(n), then more number of keys will produce the
correct MAC and the opponent has no way of knowing
which is the correct key.
On average, a total of 2k/2n = 2(k-n)
B’cos opponent should not try the possible
keys with the Brute force attack.
29. Hash functions
A variation on the MAC is the hash function.
Message M
[Variable size]
Hash
function
Hash code, H(M)
[Fixed size output]
It’ll not use the
key, unlike MAC
Referred as
Message digest
or hash value
Note:
1. Hash code is a function of all the bits of the message and provides
error detection capability.
2. A change to any bit or bits in the message results in the change in
the Hash code
31. Type 1 – Hash function
o The message + concatenated hash code is
encrypted using symmetric encryption.
o Since encryption applied to the entire message +
hash code , confidentiality is also provided.
o The hash code provide a structure, which is
required to provide authentication.
o It is similar to internal error control strategy.
33. Type 2 – Hash function
Only hash code is encrypted using symmetric
encryption.
This reduces the processing burden for those
applications, which do not require
confidentiality.
The transferred message is secure, since the
opponent do not know the secret key
35. Type 3 – Hash function
Only hash code is encrypted, using public key
encryption and using senders private key.
It provides both authentication and the digital
signature.
37. Type 4 – Hash function
If confidentiality as well as the digital signature is
desired, then public key encrypted hash code is
encrypted using symmetric key
39. Type 5 – Hash function
• This technique uses a hash function but no
encryption for message authentication.
• This technique assumes that 2 communicating
parties share a common secret value S and
appends to the resulting hash value
• Since B possesses S, it recompute the hash value
to verify.
41. Type 6 – Hash function
• Confidentiality added to the above approach, by
encrypting the entire message + hash code.
42. Normally we prefer for techniques, that avoid
encryption.
Reasons for this are,
1. Encryption software is quite slow. Even though amount of
data to be encrypted is small, there may be steady
stream of messages into and out of the stream.
2. Encryption hardware costs are not negligible. Even though
low cost chip implementations of DES are available, it is not
proper for larger networks.
3. Normally encryption algorithms are patent. Ex. RSA – should be
public licensed.
4. Encryption algorithms are subject to U.S export control.
43. Message authentication codes
A MAC, also known as a cryptographic checksum,
is generated by a function C of the form.
where M is a variable length message, K is the
secret key shared by sender and receiver and
CK(M) is the fixed length authenticator
Requirements for MACs
Message authentication code based on DES
MAC = CK(M), where C is a MAC function