Cryptographic hash functions, message authentication codes (MACs), and digital signatures are discussed.
HMAC and CBC-MAC are introduced as methods to construct MACs from hash functions. HMAC incorporates a secret key into a hash function to provide message authentication. CBC-MAC uses a block cipher like DES in CBC mode.
Digital signatures are similar to MACs but use public-key cryptography like RSA. A digital signature provides both message authentication and non-repudiation. RSA can be used to generate signatures by signing a hash of the message with the private key.
Module 6
Advanced Networking
Security problems with internet architecture, Introduction to Software defined networking, Working of SDN, SDN in data centre, SDN applications, Data centre networking, IoT.
Module 6
Advanced Networking
Security problems with internet architecture, Introduction to Software defined networking, Working of SDN, SDN in data centre, SDN applications, Data centre networking, IoT.
Computer Security Lecture 4: Block Ciphers and the Data Encryption StandardMohamed Loey
We will discuss the following: Stream Ciphers and Block Ciphers, Data Encryption Standard, DES Algorithm, DES Key Creation, DES Encryption, The Strength Of DES.
https://www.youtube.com/watch?v=1-lF4dePpts&list=PLKYmvyjH53q13_6aS4VwgXU0Nb_4sjwuf
Public Key Cryptography and RSA algorithmIndra97065
Public Key Cryptography and RSA algorithm.Explanation and proof of RSA algorithm in details.it also describer the mathematics behind the RSA. Few mathematics theorem are given which are use in the RSA algorithm.
Cryptography is the science of using mathematics to encrypt and decrypt data.
Cryptography enables you to store sensitive information or transmit it across insecure networks so that it cannot be read by anyone except the intended recipient.
This PPT explains about the term "Cryptography - Encryption & Decryption". This PPT is for beginners and for intermediate developers who want to learn about Cryptography. I have also explained about the various classes which .Net provides for encryption and decryption and some other terms like "AES" and "DES".
A brief discussion of network security and an introduction to cryptography. We end the presentation with a discussion of the RSA algorithm, and show how it works with a basic example.
The Security Problem
Program Threats
System and Network Threats
Cryptography as a Security Tool
User Authentication
Implementing Security Defenses
Firewalling to Protect Systems and Networks
Computer-Security Classifications
An Example: Windows XP
Digital Signatures: Reassessing security of randomizable signaturesPriyanka Aash
Two signature schemes with special properties are discussed: randomizable signatures and deterministic signatures. Topic 1: Reassessing Security of Randomizable Signatures Authors: David Pointcheval; Olivier Sanders Topic 2: Differential Fault Attacks on Deterministic Signatures Authors: Christopher Ambrose; Joppe W. Bos; Bjorn Fay; Marc Joye; Manfred Lochter; Bruce Murray
(Source: RSA Conference USA 2018)
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxR&R Consult
CFD analysis is incredibly effective at solving mysteries and improving the performance of complex systems!
Here's a great example: At a large natural gas-fired power plant, where they use waste heat to generate steam and energy, they were puzzled that their boiler wasn't producing as much steam as expected.
R&R and Tetra Engineering Group Inc. were asked to solve the issue with reduced steam production.
An inspection had shown that a significant amount of hot flue gas was bypassing the boiler tubes, where the heat was supposed to be transferred.
R&R Consult conducted a CFD analysis, which revealed that 6.3% of the flue gas was bypassing the boiler tubes without transferring heat. The analysis also showed that the flue gas was instead being directed along the sides of the boiler and between the modules that were supposed to capture the heat. This was the cause of the reduced performance.
Based on our results, Tetra Engineering installed covering plates to reduce the bypass flow. This improved the boiler's performance and increased electricity production.
It is always satisfying when we can help solve complex challenges like this. Do your systems also need a check-up or optimization? Give us a call!
Work done in cooperation with James Malloy and David Moelling from Tetra Engineering.
More examples of our work https://www.r-r-consult.dk/en/cases-en/
Overview of the fundamental roles in Hydropower generation and the components involved in wider Electrical Engineering.
This paper presents the design and construction of hydroelectric dams from the hydrologist’s survey of the valley before construction, all aspects and involved disciplines, fluid dynamics, structural engineering, generation and mains frequency regulation to the very transmission of power through the network in the United Kingdom.
Author: Robbie Edward Sayers
Collaborators and co editors: Charlie Sims and Connor Healey.
(C) 2024 Robbie E. Sayers
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Dr.Costas Sachpazis
Terzaghi's soil bearing capacity theory, developed by Karl Terzaghi, is a fundamental principle in geotechnical engineering used to determine the bearing capacity of shallow foundations. This theory provides a method to calculate the ultimate bearing capacity of soil, which is the maximum load per unit area that the soil can support without undergoing shear failure. The Calculation HTML Code included.
Welcome to WIPAC Monthly the magazine brought to you by the LinkedIn Group Water Industry Process Automation & Control.
In this month's edition, along with this month's industry news to celebrate the 13 years since the group was created we have articles including
A case study of the used of Advanced Process Control at the Wastewater Treatment works at Lleida in Spain
A look back on an article on smart wastewater networks in order to see how the industry has measured up in the interim around the adoption of Digital Transformation in the Water Industry.
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdffxintegritypublishin
Advancements in technology unveil a myriad of electrical and electronic breakthroughs geared towards efficiently harnessing limited resources to meet human energy demands. The optimization of hybrid solar PV panels and pumped hydro energy supply systems plays a pivotal role in utilizing natural resources effectively. This initiative not only benefits humanity but also fosters environmental sustainability. The study investigated the design optimization of these hybrid systems, focusing on understanding solar radiation patterns, identifying geographical influences on solar radiation, formulating a mathematical model for system optimization, and determining the optimal configuration of PV panels and pumped hydro storage. Through a comparative analysis approach and eight weeks of data collection, the study addressed key research questions related to solar radiation patterns and optimal system design. The findings highlighted regions with heightened solar radiation levels, showcasing substantial potential for power generation and emphasizing the system's efficiency. Optimizing system design significantly boosted power generation, promoted renewable energy utilization, and enhanced energy storage capacity. The study underscored the benefits of optimizing hybrid solar PV panels and pumped hydro energy supply systems for sustainable energy usage. Optimizing the design of solar PV panels and pumped hydro energy supply systems as examined across diverse climatic conditions in a developing country, not only enhances power generation but also improves the integration of renewable energy sources and boosts energy storage capacities, particularly beneficial for less economically prosperous regions. Additionally, the study provides valuable insights for advancing energy research in economically viable areas. Recommendations included conducting site-specific assessments, utilizing advanced modeling tools, implementing regular maintenance protocols, and enhancing communication among system components.
4. Bob receives a message from Alice, he wants to know
(Data origin authentication) whether the message was
really sent by Alice;
(Data integrity) whether th
Message Authentication
m•
g
g
message authentication code
e message has been modified.
Solutions:
Alice attaches a (MAC)
to the message.
Or she attach digital signatures a to the message.e
•
g
g
4
5. A hash function maps from a domain to a smaller range,
typically many-to-one.
Properties required of a hash function depend on its
applications.
Applications:
Fast loo
Hash function
•
•
•
g kup (hash tables)
Error detection/correction
cryptographic haCryp sh ftography unctions:
Others
g
g
g
5
6. *
*
: , | | | |.
For example, :{0,1} {0,1}
:{0,1}
:{0,1} {0,1} , .
If
Hash functi
is
ons:
Cryptographic hash function
n
n
k l
h X Y X Y
h
h Z
h k l
X
• → >
• →
→
→ >
•
( )
finite, is also called a compression function.
A classical application: users/clients passwords are
stored in a file
not as username, password ,
but as username,
h
h
•
( ) using some
cryptographic hash fu
(password
nctio
)
n .h
6
7. Pre-image: if ( ) , is a pre-image of .
Each hash value typically has multiple pre-images.
Collision: a pair of ( , ), , s.t. ( ) ( ).
A hash function is said t
Security requirements
h m y m y
m m m m h m h m
• =
•
′ ′ ′• ≠ =
o be:
if it is computationally infeasible to
find a pre-image of a hash value.
if it is computationally in
Pre-image resistant
C feasible to
find a col
ollision re
lision
sistant
.
A hash fun
•
•
• cryptographic hash functioction is a
if it is collision resista
n
nt.
7
8. 8
• Collision-resistant hash functions can be
built from collision-resistant compression
functions using Merkle-Damgard
construction.
9. *
*
hash
compression
Construct a cryptographic function :{0,1} {0,1}
from a function :{0,1} {0,1} .
1. For {0,1} , add to so that | '| ispadding
Merkle-Damgard construction
n
n b n
h
f
m m m
+
• →
→
∈
1 2
0 1
a multiple of .
Let padded ' , each of length .
(padding = 10...0 | |, where | | is the length of )
3. Let IV and ( ) for 1 .
4. The hash value (
k i
i i i
b
m m m m m b
m m m
v v v m i k
h
f −
=
= = ≤ ≤
K
P
) .
If is collision-resistant, then is colliTheor sion-resistant.em.
km v
f h
=
11. 64
an NIST standard.
using Merkle-Damgard construction.
input message is divided into blocks with padding.
padding = 10...0 , where {0,1} indicates | | in
The Secure Hash Algorithm (SHA-1)
m
m
•
•
•
• ∈l l
64
0 15
0 4
binary.
thus, message length limited to | | 2 1.
block = 512 bits = 16 words = .
IV a constant of 160 bits = 5 words = .
resulting hash value: 160 bits.
underlying compre
m
W W
H H
• ≤ −
•
• =
•
•
KP P
KP P
160 512 160
ssion function :{0,1} {0,1} ,
a series (80 rounds) of , , , , +, and Rotate on
words ' & 's.i i
f
W s H
+
→
∧ ∨ ⊕ ¬
12. { }1 2
An attack is to produce a collision.
Birthday attack: randomly generate a set of messages
, , , , hoping to produce a collision.
160 is big enough to resist birthda
Is SHA-1 secure?
km m m
n
•
•
• =
K
y attacks .
There is no mathematical proof for its collision resistancy.
In 2004, a collision for a "58 rounds" SHA-1 was produced.
(The compression function of SHA-1 has 80 roun
for n
ds.)
ow
N
•
•
• ewer SHA's have been included in the standard:
SHA-256, SHA-384, SHA-512.
12
13. In a group of people, what is the probability
that at least two people have
Having the same birthday is a
the same bi
collision?
Birthday problem:
Birthday
rthday?
1 2 withparadox:
k
p
•
• ≥
g
as small as 23.
Consider a hash function :{0,1} {0,1} .
If we randomly generate messages, the probability
of having a collision depends on .
To resist birthday attack, we choose to
n
k
h
k
n
n
∗
• →
•
• be sufficiently large that
it will take an infeasibly large to have a non-negligible probability
of collision.
k
14. modification detection codes (MDC)
Storing passwords
Used to produce
( ), called an MDC, is stored in a secure place;
if is modified, we
Applications of cryptographic hash functions
h m
m
•
•
g
g can detect it;
protecting the integrity of .
We will see some other applicati son .
m
•
g
14
15. Bob receives a message from Alice, he wants to know
(Data origin authentication) whether the message was
really sent by Alice;
(Data integrity) whether th
Message Authentication
m•
g
g
message authentication code
e message has been modified.
Solutions:
Alice attaches a (MAC)
to the message.
Or she attach digital signatures a to the message.e
•
g
g
15
16. Message authentication protocol:
1. Alice and Bob share a secret key .
2. Alice sends MAC ( ) to Bob.
3. Bob authenticates the received MAC
by checking if MAC MAC ( )?
MAC
k
k
k
m m
m
m
•
′ ′
′ ′=
•
P
P
MAC ( ) is called a .
Security requirement: infeasible to produce a valid pair
( , MA
message auth
C ( )) w
entication
ithout knowing the key
e
.
c dok
k
m
x x k
•
16
17. A common way to construct a MAC is to incorporate a
secret key into a fixed hash function (e.g. SH
Insecure:
A-1).
MAC ( ) ( ) ( ) wit IVh
Constructing MAC from a hash
k k
k h
m h m h m k
•
•
= = =g
g MAC ( ) ( ) ( )k km h m h k m= = P
17
18. m = m1 m2 m3 ms
f f fIV … f h(m)
k X X hk(m)
fhk(m) hk(m||ms+1)
ms+1
1
( ) ( ) with IV .
(For simplicity, without
Insecure:
Easy to forge:
( , ( )),
padd
where
ing)
k
s
k
m
M
h m
AC m h
m m
m k
m +
•
′
′ =
=
•
′
=
P
19. ( )2 1
1 2
A FIPS standard for constructing MAC from a hash
function . Conceptually,
HMAC ( ) ( )
where and are two keys generated from .
Various
HMAC (Hash-based MAC)
k m k k m
k
h
k k
h h
•
=
•
P P
( )
hash functions (e.g., SHA-1, MD5) may be used for .
If we use , then HMAC is as follows:
HMAC ( ) ( )
where
is padded with 0's to 512
SHA-1
SHA-1 SHA
bits
1-k
h
m k opad k ipad m
k
•
= ⊕ ⊕
g
P P
3636 36 (x036 repeated 64 times)
5c5c 5c (x05c repeated 64 times)
ipad
opad
=
= L
g
g
L
20. A FIPS and ISO standard.
One of the most popular MACs in use.
Use a block cipher in CBC mode with a fixed, public IV.
Called DES CBC-MAC if the block cipher is DES.
Let :{0,1} {0,1
CBC-MAC
n
E
•
•
•
•
• →
1 2
0
1
} be a block cipher.
CBC-MAC( , )
, where | | .
IV (typically 0 )
for 1 to do
( )
return( )
n
l i
n
i k i i
l
m k
m m m m m n
c
i l
c E c m
c
−
•
= =
¬
¬
¬ ⊕
KP P P
20
22. A refined version of CBC-MAC.
Adopted by NIST for use with AES and 3DES.
Use two keys: , (assuming is a multiple of ).
Let :{0,1} {0,1} be a block cipher.
CM
CMAC (Cipher-based MAC)
n n
k k m n
E
•
•
′•
• →
•
1 2
0
1
1
AC( , )
, where | | .
IV (typically 0 )
for 1 to 1 do
( )
( )
return( )
l i
n
i k i i
l k l l
l
m k
k
m m m m m n
c
i l
c E c m
c E c m
c
−
−
= =
¬
¬ −
′⊕
¬ ⊕
¬ ⊕
KP P P
22
23. RSA can be used for digital signatures.
A digital signature is the same as a MAC except that
the tag (signature) is produced using a public-key
cryptosystem.
Digital
Digital Signatures
•
•
• signatures are used to provide message
authentication an non-repudiatd ion.
Message m MACk(m)
Message m Sigpr(m)
24. Digital signature protocol:
1. Bob has a key pair ( , ).
2. Bob sends Sig ( ) to Alice.
3. Alice verifies the received
by checking if Verify ( ).
Sig ( ) is calle
pr
pu
pr
pr pu
m m
m s
s m
m
•
′ ′
′ ′=
•
P
P
d a .
Security requirement: infeasible to forge a valid
pair ( , S
signatu
ig ( )) without knowing
re for
.prm m pr
m
•
25. MCE D
PUBob PRBob
Alice Bob
M
MSE D
PUBob PRBob
Alice Bob
Verify Sign
Encryption (using RSA):
Digital signature (using RSA-1
):
E(S)
=M?
26. *
are generated as for RSA encryption:
Public key: . Private key: .
a message : ( ) mod .
That is,
Keys
Signin
( , ) ( , )
g
RSA Signature
d
n PR
PU n e PR n d
m Z D m m nσ
σ
∈• =
= =
•
=
1
RSA ( ).
a signature ( , ) :
check if ( ) mod , or RSA( ).
Only the key's owner can sign,
Ver
but anybody can ver
ify
ify.
ing
e
PU
m
m
m E n m
σ
σ σ σ
−
=
=
•
= =
•
27. *
RSA
1. Every message is a valid signature for
its ciphertext : RSA( ).
Encryption (using Bob's public key):
Existential forgeries
Sig
:
Security of RSA Signature
nm Z
c m
m c
∈
=
•
→
1
RSA
1 2 1 2
1 2 1 2
n ( using Bob's private key):
2. If Bob signed and , then the signature for
can be easily forged
if
hash a
: ( ) ( ) ( ).
Counterme nd siasure gn: :
m c
m m m m
m m m mσ σ σ
σ
−
•
¬
=
Sign ( ( )),
using some collision resistant hash function .
PR h m
h
=
28. Does hash-then-sign make RSA signature secure
against chosen-message attacks?
Question:
Answer:
random oracleYes, is a i.e.,
is a
all
if full-
random or
d
a
,
cle mapping {0
omainh
h
•
•
g *
,1}
( is the full domain of RSA)
n
n
Z
Z
→
g
29. { }
160
In practice, is full-domain.
For instance, the range of SHA-1 is {0,1} ,
while 0,1,...,2 1 , wi
Problem with full-
th 1024.
domain hash:
Desired: a sec
no
ure signature scheme
t
n
n
h
Z n
•
= − ≥
•
that does not
require a full-domain hash.
30. *
pad
Hash function :{0,1} {0,1} (not full domain).
| |. (E.g., SHA-1, 160; RSA, 1024.)
Idea:
Probabilistic signature scheme
l
Nh Z
l n N l n
m m r
→ ⊂
< = = =
•
• → P *
hash
expand 1
si
1
gn 1
{0,1}
( ) {0,1}
( ) {0,1}
RSA ( )
( )0n l
l
nk
r
w h m r
y w G w
yσ
− − −
−
−
∈
→ = ∈
→ = ⊕ ∈
→ =
PP
P
1
where {0,1}
:{0,1} {0,1} (pseudorandom generator)
N
k
l n l
Z
r
G − −
∈
∈
→
31. *
11 2 2
1
a message {0,1} :
1. choose a random {0,1} ; compute ( );
2. compute ;( ) ( ) // //
3. The signatu
Signing
re is RSA ( ).
k
m
r w h m r
G G Gw
y
y w r G G w
σ −
∈
∈
=
=
=
=
•
⊕P P
P
P
32. PSS is secure against chosen-message attacks in the
random oracle model (i.e., if and are random oracles).
PSS is adopted in PKCS #1 v.2.1.
Hash functions such as SHA-1
Remarks
are used f
h G
•
•
•
1 2
or and .
For instance,
let 1024, and 160
let = SHA-1
( , )( ) ( ) ( 0) ( 1) ( 2), ...
h G
n l k
h
G G w G w h w h w h w
= = =
= =
•
P P P PP