SlideShare a Scribd company logo

chapter 11,12,15.pptx kya chal the hey bhai

Download as PPTX, PDF
S
sagarjsicg

Hallobshs shsbshsbs hshshshshs shsysbhshs shsysnysjs shsysksjgshs shsusnsvhshshs shsysksvsuhee sheysjsbhsbe s sheunsjsh dheysnshshe sheusbvshe sbsusnbs

Design
1 of 73
Message Integrity and Message Authentication CHAPTER 11
Overview • Cryptographic hash functions that are used to create a message digest from a message. • Message digests guarantee the integrity of the message. • We then discuss how simple message digests can be modified to authenticate the message.
Introduction Message Integrity • The cryptography systems that we have studied so far provide secrecy, or confidentiality, but not integrity. However, there are occasions where we may not even need secrecy but instead must have integrity. • Ex:Alice may write a will to distribute her estate upon her death. The will does not need to be encrypted. After her death, anyone can examine the will. The integrity of the will, however, needs to be preserved. Alice does not want the contents of the will to be changed.
Document and Fingerprint • One way to preserve the integrity of a document is through the use of a fingerprint. • If Alice needs to be sure that the contents of her document will not be changed, she can put her fingerprint at the bottom of the document. • Eve cannot modify the contents of this document or create a false document because she cannot forge Alice’s fingerprint. To ensure that the document has not been changed, Alice’s fingerprint on the document can be compared to Alice’s fingerprint on file. If they are not the same, the document is not from Alice.
Message and Message Digest
• Cryptographic Hash Function Criteria A cryptographic hash function must satisfy three criteria: preimage resistance, second preimage resistance, and collision resistance, as shown in Figure 11.3.
• Preimage Resistance A cryptographic hash function must be preimage resistant. Given a hash function h and y = h(M), it must be extremely difficult for Eve to find any message, M′, such that y = h(M′). Figure 11.4 shows the idea.
RANDOM ORACLE MODEL • The Random Oracle Model, which was introduced in 1993 by Bellare and Rogaway, is an ideal mathematical model for a hash function. A function based on this model behaves as follows: 1. When a new message of any length is given, the oracle creates and gives a fixed length message digest that is a random string of 0s and 1s. The oracle records the message and the message digest. 2. When a message is given for which a digest exists, the oracle simply gives the digest in the record. 3.The digest for a new message needs to be chosen independently from all previous digests. This implies that the oracle cannot use a formula or an algorithm to calculate the digest.
MESSAGE AUTHENTICATION • A message digest guarantees the integrity of a message. It guarantees that the message has not been changed. • A message digest, however, does not authenticate the sender of the message. When Alice sends a message to Bob, Bob needs to know if the message is coming from Alice. To provide message authentication, Alice needs to provide proof that it is Alice sending the message and not an impostor. A message digest per se cannot provide such a proof. • The digest created by a cryptographic hash function is normally called a modification detection code (MDC). The code can detect any modification in the message. What we need for message authentication (data origin authentication) is a message authentication code (MAC).
Modification Detection Code
• A modification detection code (MDC) is a message digest that can prove the integrity of the message: that message has not been changed. If Alice needs to send a message to Bob and be sure that the message will not change during transmission, Alice can create a message digest, MDC, and send both the message and the MDC to Bob. Bob can create a new MDC from the message and compare the received MDC and the new MDC. If they are the same, the message has not been changed. Figure 11.9 shows the idea. • Figure 11.9 shows that the message can be transferred through an insecure channel. Eve can read or even modify the message. The MDC, however, needs to be transferred through a safe channel. The term safe here means immune to change. If both the message and the MDC are sent through the insecure channel, Eve can intercept the message, change it, create a new MDC from the message, and send both to Bob.
• Bob never knows that the message has come from Eve. Note that the term safe can mean a trusted party; the term channel can mean the passage of time. For example, if Alice makes an MDC from her will and deposits it with her attorney, who keeps it locked away until her death, she has used a safe channel. • Alice writes her will and announces it publicly (insecure channel). Alice makes an MDC from the message and deposits it with her attorney, which is kept until her death (a secure channel). Although Eve may change the contents of the will, the attorney can create an MDC from the will and prove that Eve’s version is a forgery. If the cryptography hash function used to create the MDC has the three properties described at the beginning of this chapter, Eve will lose.
Message Authentication Code (MAC)
• To ensure the integrity of the message and the data origin authentication that Alice is the originator of the message, not somebody else we need to change a modification detection code (MDC) to a message authentication code (MAC). The difference between a MDC and a MAC is that the second includes a secret between Alice and Bob for example, a secret key that Eve does not possess. Figure 11.10 shows the idea. • Alice uses a hash function to create a MAC from the concatenation of the key and the message, h (K|M). She sends the message and the MAC to Bob over the insecure channel. Bob separates the message from the MAC. He then makes a new MAC from the concatenation of the message and the secret key. Bob then compares the newly created MAC with the one received. If the two MACs match, the message is authentic and has not been modified by an adversary.
• Note that there is no need to use two channels in this case. Both message and the MAC can be sent on the same insecure channel. Eve can see the message, but she cannot forge a new message to replace it because Eve does not possess the secret key between Alice and Bob. She is unable to create the same MAC as Alice did. • The MAC we have described is referred to as a prefix MAC because the secret key is appended to the beginning of the message. We can have a postfix MAC, in which the key is appended to the end of the message. We can combine the prefix and postfix MAC, with the same key or two different keys. However, the resulting MACs are still insecure.
Nested MAC
• To improve the security of a MAC, nested MACs were designed in which hashing is done in two steps. In the first step, the key is concatenated with the message and is hashed to create an intermediate digest. In the second step, the key is concatenated with the intermediate digest to create the final digest. Figure 11.12 shows the general idea. HMAC • NIST has issued a standard (FIPS 198) for a nested MAC that is often referred to as HMAC (hashed MAC, to distinguish it from CMAC, discussed in the next section). The implementation of HMAC is much more complex than the simplified nested MAC shown in Figure 11.11. There are additional features, such as padding. Figure 11.12 shows the details.
• We go through the steps: 1. The message is divided into N blocks, each of b bits. 2. The secret key is left-padded with 0’s to create a b-bit key. Note that it is recommended that the secret key (before padding) be longer than n bits, where n is the size of the HMAC. 3. The result of step 2 is exclusive-ored with a constant called ipad (input pad) to create a b-bit block. The value of ipad is the b/8 repetition of the sequence 00110110 (36 in hexadecimal). 4. The resulting block is prepended to the N-block message. The result is N + 1 blocks. 5. The result of step 4 is hashed to create an n-bit digest. We call the digest the intermediate HMAC
6. The intermediate n-bit HMAC is left padded with 0s to make a b-bit block. 7. Steps 2 and 3 are repeated by a different constant opad (output pad). The value of opad is the b/8 repetition of the sequence 01011100 (5C in hexadecimal). 8. The result of step 7 is prepended to the block of step 6. 9. The result of step 8 is hashed with the same hashing algorithm to create the final n-bit HMAC
CMAC • NIST has also defined a standard (FIPS 113) called Data Authentication Algorithm, or CMAC, or CBCMAC. The method is similar to the cipher block chaining (CBC) mode discussed in Chapter 8 for symmetric-key encipherment. However, the idea here is not to create N blocks of ciphertext from N blocks of plaintext. The idea is to create one block of MAC from N blocks of plaintext using a symmetric-key cipher N times. Figure 11.13 shows the idea.
• The message is divided into N blocks, each m bits long. The size of the CMAC is n bits. If the last block is not m bits, it is padded with a 1-bit followed by enough 0-bits to make it m bits. The first block of the message is encrypted with the symmetric key to create an m-bit block of encrypted data. • This block is XORed with the next block and the result is encrypted again to create a new m-bit block. The process continues until the last block of the message is encrypted. • The n leftmost bit from the last block is the CMAC. In addition to the symmetric key, K, CMAC also uses another key, k, which is applied only at the last step
• . This key is derived from the encryption algorithm with plaintext of m 0-bits using the cipher key, K. The result is then multiplied by x if no padding is applied and multiplied by x2 if padding is applied. The multiplication is in GF(2m) with the irreducible polynomial of degree m selected by the particular protocol used • Note that this is different from the CBC used for confidentiality, in which the output of each encryption is sent as the ciphertext and at the same time XORed with the next plaintext block. Here the intermediate encrypted blocks are not sent as ciphertext; they are only used to be XORed with the next block.
Chapter 12 Cryptographic Hash Functions Iterated Hash Function • All cryptographic hash functions need to create a fixed-size digest out of a variable-size message. Creating such a function is best accomplished using iteration. Instead of using a hash function with variable-size input, a function with fixed-size input is created and is used a necessary number of times. The fixed-size input function is referred to as a compression function. It compresses an n-bit string to create an m-bit string where n is normally greater than m. The scheme is referred to as an iterated cryptographic hash function.
Merkle-Damgard Scheme The Merkle-Damgard scheme is an iterated hash function that is collision resistant if the compression function is collision resistant. This can be proved, but the proof is left as an exercise. The scheme is shown in Figure 12.1.
Two Groups of Compression Functions • The Merkle-Damgard scheme is the basis for many cryptographic hash functions today. The only thing we need to do is design a compression function that is collision resistant and insert it in the Merkle-Damgard scheme. • There is a tendency to use two different approaches in designing a hash function. In the first approach, the compression function is made from scratch: it is particularly designed for this purpose.  In the second approach, a symmetric-key block cipher serves as a compression function.
Hash Functions Made from Scratch
• Other Algorithms RACE Integrity Primitives Evaluation Message Digest (RIPMED) has several versions. RIPEMD-160 is a hash algorithm with a 160-bit message digest. RIPEMD-160 uses the same structure as MD5 but uses two parallel lines of execution. HAVAL is a variable-length hashing algorithm with a message digest of size 128, 160, 192, 224, and 256.The block size is 1024 bits.
Hash Functions Based on Block Ciphers • An iterated cryptographic hash function can use a symmetric-key block cipher as a compression function. The whole idea is that there are several secure symmetric-key block ciphers, such as triple DES or AES, that can be used to make a one-way function instead of creating a new compression function. The block cipher in this case only performs encryption. Several schemes have been proposed.
Rabin Scheme • The iterated hash function proposed by Rabin is very simple. The Rabin scheme is based on the Merkle-Damgard scheme. The compression function is replaced by any encrypting cipher. The message block is used as the key; the previously created digest is used as the plaintext. The ciphertext is the new message digest. Note that the size of the digest is the size of data block cipher in the underlying cryptosystem. For example, if DES is used as the block cipher, the size of the digest is only 64 bits. Although the scheme is very simple, it is subject to a meet-in-the-middle attack discussed in Chapter 6, because the adversary can use the decryption algorithm of the cryptosystem. Figure 12.2 shows the Rabin scheme.
• Matyas-Meyer-Oseas Scheme: The Matyas-Meyer-Oseas scheme is a dual version of the Davies-Meyer scheme: the message block is used as the key to the cryptosystem. The scheme can be used if the data block and the cipher key are the same size. For example, AES is a good candidate for this purpose. Figure 12.4 shows the MatyasMeyer- Oseas scheme.
Chapter 15 Key Management SYMMETRIC-KEY DISTRIBUTION • Symmetric-key cryptography is more efficient than asymmetric-key cryptography for enciphering large messages. Symmetric-key cryptography, however, needs a shared secret key between two parties. • If Alice needs to exchange confidential messages with N people, she needs N different keys. What if N people need to communicate with each other? A total of N(N − 1) keys is needed if we require that Alice and Bob use two keys for bidirectional communication; only N(N − 1)/2 keys are needed if we allow a key to be used for both directions. This means that if one million people need to communicate with each other, each person has almost one million different keys; in total, almost one trillion keys are needed. This is normally referred to as the 𝑁2problem because the number of required keys for N entities is 𝑁2
• The number of keys is not the only problem; the distribution of keys is another. If Alice and Bob want to communicate, they need a way to exchange a secret key; if Alice wants to communicate with one million people, how can she exchange one million keys with one million people? Using the Internet is definitely not a secure method. It is obvious that we need an efficient way to maintain and distribute secret keys. Key-Distribution Center: KDC A practical solution is the use of a trusted third party, referred to as a key-distribution center (KDC). To reduce the number of keys, each person establishes a shared secret key with the KDC, as shown in Figure 15.1.
• A secret key is established between the KDC and each member. Alice has a secret key with the KDC, which we refer to as KAlice; Bob has a secret key with the KDC, which we refer to as KBob; and so on. Now the question is how Alice can send a confidential message to Bob. The process is as follows: 1. Alice sends a request to the KDC stating that she needs a session (temporary) secret key between herself and Bob. 2. The KDC informs Bob about Alice’s request. 3. If Bob agrees, a session key is created between the two. • The secret key between Alice and Bob that is established with the KDC is used to authenticate Alice and Bob to the KDC and to prevent Eve from impersonating it
• Hierarchical Multiple KDCs The concept of flat multiple KDCs can be extended to a hierarchical system of KDCs, with one or more KDCs at the top of the hierarchy. For example, there can be local KDCs, national KDCs, and international KDCs. When Alice needs to communicate with Bob, who lives in another country, she sends her request to a local KDC; the local KDC relays the request to the national KDC; the national KDC relays the request to an international KDC. The request is then relayed all the way down to the local KDC where Bob lives. Figure 15.3 shows a configuration of hierarchical multiple KDCs.
Session Keys • A KDC creates a secret key for each member. This secret key can be used only between the member and the KDC, not between two members. If Alice needs to communicate secretly with Bob, she needs a secret key between herself and Bob. A KDC can create a session key between Alice and Bob, using their keys with the center. The keys of Alice and Bob are used to authenticate Alice and Bob to the center and to each other before the session key is established. After communication is terminated, the session key is no longer useful. Figure 15.2 Flat multiple KDCs A session symmetric key between two parties is used only once.
KERBEROS • Kerberos is an authentication protocol, and at the same time a KDC, that has become very popular. Several systems, including Windows 2000, use Kerberos. It is named after the three-headed dog in Greek mythology that guards the gates of Hades. Originally designed at MIT, it has gone through several versions.
chapter 11,12,15.pptx kya chal the hey bhai
chapter 11,12,15.pptx kya chal the hey bhai
chapter 11,12,15.pptx kya chal the hey bhai
chapter 11,12,15.pptx kya chal the hey bhai

Recommended

lecture13.pdf
lecture13.pdflecture13.pdf
lecture13.pdf
AlaaElhaddad3
 
Unit 3
Unit 3Unit 3
Unit 3
tamil arasan
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptography
Nishant Bhardwaj
 
Cryptography and network_security
Cryptography and network_securityCryptography and network_security
Cryptography and network_security
Janani Satheshkumar
 
Cryptography Key Management.pptx
Cryptography Key Management.pptxCryptography Key Management.pptx
Cryptography Key Management.pptx
SurendraBasnet6
 
5. message authentication and hash function
5. message authentication and hash function5. message authentication and hash function
5. message authentication and hash function
Chirag Patel
 
Efficient ECC encryption for WSN’s
Efficient ECC encryption for WSN’sEfficient ECC encryption for WSN’s
Efficient ECC encryption for WSN’s
IDES Editor
 
Message authentication
Message authenticationMessage authentication
Message authentication
CAS
 

Recommended

lecture13.pdf
lecture13.pdflecture13.pdf
lecture13.pdf
AlaaElhaddad3
 
Unit 3
Unit 3Unit 3
Unit 3
tamil arasan
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptography
Nishant Bhardwaj
 
Cryptography and network_security
Cryptography and network_securityCryptography and network_security
Cryptography and network_security
Janani Satheshkumar
 
Cryptography Key Management.pptx
Cryptography Key Management.pptxCryptography Key Management.pptx
Cryptography Key Management.pptx
SurendraBasnet6
 
5. message authentication and hash function
5. message authentication and hash function5. message authentication and hash function
5. message authentication and hash function
Chirag Patel
 
Efficient ECC encryption for WSN’s
Efficient ECC encryption for WSN’sEfficient ECC encryption for WSN’s
Efficient ECC encryption for WSN’s
IDES Editor
 
Message authentication
Message authenticationMessage authentication
Message authentication
CAS
 
Message Authentication
Message AuthenticationMessage Authentication
Message Authentication
chauhankapil
 
ch11.ppt
ch11.pptch11.ppt
ch11.ppt
SomuPatil8
 
Block cipher modes of operation
Block cipher modes of operation Block cipher modes of operation
Block cipher modes of operation
harshit chavda
 
block ciphermodes of operation.pptx
block ciphermodes of operation.pptxblock ciphermodes of operation.pptx
block ciphermodes of operation.pptx
DEEPAK948083
 
Block coding, error detection (Parity checking, Cyclic redundancy checking (C...
Block coding, error detection (Parity checking, Cyclic redundancy checking (C...Block coding, error detection (Parity checking, Cyclic redundancy checking (C...
Block coding, error detection (Parity checking, Cyclic redundancy checking (C...
Paulo_Vangui
 
Chapter8 27 nov_2010
Chapter8 27 nov_2010Chapter8 27 nov_2010
Chapter8 27 nov_2010
Umang Gupta
 
PGP S/MIME
PGP S/MIMEPGP S/MIME
PGP S/MIME
Sou Jana
 
Cs8792 cns - unit iv
Cs8792 cns - unit ivCs8792 cns - unit iv
Cs8792 cns - unit iv
ArthyR3
 
Cs8792 cns - unit iv
Cs8792 cns - unit ivCs8792 cns - unit iv
Cs8792 cns - unit iv
ArthyR3
 
Cns
CnsCns
Cns
ArthyR3
 
Ch11
Ch11Ch11
Ch11
Joe Christensen
 
MD5.pptx.pdf
MD5.pptx.pdfMD5.pptx.pdf
MD5.pptx.pdf
PrateekKarkera1
 
Quantum Cryptography: from Theory to Practice
Quantum Cryptography: from Theory to Practice Quantum Cryptography: from Theory to Practice
Quantum Cryptography: from Theory to Practice
XequeMateShannon
 
An Effective Privacy-Preserving Data Coding in Peer-To-Peer Network
An Effective Privacy-Preserving Data Coding in Peer-To-Peer NetworkAn Effective Privacy-Preserving Data Coding in Peer-To-Peer Network
An Effective Privacy-Preserving Data Coding in Peer-To-Peer Network
IJCNCJournal
 
Data link layer
Data link layerData link layer
Data link layer
Hassanein Alwan
 
Jaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batchJaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batch
Jaimin Jani
 
Info mimi-hop-by-hop authentication
Info mimi-hop-by-hop authenticationInfo mimi-hop-by-hop authentication
Info mimi-hop-by-hop authentication
Selva Raj
 
Info mimi-hop-by-hop authentication-copy
Info mimi-hop-by-hop authentication-copyInfo mimi-hop-by-hop authentication-copy
Info mimi-hop-by-hop authentication-copy
Selva Raj
 
Network security
Network securityNetwork security
Network security
Sisir Ghosh
 
Stallings Kurose and Ross
Stallings Kurose and RossStallings Kurose and Ross
Stallings Kurose and Ross
Information Security Awareness Group
 
如何办理(Birmingham毕业证书)伯明翰大学学院毕业证成绩单本科硕士学位证留信学历认证
如何办理(Birmingham毕业证书)伯明翰大学学院毕业证成绩单本科硕士学位证留信学历认证如何办理(Birmingham毕业证书)伯明翰大学学院毕业证成绩单本科硕士学位证留信学历认证
如何办理(Birmingham毕业证书)伯明翰大学学院毕业证成绩单本科硕士学位证留信学历认证
ugzga
 
如何办理(UB毕业证书)纽约州立大学水牛城分校毕业证成绩单本科硕士学位证留信学历认证
如何办理(UB毕业证书)纽约州立大学水牛城分校毕业证成绩单本科硕士学位证留信学历认证如何办理(UB毕业证书)纽约州立大学水牛城分校毕业证成绩单本科硕士学位证留信学历认证
如何办理(UB毕业证书)纽约州立大学水牛城分校毕业证成绩单本科硕士学位证留信学历认证
ugzga
 

More Related Content

Similar to chapter 11,12,15.pptx kya chal the hey bhai

block ciphermodes of operation.pptx
block ciphermodes of operation.pptxblock ciphermodes of operation.pptx
block ciphermodes of operation.pptx
DEEPAK948083
 
Chapter8 27 nov_2010
Chapter8 27 nov_2010Chapter8 27 nov_2010
Chapter8 27 nov_2010
Umang Gupta
 
An Effective Privacy-Preserving Data Coding in Peer-To-Peer Network
An Effective Privacy-Preserving Data Coding in Peer-To-Peer NetworkAn Effective Privacy-Preserving Data Coding in Peer-To-Peer Network
An Effective Privacy-Preserving Data Coding in Peer-To-Peer Network
IJCNCJournal
 
Info mimi-hop-by-hop authentication
Info mimi-hop-by-hop authenticationInfo mimi-hop-by-hop authentication
Info mimi-hop-by-hop authentication
Selva Raj
 
Info mimi-hop-by-hop authentication-copy
Info mimi-hop-by-hop authentication-copyInfo mimi-hop-by-hop authentication-copy
Info mimi-hop-by-hop authentication-copy
Selva Raj
 
Network security
Network securityNetwork security
Network security
Sisir Ghosh
 

Similar to chapter 11,12,15.pptx kya chal the hey bhai (20)

Message Authentication
Message AuthenticationMessage Authentication
Message Authentication
 
ch11.ppt
ch11.pptch11.ppt
ch11.ppt
 
Block cipher modes of operation
Block cipher modes of operation Block cipher modes of operation
Block cipher modes of operation
 
block ciphermodes of operation.pptx
block ciphermodes of operation.pptxblock ciphermodes of operation.pptx
block ciphermodes of operation.pptx
 
Block coding, error detection (Parity checking, Cyclic redundancy checking (C...
Block coding, error detection (Parity checking, Cyclic redundancy checking (C...Block coding, error detection (Parity checking, Cyclic redundancy checking (C...
Block coding, error detection (Parity checking, Cyclic redundancy checking (C...
 
Chapter8 27 nov_2010
Chapter8 27 nov_2010Chapter8 27 nov_2010
Chapter8 27 nov_2010
 
PGP S/MIME
PGP S/MIMEPGP S/MIME
PGP S/MIME
 
Cs8792 cns - unit iv
Cs8792 cns - unit ivCs8792 cns - unit iv
Cs8792 cns - unit iv
 
Cs8792 cns - unit iv
Cs8792 cns - unit ivCs8792 cns - unit iv
Cs8792 cns - unit iv
 
Cns
CnsCns
Cns
 
Ch11
Ch11Ch11
Ch11
 
MD5.pptx.pdf
MD5.pptx.pdfMD5.pptx.pdf
MD5.pptx.pdf
 
Quantum Cryptography: from Theory to Practice
Quantum Cryptography: from Theory to Practice Quantum Cryptography: from Theory to Practice
Quantum Cryptography: from Theory to Practice
 
An Effective Privacy-Preserving Data Coding in Peer-To-Peer Network
An Effective Privacy-Preserving Data Coding in Peer-To-Peer NetworkAn Effective Privacy-Preserving Data Coding in Peer-To-Peer Network
An Effective Privacy-Preserving Data Coding in Peer-To-Peer Network
 
Data link layer
Data link layerData link layer
Data link layer
 
Jaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batchJaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batch
 
Info mimi-hop-by-hop authentication
Info mimi-hop-by-hop authenticationInfo mimi-hop-by-hop authentication
Info mimi-hop-by-hop authentication
 
Info mimi-hop-by-hop authentication-copy
Info mimi-hop-by-hop authentication-copyInfo mimi-hop-by-hop authentication-copy
Info mimi-hop-by-hop authentication-copy
 
Network security
Network securityNetwork security
Network security
 
Stallings Kurose and Ross
Stallings Kurose and RossStallings Kurose and Ross
Stallings Kurose and Ross
 

Recently uploaded

如何办理(Birmingham毕业证书)伯明翰大学学院毕业证成绩单本科硕士学位证留信学历认证
如何办理(Birmingham毕业证书)伯明翰大学学院毕业证成绩单本科硕士学位证留信学历认证如何办理(Birmingham毕业证书)伯明翰大学学院毕业证成绩单本科硕士学位证留信学历认证
如何办理(Birmingham毕业证书)伯明翰大学学院毕业证成绩单本科硕士学位证留信学历认证
ugzga
 
如何办理(UB毕业证书)纽约州立大学水牛城分校毕业证成绩单本科硕士学位证留信学历认证
如何办理(UB毕业证书)纽约州立大学水牛城分校毕业证成绩单本科硕士学位证留信学历认证如何办理(UB毕业证书)纽约州立大学水牛城分校毕业证成绩单本科硕士学位证留信学历认证
如何办理(UB毕业证书)纽约州立大学水牛城分校毕业证成绩单本科硕士学位证留信学历认证
ugzga
 
如何办理(UAL毕业证书)伦敦艺术大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(UAL毕业证书)伦敦艺术大学毕业证成绩单本科硕士学位证留信学历认证如何办理(UAL毕业证书)伦敦艺术大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(UAL毕业证书)伦敦艺术大学毕业证成绩单本科硕士学位证留信学历认证
ugzga
 
如何办理(UMN毕业证书)明尼苏达大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(UMN毕业证书)明尼苏达大学毕业证成绩单本科硕士学位证留信学历认证如何办理(UMN毕业证书)明尼苏达大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(UMN毕业证书)明尼苏达大学毕业证成绩单本科硕士学位证留信学历认证
ugzga
 
如何办理(UCL毕业证书)伦敦大学学院毕业证成绩单本科硕士学位证留信学历认证
如何办理(UCL毕业证书)伦敦大学学院毕业证成绩单本科硕士学位证留信学历认证如何办理(UCL毕业证书)伦敦大学学院毕业证成绩单本科硕士学位证留信学历认证
如何办理(UCL毕业证书)伦敦大学学院毕业证成绩单本科硕士学位证留信学历认证
ugzga
 
挂科办理天主教大学毕业证成绩单一模一样品质
挂科办理天主教大学毕业证成绩单一模一样品质挂科办理天主教大学毕业证成绩单一模一样品质
挂科办理天主教大学毕业证成绩单一模一样品质
yzeoq
 
如何办理(Columbia College毕业证书)纽约市哥伦比亚大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(Columbia College毕业证书)纽约市哥伦比亚大学毕业证成绩单本科硕士学位证留信学历认证如何办理(Columbia College毕业证书)纽约市哥伦比亚大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(Columbia College毕业证书)纽约市哥伦比亚大学毕业证成绩单本科硕士学位证留信学历认证
ugzga
 
ECHOES OF GENIUS - A Tribute to Nari Gandhi's Architectural Legacy. .pdf
ECHOES OF GENIUS - A Tribute to Nari Gandhi's Architectural Legacy. .pdfECHOES OF GENIUS - A Tribute to Nari Gandhi's Architectural Legacy. .pdf
ECHOES OF GENIUS - A Tribute to Nari Gandhi's Architectural Legacy. .pdf
Sarbjit Bahga
 
NO1 Best Best Amil In Rawalpindi Bangali Baba In Rawalpindi jadu tona karne w...
NO1 Best Best Amil In Rawalpindi Bangali Baba In Rawalpindi jadu tona karne w...NO1 Best Best Amil In Rawalpindi Bangali Baba In Rawalpindi jadu tona karne w...
NO1 Best Best Amil In Rawalpindi Bangali Baba In Rawalpindi jadu tona karne w...
Amil baba
 
如何办理(UoB毕业证书)伯明翰大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(UoB毕业证书)伯明翰大学毕业证成绩单本科硕士学位证留信学历认证如何办理(UoB毕业证书)伯明翰大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(UoB毕业证书)伯明翰大学毕业证成绩单本科硕士学位证留信学历认证
ugzga
 
如何办理(ArtEZ毕业证书)ArtEZ艺术学院毕业证成绩单本科硕士学位证留信学历认证
如何办理(ArtEZ毕业证书)ArtEZ艺术学院毕业证成绩单本科硕士学位证留信学历认证如何办理(ArtEZ毕业证书)ArtEZ艺术学院毕业证成绩单本科硕士学位证留信学历认证
如何办理(ArtEZ毕业证书)ArtEZ艺术学院毕业证成绩单本科硕士学位证留信学历认证
ugzga
 
如何办理(Bath毕业证书)巴斯大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(Bath毕业证书)巴斯大学毕业证成绩单本科硕士学位证留信学历认证如何办理(Bath毕业证书)巴斯大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(Bath毕业证书)巴斯大学毕业证成绩单本科硕士学位证留信学历认证
ugzga
 
一模一样英国德比大学毕业证(derby毕业证书)本科学历-国外大学文凭办理
一模一样英国德比大学毕业证(derby毕业证书)本科学历-国外大学文凭办理一模一样英国德比大学毕业证(derby毕业证书)本科学历-国外大学文凭办理
一模一样英国德比大学毕业证(derby毕业证书)本科学历-国外大学文凭办理
thubko
 

Recently uploaded (20)

如何办理(Birmingham毕业证书)伯明翰大学学院毕业证成绩单本科硕士学位证留信学历认证
如何办理(Birmingham毕业证书)伯明翰大学学院毕业证成绩单本科硕士学位证留信学历认证如何办理(Birmingham毕业证书)伯明翰大学学院毕业证成绩单本科硕士学位证留信学历认证
如何办理(Birmingham毕业证书)伯明翰大学学院毕业证成绩单本科硕士学位证留信学历认证
 
如何办理(UB毕业证书)纽约州立大学水牛城分校毕业证成绩单本科硕士学位证留信学历认证
如何办理(UB毕业证书)纽约州立大学水牛城分校毕业证成绩单本科硕士学位证留信学历认证如何办理(UB毕业证书)纽约州立大学水牛城分校毕业证成绩单本科硕士学位证留信学历认证
如何办理(UB毕业证书)纽约州立大学水牛城分校毕业证成绩单本科硕士学位证留信学历认证
 
Spring Summer 26 Colors Trend Book Peclers Paris
Spring Summer 26 Colors Trend Book Peclers ParisSpring Summer 26 Colors Trend Book Peclers Paris
Spring Summer 26 Colors Trend Book Peclers Paris
 
如何办理(UAL毕业证书)伦敦艺术大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(UAL毕业证书)伦敦艺术大学毕业证成绩单本科硕士学位证留信学历认证如何办理(UAL毕业证书)伦敦艺术大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(UAL毕业证书)伦敦艺术大学毕业证成绩单本科硕士学位证留信学历认证
 
Branding in the Psychedelic Landscape Report.pdf
Branding in the Psychedelic Landscape Report.pdfBranding in the Psychedelic Landscape Report.pdf
Branding in the Psychedelic Landscape Report.pdf
 
如何办理(UMN毕业证书)明尼苏达大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(UMN毕业证书)明尼苏达大学毕业证成绩单本科硕士学位证留信学历认证如何办理(UMN毕业证书)明尼苏达大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(UMN毕业证书)明尼苏达大学毕业证成绩单本科硕士学位证留信学历认证
 
如何办理(UCL毕业证书)伦敦大学学院毕业证成绩单本科硕士学位证留信学历认证
如何办理(UCL毕业证书)伦敦大学学院毕业证成绩单本科硕士学位证留信学历认证如何办理(UCL毕业证书)伦敦大学学院毕业证成绩单本科硕士学位证留信学历认证
如何办理(UCL毕业证书)伦敦大学学院毕业证成绩单本科硕士学位证留信学历认证
 
挂科办理天主教大学毕业证成绩单一模一样品质
挂科办理天主教大学毕业证成绩单一模一样品质挂科办理天主教大学毕业证成绩单一模一样品质
挂科办理天主教大学毕业证成绩单一模一样品质
 
GBU INDOOR STADIUM CASE STUDY DESCRIBING ITS STRUCTURE
GBU INDOOR STADIUM CASE STUDY DESCRIBING ITS STRUCTUREGBU INDOOR STADIUM CASE STUDY DESCRIBING ITS STRUCTURE
GBU INDOOR STADIUM CASE STUDY DESCRIBING ITS STRUCTURE
 
如何办理(Columbia College毕业证书)纽约市哥伦比亚大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(Columbia College毕业证书)纽约市哥伦比亚大学毕业证成绩单本科硕士学位证留信学历认证如何办理(Columbia College毕业证书)纽约市哥伦比亚大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(Columbia College毕业证书)纽约市哥伦比亚大学毕业证成绩单本科硕士学位证留信学历认证
 
The concept of motion graphics and its applications.
The concept of motion graphics and its applications.The concept of motion graphics and its applications.
The concept of motion graphics and its applications.
 
ECHOES OF GENIUS - A Tribute to Nari Gandhi's Architectural Legacy. .pdf
ECHOES OF GENIUS - A Tribute to Nari Gandhi's Architectural Legacy. .pdfECHOES OF GENIUS - A Tribute to Nari Gandhi's Architectural Legacy. .pdf
ECHOES OF GENIUS - A Tribute to Nari Gandhi's Architectural Legacy. .pdf
 
Morgenbooster: Storytelling in Identity Design
Morgenbooster: Storytelling in Identity DesignMorgenbooster: Storytelling in Identity Design
Morgenbooster: Storytelling in Identity Design
 
NO1 Best Best Amil In Rawalpindi Bangali Baba In Rawalpindi jadu tona karne w...
NO1 Best Best Amil In Rawalpindi Bangali Baba In Rawalpindi jadu tona karne w...NO1 Best Best Amil In Rawalpindi Bangali Baba In Rawalpindi jadu tona karne w...
NO1 Best Best Amil In Rawalpindi Bangali Baba In Rawalpindi jadu tona karne w...
 
如何办理(UoB毕业证书)伯明翰大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(UoB毕业证书)伯明翰大学毕业证成绩单本科硕士学位证留信学历认证如何办理(UoB毕业证书)伯明翰大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(UoB毕业证书)伯明翰大学毕业证成绩单本科硕士学位证留信学历认证
 
如何办理(ArtEZ毕业证书)ArtEZ艺术学院毕业证成绩单本科硕士学位证留信学历认证
如何办理(ArtEZ毕业证书)ArtEZ艺术学院毕业证成绩单本科硕士学位证留信学历认证如何办理(ArtEZ毕业证书)ArtEZ艺术学院毕业证成绩单本科硕士学位证留信学历认证
如何办理(ArtEZ毕业证书)ArtEZ艺术学院毕业证成绩单本科硕士学位证留信学历认证
 
Naer VR: Advanced Research and Usability Testing Project
Naer VR: Advanced Research and Usability Testing ProjectNaer VR: Advanced Research and Usability Testing Project
Naer VR: Advanced Research and Usability Testing Project
 
如何办理(Bath毕业证书)巴斯大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(Bath毕业证书)巴斯大学毕业证成绩单本科硕士学位证留信学历认证如何办理(Bath毕业证书)巴斯大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(Bath毕业证书)巴斯大学毕业证成绩单本科硕士学位证留信学历认证
 
一模一样英国德比大学毕业证(derby毕业证书)本科学历-国外大学文凭办理
一模一样英国德比大学毕业证(derby毕业证书)本科学历-国外大学文凭办理一模一样英国德比大学毕业证(derby毕业证书)本科学历-国外大学文凭办理
一模一样英国德比大学毕业证(derby毕业证书)本科学历-国外大学文凭办理
 
Design Portofolios - Licensed Architect / BIM Specialist
Design Portofolios - Licensed Architect / BIM SpecialistDesign Portofolios - Licensed Architect / BIM Specialist
Design Portofolios - Licensed Architect / BIM Specialist
 

chapter 11,12,15.pptx kya chal the hey bhai

  • 1. Message Integrity and Message Authentication CHAPTER 11
  • 2. Overview • Cryptographic hash functions that are used to create a message digest from a message. • Message digests guarantee the integrity of the message. • We then discuss how simple message digests can be modified to authenticate the message.
  • 3. Introduction Message Integrity • The cryptography systems that we have studied so far provide secrecy, or confidentiality, but not integrity. However, there are occasions where we may not even need secrecy but instead must have integrity. • Ex:Alice may write a will to distribute her estate upon her death. The will does not need to be encrypted. After her death, anyone can examine the will. The integrity of the will, however, needs to be preserved. Alice does not want the contents of the will to be changed.
  • 4. Document and Fingerprint • One way to preserve the integrity of a document is through the use of a fingerprint. • If Alice needs to be sure that the contents of her document will not be changed, she can put her fingerprint at the bottom of the document. • Eve cannot modify the contents of this document or create a false document because she cannot forge Alice’s fingerprint. To ensure that the document has not been changed, Alice’s fingerprint on the document can be compared to Alice’s fingerprint on file. If they are not the same, the document is not from Alice.
  • 6.
  • 7. • Cryptographic Hash Function Criteria A cryptographic hash function must satisfy three criteria: preimage resistance, second preimage resistance, and collision resistance, as shown in Figure 11.3.
  • 8.
  • 9. • Preimage Resistance A cryptographic hash function must be preimage resistant. Given a hash function h and y = h(M), it must be extremely difficult for Eve to find any message, M′, such that y = h(M′). Figure 11.4 shows the idea.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14. RANDOM ORACLE MODEL • The Random Oracle Model, which was introduced in 1993 by Bellare and Rogaway, is an ideal mathematical model for a hash function. A function based on this model behaves as follows: 1. When a new message of any length is given, the oracle creates and gives a fixed length message digest that is a random string of 0s and 1s. The oracle records the message and the message digest. 2. When a message is given for which a digest exists, the oracle simply gives the digest in the record. 3.The digest for a new message needs to be chosen independently from all previous digests. This implies that the oracle cannot use a formula or an algorithm to calculate the digest.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23. MESSAGE AUTHENTICATION • A message digest guarantees the integrity of a message. It guarantees that the message has not been changed. • A message digest, however, does not authenticate the sender of the message. When Alice sends a message to Bob, Bob needs to know if the message is coming from Alice. To provide message authentication, Alice needs to provide proof that it is Alice sending the message and not an impostor. A message digest per se cannot provide such a proof. • The digest created by a cryptographic hash function is normally called a modification detection code (MDC). The code can detect any modification in the message. What we need for message authentication (data origin authentication) is a message authentication code (MAC).
  • 25. • A modification detection code (MDC) is a message digest that can prove the integrity of the message: that message has not been changed. If Alice needs to send a message to Bob and be sure that the message will not change during transmission, Alice can create a message digest, MDC, and send both the message and the MDC to Bob. Bob can create a new MDC from the message and compare the received MDC and the new MDC. If they are the same, the message has not been changed. Figure 11.9 shows the idea. • Figure 11.9 shows that the message can be transferred through an insecure channel. Eve can read or even modify the message. The MDC, however, needs to be transferred through a safe channel. The term safe here means immune to change. If both the message and the MDC are sent through the insecure channel, Eve can intercept the message, change it, create a new MDC from the message, and send both to Bob.
  • 26. • Bob never knows that the message has come from Eve. Note that the term safe can mean a trusted party; the term channel can mean the passage of time. For example, if Alice makes an MDC from her will and deposits it with her attorney, who keeps it locked away until her death, she has used a safe channel. • Alice writes her will and announces it publicly (insecure channel). Alice makes an MDC from the message and deposits it with her attorney, which is kept until her death (a secure channel). Although Eve may change the contents of the will, the attorney can create an MDC from the will and prove that Eve’s version is a forgery. If the cryptography hash function used to create the MDC has the three properties described at the beginning of this chapter, Eve will lose.
  • 28. • To ensure the integrity of the message and the data origin authentication that Alice is the originator of the message, not somebody else we need to change a modification detection code (MDC) to a message authentication code (MAC). The difference between a MDC and a MAC is that the second includes a secret between Alice and Bob for example, a secret key that Eve does not possess. Figure 11.10 shows the idea. • Alice uses a hash function to create a MAC from the concatenation of the key and the message, h (K|M). She sends the message and the MAC to Bob over the insecure channel. Bob separates the message from the MAC. He then makes a new MAC from the concatenation of the message and the secret key. Bob then compares the newly created MAC with the one received. If the two MACs match, the message is authentic and has not been modified by an adversary.
  • 29. • Note that there is no need to use two channels in this case. Both message and the MAC can be sent on the same insecure channel. Eve can see the message, but she cannot forge a new message to replace it because Eve does not possess the secret key between Alice and Bob. She is unable to create the same MAC as Alice did. • The MAC we have described is referred to as a prefix MAC because the secret key is appended to the beginning of the message. We can have a postfix MAC, in which the key is appended to the end of the message. We can combine the prefix and postfix MAC, with the same key or two different keys. However, the resulting MACs are still insecure.
  • 31. • To improve the security of a MAC, nested MACs were designed in which hashing is done in two steps. In the first step, the key is concatenated with the message and is hashed to create an intermediate digest. In the second step, the key is concatenated with the intermediate digest to create the final digest. Figure 11.12 shows the general idea. HMAC • NIST has issued a standard (FIPS 198) for a nested MAC that is often referred to as HMAC (hashed MAC, to distinguish it from CMAC, discussed in the next section). The implementation of HMAC is much more complex than the simplified nested MAC shown in Figure 11.11. There are additional features, such as padding. Figure 11.12 shows the details.
  • 32.
  • 33. • We go through the steps: 1. The message is divided into N blocks, each of b bits. 2. The secret key is left-padded with 0’s to create a b-bit key. Note that it is recommended that the secret key (before padding) be longer than n bits, where n is the size of the HMAC. 3. The result of step 2 is exclusive-ored with a constant called ipad (input pad) to create a b-bit block. The value of ipad is the b/8 repetition of the sequence 00110110 (36 in hexadecimal). 4. The resulting block is prepended to the N-block message. The result is N + 1 blocks. 5. The result of step 4 is hashed to create an n-bit digest. We call the digest the intermediate HMAC
  • 34. 6. The intermediate n-bit HMAC is left padded with 0s to make a b-bit block. 7. Steps 2 and 3 are repeated by a different constant opad (output pad). The value of opad is the b/8 repetition of the sequence 01011100 (5C in hexadecimal). 8. The result of step 7 is prepended to the block of step 6. 9. The result of step 8 is hashed with the same hashing algorithm to create the final n-bit HMAC
  • 35. CMAC • NIST has also defined a standard (FIPS 113) called Data Authentication Algorithm, or CMAC, or CBCMAC. The method is similar to the cipher block chaining (CBC) mode discussed in Chapter 8 for symmetric-key encipherment. However, the idea here is not to create N blocks of ciphertext from N blocks of plaintext. The idea is to create one block of MAC from N blocks of plaintext using a symmetric-key cipher N times. Figure 11.13 shows the idea.
  • 36.
  • 37. • The message is divided into N blocks, each m bits long. The size of the CMAC is n bits. If the last block is not m bits, it is padded with a 1-bit followed by enough 0-bits to make it m bits. The first block of the message is encrypted with the symmetric key to create an m-bit block of encrypted data. • This block is XORed with the next block and the result is encrypted again to create a new m-bit block. The process continues until the last block of the message is encrypted. • The n leftmost bit from the last block is the CMAC. In addition to the symmetric key, K, CMAC also uses another key, k, which is applied only at the last step
  • 38. • . This key is derived from the encryption algorithm with plaintext of m 0-bits using the cipher key, K. The result is then multiplied by x if no padding is applied and multiplied by x2 if padding is applied. The multiplication is in GF(2m) with the irreducible polynomial of degree m selected by the particular protocol used • Note that this is different from the CBC used for confidentiality, in which the output of each encryption is sent as the ciphertext and at the same time XORed with the next plaintext block. Here the intermediate encrypted blocks are not sent as ciphertext; they are only used to be XORed with the next block.
  • 39. Chapter 12 Cryptographic Hash Functions Iterated Hash Function • All cryptographic hash functions need to create a fixed-size digest out of a variable-size message. Creating such a function is best accomplished using iteration. Instead of using a hash function with variable-size input, a function with fixed-size input is created and is used a necessary number of times. The fixed-size input function is referred to as a compression function. It compresses an n-bit string to create an m-bit string where n is normally greater than m. The scheme is referred to as an iterated cryptographic hash function.
  • 40. Merkle-Damgard Scheme The Merkle-Damgard scheme is an iterated hash function that is collision resistant if the compression function is collision resistant. This can be proved, but the proof is left as an exercise. The scheme is shown in Figure 12.1.
  • 41.
  • 42. Two Groups of Compression Functions • The Merkle-Damgard scheme is the basis for many cryptographic hash functions today. The only thing we need to do is design a compression function that is collision resistant and insert it in the Merkle-Damgard scheme. • There is a tendency to use two different approaches in designing a hash function. In the first approach, the compression function is made from scratch: it is particularly designed for this purpose.  In the second approach, a symmetric-key block cipher serves as a compression function.
  • 43. Hash Functions Made from Scratch
  • 44.
  • 45. • Other Algorithms RACE Integrity Primitives Evaluation Message Digest (RIPMED) has several versions. RIPEMD-160 is a hash algorithm with a 160-bit message digest. RIPEMD-160 uses the same structure as MD5 but uses two parallel lines of execution. HAVAL is a variable-length hashing algorithm with a message digest of size 128, 160, 192, 224, and 256.The block size is 1024 bits.
  • 46. Hash Functions Based on Block Ciphers • An iterated cryptographic hash function can use a symmetric-key block cipher as a compression function. The whole idea is that there are several secure symmetric-key block ciphers, such as triple DES or AES, that can be used to make a one-way function instead of creating a new compression function. The block cipher in this case only performs encryption. Several schemes have been proposed.
  • 47. Rabin Scheme • The iterated hash function proposed by Rabin is very simple. The Rabin scheme is based on the Merkle-Damgard scheme. The compression function is replaced by any encrypting cipher. The message block is used as the key; the previously created digest is used as the plaintext. The ciphertext is the new message digest. Note that the size of the digest is the size of data block cipher in the underlying cryptosystem. For example, if DES is used as the block cipher, the size of the digest is only 64 bits. Although the scheme is very simple, it is subject to a meet-in-the-middle attack discussed in Chapter 6, because the adversary can use the decryption algorithm of the cryptosystem. Figure 12.2 shows the Rabin scheme.
  • 48.
  • 49.
  • 50. • Matyas-Meyer-Oseas Scheme: The Matyas-Meyer-Oseas scheme is a dual version of the Davies-Meyer scheme: the message block is used as the key to the cryptosystem. The scheme can be used if the data block and the cipher key are the same size. For example, AES is a good candidate for this purpose. Figure 12.4 shows the MatyasMeyer- Oseas scheme.
  • 51.
  • 52.
  • 53.
  • 54.
  • 55.
  • 56.
  • 57.
  • 58. Chapter 15 Key Management SYMMETRIC-KEY DISTRIBUTION • Symmetric-key cryptography is more efficient than asymmetric-key cryptography for enciphering large messages. Symmetric-key cryptography, however, needs a shared secret key between two parties. • If Alice needs to exchange confidential messages with N people, she needs N different keys. What if N people need to communicate with each other? A total of N(N − 1) keys is needed if we require that Alice and Bob use two keys for bidirectional communication; only N(N − 1)/2 keys are needed if we allow a key to be used for both directions. This means that if one million people need to communicate with each other, each person has almost one million different keys; in total, almost one trillion keys are needed. This is normally referred to as the 𝑁2problem because the number of required keys for N entities is 𝑁2
  • 59. • The number of keys is not the only problem; the distribution of keys is another. If Alice and Bob want to communicate, they need a way to exchange a secret key; if Alice wants to communicate with one million people, how can she exchange one million keys with one million people? Using the Internet is definitely not a secure method. It is obvious that we need an efficient way to maintain and distribute secret keys. Key-Distribution Center: KDC A practical solution is the use of a trusted third party, referred to as a key-distribution center (KDC). To reduce the number of keys, each person establishes a shared secret key with the KDC, as shown in Figure 15.1.
  • 60.
  • 61. • A secret key is established between the KDC and each member. Alice has a secret key with the KDC, which we refer to as KAlice; Bob has a secret key with the KDC, which we refer to as KBob; and so on. Now the question is how Alice can send a confidential message to Bob. The process is as follows: 1. Alice sends a request to the KDC stating that she needs a session (temporary) secret key between herself and Bob. 2. The KDC informs Bob about Alice’s request. 3. If Bob agrees, a session key is created between the two. • The secret key between Alice and Bob that is established with the KDC is used to authenticate Alice and Bob to the KDC and to prevent Eve from impersonating it
  • 62.
  • 63. • Hierarchical Multiple KDCs The concept of flat multiple KDCs can be extended to a hierarchical system of KDCs, with one or more KDCs at the top of the hierarchy. For example, there can be local KDCs, national KDCs, and international KDCs. When Alice needs to communicate with Bob, who lives in another country, she sends her request to a local KDC; the local KDC relays the request to the national KDC; the national KDC relays the request to an international KDC. The request is then relayed all the way down to the local KDC where Bob lives. Figure 15.3 shows a configuration of hierarchical multiple KDCs.
  • 64. Session Keys • A KDC creates a secret key for each member. This secret key can be used only between the member and the KDC, not between two members. If Alice needs to communicate secretly with Bob, she needs a secret key between herself and Bob. A KDC can create a session key between Alice and Bob, using their keys with the center. The keys of Alice and Bob are used to authenticate Alice and Bob to the center and to each other before the session key is established. After communication is terminated, the session key is no longer useful. Figure 15.2 Flat multiple KDCs A session symmetric key between two parties is used only once.
  • 65.
  • 66.
  • 67.
  • 68.
  • 69. KERBEROS • Kerberos is an authentication protocol, and at the same time a KDC, that has become very popular. Several systems, including Windows 2000, use Kerberos. It is named after the three-headed dog in Greek mythology that guards the gates of Hades. Originally designed at MIT, it has gone through several versions.