Uploaded byhomecooking511
PPTX, PDF32 views

Hashes_and_Digital_Signatures_Slides.pptx

Information security slides related how to perform hasing, digital signature and certificate topics explained.

Embed presentation

Download to read offline
Lecture 8 Cryptographic Tools: Hashes and Digital Signatures
Authentication  Receiver wants to verify:  Contents of the message have not been modified (data authentication)  Source of message is who they claim to be (source authentication)  Different approaches available:  Symmetric Key Encryption  Message Authentication Codes (MACs)  Hash Functions  Public Key Encryption (i.e. Digital Signatures)
Symmetric Encryption for Authentication  Confidentiality: only B (and A) can recover plaintext  Source Authentication:A is only other user with key; must have come from A  Data Authentication: successfully decrypted; data has not been modified  Assumption: decryption can recognize correct plaintext
Recognizing Correct Plaintext Example 1 B receives ciphertext (supposedly from A, using shared secret key K): DPNFCTEJLYONCJAEZRCLASJTDQFY B decrypts with key K to obtain plaintext: SECURITYANDCRYPTOGRAPHYISFUN  Was the plaintext encrypted with key K (and hence sent byA)?  Is the ciphertext received the same as the ciphertext sent by A?
Recognizing Correct Plaintext Example 2 B receives ciphertext (supposedly from A, using shared secret key K): QEFPFPQEBTOLKDJBPPXDBPLOOVX B decrypts with key K to obtain plaintext: FTUEUEFTQIDAZSYQEEMSQEADDKM  Was the plaintext encrypted with key K (and hence sent byA)?  Is the ciphertext received the same as the ciphertext sent by A?
Recognizing Correct Plaintext  Valid plaintexts should be small subset of all possible messages:  E.g. 26n possible messages of length n; only small subset are valid English phrases.  Plaintext messages have structure  BUT automatically detecting structure can be difficult  Add structure to make it easier, e.g.  Error detecting code or Frame Check Sequence  Packet header
Authentication with Message Authentication Codes  Append small, fixed-size block of data to message: cryptographic checksum or MAC T = MAC(K, M) M = input message MAC = MAC function K = shared secret key of k bits T = message authentication code (or tag) of n bits  MAC function also called keyed hash function  MAC function similar to encryption, but does not need to be reversible  Easier to design stronger MAC functions than encryption functions
Message Authentication Codes
Requirement of MACs  Objective of Attacker  Assume MAC function is known, key K is not  For valid MAC code for given message x  Requirement of MAC Function Computation Resistance : Given one or more text- MAC pairs (xi , MAC(K, xi )), it should be computationally infeasible to compute any other text-MAC pair (x, MAC(K, x)) for a new input x ≠ xi.
Security of MACs  Brute Force Attack on Key  Attacker knows (x1, T1) where T1 = MAC(K, x1)  Key size of k bits: brute force on key, 2K  But . . . many tags match T1  For keys that produce tag T1, try again with (x2, T2)  Effort to find K is approximately 2K
Security of MACs  Brute Force Attack on MAC value  For xm, find Tm without knowing K  Similar effort required as one-way/weak collision resistant property for hash functions  For n bit MAC value length, effort is 2n Effort to break MAC: min(2K , 2n )
Security of MACs  Cryptanalysis  Many different MAC algorithms; attacks specific to algorithms  MAC algorithms generally considered secure
MAC Algorithms  Data Authentication Algorithm (DAA): based on DES; considered insecure  Cipher-Based Message Authentication Code (CMAC): mode of operation used with Triple- DES and AES  OMAC, PMAC, UMAC, VMAC, . . .  HMAC, function derived from cryptographic hash functions
Hash Functions  Hash function H: variable-length block of data M input; fixed-size hash value h = H(M) output  Applying H to large set of inputs should produce evenly distributed and random looking outputs  Cryptographic hash function: computationally infeasible to find:  M that maps to known h (one-way property)  M1 and M2 that produce same h (collision-free property)  Used to determine whether or not data has changed  Examples: message authentication, digital signatures, one-way password file, intrusion/virus detection, PRNG
Secure Hash Functions
Authentication with Hash Functions Message Authentication  Verify the integrity of a message  Ensure data received are exactly as sent  Assure identity of the sender is valid  Hash function used to provide message authentication called message digest
Message Authentication
Hash Function Requirements  Applied to any size data.  H produces a fixed-length output.  H(x) is relatively easy to compute for any given x  One-way property  computationally infeasible to find x such that H(x) = h  Weak collision resistance  computationally infeasible to find y ≠ x such that H(y) = H(x)  Strong collision resistance  computationally infeasible to find any pair (x, y) such that H(x) = H(y)
Hash Functions  two attack approaches  cryptanalysis  exploit logical weakness in algorithm  brute-force attack  trial many inputs  strength proportional to size of hash code (2n )  SHA most widely used hash algorithm  SHA-1 gives 160-bit hash  more recent SHA-256, SHA-384, SHA-512 provide improved size and security
Public Key Authentication Authentication and/or data integrity
Public Key Infrastructure (PKI)  Public Key Infrastructure (PKI): integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services enabling users to communicate securely  PKI systems based on public key cryptosystems; include digital certificates and certificate authorities (CAs)
Public Key Infrastructure
PKIX Management  functions: registration initialization certification key pair recovery key pair update revocation request cross certification  protocols:  CMP(certificate management protocols ),  CMC(certificate management messages )
PKI services PKI protects information assets in several ways:  Authentication – Digital Certificate  To identify a user who claim who he/she is, in order to access the resource.  Non-repudiation – Digital Signature  To make the user becomes unable to deny that he/she has sent the message, signed the document or participated in a transaction.  Confidentiality - Encryption  To make the transaction secure, no one else is able to read/retrieve the ongoing transaction unless the communicating parties.  Integrity - Encryption  To ensure the information has not been tampered during transmission.  Authorization - Digital certificates  Digital certificates issued in a PKI environment can replace user IDs and passwords, enhance security, and reduce some of the overhead required for authorization processes and controlling access privileges
Public-Key Authority  Assume each user has already security published public-key at authority; each user knows authorities public key.  Problem: authority can be bottleneck  Alternative: public-key certificates
Public-Key Certificates Assume public keys sent to CA can be authenticated by CA; each user has certificate of CA.
Digital Signatures  Encrypted messages that can be mathematically proven to be authentic  Created in response to rising need to verify information transferred using electronic systems  Asymmetric encryption processes used to create digital signatures
All copyrights reserved by C.C. Cheung 2003. Digital Signature  Digital signature can be used in all electronic communications  Web, e-mail, e-commerce  It is an electronic stamp or seal that append to the document.  Ensure the document being unchanged during transmission.
All copyrights reserved by C.C. Cheung 2003. How digital Signature works? User A User B Use A’s private key to sign the document Transmit via the Internet User B received the document with signature attached Verify the signature by A’s public key stored at the directory
All copyrights reserved by C.C. Cheung 2003. Digital Signature Generation and Verification Message Sender Message Receiver Message Message Hash function Digest Encryption Signature Hash function Digest Decryption Expected Digest Private Key Public Key
Digital Signature Algorithms  RSA  Digital SignatureAlgorithm (DSA): FIPS-186  ECDSA: DSA with elliptic curve cryptography  ElGamal signature scheme: DSA is enhancement of ElGamal  Bilinear pairing based signatures, e.g. BLS  Different hash algorithms can be used; e.g. SHA2  Pre-image resistant, second pre-image resistant, collision resistant
All copyrights reserved by C.C. Cheung 2003. Digital Certificates  Digital Certificate is a data with digital signature from one trusted CertificationAuthority (CA).  This data contains:  Who owns this certificate  Who signed this certificate  The expired date  User name & email address
Digital Certificates  Electronic document containing key value and identifying information about entity that controls key  Digital signature attached to certificate’s container file to certify file is from entity it claims to be from
Figure 8-5 Digital Signatures
All copyrights reserved by C.C. Cheung 2003. Digital Certificate  Reference
All copyrights reserved by C.C. Cheung 2003. Certification Authority (CA)  A trusted agent who certifies public keys for general use (Corporation or Bank).  User has to decide which CAs can be trusted.  The model for key certification based on friends and friends of friends is called “Web ofTrust”.  The public key is passing from friend to friend.  Works well in small or high connected worlds.  What if you receive a public key from someone you don’t know?  A Certificate Authority is an agency that manages the issuance of certificates and serves as the electronic notary public to verify their worth and integrity.
Principles of Information Security, 2nd edition Protocols for Secure Communications  Secure Socket Layer (SSL) protocol: uses public key encryption to secure channel over public Internet  Secure HypertextTransfer Protocol (S-HTTP): extended version of HypertextTransfer Protocol; provides for encryption of individual messages between client and server across Internet  S-HTTP is the application of SSL over HTTP; allows encryption of information passing between computers through protected and secure virtual connection
Principles of Information Security, 2nd edition Protocols for Secure Communications (continued)  Securing E-mail with S/MIME, PEM, and PGP  Secure Multipurpose Internet Mail Extensions (S/MIME): builds on Multipurpose Internet Mail Extensions (MIME) encoding format by adding encryption and authentication  Privacy Enhanced Mail (PEM): proposed as standard to function with public key cryptosystems; uses 3DES symmetric key encryption  Pretty Good Privacy (PGP): uses IDEA Cipher for message encoding
Principles of Information Security, 2nd edition Protocols for Secure Communications (continued)  SecuringWeb transactions with SET, SSL, and S-HTTP  Secure ElectronicTransactions (SET): developed by MasterCard and VISA in 1997 to provide protection from electronic payment fraud  Uses DES to encrypt credit card information transfers  Provides security for both Internet-based credit card transactions and credit card swipe systems in retail stores

More Related Content

PPTX
Unit 3
bytamil arasan
 
DOCX
Computer System Security (UNIT IV) For AKTU Lucknow
byBrijesh Vishwakarma
 
PPTX
chapter three 3-part II-1lecture slide.pptx
bymeharikiros2
 
PPT
Security in computer Security in computer
bySandeepGupta229023
 
PPT
Message authentication and hash function
byomarShiekh1
 
PPTX
Hash Function
bySiddharth Srivastava
 
PPT
UNIT3_class (1).ppt CRYPTOGRAPHY NOTES AND NETWORK
byjeevasreemurali
 
PPT
Chapt4-Public-Key Cryptography and Message Authentication.ppt
bywafaaljack25
 
Unit 3
bytamil arasan
 
Computer System Security (UNIT IV) For AKTU Lucknow
byBrijesh Vishwakarma
 
chapter three 3-part II-1lecture slide.pptx
bymeharikiros2
 
Security in computer Security in computer
bySandeepGupta229023
 
Message authentication and hash function
byomarShiekh1
 
Hash Function
bySiddharth Srivastava
 
UNIT3_class (1).ppt CRYPTOGRAPHY NOTES AND NETWORK
byjeevasreemurali
 
Chapt4-Public-Key Cryptography and Message Authentication.ppt
bywafaaljack25
 

Similar to Hashes_and_Digital_Signatures_Slides.pptx

PPT
cryptography and network security by william stallings
byHimaniP19CSE013
 
PPTX
IS413 Topic 5.pptx
byWarrenPhiri4
 
PPTX
Unit 4 - Integrity and Authenticity-V1.pptx
byheaughfrds1
 
PPT
ch11.ppt
byssuser4198c4
 
PPT
NSC_Unit-III_final.ppt
byDrVASAVIBANDE
 
PDF
BAIT1103 Chapter 2
bylimsh
 
PDF
Secure 3 kany-vanda
byVanda KANY
 
PPT
Risks from malicious or faulty programs! .ppt
byssuser4425b5
 
PPTX
Computer Introduction-Lecture05
byDr. Mazin Mohamed alkathiri
 
PPT
ch11.ppt
bySomuPatil8
 
PPTX
UNIT III- DIGITAL SIGNATURE AND AUTHENTICATION.pptx
bybhavivsbec
 
PPTX
Digital Signature Message Digest Network Security
bysxccomputerscience
 
PDF
Information Security Imp +Past Paper.pdf
byag3777499
 
PPTX
UNIT I - INTRODUCTION. cryptography and network security from anna university...
byvinothaaids
 
PPTX
Unit 4
byKRAMANJANEYULU1
 
PPT
Iss lecture 4
byAli Habeeb
 
PPTX
cryptography and network security cns.pptx
bygkumar610
 
PDF
SHA_and_DS.pdf
bySantosh Gupta
 
PPTX
Basic Cryptography unit 4 CSS
byDr. SURBHI SAROHA
 
PDF
Ch04-Computer Security
byAttaporn Ninsuwan
 
cryptography and network security by william stallings
byHimaniP19CSE013
 
IS413 Topic 5.pptx
byWarrenPhiri4
 
Unit 4 - Integrity and Authenticity-V1.pptx
byheaughfrds1
 
ch11.ppt
byssuser4198c4
 
NSC_Unit-III_final.ppt
byDrVASAVIBANDE
 
BAIT1103 Chapter 2
bylimsh
 
Secure 3 kany-vanda
byVanda KANY
 
Risks from malicious or faulty programs! .ppt
byssuser4425b5
 
Computer Introduction-Lecture05
byDr. Mazin Mohamed alkathiri
 
ch11.ppt
bySomuPatil8
 
UNIT III- DIGITAL SIGNATURE AND AUTHENTICATION.pptx
bybhavivsbec
 
Digital Signature Message Digest Network Security
bysxccomputerscience
 
Information Security Imp +Past Paper.pdf
byag3777499
 
UNIT I - INTRODUCTION. cryptography and network security from anna university...
byvinothaaids
 
Unit 4
byKRAMANJANEYULU1
 
Iss lecture 4
byAli Habeeb
 
cryptography and network security cns.pptx
bygkumar610
 
SHA_and_DS.pdf
bySantosh Gupta
 
Basic Cryptography unit 4 CSS
byDr. SURBHI SAROHA
 
Ch04-Computer Security
byAttaporn Ninsuwan
 

Recently uploaded

PDF
Doctor On Call App Development for Digital Healthcare.
byV3CUBE TECHNOLABS
 
PDF
MySQL Routing Guidelines: Designing Smarter Query Routing Together
byMiguel Araújo
 
PPTX
40m_wAIred_DigitalPlatformRabobank_10022026.pptx
bySimonedeGijt
 
PPTX
40m_wAIred_DigitalPlatformRabobank_10022026.pptx
bySimonedeGijt
 
PDF
On Demand Grocery Delivery App Development
byV3CUBE TECHNOLABS
 
PDF
Ultimate Guide to CMMS An In-Depth Analysis - Zapium
byhello208828
 
PDF
openstack_operations_slides_version1.3_pp.pdf
byssuser47d511
 
PDF
Introduction to Modern Artificial Intelligence.pdf
byAI n Dot Net
 
PDF
Ready, Set, REST! Introducing MySQL's Built-In REST Service
byMiguel Araújo
 
PDF
Animated Safety Induction: A Smarter Way to Onboard for Workplace Safety
byTECH EHS Solution
 
PPTX
‘Analyzing Application Logs Using AI’ Webinar
byTier1 app
 
PDF
Routing Guidelines: Unlocking Smarter Query Routing in MySQL Architectures
byMiguel Araújo
 
PDF
eresource Xcel ERP for Maunfacturing - Best Manufacturing ERP for SME
byeresource Infotech Pvt.Ltd
 
PPTX
Prime Teams – Real-Time Employee Monitoring & Project Management Software
byPrime Teams
 
PDF
Ontwikkel sneller en veiliger met GitHub Copilot
byDelta-N
 
PDF
Project Tracking in Software Project Management
bySahanaBarveen1
 
PDF
Azure DevOps Services: Complete Guide to DevOps Tools, Automation & End-to-En...
byjohncarterjn
 
PDF
Massage Booking App Development Company
byV3CUBE TECHNOLABS
 
PDF
Research-Driven Development: Navigating the Generative Era in Software
byCadabra Studio
 
PDF
Odoo ERP Implementation Setup: Step-by-Step Process
byShiv Technolabs Pvt. Ltd.
 
Doctor On Call App Development for Digital Healthcare.
byV3CUBE TECHNOLABS
 
MySQL Routing Guidelines: Designing Smarter Query Routing Together
byMiguel Araújo
 
40m_wAIred_DigitalPlatformRabobank_10022026.pptx
bySimonedeGijt
 
40m_wAIred_DigitalPlatformRabobank_10022026.pptx
bySimonedeGijt
 
On Demand Grocery Delivery App Development
byV3CUBE TECHNOLABS
 
Ultimate Guide to CMMS An In-Depth Analysis - Zapium
byhello208828
 
openstack_operations_slides_version1.3_pp.pdf
byssuser47d511
 
Introduction to Modern Artificial Intelligence.pdf
byAI n Dot Net
 
Ready, Set, REST! Introducing MySQL's Built-In REST Service
byMiguel Araújo
 
Animated Safety Induction: A Smarter Way to Onboard for Workplace Safety
byTECH EHS Solution
 
‘Analyzing Application Logs Using AI’ Webinar
byTier1 app
 
Routing Guidelines: Unlocking Smarter Query Routing in MySQL Architectures
byMiguel Araújo
 
eresource Xcel ERP for Maunfacturing - Best Manufacturing ERP for SME
byeresource Infotech Pvt.Ltd
 
Prime Teams – Real-Time Employee Monitoring & Project Management Software
byPrime Teams
 
Ontwikkel sneller en veiliger met GitHub Copilot
byDelta-N
 
Project Tracking in Software Project Management
bySahanaBarveen1
 
Azure DevOps Services: Complete Guide to DevOps Tools, Automation & End-to-En...
byjohncarterjn
 
Massage Booking App Development Company
byV3CUBE TECHNOLABS
 
Research-Driven Development: Navigating the Generative Era in Software
byCadabra Studio
 
Odoo ERP Implementation Setup: Step-by-Step Process
byShiv Technolabs Pvt. Ltd.
 

Hashes_and_Digital_Signatures_Slides.pptx

  • 1.
  • 2.
    Authentication  Receiver wantsto verify:  Contents of the message have not been modified (data authentication)  Source of message is who they claim to be (source authentication)  Different approaches available:  Symmetric Key Encryption  Message Authentication Codes (MACs)  Hash Functions  Public Key Encryption (i.e. Digital Signatures)
  • 3.
    Symmetric Encryption forAuthentication  Confidentiality: only B (and A) can recover plaintext  Source Authentication:A is only other user with key; must have come from A  Data Authentication: successfully decrypted; data has not been modified  Assumption: decryption can recognize correct plaintext
  • 4.
    Recognizing Correct Plaintext Example1 B receives ciphertext (supposedly from A, using shared secret key K): DPNFCTEJLYONCJAEZRCLASJTDQFY B decrypts with key K to obtain plaintext: SECURITYANDCRYPTOGRAPHYISFUN  Was the plaintext encrypted with key K (and hence sent byA)?  Is the ciphertext received the same as the ciphertext sent by A?
  • 5.
    Recognizing Correct Plaintext Example2 B receives ciphertext (supposedly from A, using shared secret key K): QEFPFPQEBTOLKDJBPPXDBPLOOVX B decrypts with key K to obtain plaintext: FTUEUEFTQIDAZSYQEEMSQEADDKM  Was the plaintext encrypted with key K (and hence sent byA)?  Is the ciphertext received the same as the ciphertext sent by A?
  • 6.
    Recognizing Correct Plaintext Valid plaintexts should be small subset of all possible messages:  E.g. 26n possible messages of length n; only small subset are valid English phrases.  Plaintext messages have structure  BUT automatically detecting structure can be difficult  Add structure to make it easier, e.g.  Error detecting code or Frame Check Sequence  Packet header
  • 7.
    Authentication with MessageAuthentication Codes  Append small, fixed-size block of data to message: cryptographic checksum or MAC T = MAC(K, M) M = input message MAC = MAC function K = shared secret key of k bits T = message authentication code (or tag) of n bits  MAC function also called keyed hash function  MAC function similar to encryption, but does not need to be reversible  Easier to design stronger MAC functions than encryption functions
  • 8.
  • 10.
    Requirement of MACs Objective of Attacker  Assume MAC function is known, key K is not  For valid MAC code for given message x  Requirement of MAC Function Computation Resistance : Given one or more text- MAC pairs (xi , MAC(K, xi )), it should be computationally infeasible to compute any other text-MAC pair (x, MAC(K, x)) for a new input x ≠ xi.
  • 11.
    Security of MACs Brute Force Attack on Key  Attacker knows (x1, T1) where T1 = MAC(K, x1)  Key size of k bits: brute force on key, 2K  But . . . many tags match T1  For keys that produce tag T1, try again with (x2, T2)  Effort to find K is approximately 2K
  • 12.
    Security of MACs Brute Force Attack on MAC value  For xm, find Tm without knowing K  Similar effort required as one-way/weak collision resistant property for hash functions  For n bit MAC value length, effort is 2n Effort to break MAC: min(2K , 2n )
  • 13.
    Security of MACs Cryptanalysis  Many different MAC algorithms; attacks specific to algorithms  MAC algorithms generally considered secure
  • 14.
    MAC Algorithms  DataAuthentication Algorithm (DAA): based on DES; considered insecure  Cipher-Based Message Authentication Code (CMAC): mode of operation used with Triple- DES and AES  OMAC, PMAC, UMAC, VMAC, . . .  HMAC, function derived from cryptographic hash functions
  • 15.
    Hash Functions  Hashfunction H: variable-length block of data M input; fixed-size hash value h = H(M) output  Applying H to large set of inputs should produce evenly distributed and random looking outputs  Cryptographic hash function: computationally infeasible to find:  M that maps to known h (one-way property)  M1 and M2 that produce same h (collision-free property)  Used to determine whether or not data has changed  Examples: message authentication, digital signatures, one-way password file, intrusion/virus detection, PRNG
  • 16.
  • 17.
    Authentication with HashFunctions Message Authentication  Verify the integrity of a message  Ensure data received are exactly as sent  Assure identity of the sender is valid  Hash function used to provide message authentication called message digest
  • 18.
  • 19.
    Hash Function Requirements Applied to any size data.  H produces a fixed-length output.  H(x) is relatively easy to compute for any given x  One-way property  computationally infeasible to find x such that H(x) = h  Weak collision resistance  computationally infeasible to find y ≠ x such that H(y) = H(x)  Strong collision resistance  computationally infeasible to find any pair (x, y) such that H(x) = H(y)
  • 20.
    Hash Functions  twoattack approaches  cryptanalysis  exploit logical weakness in algorithm  brute-force attack  trial many inputs  strength proportional to size of hash code (2n )  SHA most widely used hash algorithm  SHA-1 gives 160-bit hash  more recent SHA-256, SHA-384, SHA-512 provide improved size and security
  • 21.
  • 22.
    Public Key Infrastructure(PKI)  Public Key Infrastructure (PKI): integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services enabling users to communicate securely  PKI systems based on public key cryptosystems; include digital certificates and certificate authorities (CAs)
  • 23.
  • 24.
    PKIX Management  functions: registration initialization certification keypair recovery key pair update revocation request cross certification  protocols:  CMP(certificate management protocols ),  CMC(certificate management messages )
  • 25.
    PKI services PKI protectsinformation assets in several ways:  Authentication – Digital Certificate  To identify a user who claim who he/she is, in order to access the resource.  Non-repudiation – Digital Signature  To make the user becomes unable to deny that he/she has sent the message, signed the document or participated in a transaction.  Confidentiality - Encryption  To make the transaction secure, no one else is able to read/retrieve the ongoing transaction unless the communicating parties.  Integrity - Encryption  To ensure the information has not been tampered during transmission.  Authorization - Digital certificates  Digital certificates issued in a PKI environment can replace user IDs and passwords, enhance security, and reduce some of the overhead required for authorization processes and controlling access privileges
  • 26.
    Public-Key Authority  Assumeeach user has already security published public-key at authority; each user knows authorities public key.  Problem: authority can be bottleneck  Alternative: public-key certificates
  • 27.
    Public-Key Certificates Assume publickeys sent to CA can be authenticated by CA; each user has certificate of CA.
  • 28.
    Digital Signatures  Encryptedmessages that can be mathematically proven to be authentic  Created in response to rising need to verify information transferred using electronic systems  Asymmetric encryption processes used to create digital signatures
  • 29.
    All copyrights reservedby C.C. Cheung 2003. Digital Signature  Digital signature can be used in all electronic communications  Web, e-mail, e-commerce  It is an electronic stamp or seal that append to the document.  Ensure the document being unchanged during transmission.
  • 30.
    All copyrights reservedby C.C. Cheung 2003. How digital Signature works? User A User B Use A’s private key to sign the document Transmit via the Internet User B received the document with signature attached Verify the signature by A’s public key stored at the directory
  • 31.
    All copyrights reservedby C.C. Cheung 2003. Digital Signature Generation and Verification Message Sender Message Receiver Message Message Hash function Digest Encryption Signature Hash function Digest Decryption Expected Digest Private Key Public Key
  • 32.
    Digital Signature Algorithms RSA  Digital SignatureAlgorithm (DSA): FIPS-186  ECDSA: DSA with elliptic curve cryptography  ElGamal signature scheme: DSA is enhancement of ElGamal  Bilinear pairing based signatures, e.g. BLS  Different hash algorithms can be used; e.g. SHA2  Pre-image resistant, second pre-image resistant, collision resistant
  • 33.
    All copyrights reservedby C.C. Cheung 2003. Digital Certificates  Digital Certificate is a data with digital signature from one trusted CertificationAuthority (CA).  This data contains:  Who owns this certificate  Who signed this certificate  The expired date  User name & email address
  • 34.
    Digital Certificates  Electronicdocument containing key value and identifying information about entity that controls key  Digital signature attached to certificate’s container file to certify file is from entity it claims to be from
  • 35.
  • 36.
    All copyrights reservedby C.C. Cheung 2003. Digital Certificate  Reference
  • 37.
    All copyrights reservedby C.C. Cheung 2003. Certification Authority (CA)  A trusted agent who certifies public keys for general use (Corporation or Bank).  User has to decide which CAs can be trusted.  The model for key certification based on friends and friends of friends is called “Web ofTrust”.  The public key is passing from friend to friend.  Works well in small or high connected worlds.  What if you receive a public key from someone you don’t know?  A Certificate Authority is an agency that manages the issuance of certificates and serves as the electronic notary public to verify their worth and integrity.
  • 38.
    Principles of InformationSecurity, 2nd edition Protocols for Secure Communications  Secure Socket Layer (SSL) protocol: uses public key encryption to secure channel over public Internet  Secure HypertextTransfer Protocol (S-HTTP): extended version of HypertextTransfer Protocol; provides for encryption of individual messages between client and server across Internet  S-HTTP is the application of SSL over HTTP; allows encryption of information passing between computers through protected and secure virtual connection
  • 39.
    Principles of InformationSecurity, 2nd edition Protocols for Secure Communications (continued)  Securing E-mail with S/MIME, PEM, and PGP  Secure Multipurpose Internet Mail Extensions (S/MIME): builds on Multipurpose Internet Mail Extensions (MIME) encoding format by adding encryption and authentication  Privacy Enhanced Mail (PEM): proposed as standard to function with public key cryptosystems; uses 3DES symmetric key encryption  Pretty Good Privacy (PGP): uses IDEA Cipher for message encoding
  • 40.
    Principles of InformationSecurity, 2nd edition Protocols for Secure Communications (continued)  SecuringWeb transactions with SET, SSL, and S-HTTP  Secure ElectronicTransactions (SET): developed by MasterCard and VISA in 1997 to provide protection from electronic payment fraud  Uses DES to encrypt credit card information transfers  Provides security for both Internet-based credit card transactions and credit card swipe systems in retail stores

Editor's Notes

  • #2 Encryption protects against passive attack (eavesdropping). Message authentication protects against active attacks (falsification of data and transactions), by verifying that received messages are authentic, that is that the contents of the message have not been altered and that the source is authentic. We may also wish to verify a message's timeliness and sequence relative to other messages flowing between two parties. It is possible to perform authentication simply by the use of conventional encryption. If we assume that only the sender and receiver share a key (which is as it should be), then only the genuine sender would be able to encrypt a message successfully for the other participant. Furthermore, if the message includes an error-detection code and a sequence number, the receiver is assured that no alterations have been made and that sequencing is proper. If the message also includes a timestamp, the receiver is assured that the message has not been delayed beyond that normally expected for network transit. Alternatively there are several approaches to message authentication that do not rely on encryption. In all of these approaches, an authentication tag is generated and appended to each message for transmission. The message itself is not encrypted and can be read at the destination independent of the authentication function at the destination.
  • #4 Answer to example 1: Assume the message is English Plaintext had expected structure; assume the plaintext is correct Sent by A and has not been modified
  • #5 Answer to example 2: Assume the message is English Plaintext had no structure in expected language; assume plaintext is incorrect Either not sent by A or modified
  • #8 One authentication technique involves the use of a secret key to generate a small block of data, known as a message authentication code, that is appended to the message. This technique assumes that two communicating parties, say A and B, share a common secret key KAB. When A has a message to send to B, it calculates the message authentication code as a function of the message and the key: MACM = F(KAB, M). The message plus code are transmitted to the intended recipient. The recipient performs the same calculation on the received message, using the same secret key, to generate a new message authentication code. The received code is compared to the calculated code, as shown here in Figure 2.4 from the text. If we assume that only the receiver and the sender know the identity of the secret key, and if the received code matches the calculated code, then: The receiver is assured that the message has not been altered. The receiver is assured that the message is from the alleged sender. If the message includes a sequence number, then the receiver can be assured of the proper sequence. A number of algorithms could be used to generate the code. The NIST specification, FIPS PUB 113, recommends the use of DES. DES is used to generate an encrypted version of the message, and the last number of bits of ciphertext are used as the code. A 16- or 32-bit code is typical.
  • #10 In simpler terms, computation resistance ensures that even if someone has a collection of input-output pairs, they would not be able to calculate the correct output for any new input unless they have the specific key (K) used for generating the MACs. This property is desirable for secure systems because it prevents unauthorized individuals from tampering with or generating valid MACs for new inputs without possessing the correct key.
  • #11 In simple terms, even though there are many keys that can produce the same MAC for a given input, the attacker needs to keep trying different inputs with these matching MACs to find the correct key. The overall effort required to find the key is approximately equal to trying all possible combinations of K bits, which is represented as 2K.
  • #12 A one-way property in hash functions means that it is easy to compute the hash value of an input, but computationally difficult to reverse the process and find the original input given the hash value. Weak collision resistance refers to the property where it is difficult to find two different inputs that produce the same hash value. In the context of a brute force attack on the MAC value, the effort required is similar to these properties because the attacker needs to try different inputs and compute their MAC values until they find a matching MAC.
  • #13 Cryptanalysis refers to the study of cryptographic systems with the goal of finding vulnerabilities or weaknesses that can be exploited to break their security. In the case of MAC (Message Authentication Code) algorithms, cryptanalysis involves analyzing the algorithms to identify potential attacks or weaknesses specific to those algorithms. There are numerous MAC algorithms available, each with its own design and security properties. Cryptanalysts examine these algorithms to discover any flaws that could compromise their security. These flaws can range from mathematical weaknesses in the algorithm's structure to implementation vulnerabilities. However, it is important to note that MAC algorithms are generally considered secure. They are designed by experts in cryptography and undergo rigorous analysis before being adopted. Nevertheless, cryptanalysts continuously research and study these algorithms to ensure their security and identify any potential weaknesses that may arise. Overall, cryptanalysis plays a crucial role in the field of cryptography by evaluating the security of MAC algorithms and other cryptographic systems, helping to improve their resilience against potential attacks.
  • #16 An alternative to the message authentication code is the one-way hash function. As with the message authentication code, a hash function accepts a variable-size message M as input and produces a fixed-size message digest H(M) as output. Unlike the MAC, a hash function does not also take a secret key as input. To authenticate a message, the message digest is sent with the message in such a way that the message digest is authentic.
  • #18 Figure illustrates three ways in which the message can be authenticated. The message digest can be encrypted using conventional encryption (part a); if it is assumed that only the sender and receiver share the encryption key, then authenticity is assured. The message can also be encrypted using public-key encryption (part b); this is explained later. The public-key approach has two advantages: it provides a digital signature as well as message authentication; and it does not require the distribution of keys to communicating parties. These two approaches have an advantage over approaches that encrypt the entire message in that less computation is required. Nevertheless, there has been interest in developing a technique that avoids encryption altogether. Part c shows a technique that uses a hash function but no encryption for message authentication. This technique assumes that two communicating parties, say A and B, share a common secret value SAB. When A has a message to send to B, it calculates the hash function over the concatenation of the secret value and the message: MDM = H(SAB||M). It then sends [M||MDM] to B. Because B possesses SAB, it can recompute H(SAB||M) and verify MDM. Because the secret value itself is not sent, it is not possible for an attacker to modify an intercepted message. As long as the secret value remains secret, it is also not possible for an attacker to generate a false message.
  • #19 The purpose of a hash function is to produce a "fingerprint" of a file, message, or other block of data. To be useful for message authentication, a hash function H must have the properties listed here. The first three properties are requirements for the practical application of a hash function to message authentication. The fourth property is the one-way property: it is easy to generate a code given a message, but virtually impossible to generate a message given a code. This property is important if the authentication technique involves the use of a secret value (such as shown in Figure 2.5c). The fifth property guarantees that it is impossible to find an alternative message with the same hash value as a given message. This prevents forgery when an encrypted hash code is used (as in Figures 2.5a and b). A hash function that satisfies the first five properties in the preceding list is referred to as a weak hash function. If the sixth property is also satisfied, then it is referred to as a strong hash function. The sixth property protects against a sophisticated class of attack known as the birthday attack. In addition to providing authentication, a message digest also provides data integrity. It performs the same function as a frame check sequence: if any bits in the message are accidentally altered in transit, the message digest will be in error.
  • #20 As with symmetric encryption, there are two approaches to attacking a secure hash function: cryptanalysis and brute-force attack. As with symmetric encryption algorithms, cryptanalysis of a hash function involves exploiting logical weaknesses in the algorithm. The strength of a hash function against brute-force attacks depends solely on the length of the hash code produced by the algorithm. If strong collision resistance is required (and this is desirable for a general-purpose secure hash code), then the value 2n/2 determines the strength of the hash code against brute-force attacks. Oorschot and Wiener presented a design for a $10 million collision search machine for MD5, which has a 128-bit hash length, that could find a collision in 24 days. Thus a 128-bit code may be viewed as inadequate. With a hash length of 160 bits, the same search machine would require over four thousand years to find a collision. With today's technology, the time would be much shorter, so that 160 bits now appears suspect. In recent years, the most widely used hash function has been the Secure Hash Algorithm (SHA). SHA was developed by the National Institute of Standards and Technology (NIST) and published as a federal information processing standard (FIPS 180) in 1993. When weaknesses were discovered in SHA, a revised version was issued as FIPS 180-1 in 1995 and is generally referred to as SHA-1. SHA-1 produces a hash value of 160 bits. In 2002, NIST produced a revised version of the standard, FIPS 180-2, that defined three new versions of SHA, with hash value lengths of 256, 384, and 512 bits, known as SHA-256, SHA-384, and SHA-512. These new versions have the same underlying structure and use the same types of modular arithmetic and logical binary operations as SHA-1. In 2005, NIST announced the intention to phase out approval of SHA-1 and move to a reliance on the other SHA versions by 2010.
  • #21 Figure shown here illustrates another mode of operation of public-key cryptography, where a user encrypts data using his or her own private key. Anyone who knows the corresponding public key will then be able to decrypt the message. This is directed toward providing authentication and/or data integrity. If a user is able to successfully recover the plaintext from Bob’s ciphertext using Bob’s public key, this indicates that only Bob could have encrypted the plaintext, thus providing authentication. Further, no one but Bob would be able to modify the plaintext because only Bob could encrypt the plaintext with Bob’s private key. This can be adapted to provide authentication or data integrity. Suppose that Bob wants to send a message to Alice and, although it is not important that the message be kept secret, he wants Alice to be certain that the message is indeed from him. In this case Bob could use his own private key to encrypt the message. Here the entire message is encrypted, which, although validating both author and contents, requires a great deal of storage and additional processing cost. A more efficient way of achieving the same results is to encrypt a small block of bits that is a function of the document. Such a block, called an authenticator, must have the property that it is infeasible to change the document without changing the authenticator. If the authenticator is encrypted with the sender's private key, it serves as a signature that verifies origin, content, and sequencing. A secure hash code such as SHA-1 can serve this function. It is important to emphasize that the digital signature does not provide confidentiality. That is, the message being sent is safe from alteration but not safe from eavesdropping.
  • #22 Cryptography Tools Public Key Infrastructure (PKI) is an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely. PKI systems are based on public key cryptosystems and include digital certificates and certificate authorities (CAs).
  • #23 RFC 2822 (Internet Security Glossary) defines public-key infrastructure (PKI) as the set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates based on asymmetric cryptography. Its principal is to enable secure, convenient, and efficient acquisition of public keys. The IETF Public Key Infrastructure X.509 (PKIX) working group has setup a formal (and generic) model based on X.509 that is suitable for deploying a certificate-based architecture on the Internet. Stallings Figure 14.16 shows interrelationships among some key elements: • End entity: A generic term used to denote end users, devices (e.g., servers, routers), or any other entity that can be identified in the subject field of a public key certificate. End entities canconsume and/or support PKI-related services. • Certification authority (CA): The issuer of certificates and (usually) certificate revocation lists (CRLs). It may also support a variety of administrative functions, although these are often delegated to Registration Authorities. • Registration authority (RA): An optional component that can assume a number of administrative functions from the CA. The RA is often associated with the End Entity registration process, but can assist in a number of other areas as well. • CRL issuer: An optional component that a CA can delegate to publish CRLs. • Repository: A generic term used to denote any method for storing certificates and CRLs so that they can be retrieved by End Entities.
  • #24 PKIX identifies a number of management functions that potentially need to be supported by management protocols, as shown in Figure 14.16: • Registration: whereby a user first makes itself known to a CA, prior to issue of a certificate(s) for that user. It usually involves some off-line or online procedure for mutual authentication. • Initialization: to install key materials that have the appropriate relationship with keys stored elsewhere in the infrastructure. • Certification: process where a CA issues a certificate for a user's public key, and returns it to the user's client system and/or posts it in a repository. • Key pair recovery: a mechanism to recover the necessary decryption keys when normal access to the keying material is no longer possible. • Key pair update: key pairs need to be updated and new certificates issued. • Revocation request: when authorized person advises need for certificate revocation, e.g. private key compromise, affiliation change, name change. • Cross certification: when two CAs exchange information used in establishing a cross-certificate, issued by one CA to another CA that contains a CA signature key used for issuing certificates. The PKIX working group has defines two alternative management protocols between PKIX entities. RFC 2510 defines the certificate management protocols (CMP), which is a flexible protocol able to accommodate a variety of technical, operational, and business models. RFC 2797 defines certificate management messages over CMS (RFC 2630) called CMC. This is built on earlier work to leverage existing code.
  • #27 In a Public Key Infrastructure (PKI), a Certificate Authority (CA) is responsible for issuing, managing, and verifying digital certificates. The CA acts as a trusted third party that helps establish the authenticity and integrity of public keys in a secure manner. Here's how a Certificate Authority works: Key Generation: Users generate a pair of cryptographic keys, consisting of a public key and a private key. The private key is kept secret, while the public key is made available to others. Certification Request: When a user wants to obtain a digital certificate for their public key, they submit a certification request to the CA. This request typically includes their public key, identity information, and other necessary details. Certificate Issuance: Upon receiving the certification request, the CA verifies the user's identity and performs the necessary checks to ensure the validity of the request. If everything is in order, the CA generates a digital certificate for the user's public key. The certificate includes the user's public key, identity information, and a digital signature generated by the CA. Certificate Distribution: Once the certificate is issued, it is made available to the user. The CA may distribute certificates through various means, such as a public directory, email, or secure web portal. Additionally, the CA may maintain a Certificate Revocation List (CRL) to track revoked or expired certificates. Certificate Verification: When a user wants to communicate securely with another user, they retrieve the recipient's certificate from the distribution channel or directory. The user then verifies the authenticity and integrity of the certificate. This involves validating the digital signature on the certificate using the CA's public key, which should be trusted by the user. Key Exchange: Once the certificate is verified, the user extracts the recipient's public key from the certificate. This public key is then used for establishing secure communication channels, such as encryption and digital signatures. The private key corresponding to the public key is kept securely by the recipient
  • #28 Digital Signatures An interesting thing happens when the asymmetric process is reversed, that is the private key is used to encrypt a short message. The public key can be used to decrypt it, and the fact that the message was sent by the organization that owns the private key cannot be refuted. This is known as non-repudiation, which is the foundation of digital signatures. Digital Signatures are encrypted messages that are independently verified by a central facility (registry) as authentic.
  • #34 Digital Certificates and Certificate Authorities As alluded to earlier, a digital certificate is an electronic document, similar to a digital signature, attacked to a file certifying that this file is from the organization it claims to be from and has not been modified from the originating format. A Certificate Authority is an agency that manages the issuance of certificates and serves as the electronic notary public to verify their worth and integrity.
  • #38 Securing the Web Secure Electronic Transactions (SET) was developed by MasterCard and Visa in 1997 to provide protection from electronic payment fraud. SET works by encrypting the credit card transfers with DES for encryption and RSA for key exchange, much as other algorithms do. SET provides the security for both Internet-based credit card transactions and the encryption of swipe systems of those credit cards in retail stores. Secure Socket Layer was developed by Netscape in 1994 to provide security in online electronic commerce transactions. It uses a number of algorithms, but mainly relies on RSA for key transfer and IDEA, DES or 3DES for encrypted symmetric key-based data transfer. Secure Hypertext Transfer Protocol (SHTTP) is an encrypted solution to the unsecured version of HTTP. It provides an alternative to the aforementioned protocols and can provide secure e-commerce transactions as well as encrypted Web pages for secure data transfer over the Web, using a number of different algorithms. Secure Shell (SSH) provides security over remote access connections using tunneling. It provides authentication services between a client and server. IP Security (IPSec) is the cryptographic authentication and encryption product of the IETF’s IP Protocol Security Working Group, defined in RFC 1825, 1826 and 1827. IP Security (IPSec) is used to create Virtual Private Networks (VPNs) and is an open framework for security development within the TCP/IP family of protocol standards.
  • #39 Securing E-mail A number of encryption cryptosystems have been adapted in an attempt to inject some degree of security into e-mail, a notoriously unsecured medium. S/MIME builds on the Multipurpose Internet Mail Extensions (MIME) encoding format by adding encryption and authentication through digital signatures based on public key cryptosystems. Securing E-mail Privacy Enhanced Mail (PEM) was proposed by the Internet Engineering Task Force (IETF) as a standard to function with the public key cryptosystems. PEM uses 3DES symmetric key encryption and RSA for key exchanges and digital signatures. Pretty Good Privacy (PGP) was developed by Phil Zimmerman and uses the IDEA Cipher, a 128-bit symmetric key block encryption algorithm with 64 bit blocks for message encoding. IDEA performs 8 rounds on 16 bit sub-blocks using algebraic calculations. PGP also uses RSA for symmetric key exchange and for digital signatures.
  • #40 Securing Web Transactions with SET, SSL, and S-HTTP Just as PGP, PEM, and S/MIME work to secure e-mail operations, a number of related protocols work to secure Web browsers, especially at electronic commerce sites. Among these are Secure Electronic Transactions (SET), Secure Socket Layer (SSL), Secure Hypertext Transfer Protocol (S-HTTP), Secure Shell (SSH-2), and IP Security (IPSec). Secure Electronic Transactions (SET) was developed by MasterCard and VISA in 1997 to provide protection from electronic payment fraud. SET uses DES to encrypt credit card information transfers and RSA for key exchange. SET provides the security for both Internet-based credit card transactions and credit card swipe systems in retail stores.