Key management: Introduction, How public key distribution done, Diffie Hellman Key Exchage Algorithm,Digital Certificate. Key Management using Digital certificate is done etc. wireshark screenshot showing digital cetificate.
Key management: Introduction, How public key distribution done, Diffie Hellman Key Exchage Algorithm,Digital Certificate. Key Management using Digital certificate is done etc. wireshark screenshot showing digital cetificate.
Security Hash Algorithm (SHA) was developed in 1993 by the National Institute of Standards and Technology (NIST) and National Security Agency (NSA).
It was designed as the algorithm to be used for secure hashing in the US Digital Signature Standard.
• Hashing function is one of the most commonly used encryption methods. A hash is a special mathematical function that performs one-way encryption.
• SHA-l is a revised version of SHA designed by NIST and was published as a Federal Information Processing Standard (FIPS).
• Like MD5, SHA-l processes input data in 512-bit blocks.
• SHA-l generates a 160-bit message digest. Whereas MD5 generated message digest of 128 bits.
• The procedure is used to send a non secret but signed message from sender to receiver. In such a case following steps are followed:
1. Sender feeds a plaintext message into SHA-l algorithm and obtains a 160-bit SHA-l hash.
2. Sender then signs the hash with his RSA private key and sends both the plaintext message and the signed hash to the receiver.
3. After receiving the message, the receiver computes the SHA-l hash himself and also applies the sender's public key to the signed hash to obtain the original hash H.
Introduction to Public key Cryptosystems with block diagrams
Reference : Cryptography and Network Security Principles and Practice , Sixth Edition , William Stalling
In cryptography, a block cipher is a deterministic algorithm operating on ... Systems as a means to effectively improve security by combining simple operations such as .... Finally, the cipher should be easily cryptanalyzable, such that it can be ...
Pgp-Pretty Good Privacy is the open source freely available tool to encrypt your emails then you can very securely send mails to others over internet without fear of eavesdropping by cryptanalyst.
Defines a framework for authentication service using the X.500 directory.It is the Repository of public-key certificates,Based on use of public-key cryptography and digital signatures.
E-Mail Security: Pretty Good Privacy, S/MIME IP Security: IP Security overview, IP Security architecture, Authentication Header, Encapsulating security payload, Combining security associations, Internet Key Exchange Case Studies on Cryptography and security: Secure Multiparty Calculation, Virtual Elections, Single sign On, Secure Inter-branch Payment Transactions, Cross site Scripting Vulnerability.
Security Hash Algorithm (SHA) was developed in 1993 by the National Institute of Standards and Technology (NIST) and National Security Agency (NSA).
It was designed as the algorithm to be used for secure hashing in the US Digital Signature Standard.
• Hashing function is one of the most commonly used encryption methods. A hash is a special mathematical function that performs one-way encryption.
• SHA-l is a revised version of SHA designed by NIST and was published as a Federal Information Processing Standard (FIPS).
• Like MD5, SHA-l processes input data in 512-bit blocks.
• SHA-l generates a 160-bit message digest. Whereas MD5 generated message digest of 128 bits.
• The procedure is used to send a non secret but signed message from sender to receiver. In such a case following steps are followed:
1. Sender feeds a plaintext message into SHA-l algorithm and obtains a 160-bit SHA-l hash.
2. Sender then signs the hash with his RSA private key and sends both the plaintext message and the signed hash to the receiver.
3. After receiving the message, the receiver computes the SHA-l hash himself and also applies the sender's public key to the signed hash to obtain the original hash H.
Introduction to Public key Cryptosystems with block diagrams
Reference : Cryptography and Network Security Principles and Practice , Sixth Edition , William Stalling
In cryptography, a block cipher is a deterministic algorithm operating on ... Systems as a means to effectively improve security by combining simple operations such as .... Finally, the cipher should be easily cryptanalyzable, such that it can be ...
Pgp-Pretty Good Privacy is the open source freely available tool to encrypt your emails then you can very securely send mails to others over internet without fear of eavesdropping by cryptanalyst.
Defines a framework for authentication service using the X.500 directory.It is the Repository of public-key certificates,Based on use of public-key cryptography and digital signatures.
E-Mail Security: Pretty Good Privacy, S/MIME IP Security: IP Security overview, IP Security architecture, Authentication Header, Encapsulating security payload, Combining security associations, Internet Key Exchange Case Studies on Cryptography and security: Secure Multiparty Calculation, Virtual Elections, Single sign On, Secure Inter-branch Payment Transactions, Cross site Scripting Vulnerability.
This material covers Authentication requirement, Authentication function, MAC, Hash function, Security of hash function and MAC, SHA, Digital signature and authentication protocols, DSS, Authentication protocols like Kerberos and X.509, entity authentication
This material covers Authentication requirement, Authentication function, MAC, Hash function, Security of hash function and MAC, SHA, Digital signature and authentication protocols, DSS, Authentication protocols like Kerberos and X.509, entity authentication
Information and network security 42 security of message authentication codeVaibhav Khanna
Message Authentication Requirements
Disclosure: Release of message contents to any person or process not possess- ing the appropriate cryptographic key.
Traffic analysis: Discovery of the pattern of traffic between parties. ...
Masquerade: Insertion of messages into the network from a fraudulent source
For a college course -- CNIT 141: Cryptography for Computer Networks, at City College San Francisco
Based on "Serious Cryptography: A Practical Introduction to Modern Encryption", by Jean-Philippe Aumasson, No Starch Press (November 6, 2017), ISBN-10: 1593278268 ISBN-13: 978-1593278267
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_S19.shtml
Information and network security 41 message authentication codeVaibhav Khanna
In cryptography, a message authentication code, sometimes known as a tag, is a short piece of information used to authenticate a message—in other words, to confirm that the message came from the stated sender and has not been changed.
The IoT Era Begins
Components of IoT-Enabled Things
IoT Reference model
IoT Security
IoT Security & Privacy Req. defined by ITU-T
An IoT Security Framework
IoT Security Challenges
Internet of Things - Liability
IoT security tools
MEANING OF RESEARCH
OBJECTIVES OF RESEARCH
CHARACTERISTICS OF RESEARCH
CRITERIA OF A GOOD RESEARCH
QUALITIES OF GOOD RESEARCH
RESEARCH MOTIVATIONS
TYPES OF RESEARCH
PROBLEMS IN RESEARCH
RESEARCH APPROACHES
RESEARCH PROCESS
LITERATURE REVIEW
HYPOTHESIS
CRITERIA OF GOOD RESEARCH
PROBLEMS ENCOUNTERED BY RESEARCHER
Symmetric encryption and message confidentialityCAS
Symmetric Encryption Principles
Data Encryption Standard
Advanced Encryption Standard
Stream Ciphers and RC4
Cipher Block Modes of Operation
Key Distribution
12.1 Security Awareness, Training, and Education
12.2 Polices and Employment Practices
12.3 E-Mail and Internet Use Policies
12.4 Computer Security Incident Response Teams
1 Symmetric Encryption
2 Message Authentication and Hash Functions
3 Public-Key Encryption
4 Digital Signatures and Key Management
5 Random and Pseudo random Numbers
6 Practical Application: Encryption of Stored Data
7 Symmetric vs Asymmetric
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
3. 1. MESSAGE SECURITY REQUIREMENTS
• In communications from a computer to computer, the following
attacks could be identified:
• Disclosure: Release of message contents
• Traffic analysis: Discovery of the pattern of traffic between parties
• Masquerade: Insertion of messages into the network from a
fraudulent source
• Content modification: Modification of the contents of a message
• Sequence modification: Modification to a sequence of messages
between parties
• Timing modification: Delay or replay of messages
• Source repudiation: Denial of transmission of message by source
• Destination repudiation: Denial of receipt of message by destination
3MESSAGE AUTHENTICATION
4. 2. MESSAGE AUTHENTICATION
• Message authentication is concerned with:
• Protecting the integrity of a message
• Validating identity of originator
• Non-repudiation of origin (dispute resolution)
• Will consider the security requirements
• Three alternative functions used:
• Message encryption
• Hash functions
• Message Authentication Code (MAC)
4MESSAGE AUTHENTICATION
5. 3. MESSAGE ENCRYPTION
3.1 SYMMETRIC MESSAGE ENCRYPTION
• Encryption can also provides authentication
• If symmetric encryption is used then:
• Receiver know sender must have created it
• Since only sender and receiver now key used
• Know content cannot of been altered
• If message has suitable structure, redundancy or a checksum to
detect any changes
5MESSAGE AUTHENTICATION
6. 3.2 PUBLIC-KEY MESSAGE ENCRYPTION
• If public-key encryption is used:
• Encryption provides no confidence of sender
• Since anyone potentially knows public-key
However if
• Sender signs message using their private-key
• Then encrypts with recipients public key
• Have both secrecy and authentication
• Again need to recognize corrupted messages
• But at cost of two public-key uses on message
6MESSAGE AUTHENTICATION
7. 4. HASH FUNCTIONS
Condenses arbitrary message to fixed size
h = H(M)
Usually assume hash function is public
Hash used to detect changes to message
Want a cryptographic hash function
Computationally infeasible to find data mapping to specific
hash (one-way property)
Computationally infeasible to find two data to same hash
(collision-free property)
7MESSAGE AUTHENTICATION
8. 4.1 CRYPTOGRAPHIC HASH FUNCTION
• Figure depicts the general operation
of a cryptographic hash function.
• The input is padded out to an integer
multiple of some fixed length (e.g.,
1024 bits) and the padding includes
the value of the length of the original
message in bits.
• The length field is a security
measure to increase the difficulty for
an attacker to produce an alternative
message with the same hash value.
8MESSAGE AUTHENTICATION
9. 4.2 HASH FUNCTIONS & MESSAGE AUTHENTICATION
• Message authentication is a mechanism or service used to verify
the integrity of a message, by assuring that the data received are
exactly as sent.
• Figure A, B, C and D illustrates a variety of ways in which a
hash code can be used to provide message authentication, as
follows:
9MESSAGE AUTHENTICATION
10. • The message plus concatenated hash code is encrypted using
symmetric encryption. Since only A and B share the secret key,
the message must have come from A and has not been altered.
• The hash code provides the structure or redundancy required to
achieve authentication.
A
10MESSAGE AUTHENTICATION
11. • Only the hash code is encrypted, using symmetric encryption. This
reduces the processing burden for those applications not requiring
confidentiality.
B
11MESSAGE AUTHENTICATION
12. C
• Shows the use of a hash function but no encryption for message authentication.
• The technique assumes that the two communicating parties share a common
secret value S.
• A computes the hash value over the concatenation of M and S and appends the
resulting hash value to M.
• Because B possesses S, it can re-compute the hash value to verify.
• Because the secret value itself is not sent, an opponent cannot modify an
intercepted message and cannot generate a false message.
12MESSAGE AUTHENTICATION
13. • Confidentiality can be added to the approach of (c) by encrypting
the entire message plus the hash code.
D
13MESSAGE AUTHENTICATION
14. 5. MESSAGE AUTHENTICATION CODE (MAC)
• Generated by an algorithm that creates a small fixed-sized block
• Depending on both message and some key
• Like encryption though need not be reversible
• Appended to message as a signature
• Receiver performs same computation on message and checks it
matches the MAC
• Provides assurance that message is unaltered and comes from
sender
14MESSAGE AUTHENTICATION
15. Message Authentication Code…
• A small fixed-sized block of data
• Generated from message + secret key
• MAC = C(K,M)
• Appended to message when sent
15MESSAGE AUTHENTICATION
16. 5.1 MESSAGE AUTHENTICATION CODES
• As shown the MAC provides authentication
• Why use a MAC?
• sometimes only authentication is needed
• sometimes need authentication to persist longer than the
encryption (eg. archival use)
• Can also use encryption for secrecy
• generally use separate keys for each
• can compute MAC either before or after encryption
• is generally regarded as better done before
16MESSAGE AUTHENTICATION
17. 5.2 MAC PROPERTIES
• A MAC is a cryptographic checksum
MAC = CK(M)
• condenses a variable-length message M
• using a secret key K
• to a fixed-sized authenticator
• Is a many-to-one function
• potentially many messages have same MAC
• but finding these needs to be very difficult
17MESSAGE AUTHENTICATION
18. 6. HMAC
6.1 HMAC DESIGN OBJECTIVES
Use, without modifications, hash functions
Allow for easy re-placeability of embedded hash function
Preserve original performance of hash function without significant
degradation
Use and handle keys in a simple way.
Have well understood cryptographic analysis of authentication
mechanism strength
18MESSAGE AUTHENTICATION
19. HMAC…
• Uses hash function on the message:
HMACK(M)= Hash[(K+
XOR opad) ||
Hash[(K+
XOR ipad) || M)] ]
• where K+
is the key padded out to
size
• opad, ipad are specified padding
constants
• Overhead is just 3 more hash
calculations than the message needs
alone
• Any hash function can be used
• eg. MD5, SHA-1, RIPEMD-160,
Whirlpool
19MESSAGE AUTHENTICATION
20. HMAC Overview
Figure Illustrates the overall operation of HMAC:
HMACK = Hash[(K+
XOR opad) || Hash[(K+
XOR ipad) || M)]
where:
K+
is K padded with zeros on the left so that the result is b bits in length
ipad is a pad value of 36 hex repeated to fill block
opad is a pad value of 5C hex repeated to fill block
M is the message input to HMAC (including the padding specified in the embedded
hash function)
Note that the XOR with ipad results in flipping one-half of the bits of K. Similarly,
the XOR with opad results in flipping one-half of the bits of K, but a different set of
bits.
In effect, pseudo randomly generated two keys from K.MESSAGE AUTHENTICATION 20
21. • HMAC should execute in approximately the same time as the embedded
hash function for long messages.
• HMAC adds three executions of the hash compression function (for Si, So,
and the block produced from the inner hash).
• A more efficient implementation is possible by precomputing the internal
hash function on (K+
XOR opad) and (K+
XOR ipad) and inserting the
results into the hash processing at start & end.
• With this implementation, only one additional instance of the compression
function is added to the processing normally produced by the hash
function.
• This is especially worthwhile if most of the messages for which a MAC is
computed are short.
21MESSAGE AUTHENTICATION
22. 6.2 HMAC SECURITY
• Proved security of HMAC relates to that of the underlying hash
algorithm
• Attacking HMAC requires either:
• Brute force attack on key used
• Birthday attack (but since keyed would need to observe a very large
number of messages)
• Choose hash function used based on speed verses security
constraints
MESSAGE AUTHENTICATION 22
Editor's Notes
One of the most fascinating and complex areas of cryptography is that of message authentication and the related area of digital signatures. We now consider how to protect message integrity (ie protection from modification), as well as confirming the identity of the sender. Generically this is the problem of message authentication, and in eCommerce applications is arguably more important than secrecy. Message Authentication is concerned with: protecting the integrity of a message, validating identity of originator, & non-repudiation of origin (dispute resolution). There are three types of functions that may be used to produce an authenticator: a hash function, message encryption, message authentication code (MAC). Hash functions, and how they may serve for message authentication, are discussed in Chapter 11. The remainder of this section briefly examines the remaining two topics. The remainder of the chapter elaborates on the topic of MACs.
Message encryption by itself can provide a measure of authentication. The analysis differs for symmetric and public-key encryption schemes.
If use symmetric encryption, If no other party knows the key, then confidentiality is provided. As well, symmetric encryption provides authentication as well as confidentiality, since only the other party can have encrypted a properly constructed message (Stallings Figure 12.1a). Here, the ciphertext of the entire message serves as its authenticator, on the basis that only those who know the appropriate keys could have validly encrypted the message. This is provided you can recognize a valid message (ie if the message has suitable structure such as redundancy or a checksum to detect any changes).
With public-key techniques, can use a digital signature which can only have been created by key owner to validate the integrity of the message contents. To provide both confidentiality and authentication, A can encrypt M first using its private key, which provides the digital signature, and then using B's public key, which provides confidentiality (Stallings Figure 12.1d). The disadvantage of this approach is that the public-key algorithm, which is complex, must be exercised four times rather than two in each communication.
An alternative authentication technique involves the use of a secret key to generate a small fixed-size block of data, known as a cryptographic checksum or MAC that is appended to the message. This technique assumes that two communicating parties, say A and B, share a common secret key K. A MAC function is similar to encryption, except that the MAC algorithm need not be reversible, as it must for decryption.
An alternative authentication technique involves the use of a secret key to generate a small fixed- size block of data, known as a cryptographic checksum or MAC that is appended to the message. This technique assumes that two communicating parties, say A and B, share a common secret key K. When A has a message to send to B, it calculates the MAC as a function of the message and the key: MAC = C(K, M). The message plus MAC are transmitted to the intended recipient. The recipient performs the same calculation on the received message, using the same secret key, to generate a new MAC. The received MAC is compared to the calculated MAC (Stallings Figure 12.4a). If we assume that only the receiver and the sender know the identity of the secret key, and if the received MAC matches the calculated MAC, then the receiver is assured that the message has not been altered, is from the alleged sender, and if the message includes a sequence number then the receiver can be assured of the proper sequence because an attacker cannot successfully alter the sequence number. A MAC function is similar to encryption. One difference is that the MAC algorithm need not be reversible, as it must for decryption. In general, the MAC function is a many-to-one function.
The process depicted on the previous slide provides authentication but not confidentiality, because the message as a whole is transmitted in the clear. Confidentiality can be provided by performing message encryption either after (see Stallings Figure 12.4b) or before (see Stallings Figure 12.4c) the MAC algorithm. In both these cases, two separate keys are needed, each of which is shared by the sender and the receiver. Typically, it is preferable to tie the authentication directly to the plaintext, so the method of Figure 12.4b is used. Can use MAC in circumstances where just authentication is needed (or needs to be kept), see text for examples (e.g. such as when the same message is broadcast to a number of destinations; when one side has a heavy load and cannot afford the time to decrypt all incoming messages; or do not need to keep messages secret, but must authenticate messages). Finally, note that the MAC does not provide a digital signature because both sender and receiver share the same key.
A MAC (also known as a cryptographic checksum, fixed-length authenticator, or tag) is generated by a function C. The MAC is appended to the message at the source at a time when the message is assumed or known to be correct. The receiver authenticates that message by re-computing the MAC.
The MAC function is a many-to-one function, since potentially many arbitrarily long messages can be condensed to the same summary value, but don’t want finding them to be easy (see text for discussion)!
RFC 2104 lists the following design objectives for HMAC:
• To use, without modifications, available hash functions. In particular, hash functions that perform well in software, and for which code is freely and widely available.
• To allow for easy replaceability of the embedded hash function in case faster or more secure hash functions are found or required.
• To preserve the original performance of the hash function without incurring a significant degradation.
• To use and handle keys in a simple way.
• To have a well understood cryptographic analysis of the strength of the authentication mechanism based on reasonable assumptions about the embedded hash function.
The idea of a keyed hash evolved into HMAC, designed to overcome some problems with the original proposals. It involves hashing padded versions of the key concatenated with the message, and then with another outer hash of the result prepended by another padded variant of the key. The hash function need only be used on 3 more blocks than when hashing just the original message (for the two keys + inner hash). HMAC can use any desired hash function, and has been shown to have the same security as the underlying hash function. Can choose the hash function to use based on speed/security concerns.
The appeal of HMAC is that its designers have been able to prove an exact relationship between the strength of the embedded hash function and the strength of HMAC. The security of a MAC function is generally expressed in terms of the probability of successful forgery with a given amount of time spent by the forger and a given number of message-MAC pairs created with the same key. Have two classes of attacks: brute force attack on key used which has work of order 2^n; or a birthday attack which requires work of order 2^(n/2) - but which requires the attacker to observe 2^n blocks of messages using the same key - very unlikely. For a hash code length of 128 bits, this requires 264 observed blocks (272 bits) generated using the same key. On a 1-Gbps link, one would need to observe a continuous stream of messages with no change in key for about 150,000 years in order to succeed. So even MD5 is still secure for use in HMAC given these constraints.