Uploaded byHarishChaudhary21
PDF, PPTX35 views

Unit-3.pdf

The document discusses message authentication and hash functions. It defines message authentication as a way to ensure data integrity and describes how message authentication codes (MACs) work using symmetric keys. It also explains how hash functions take an input of any length and produce a fixed-length output digest. Specific hash functions discussed include MD4, MD5, SHA-1, and how they work by padding the input, initializing buffers, processing the input in blocks, and outputting the digest.

Embed presentation

Download as PDF, PPTX
Message Authentication and Hash Functions Unit Ill
Contents • Message Authentication • Hash Functions • Message Digests: MD4 and MD5 • Secure Hash Algorithms: SHA-1 • HMAC • Digital Signatures
Message Authentication • Message authentication is another form of security. • Similar to data encryption to ensure data confidentiality, the message authentication data security feature: • Provides services to ensure the integrity of data. • Provides end-to-end protection of data, which does not require support from intermediate nodes. • Message authentication can be achieved using cryptographic methods which further make use of keys.
Message Authentication Codes • MAC algorithm is a symmetric key cryptographic technique to provide message authentication. • For establishing MAC process, the sender and receiver share a symmetric key K. • Essentially, a MAC is an encrypted checksum generated on the underlying message that is sent along with a message to ensure message authentication.
Message Authentication Codes
Message Authentication Codes • The sender uses some publicly known MAC algorithm, inputs the message and the secret key K and produces a MAC value. • The sender forwards the message along with the MAC. • On receipt of the message and the MAC, the receiver feeds the received message and the shared secret key K into the MAC algorithm and re-computes the MAC value. • The receiver now checks equality of freshly computed MAC with the MAC received from the sender. • If they match, then the receiver accepts the message otherwise message is consider as not genuine.
Hash Functions • Hash functions are one-way functions that take an input (message) and produce a fixed-size output (hash value). • By applying a hash function to a message, a sender can create a digest or checksum of the message. • The receiver can then independently compute the hash of the received message and compare it with the sender's hash to verify if the message has been altered.
Hash Functions
Hash Functions • The typical features of hash functions are − • Fixed Length Output (Hash Value) • Hash function coverts data of arbitrary length to a fixed length. This process is often referred to as hashing the data. • In general, the hash is much smaller than the input data, hence hash functions are sometimes called compression functions. • Since a hash is a smaller representation of a larger data, it is also referred to as a digest. • Hash function with n bit output is referred to as an n-bit hash function. Popular hash functions generate values between 160 and 512 bits. • Efficiency of Operation • Generally for any hash function h with input x, computation of h(x) is a fast operation. • Computationally hash functions are much faster than a symmetric encryption.
Message Digest • MD stands for Message Digest, and it is often followed by a number to denote a specific algorithm. • These hash functions take an input message of any length and produce a fixed-size output, often referred to as the digest or hash value. • The most well-known algorithms in the MD family are MD2, MD4, MD5, and MD6. • However, MD2 and MD4 are considered to be weak and have been largely replaced by more secure hash functions.
Message Digest 4 • MD4 hash function which digests an arbitrary length message to 128 bits • Initialization: Given a message 𝑚𝑚0𝑚𝑚1𝑚𝑚2……………… 𝑚𝑚𝑏𝑏−1(b-bit); Step 1: append padding bits and get 𝑚𝑚0𝑚𝑚1𝑚𝑚2……………… 𝑚𝑚𝑏𝑏−1 10...0 ( b' bits , b' ≡ 448 mod 512); Step 2: append 64 bits and get 𝑚𝑚0𝑚𝑚1𝑚𝑚2……………… 𝑚𝑚𝑏𝑏−1 10...0 𝑏𝑏0𝑏𝑏1𝑏𝑏2……………… 𝑏𝑏63 (𝑏𝑏0𝑏𝑏1𝑏𝑏2……………… 𝑏𝑏63) is the 64-bit representation of b ); Step 3: divide it to N words as 𝑚𝑚0𝑚𝑚1𝑚𝑚2……………… 𝑚𝑚𝑁𝑁−1 (N is a multiple of 16); Step 4: Initialize 4 MD buffers A, B, C, D, each of them is a 32-bit register, word A: 01 23 45 67 word B: 89 ab cd ef word C: fe dc ba 98 word D: 76 54 32 10 and save as A°, B°, C°, D°
Message Digest 4 Processing 48 rounds 16 rounds F(B, C, D) =BC V ( neg B)D // V -> Disjunction/ OR Operation i = 0 ,1.....15 𝑘𝑘𝑖𝑖= 0 s = 3, 7, 11, 19, 3, 7, 11, 19, 3, 7, 11, 19 16 rounds F(B, C, D) =BC V BD V CD i = 0, 4, 8, 12, 1, 5, 9, 13, 2, 6, 10, 14, 3, 7, 11, 15 𝑘𝑘𝑖𝑖 =5A827999 s = 3, 5, 9, 13, 3, 5, 9, 13, 3, 5, 9, 13, 3, 5, 9, 13 16 rounds F(B, C, D) = B ⊕ C ⊕ D i = 0, 8, 4, 12, 2, 10, 6, 14, 1, 9, 5, 13, 3, 11, 7, 15 𝑘𝑘𝑖𝑖 = 6ED9EBA1 s = 3, 9, 11, 15, 3, 9, 11, 15, 3, 9, 11, 15, 3, 9, 11, 15 Compute A = A + A° B = B + B° C = C + C° D= D + D° and output A B C D as the result
Message Digest 4 it consists in 5 steps that are as follow: 1. Append Padding bits 2. Append Length 3. Initialize MD buffer 4. Process the message in 16-Word blocks 5. Output
Message Digest 4 1. Append Padding bits: • The message is expanded so that its length in bits modulo 512 is 448. Thus, as a result of the expansion, the message lacks 64 bits to a length that is a multiple of 512 bits. • The expansion is done as follows: one bit equal to 1 is added to the message, and then bits equal to 0 are added until the length of the message is 448 modulo 512. • In the end, at least 1 bit is added to the message, and as a maximum of 512
Message Digest 4 2. Adding the length • The 64-bit representation of b is added to the result of the previous step. • In the unlikely event that b is greater than 2 to the 64th power, only the least significant 64 bits are used. • These bits are added as two 32-bit words, and the word containing the least significant bits is appended first. • At this stage (after adding the bits and the message length), we get a message that is a multiple of 512 bits. It is equivalent to the message being a multiple of 16 32-bit words.
Message Digest 4 3. Initializing the MD buffer: • To calculate the message hash buffer consisting of 4 words (A, B, C, D) (32-bit registers) is used. • These registers are initialized with the following hexadecimal numbers (LSB first): word A: 01 23 45 67; word B: 89 ab cd ef; word C: fe dc ba 98; word D: 76 54 32 10.
Message Digest 4 4. Process the message in 16-Word blocks: • let’s define three auxiliary functions, each of which receives three 32-bit words as input and calculates one 32-bit word from them. • For each bit position, F acts as a conditional expression: if X, then Y; otherwise Z. The function F could have been defined using instead of V since XY and XZ cannot equal 1, at the same time. • G acts on each bit position as a function of the maximum value. If at least two words of X, Y, and Z have corresponding bits equal to 1 then G will output a 1 in that bit. Otherwise, G will output a bit equal to 0. • It is interesting to note that if the X, Y, and Z bits are statistically independent, then the F (X, Y, Z) and G (X, Y, Z) bits will also be statistically independent. Function H implements bitwise xor and has the same property as F and G.
Message Digest 4 4. Output: • The result (hash function) is obtained as ABCD. • It means we write out 128 bits, starting with the least significant bit of A and ending with the most significant bit of D.
Message Digest 5 • MD5 (Message Digest Method 5) is a cryptographic hash algorithm used to generate a 128-bit digest from a string of any length. • It represents the digests as 32 digit hexadecimal numbers. • The digest size is always 128 bits, and thanks to hashing function guidelines, a minor change in the input string generate a drastically different digest. • This is essential to prevent similar hash generation as much as possible, also known as a hash collision.
Message Digest 5 Steps in MD5 Algorithm • Padding Bits • When you receive the input string, you have to make sure the size is 64 bits short of a multiple of 512. • When it comes to padding the bits, you must add one(1) first, followed by zeroes to round out the extra characters.
Message Digest 5 Steps in MD5 Algorithm • Padding Length: • You need to add a few more characters to make your final string a multiple of 512. • To do so, take the length of the initial input and express it in the form of 64 bits. • On combining the two, the final string is ready to be hashed.
Message Digest 5 Steps in MD5 Algorithm • Initialize MD Buffer: • The entire string is converted into multiple blocks of 512 bits each. • You also need to initialize four different buffers, namely A, B, C, and D. • These buffers are 32 bits each and are initialized as follows: A = 01 23 45 67 B = 89 ab cd ef C = fe dc ba 98 D = 76 54 32 10
Message Digest 5 Steps in MD5 Algorithm • Process Each Block: • Each 512-bit block gets broken down further into 16 sub-blocks of 32 bits each. There are four rounds of operations, with each round utilizing all the sub-blocks, the buffers, and a constant array value. • It perform 64 rounds. • This constant array can be denoted as T[1] -> T[64]. • Each of the sub-blocks are denoted as M[0] -> M[15].
Message Digest 5 Steps in MD5 Algorithm • Process Each Block: • It passes B, C, and D onto a non-linear process. • The result is added with the value present at A. • It adds the sub-block value to the result above. • Then, it adds the constant value for that particular iteration. • There is a circular shift applied to the string. • As a final step, it adds the value of B to the string and is stored in buffer A. • The steps mentioned above are run for every buffer and every sub-block. When the last block’s final buffer is complete, you will receive the MD5 digest.
Message Digest 5 Steps in MD5 Algorithm • Process Each Block: • The non-linear process above is different for each round of the sub-block. • Round 1: (b AND c) OR ((NOT b) AND (d)) • Round 2: (b AND d) OR (c AND (NOT d)) • Round 3: b XOR c XOR d • Round 4: c XOR (b OR (NOT d))
Message Digest 5 Steps in MD5 Algorithm • Process Each Block: • Each round has a repeating sequence of 4 shift amounts (s in [abcd k s i]) : • 7, 12, 17 and 22 for the round 1 • 5, 9, 14 and 20 for the round 2 • 4, 11, 16 and 23 for the round 3 • 6, 10, 15 and 21 for the round 4
Message Digest 5 Advantage of MD5 Algorithm • Easy to Compare: • Unlike the latest hash algorithm families, a 32 digit digest is relatively easier to compare when verifying the digests. • Storing Passwords: • Passwords need not be stored in plaintext format, making them accessible for hackers and malicious actors. When using digests, the database also gets a boost since the size of all hash values will be the same. • Low Resource: • A relatively low memory footprint is necessary to integrate multiple services into the same framework without a CPU overhead. • Integrity Check: • You can monitor file corruption by comparing hash values before and after transit. Once the hashes match, file integrity checks are valid, and it avoids data corruption.
SHA-1 • Secure Hash Algorithm 1, or SHA-1, was developed in 1993 by the U.S. government's standards agency National Institute of Standards and Technology (NIST). • It is widely used in security applications and protocols, including TLS, SSL, PGP, SSH, IPsec, and S/MIME. • SHA-1 works by feeding a message as a bit string of length less than 264 bits, and producing a 160-bit hash value known as a message digest. • There are two methods to encrypt messages using SHA-1. Although one of the methods saves the processing of sixty-four 32-bit words, it is more complex and time-consuming to execute. • At the end of the execution, the algorithm outputs blocks of 16 words, where each word is made up of 16 bits, for a total of 256 bits.
SHA 1 • The hash function consist of 80 rounds • Which is divided into four stages of 20 rounds. • details of the SHA-1 algorithm: • Input • Padding • Initialization • Message digest Calculation • Output
Sha-1 • The message is padded by appending a 1, followed by enough 0s until the message is 448 bits. The length of the message represented by 64 bits is then added to the end, producing a message that is 512 bits long: • The padded input obtained above, M, is then divided into 512-bit chunks, and each chunk is further divided into sixteen 32-bit words, W0​…W15​. • initialize five random strings of hex characters that will serve as part of the hash function: H0​=67DE2A01 H1=BB03E28C H2=011EF1DC h3=9293E9E2 h4=CDEF23A9.​
Sha-1 • For each chunk, begin the 80 iterations, i, necessary for hashing (80 is the determined number for SHA-1), and execute the following steps on each chunk, Mn​: • For iterations 16 through 79, where 16≤i≤79, perform the following operation: W(i)=S1(W(i−3)⊕W(i−8)⊕W(i−14)⊕W(i−16))
Sha-1 F (logical functions ) A sequence of logical functions are used in SHA-1, depending on the value of i, where 0 ≤ i ≤ 79, and on three 32-bit words B, C, and D, in order to produce a 32-bit output. f(i;B,C,D) = (B ∧ C)∨((¬B)∧D) for 0 ≥ i ≥ 19 f(i;B,C,D) = B ⊕ C ⊕ D for 20 ≥ i ≥ 39 f(i;B,C,D) = (B ∧ C) ∨ (B ∧ D)∨ (C ∧ D) for 40 ≥ i ≥ 59 f(i;B,C,D) = B⊕ C ⊕ D for 60 ≥ i ≥ 79
Sha-1 𝐾𝐾𝑡𝑡 (constant words) a sequence of constant words, shown in hex below, is used in the formulas: K(i) = 5A827999 for 0 ≥ i ≥ 19 K(i) = 6ED9EBA1 for 20 ≥ i ≥ 39 K(i) = 8F1BBCDC for 40 ≥ i ≥ 59 K(i) = CA62C1D6 for 60 ≥ i ≥ 79
Sha-1 Circular Shift Operation (<<<): Now, the circular shift operation 𝑆𝑆𝑛𝑛(𝑋𝑋) on the word X by n bits, n being an integer between 0 and 32, is defined by = ( X ≪ n ) OR ( X ≫ 32 − n ) where X << n is the left-shift operation, obtained by discarding the leftmost n bits of X and padding the result with n zeroes on the right. X>>32−n is the right-shift operation obtained by discarding the rightmost n bits of X and padding the result with n zeroes on the left. Thus 𝑆𝑆𝑛𝑛(X) is equivalent to a circular shift of X by n positions, and in this case the circular left-shift is used.
Sha-1 Output: • Perform 80 rounds of operations on the words W[0] to W[79]. • In each round, the temporary variables are updated based on a combination of logical functions (bitwise operations) and bitwise rotations. • After 80 rounds, the final values of A, B, C, D, and E represent the message digest. • The message digest generated by SHA-1 is a 160-bit (20-byte) hash value.
HMAC • HMAC is a cryptographic method that guarantees the integrity of the message between two parties. • HMAC algorithm consists of a secret key and a hash function. • The secret key is a unique piece of information or a string of characters. It is known both by the sender and the receiver of the message. • The hash function is a mapping algorithm that converts one sequence to another sequence.
HMAC • HMAC provides the following security properties: • Data Integrity: Any modification to the message or the secret key will result in a different HMAC value, allowing the receiver to detect tampering. • Authenticity: The possession of the secret key is necessary to generate a valid HMAC, ensuring that only authorized parties can generate and verify the HMAC.
HMAC • Using key K (0 < K < b), K+ is generated by padding 0’s on left side of key K until length becomes b bits. • b bits is the block size of plain text. • There are two predefined padding bits called ipad and opad. • ipad - 00110110 • opad - 01011100
HMAC 1. Select K. 2. If K < b, pad 0’s on left until k=b. K is between 0 and b ( 0 < K < b ) 3. EXOR K+ with ipad equivalent to b bits producing S1 bits. 4. Append S1 with plain text M 5. Apply SHA-512 on ( S1 || M ) 6. Pad n-bits until length is equal to b-bits 7. EXOR K+ with opad equivalent to b bits producing S2 bits. 8. Append S2 with output of step 5. 9. Apply SHA-512 on step 7 to output n-bit hash code.
HMAC • Advantages • HMACs are ideal for high-performance systems like routers due to the use of hash functions which are calculated and verified quickly unlike the public key systems. • Digital signatures are larger than HMACs, yet the HMACs provide comparably higher security. • HMACs are used in administrations where public key systems are prohibited. • Disadvantages • HMACs uses shared key which may lead to non-repudiation. If either sender or receiver’s key is compromised then it will be easy for attackers to create unauthorized messages.
Digital Signatures • Digital signatures use asymmetric cryptography to provide message authentication. • The sender uses their private key to sign the message, creating a digital signature. • The receiver can verify the signature using the sender's public key. • If the signature is valid, it guarantees the integrity and authenticity of the message.
Digital Signatures
Digital Signatures
Digital Signatures The following points explain the entire process in detail − • Each person adopting this scheme has a public-private key pair. • Generally, the key pairs used for encryption/decryption and signing/verifying are different. The private key used for signing is referred to as the signature key and the public key as the verification key. • Signer feeds data to the hash function and generates hash of data. • Hash value and signature key are then fed to the signature algorithm which produces the digital signature on given hash. Signature is appended to the data and then both are sent to the verifier. • Verifier feeds the digital signature and the verification key into the verification algorithm. The verification algorithm gives some value as output. • Verifier also runs same hash function on received data to generate hash value. • For verification, this hash value and output of verification algorithm are compared. Based on the comparison result, verifier decides whether the digital signature is valid. • Since digital signature is created by ‘private’ key of signer and no one else can have this key; the signer cannot repudiate signing the data in future.
Importance of Digital Signature • Message authentication • When the verifier validates the digital signature using public key of a sender, he is assured that signature has been created only by sender who possess the corresponding secret private key and no one else. • Data Integrity: • In case an attacker has access to the data and modifies it, the digital signature verification at receiver end fails. The hash of modified data and the output provided by the verification algorithm will not match. Hence, receiver can safely deny the message assuming that data integrity has been breached. • Non-repudiation: • Since it is assumed that only the signer has the knowledge of the signature key, he can only create unique signature on a given data. Thus the receiver can present data and the digital signature to a third party as evidence if any dispute arises in the future
Thank You

More Related Content

PPTX
MD5
byrokham khawaja
 
PPTX
Cryptographic hash function md5
byKhulna University, Khulna, Bangladesh
 
PPTX
MD5 ALGORITHM.pptx
byRajapriya82
 
PPTX
Module 2onblockchain technologies 2.pptx
byshruthig40
 
PPT
ENGG_CSE_III_YEAR_Message_Digest_MD_5.ppt
bySakethBhargavaRallap
 
PPT
introduction to MD5 Massage Digest Algorithm.ppt
bymadlord2
 
PDF
Hashing Algorithm: MD5
byijsrd.com
 
PPT
An Introduction to Hashing: A basic understanding
byprabhatv1
 
MD5
byrokham khawaja
 
Cryptographic hash function md5
byKhulna University, Khulna, Bangladesh
 
MD5 ALGORITHM.pptx
byRajapriya82
 
Module 2onblockchain technologies 2.pptx
byshruthig40
 
ENGG_CSE_III_YEAR_Message_Digest_MD_5.ppt
bySakethBhargavaRallap
 
introduction to MD5 Massage Digest Algorithm.ppt
bymadlord2
 
Hashing Algorithm: MD5
byijsrd.com
 
An Introduction to Hashing: A basic understanding
byprabhatv1
 

Similar to Unit-3.pdf

PPTX
Message Digest message digest ppttsx.pptx
byLaxmipujaBiradar
 
PDF
An Enhanced Message Digest Hash Algorithm for Information Security
bypaperpublications3
 
PPTX
Basic explanation to md5 implementation in C
bySourav Punoriyar
 
PDF
A technical writing on cryptographic hash function md5
byKhulna University, Khulna, Bangladesh
 
PPTX
Cryptography and network_security
byJanani Satheshkumar
 
PPT
Hash Function & Analysis
byPawandeep Kaur
 
PDF
Cns
byArthyR3
 
PDF
Message Digest : MD5 algorithm, SHA-1 algorithm
byDr. Madhuri Jawale
 
PDF
CNS__M4_MD5 Crypto graphyCNS__M4_MD5 Crypto graphyCNS__M4_MD5 Crypto graphy
bymovocode
 
PPTX
Hash Techniques in Cryptography
byBasudev Saha
 
PPTX
Message digest 5
byTirthika Bandi
 
PDF
Cs8792 cns - unit iv
byArthyR3
 
PDF
Cs8792 cns - unit iv
byArthyR3
 
PDF
A Comparative Analysis between SHA and MD5 algorithms
byEr Piyush Gupta IN ⊞⌘
 
PDF
A Comparative Study between RSA and MD5 algorithms
byEr Piyush Gupta IN ⊞⌘
 
PPTX
chapter three 3-part II-1lecture slide.pptx
bymeharikiros2
 
PPT
Chapter 7-Hash-Function in Cryptography.ppt
byKrishnenduRarhi
 
PPTX
Network Security Unit-2 topic Part-2.pptx
byharshalipics
 
PPTX
Message Authentication using Message Digests and the MD5 Algorithm
byAjay Karri
 
PDF
MD-5 : Algorithm
bySahil Kureel
 
Message Digest message digest ppttsx.pptx
byLaxmipujaBiradar
 
An Enhanced Message Digest Hash Algorithm for Information Security
bypaperpublications3
 
Basic explanation to md5 implementation in C
bySourav Punoriyar
 
A technical writing on cryptographic hash function md5
byKhulna University, Khulna, Bangladesh
 
Cryptography and network_security
byJanani Satheshkumar
 
Hash Function & Analysis
byPawandeep Kaur
 
Cns
byArthyR3
 
Message Digest : MD5 algorithm, SHA-1 algorithm
byDr. Madhuri Jawale
 
CNS__M4_MD5 Crypto graphyCNS__M4_MD5 Crypto graphyCNS__M4_MD5 Crypto graphy
bymovocode
 
Hash Techniques in Cryptography
byBasudev Saha
 
Message digest 5
byTirthika Bandi
 
Cs8792 cns - unit iv
byArthyR3
 
Cs8792 cns - unit iv
byArthyR3
 
A Comparative Analysis between SHA and MD5 algorithms
byEr Piyush Gupta IN ⊞⌘
 
A Comparative Study between RSA and MD5 algorithms
byEr Piyush Gupta IN ⊞⌘
 
chapter three 3-part II-1lecture slide.pptx
bymeharikiros2
 
Chapter 7-Hash-Function in Cryptography.ppt
byKrishnenduRarhi
 
Network Security Unit-2 topic Part-2.pptx
byharshalipics
 
Message Authentication using Message Digests and the MD5 Algorithm
byAjay Karri
 
MD-5 : Algorithm
bySahil Kureel
 

Recently uploaded

PPTX
2025-2026 History in your Hands Class 4 December 2025 January 2026 .pptx
byEilsONeill
 
DOCX
Mobile applications Devlopment ReTest year 2025-2026
byDr. Mazin Mohamed alkathiri
 
PDF
BỘ TEST KIỂM TRA CUỐI HỌC KÌ 1 - TIẾNG ANH 6-7-8-9 GLOBAL SUCCESS - PHIÊN BẢN...
byNguyen Thanh Tu Collection
 
PPTX
Accounting Skills Paper-II (Registers of PACs and Credit Co-operative Societies)
byDr. Sushil Bansode
 
PPTX
The Art Pastor's Guide to the Liturgical Calendar
bySteve Thomason
 
PPTX
Pig- piggy bank in Big Data Analytics.ppt.pptx
byVarshini M
 
PPTX
How to Manage Line Discounts in Odoo 18 POS
byCeline George
 
PPTX
The Cell & Cell Cycle-detailed structure and function of organelles.pptx
byAshish Umale
 
PDF
Current Electricity for first year physiotherapy
byGanesh Jadhav
 
PPTX
How to use search_read method in Odoo 18
byCeline George
 
PDF
All Students Workshop 25 Yoga Wellness by LDMMIA
by©LDMMIA, ©Reiki Yoga
 
PDF
The Tale of Melon City poem ppt by Sahasra
bybitrasahasra
 
PDF
IMANI Africa files RTI request seeking full disclosure on 2026 SIM registrati...
bynservice241
 
PDF
Ketogenic diet in Epilepsy in children..
bymirzasania0810
 
PPTX
Details of Muscular-and-Nervous-Tissues.pptx
byAshish Umale
 
PDF
UKSG Forum 2025 - They asked for everything - The Case of the Systematic Revi...
byUKSG: connecting the knowledge community
 
PPTX
How to Manage Reception Report in Odoo 18 Inventory
byCeline George
 
PPTX
Rectal Surgery in Senior Citiizens .pptx
byJohn Thanakumar
 
PPTX
Campfens "The Data Qualify Challenge: Publishers, institutions, and funders r...
byNational Information Standards Organization (NISO)
 
PDF
APM Wessex Network: DEIB Policy into Practice
byAssociation for Project Management
 
2025-2026 History in your Hands Class 4 December 2025 January 2026 .pptx
byEilsONeill
 
Mobile applications Devlopment ReTest year 2025-2026
byDr. Mazin Mohamed alkathiri
 
BỘ TEST KIỂM TRA CUỐI HỌC KÌ 1 - TIẾNG ANH 6-7-8-9 GLOBAL SUCCESS - PHIÊN BẢN...
byNguyen Thanh Tu Collection
 
Accounting Skills Paper-II (Registers of PACs and Credit Co-operative Societies)
byDr. Sushil Bansode
 
The Art Pastor's Guide to the Liturgical Calendar
bySteve Thomason
 
Pig- piggy bank in Big Data Analytics.ppt.pptx
byVarshini M
 
How to Manage Line Discounts in Odoo 18 POS
byCeline George
 
The Cell & Cell Cycle-detailed structure and function of organelles.pptx
byAshish Umale
 
Current Electricity for first year physiotherapy
byGanesh Jadhav
 
How to use search_read method in Odoo 18
byCeline George
 
All Students Workshop 25 Yoga Wellness by LDMMIA
by©LDMMIA, ©Reiki Yoga
 
The Tale of Melon City poem ppt by Sahasra
bybitrasahasra
 
IMANI Africa files RTI request seeking full disclosure on 2026 SIM registrati...
bynservice241
 
Ketogenic diet in Epilepsy in children..
bymirzasania0810
 
Details of Muscular-and-Nervous-Tissues.pptx
byAshish Umale
 
UKSG Forum 2025 - They asked for everything - The Case of the Systematic Revi...
byUKSG: connecting the knowledge community
 
How to Manage Reception Report in Odoo 18 Inventory
byCeline George
 
Rectal Surgery in Senior Citiizens .pptx
byJohn Thanakumar
 
Campfens "The Data Qualify Challenge: Publishers, institutions, and funders r...
byNational Information Standards Organization (NISO)
 
APM Wessex Network: DEIB Policy into Practice
byAssociation for Project Management
 

Unit-3.pdf

  • 1.
  • 2.
    Contents • Message Authentication •Hash Functions • Message Digests: MD4 and MD5 • Secure Hash Algorithms: SHA-1 • HMAC • Digital Signatures
  • 3.
    Message Authentication • Messageauthentication is another form of security. • Similar to data encryption to ensure data confidentiality, the message authentication data security feature: • Provides services to ensure the integrity of data. • Provides end-to-end protection of data, which does not require support from intermediate nodes. • Message authentication can be achieved using cryptographic methods which further make use of keys.
  • 4.
    Message Authentication Codes •MAC algorithm is a symmetric key cryptographic technique to provide message authentication. • For establishing MAC process, the sender and receiver share a symmetric key K. • Essentially, a MAC is an encrypted checksum generated on the underlying message that is sent along with a message to ensure message authentication.
  • 5.
  • 6.
    Message Authentication Codes •The sender uses some publicly known MAC algorithm, inputs the message and the secret key K and produces a MAC value. • The sender forwards the message along with the MAC. • On receipt of the message and the MAC, the receiver feeds the received message and the shared secret key K into the MAC algorithm and re-computes the MAC value. • The receiver now checks equality of freshly computed MAC with the MAC received from the sender. • If they match, then the receiver accepts the message otherwise message is consider as not genuine.
  • 7.
    Hash Functions • Hashfunctions are one-way functions that take an input (message) and produce a fixed-size output (hash value). • By applying a hash function to a message, a sender can create a digest or checksum of the message. • The receiver can then independently compute the hash of the received message and compare it with the sender's hash to verify if the message has been altered.
  • 8.
  • 9.
    Hash Functions • Thetypical features of hash functions are − • Fixed Length Output (Hash Value) • Hash function coverts data of arbitrary length to a fixed length. This process is often referred to as hashing the data. • In general, the hash is much smaller than the input data, hence hash functions are sometimes called compression functions. • Since a hash is a smaller representation of a larger data, it is also referred to as a digest. • Hash function with n bit output is referred to as an n-bit hash function. Popular hash functions generate values between 160 and 512 bits. • Efficiency of Operation • Generally for any hash function h with input x, computation of h(x) is a fast operation. • Computationally hash functions are much faster than a symmetric encryption.
  • 10.
    Message Digest • MDstands for Message Digest, and it is often followed by a number to denote a specific algorithm. • These hash functions take an input message of any length and produce a fixed-size output, often referred to as the digest or hash value. • The most well-known algorithms in the MD family are MD2, MD4, MD5, and MD6. • However, MD2 and MD4 are considered to be weak and have been largely replaced by more secure hash functions.
  • 11.
    Message Digest 4 •MD4 hash function which digests an arbitrary length message to 128 bits • Initialization: Given a message 𝑚𝑚0𝑚𝑚1𝑚𝑚2……………… 𝑚𝑚𝑏𝑏−1(b-bit); Step 1: append padding bits and get 𝑚𝑚0𝑚𝑚1𝑚𝑚2……………… 𝑚𝑚𝑏𝑏−1 10...0 ( b' bits , b' ≡ 448 mod 512); Step 2: append 64 bits and get 𝑚𝑚0𝑚𝑚1𝑚𝑚2……………… 𝑚𝑚𝑏𝑏−1 10...0 𝑏𝑏0𝑏𝑏1𝑏𝑏2……………… 𝑏𝑏63 (𝑏𝑏0𝑏𝑏1𝑏𝑏2……………… 𝑏𝑏63) is the 64-bit representation of b ); Step 3: divide it to N words as 𝑚𝑚0𝑚𝑚1𝑚𝑚2……………… 𝑚𝑚𝑁𝑁−1 (N is a multiple of 16); Step 4: Initialize 4 MD buffers A, B, C, D, each of them is a 32-bit register, word A: 01 23 45 67 word B: 89 ab cd ef word C: fe dc ba 98 word D: 76 54 32 10 and save as A°, B°, C°, D°
  • 12.
    Message Digest 4 Processing48 rounds 16 rounds F(B, C, D) =BC V ( neg B)D // V -> Disjunction/ OR Operation i = 0 ,1.....15 𝑘𝑘𝑖𝑖= 0 s = 3, 7, 11, 19, 3, 7, 11, 19, 3, 7, 11, 19 16 rounds F(B, C, D) =BC V BD V CD i = 0, 4, 8, 12, 1, 5, 9, 13, 2, 6, 10, 14, 3, 7, 11, 15 𝑘𝑘𝑖𝑖 =5A827999 s = 3, 5, 9, 13, 3, 5, 9, 13, 3, 5, 9, 13, 3, 5, 9, 13 16 rounds F(B, C, D) = B ⊕ C ⊕ D i = 0, 8, 4, 12, 2, 10, 6, 14, 1, 9, 5, 13, 3, 11, 7, 15 𝑘𝑘𝑖𝑖 = 6ED9EBA1 s = 3, 9, 11, 15, 3, 9, 11, 15, 3, 9, 11, 15, 3, 9, 11, 15 Compute A = A + A° B = B + B° C = C + C° D= D + D° and output A B C D as the result
  • 13.
    Message Digest 4 itconsists in 5 steps that are as follow: 1. Append Padding bits 2. Append Length 3. Initialize MD buffer 4. Process the message in 16-Word blocks 5. Output
  • 14.
    Message Digest 4 1.Append Padding bits: • The message is expanded so that its length in bits modulo 512 is 448. Thus, as a result of the expansion, the message lacks 64 bits to a length that is a multiple of 512 bits. • The expansion is done as follows: one bit equal to 1 is added to the message, and then bits equal to 0 are added until the length of the message is 448 modulo 512. • In the end, at least 1 bit is added to the message, and as a maximum of 512
  • 15.
    Message Digest 4 2.Adding the length • The 64-bit representation of b is added to the result of the previous step. • In the unlikely event that b is greater than 2 to the 64th power, only the least significant 64 bits are used. • These bits are added as two 32-bit words, and the word containing the least significant bits is appended first. • At this stage (after adding the bits and the message length), we get a message that is a multiple of 512 bits. It is equivalent to the message being a multiple of 16 32-bit words.
  • 16.
    Message Digest 4 3.Initializing the MD buffer: • To calculate the message hash buffer consisting of 4 words (A, B, C, D) (32-bit registers) is used. • These registers are initialized with the following hexadecimal numbers (LSB first): word A: 01 23 45 67; word B: 89 ab cd ef; word C: fe dc ba 98; word D: 76 54 32 10.
  • 17.
    Message Digest 4 4.Process the message in 16-Word blocks: • let’s define three auxiliary functions, each of which receives three 32-bit words as input and calculates one 32-bit word from them. • For each bit position, F acts as a conditional expression: if X, then Y; otherwise Z. The function F could have been defined using instead of V since XY and XZ cannot equal 1, at the same time. • G acts on each bit position as a function of the maximum value. If at least two words of X, Y, and Z have corresponding bits equal to 1 then G will output a 1 in that bit. Otherwise, G will output a bit equal to 0. • It is interesting to note that if the X, Y, and Z bits are statistically independent, then the F (X, Y, Z) and G (X, Y, Z) bits will also be statistically independent. Function H implements bitwise xor and has the same property as F and G.
  • 18.
    Message Digest 4 4.Output: • The result (hash function) is obtained as ABCD. • It means we write out 128 bits, starting with the least significant bit of A and ending with the most significant bit of D.
  • 19.
    Message Digest 5 •MD5 (Message Digest Method 5) is a cryptographic hash algorithm used to generate a 128-bit digest from a string of any length. • It represents the digests as 32 digit hexadecimal numbers. • The digest size is always 128 bits, and thanks to hashing function guidelines, a minor change in the input string generate a drastically different digest. • This is essential to prevent similar hash generation as much as possible, also known as a hash collision.
  • 20.
    Message Digest 5 Stepsin MD5 Algorithm • Padding Bits • When you receive the input string, you have to make sure the size is 64 bits short of a multiple of 512. • When it comes to padding the bits, you must add one(1) first, followed by zeroes to round out the extra characters.
  • 21.
    Message Digest 5 Stepsin MD5 Algorithm • Padding Length: • You need to add a few more characters to make your final string a multiple of 512. • To do so, take the length of the initial input and express it in the form of 64 bits. • On combining the two, the final string is ready to be hashed.
  • 22.
    Message Digest 5 Stepsin MD5 Algorithm • Initialize MD Buffer: • The entire string is converted into multiple blocks of 512 bits each. • You also need to initialize four different buffers, namely A, B, C, and D. • These buffers are 32 bits each and are initialized as follows: A = 01 23 45 67 B = 89 ab cd ef C = fe dc ba 98 D = 76 54 32 10
  • 23.
    Message Digest 5 Stepsin MD5 Algorithm • Process Each Block: • Each 512-bit block gets broken down further into 16 sub-blocks of 32 bits each. There are four rounds of operations, with each round utilizing all the sub-blocks, the buffers, and a constant array value. • It perform 64 rounds. • This constant array can be denoted as T[1] -> T[64]. • Each of the sub-blocks are denoted as M[0] -> M[15].
  • 24.
    Message Digest 5 Stepsin MD5 Algorithm • Process Each Block: • It passes B, C, and D onto a non-linear process. • The result is added with the value present at A. • It adds the sub-block value to the result above. • Then, it adds the constant value for that particular iteration. • There is a circular shift applied to the string. • As a final step, it adds the value of B to the string and is stored in buffer A. • The steps mentioned above are run for every buffer and every sub-block. When the last block’s final buffer is complete, you will receive the MD5 digest.
  • 25.
    Message Digest 5 Stepsin MD5 Algorithm • Process Each Block: • The non-linear process above is different for each round of the sub-block. • Round 1: (b AND c) OR ((NOT b) AND (d)) • Round 2: (b AND d) OR (c AND (NOT d)) • Round 3: b XOR c XOR d • Round 4: c XOR (b OR (NOT d))
  • 26.
    Message Digest 5 Stepsin MD5 Algorithm • Process Each Block: • Each round has a repeating sequence of 4 shift amounts (s in [abcd k s i]) : • 7, 12, 17 and 22 for the round 1 • 5, 9, 14 and 20 for the round 2 • 4, 11, 16 and 23 for the round 3 • 6, 10, 15 and 21 for the round 4
  • 27.
    Message Digest 5 Advantageof MD5 Algorithm • Easy to Compare: • Unlike the latest hash algorithm families, a 32 digit digest is relatively easier to compare when verifying the digests. • Storing Passwords: • Passwords need not be stored in plaintext format, making them accessible for hackers and malicious actors. When using digests, the database also gets a boost since the size of all hash values will be the same. • Low Resource: • A relatively low memory footprint is necessary to integrate multiple services into the same framework without a CPU overhead. • Integrity Check: • You can monitor file corruption by comparing hash values before and after transit. Once the hashes match, file integrity checks are valid, and it avoids data corruption.
  • 28.
    SHA-1 • Secure HashAlgorithm 1, or SHA-1, was developed in 1993 by the U.S. government's standards agency National Institute of Standards and Technology (NIST). • It is widely used in security applications and protocols, including TLS, SSL, PGP, SSH, IPsec, and S/MIME. • SHA-1 works by feeding a message as a bit string of length less than 264 bits, and producing a 160-bit hash value known as a message digest. • There are two methods to encrypt messages using SHA-1. Although one of the methods saves the processing of sixty-four 32-bit words, it is more complex and time-consuming to execute. • At the end of the execution, the algorithm outputs blocks of 16 words, where each word is made up of 16 bits, for a total of 256 bits.
  • 29.
    SHA 1 • Thehash function consist of 80 rounds • Which is divided into four stages of 20 rounds. • details of the SHA-1 algorithm: • Input • Padding • Initialization • Message digest Calculation • Output
  • 30.
    Sha-1 • The messageis padded by appending a 1, followed by enough 0s until the message is 448 bits. The length of the message represented by 64 bits is then added to the end, producing a message that is 512 bits long: • The padded input obtained above, M, is then divided into 512-bit chunks, and each chunk is further divided into sixteen 32-bit words, W0​…W15​. • initialize five random strings of hex characters that will serve as part of the hash function: H0​=67DE2A01 H1=BB03E28C H2=011EF1DC h3=9293E9E2 h4=CDEF23A9.​
  • 31.
    Sha-1 • For eachchunk, begin the 80 iterations, i, necessary for hashing (80 is the determined number for SHA-1), and execute the following steps on each chunk, Mn​: • For iterations 16 through 79, where 16≤i≤79, perform the following operation: W(i)=S1(W(i−3)⊕W(i−8)⊕W(i−14)⊕W(i−16))
  • 32.
    Sha-1 F (logical functions) A sequence of logical functions are used in SHA-1, depending on the value of i, where 0 ≤ i ≤ 79, and on three 32-bit words B, C, and D, in order to produce a 32-bit output. f(i;B,C,D) = (B ∧ C)∨((¬B)∧D) for 0 ≥ i ≥ 19 f(i;B,C,D) = B ⊕ C ⊕ D for 20 ≥ i ≥ 39 f(i;B,C,D) = (B ∧ C) ∨ (B ∧ D)∨ (C ∧ D) for 40 ≥ i ≥ 59 f(i;B,C,D) = B⊕ C ⊕ D for 60 ≥ i ≥ 79
  • 33.
    Sha-1 𝐾𝐾𝑡𝑡 (constant words) asequence of constant words, shown in hex below, is used in the formulas: K(i) = 5A827999 for 0 ≥ i ≥ 19 K(i) = 6ED9EBA1 for 20 ≥ i ≥ 39 K(i) = 8F1BBCDC for 40 ≥ i ≥ 59 K(i) = CA62C1D6 for 60 ≥ i ≥ 79
  • 34.
    Sha-1 Circular Shift Operation(<<<): Now, the circular shift operation 𝑆𝑆𝑛𝑛(𝑋𝑋) on the word X by n bits, n being an integer between 0 and 32, is defined by = ( X ≪ n ) OR ( X ≫ 32 − n ) where X << n is the left-shift operation, obtained by discarding the leftmost n bits of X and padding the result with n zeroes on the right. X>>32−n is the right-shift operation obtained by discarding the rightmost n bits of X and padding the result with n zeroes on the left. Thus 𝑆𝑆𝑛𝑛(X) is equivalent to a circular shift of X by n positions, and in this case the circular left-shift is used.
  • 35.
    Sha-1 Output: • Perform 80rounds of operations on the words W[0] to W[79]. • In each round, the temporary variables are updated based on a combination of logical functions (bitwise operations) and bitwise rotations. • After 80 rounds, the final values of A, B, C, D, and E represent the message digest. • The message digest generated by SHA-1 is a 160-bit (20-byte) hash value.
  • 36.
    HMAC • HMAC isa cryptographic method that guarantees the integrity of the message between two parties. • HMAC algorithm consists of a secret key and a hash function. • The secret key is a unique piece of information or a string of characters. It is known both by the sender and the receiver of the message. • The hash function is a mapping algorithm that converts one sequence to another sequence.
  • 37.
    HMAC • HMAC providesthe following security properties: • Data Integrity: Any modification to the message or the secret key will result in a different HMAC value, allowing the receiver to detect tampering. • Authenticity: The possession of the secret key is necessary to generate a valid HMAC, ensuring that only authorized parties can generate and verify the HMAC.
  • 38.
    HMAC • Using keyK (0 < K < b), K+ is generated by padding 0’s on left side of key K until length becomes b bits. • b bits is the block size of plain text. • There are two predefined padding bits called ipad and opad. • ipad - 00110110 • opad - 01011100
  • 39.
    HMAC 1. Select K. 2.If K < b, pad 0’s on left until k=b. K is between 0 and b ( 0 < K < b ) 3. EXOR K+ with ipad equivalent to b bits producing S1 bits. 4. Append S1 with plain text M 5. Apply SHA-512 on ( S1 || M ) 6. Pad n-bits until length is equal to b-bits 7. EXOR K+ with opad equivalent to b bits producing S2 bits. 8. Append S2 with output of step 5. 9. Apply SHA-512 on step 7 to output n-bit hash code.
  • 40.
    HMAC • Advantages • HMACsare ideal for high-performance systems like routers due to the use of hash functions which are calculated and verified quickly unlike the public key systems. • Digital signatures are larger than HMACs, yet the HMACs provide comparably higher security. • HMACs are used in administrations where public key systems are prohibited. • Disadvantages • HMACs uses shared key which may lead to non-repudiation. If either sender or receiver’s key is compromised then it will be easy for attackers to create unauthorized messages.
  • 41.
    Digital Signatures • Digitalsignatures use asymmetric cryptography to provide message authentication. • The sender uses their private key to sign the message, creating a digital signature. • The receiver can verify the signature using the sender's public key. • If the signature is valid, it guarantees the integrity and authenticity of the message.
  • 42.
  • 43.
  • 44.
    Digital Signatures The followingpoints explain the entire process in detail − • Each person adopting this scheme has a public-private key pair. • Generally, the key pairs used for encryption/decryption and signing/verifying are different. The private key used for signing is referred to as the signature key and the public key as the verification key. • Signer feeds data to the hash function and generates hash of data. • Hash value and signature key are then fed to the signature algorithm which produces the digital signature on given hash. Signature is appended to the data and then both are sent to the verifier. • Verifier feeds the digital signature and the verification key into the verification algorithm. The verification algorithm gives some value as output. • Verifier also runs same hash function on received data to generate hash value. • For verification, this hash value and output of verification algorithm are compared. Based on the comparison result, verifier decides whether the digital signature is valid. • Since digital signature is created by ‘private’ key of signer and no one else can have this key; the signer cannot repudiate signing the data in future.
  • 45.
    Importance of DigitalSignature • Message authentication • When the verifier validates the digital signature using public key of a sender, he is assured that signature has been created only by sender who possess the corresponding secret private key and no one else. • Data Integrity: • In case an attacker has access to the data and modifies it, the digital signature verification at receiver end fails. The hash of modified data and the output provided by the verification algorithm will not match. Hence, receiver can safely deny the message assuming that data integrity has been breached. • Non-repudiation: • Since it is assumed that only the signer has the knowledge of the signature key, he can only create unique signature on a given data. Thus the receiver can present data and the digital signature to a third party as evidence if any dispute arises in the future
  • 46.