Scribd
Upload
30 views23 pages

Chapter 2

Uploaded by

mulugeta haile
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
30 views23 pages

Chapter 2

Uploaded by

mulugeta haile
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 23

Cryptography and Network security

Chapter - 3
Hash Functions and Message
Authentication

1
Message Authentication and Hash
Functions
 Authentication Requirements
 Authentication Functions
 Message Authentication Codes
 Hash Functions

2
Authentication Requirements
 Kind of attacks (threats) in the context of
communications across a network
1. Disclosure
2. Traffic analysis
3. Masquerade
4. Content modification
5. Sequence modification
6. Timing modification
7. Repudiation
 Measures to deal with first two attacks:
 In the realm of message confidentiality, and are addressed
with encryption
 Measures to deal with threats 3 through 6
 Message authentication
 Measures to deal with threat 7
 Digital signature
3
Authentication Requirements
 Message authentication
A procedure to verify that messages come from
the alleged source and have not been altered
 Message authentication may also verify
sequencing and timeliness
 Digital signature
 An authentication technique that also includes
measures to counter repudiation by either
source or destination

4
Message Authentication
 Three alternative functions can be used to
produce the authenticator:
 message encryption: the entire ciphertext is used
as its authenticator
 message authentication code (MAC): a public
function of the message and a secret key that
produces a fixed-length value that serves as
authenticator
 hash function: A function that maps a message of
any length into a fixed-length hash value, which
serves as the authenticator
Message Encryption
 Message encryption by itself also provides a
measure of authentication
 if symmetric encryption is used then:
 the message must have come from the sender
because it is the only other party that possesses the
key
 the content cannot be altered if message has
suitable structure, redundancy or a checksum to
detect any changes
Authentication Functions

Basic Uses of Message Encryption

7
Public key Encryption

 (b) provides confidentiality


but not authentication;
anyone can use the public key
of B;
 (c) as for the symmetric key it
provides message
authentication (the message
must have a structure) but it
provides also digital
signature.
 (d) provides confidentiality as
well.
Authentication Functions

Ways of Providing Structure


• Append an error-detecting code (frame check
sequence (FCS)) to each message

 Internal and external checksum

9
Authentication Functions

Confidentiality and Authentication


Implications of Message Encryption

10
Hash Functions
 condenses arbitrary message to fixed size ( i.e A
hash function H accepts a variable-length block of
data M as input and produces a fixed-size hash value
h = H(M).)
 The principal object of a hash function is data
integrity.
 usually assume hash function is public.
 Hash used to detect changes to message.
want a cryptographic hash function
 computationally infeasible to find data mapping to

specific hash (one-way property)


 computationally infeasible to find two data to same

hash (collision-free property)


Hash Functions

Hash Function Requirements


1. H can be applied to any size data block
2. H produces fixed-length output
3. H(x) is relatively easy to compute for any given x
4. H is one-way, i.e., given h, it is computationally
infeasible to find any x such that h = H(x)
5. H is weakly collision resistant: given x, it is
computationally infeasible to find any y  x such
that H(x) = H(y)
6. H is strongly collision resistant: it is
computationally infeasible to find any x and y
such that H(x) = H(y)

12
Authentication Functions

Basic Uses of Hash Function

13
Authentication Functions

Basic Uses of Hash Function

14
Authentication Functions

Basic Uses of Hash Function


 Converts a variable size message M into
fixed size hash code H(M) (Sometimes
called a message digest)
 Can be used with encryption for
authentication
 E(M || H(M))
 M || E(H(M))
 M || signed H(M)
 E( M || signed H(M) ) gives confidentiality
 M || H( M || S )
 E( M || H( M || S) )

15
Authentication Functions

Basic Uses of Hash Function

16
Hash Functions

Basic Uses of Hash Function


 h = H(M)
 M is a variable-length message, h is a fixed-
length hash value, H is a hash function
 The hash value is appended at the source
 The receiver authenticates the message by
recomputing the hash value
 Because the hash function itself is not
considered to be secret, some means is
required to protect the hash value

17
Message Authentication Code (MAC)
 An alternative way to do message
authentication
 MAC is a cryptographic checksum
 fixed-sized
block
 depending on both message and some key
 like encryption though need not be reversible
 appended to message as a signature
 receiver performs same computation on
message and checks it matches the MAC
 provides assurance that message is
unaltered and comes from sender
Authentication Functions

Basic Uses of MAC

19
Authentication Functions

Basic Uses of MAC

20
Authentication Functions

Why Use MACs?


 i.e.,
why not just use encryption?
 MAC might be cheaper
 Authentication of executable codes
 Architectural flexibility
 Separation of authentication check from
message use

21
MACs

Message Authentication Codes


 MAC= CK(M)

 Key length requirements


 Sufficient key length to thwart brute force
attack

22
END

23

You might also like