Network Security

Essentials

Fifth Edition

by William Stallings
 Chapter 3
Public Key Cryptography and
Message Authentication
Every Egyptian received two names, which were known respectively as
the true name and the good name, or the great name and the little
name; and while the good or little name was made public, the true
or great name appears to have been carefully concealed.
—The Golden Bough, Sir James George Frazer

To guard against the baneful influence exerted by strangers is therefore

an elementary dictate of savage prudence. Hence before strangers
are allowed to enter a district, or at least before they are permitted to
mingle freely with the inhabitants, certain ceremonies are often
performed by the natives of the country for the purpose of disarming
the strangers of their magical powers, or of disinfecting, so to speak,
the tainted atmosphere by which they are supposed to be surrounded.

—The Golden Bough, Sir James George Frazer

 Approaches to Message
Authentication
Using conventional Without message
encryption encryption
• Symmetric encryption alone is not a
suitable tool for data authentication • An authentication tag is generated
and appended to each message for
• We assume that only the sender and transmission
receiver share a key, so only the
genuine sender would be able to
• The message itself is not encrypted
encrypt a message successfully
and can be read at the destination
• The receiver assumes that no independent of the authentication
alterations have been made and that function at the destination
sequencing is proper if the message
includes an error detection code and • Because the message is not
a sequence number encrypted, message confidentiality
• If the message includes a is not provided
timestamp, the receiver assumes
that the message has not been
delayed beyond that normally
expected for network transit
 One-way Hash Functions
• Accepts a variable-size message M as input and produces
a fixed-size message digest H(M) as output
• Does not take a secret key as input

• To authenticate a message, the message digest is sent with

the message in such a way that the message digest is
authentic
 Secure Hash Functions
• Is important not only
in message
authentication but in
digital signatures
• Purpose is to produce
a “fingerprint” of a
file, message, or other
block of data
• To be useful for
message
authentication, a hash
function H must have
the following
properties:
 Security of Hash Functions
• There are two approaches to attacking a secure hash
function:
• Cryptanalysis
• Involves exploiting logical weaknesses in the algorithm
• Brute-force attack
• The strength of a hash function against this attack depends
solely on the length of the hash code produced by the algorithm
The sha Secure Hash function
• SHA was developed by NIST and published as a federal
information processing standard (FIPS 180) in 1993
• Was revised in 1995 as SHA-1 and published as FIPS 180-1
• The actual standards document is entitled “Secure Hash Standard”

• Based on the hash function MD4 and its design closely models
MD4
• Produces 160-bit hash values

• In 2005 NIST announced the intention to phase out approval of

SHA-1 and move to a reliance on SHA-2 by 2010
 Table 3.1
Comparison of SHA Parameters

Note: All sizes are measured in bits.

Sha-3
 HMAC
• There has been an increased interest in developing a MAC derived from
a cryptographic hash code, such as SHA-1
• Cryptographic hash functions generally execute faster in software than
conventional encryption algorithms such as DES
• Library code for cryptographic hash functions is widely available
• A hash function such as SHA-1 was not designed for use as a MAC and
cannot be used directly for that purpose because it does not rely on a secret
key

• There have been a number of proposals for the incorporation of a secret

key into an existing hash algorithm
• The approach that has received the most support is HMAC
 HMAC Design Objectives
• To use, without modifications, available hash functions --- in
particular, hash functions that perform well in software, and for
which code is freely and widely available
• To allow for easy replaceability of the embedded hash function in
case faster or more secure hash functions are found or required
• To preserve the original performance of the hash function
without incurring a significant degradation
• To use and handle keys in a simple way

• To have a well understood cryptographic analysis of the strength

of the authentication mechanism based on reasonable
assumptions on the embedded hash function
 Counter with Cipher Block Chaining-Message
Authentication Code (CCM)
• NIST standard SP 800-38C

• Referred to as an
authenticated encryption
mode
• “Authenticated
encryption” is a term used
to describe encryption
systems that
simultaneously protect
confidentiality and
authenticity of
communications

• A single key is used for

both encryption and MAC
algorithms
 Public-Key
encryption structure
• First publicly proposed by Diffie and Hellman in 1976

• Based on mathematical functions rather than on simple

operations on bit patterns
• Is asymmetric, involving the use of two separate keys
 Applications for
public-key cryptosystems
• Public-key systems are characterized by the use of a
cryptographic type of algorithm with two keys, one held
private and one available publicly
• Depending on the application, the sender uses either the
sender’s private key, the receiver’s public key, or both to
perform some type of cryptographic function
 Table 3.2
applications for public-key cryptosystems
Diffie-Hellman Key Exchange
• First published public-key algorithm

• A number of commercial products employ this key

exchange technique
• Purpose of the algorithm is to enable two users to
exchange a secret key securely that then can be used for
subsequent encryption of messages
• The algorithm itself is limited to the exchange of the keys

• Depends for its effectiveness on the difficulty of

computing discrete logarithms
Digital Signature standard (DSS)
• FIPS PUB 186

• Makes use of the SHA-1 and presents a new digital

signature technique, the Digital Signature Algorithm (DSA)
• Originally proposed in 1991 and revised in 1993 and again
in 1996
• Uses an algorithm that is designed to provide only the
digital signature function
• Unlike RSA, it cannot be used for encryption or key
exchange
 Elliptic-curve cryptology
(ECC)
• Technique is based on the use of a mathematical construct
known as the elliptic curve
• Principal attraction of ECC compared to RSA is that it
appears to offer equal security for a far smaller bit size,
thereby reducing processing overhead
• The confidence level in ECC is not yet as high as that in
RSA
 Summary
• Approaches to message • Message authentication codes
authentication • HMAC
• Authentication using • MACs based on block ciphers
conventional encryption
• Public-key cryptography principles
• Message authentication • Public-key encryption structure
without message encryption
• Applications for public-key
cryptosystems
• Secure hash functions
• Requirements for public-key
• Hash function requirements cryptography
• Security of hash functions
• Public-key cryptography algorithms
• Simple hash functions
• The RSA public-key encryption
• The SHA secure hash algorithm
function SHA-3 • Diffie-Hellman key exchange
• Other public-key cryptography
• Digital signatures algorithms