Is unit 5_message authentication and hash functions

Chapter 5:Chapter 5:Chapter 5:Chapter 5:----
Message Authentication and
Hash Functions
Sarthak Patel, (www.sarthakpatel.in)

Outline
Authentication Requirement,
Functions, MessageAuthentication Code, Hash Functions,
Security Of Hash Functions And Macs
MD5 Message Digest Algorithm,
Secure HashAlgorithm
Sarthak Patel (www.sarthakpatel.in)2
Secure HashAlgorithm
Ripemd-160
Hmac

Authentication Requirements
1. Disclosure: Release of message contents to any person or process not
possessing the appropriate cryptographic key.
2. Traffic analysis: Discovery of the pattern of traffic between parties.
In a connection-oriented application, the frequency and duration of
connections could be determined. In either a connection-oriented or
connectionless environment, the number and length of messages
connectionless environment, the number and length of messages
between parties could be determined.
3. Masquerade: Insertion of messages into the network from a
fraudulent source. This includes the creation of messages by an
opponent that are supposed to come from an authorized entity. Also
included are fraudulent acknowledgments of message receipt or
nonreceipt by someone other than the message recipient.

Contd…
4. Content modification: Changes to the contents of a message,
including insertion, deletion, transposition, and modification.
5. Sequence modification: Any modification to a sequence of
messages between parties, including insertion, deletion, and
reordering.
6. Timing modification: Delay or replay of messages. In a
connection-oriented application, an entire session or sequence
of messages could be a replay of some previous valid session, or
individual messages in the sequence could be delayed or
replayed. In a connectionless application, an individual message
(e.g., datagram) could be delayed or replayed.

Contd…
7. Source repudiation: Denial of transmission of message by
source.
8. Destination repudiation: Denial of receipt of message by
destination.

Message Authentication Function
message authentication is concerned with:
protecting the integrity of a message
validating identity of originator
non-repudiation of origin (dispute resolution)
three alternative functions used:
message encryption
message authentication code (MAC)
hash function

Message Encryption
message encryption by itself also provides a measure of
authentication
if symmetric encryption is used then:
receiver know sender must have created it
since only sender and receiver now key used
since only sender and receiver now key used
So, content cannot of been altered
Provides both: sender authentication and message authenticity.

Message Encryption
if public-key encryption is used:
encryption provides no confidence of sender
since anyone potentially knows public-key
however if
sender signs message using his private-key
sender signs message using his private-key
then encrypts with recipients public key
have both secrecy and authentication
but at cost of two public-key uses on message

Message Authentication Code (MAC)
a small fixed-sized block of data:
depends on both message and a secret key
like encryption though need not be reversible
appended to message as a signature
receiver performs same computation on message and checks it
matches the MAC
provides assurance that message is unaltered and comes from
sender

Message Authentication Code
This technique assumes that two communicating parties, say A and B,
share a common secret key K. When A has a message to send to B,
it calculates the MAC as a function of the message and the key:
MAC = C(K, M), where
M= input message
C= MAC function
C= MAC function
K= shared secret key
MAC= message authentication code

Message Authentication Codes
MAC provides authentication
Message can be encrypted for secrecy
generally use separate keys for each
can compute MAC either before or after encryption
is generally regarded as better done before
is generally regarded as better done before
why use a MAC?
sometimes only authentication is needed
sometimes need authentication to persist longer than the
encryption

Mac Encryption
The receiver is assured that the message is from the alleged
sender. Because no one else knows the secret key, no one else
could prepare a message with a proper MAC.

MAC Properties
a MAC is a cryptographic checksum
MAC = CK(M)
C is a function
condenses a variable-length message M
using a secret key K
to a fixed-sized authenticator
to a fixed-sized authenticator
many-to-one function
potentially many messages have same MAC
but finding these needs to be very difficult

Requirements for MACs
MAC needs to satisfy the following:
1. knowing a message and MAC, is infeasible to find another
message with same MAC
2. MACs should be uniformly distributed
2. MACs should be uniformly distributed
3. MAC should depend equally on all bits of the message

Hash Functions
A hash function is like a MAC
condenses arbitrary message to fixed size
h = H(M)
usually assume that the hash function is public and not
keyed
keyed
-note that a MAC is keyed
hash used to detect changes to message
can use in various ways with message
most often to create a digital signature

Hash Functions & Digital
Signatures
Only the hash code is encrypted, using public-key
encryption and using the sender's private key.As with (b),
this provides authentication. It also provides a digital
signature.

Requirements for Hash Functions
1. can be applied to any size message M
2. produces a fixed-length output h
3. is easy to compute h=H(M) for any message M
4. given h is infeasible to find x s.t. H(x)=h
5. given x is infeasible to find y s.t. H(y)=H(x)
5. given x is infeasible to find y s.t. H(y)=H(x)
6. is infeasible to find any x,y s.t. H(y)=H(x)

Simple Hash Functions
are several proposals for simple functions
based on XOR of message blocks
-divide the message into equal size blocks
-perform XOR operation block by block
-final output is the hash
-final output is the hash
not very secure
need a stronger cryptographic function

Security of Hash Functions andSecurity of Hash Functions andSecurity of Hash Functions andSecurity of Hash Functions and
MacsMacsMacsMacs
Attacks on hash functions and MACs into two categories:
BruteBrute--force attacksforce attacks
Cryptanalysis.Cryptanalysis.

BruteBruteBruteBrute----Force AttacksForce AttacksForce AttacksForce Attacks
Hash Functions:
In hash functions there are three desirable properties
One-way: For any given code h, it is computationally infeasible to
find x such that H(x) = h.
Weak collision resistance: For any given block x, it is
Weak collision resistance: For any given block x, it is
computationally infeasible to find y≠x with H(y) = H(x).
Strong collision resistance: It is computationally infeasible to
find any pair (x, y) such that H(x) = H(y).
For a hash code of length n, the level of effort required, as we have seen
is proportional to the following:

Contd…
A brute-force attack on a MAC is a more difficult undertaking
because it requires known message-MAC pairs. Let us see why this
is so. To attack a hash code, we can proceed in the following way.
Given a fixed message x with n-bit hash code h = H(x), a brute-
force method of finding a collision is to pick a random bit string y
and check if H(y) = H(x). The attacker can do this repeatedly off
line. Whether an off-line attack can be used on a MAC algorithm
depends on the relative size of the key and the MAC.

Contd…
If an attacker can determine the MAC key, then it is possible to
generate a valid MAC value for any input x.
Suppose the key size is k bits and that the attacker has one known
text-MAC pair. Then the attacker can compute the n-bit MAC on
the known text for all possible keys. At least one key is guaranteed
to produce the correct MAC, namely, the valid key that was
to produce the correct MAC, namely, the valid key that was
initially used to produce the known text-MAC pair. This phase of
the attack takes a level of effort proportional to 2k.

CryptanalysisCryptanalysisCryptanalysisCryptanalysis
As with encryption algorithms, cryptanalytic attacks on hash
functions and MAC algorithms seek to exploit some property
of the algorithm to perform some attack other than an
exhaustive search. The way to measure the resistance of a
hash or MAC algorithm to cryptanalysis is to compare its
hash or MAC algorithm to cryptanalysis is to compare its
strength to the effort required for a brute-force attack. That
is, an ideal hash or MAC algorithm will require a
cryptanalytic effort greater than or equal to the brute-force
effort.

Cryptanalysis
Hash Functions
The hash function takes an input message and partitions it into L
fixed-sized blocks of b bits each. If necessary, the final block is
padded to b bits. The final block also includes the value of the total
length of the input to the hash function. The inclusion of the length
makes the job of the opponent more difficult.
There is much more variety in the structure of MACs than in hash
functions, so it is difficult to generalize about the cryptanalysis of
MACs. Further, far less work has been done on developing such
attacks.

Message Digests(Hash)
A message digest is a fingerprint or the summary of a
message. (Same as LRC and CRC)
It is used to verify integrity of the data (To ensure that
message has not been tampered).
Ex. LRC- parity checking
Ex. LRC- parity checking

Idea of a Message Digest
Ex: Calculate the message digest of number 7391743
Multiply each digit in the number with the next digit
(excluding if it is 0) and disregarding the first digit of the
multiplication operation, it the result is two-digit number.

Calculate MD for 7391743
Multiply 7 by 3 - 21
Discard first digit - 1
Multiply 1 by 9 - 9
Multiply 9 by 1 - 9
Multiply 2 by 3 - 6
Message digest is 6

MD5 (Message Digest 5)
MD5 is a message digest algorithm developed by Ron Rivest.
MD5 algorithm can be used as a digital signature mechanism.

Description of the MD5 Algorithm
Takes as input a message of arbitrary length and produces as
output a 128 bit “fingerprint” or “message digest” of the
input.
It it is computationally infeasible to produce two messages
having the same message digest.
having the same message digest.
Intended where a large file must be “compressed” in a secure
manner before being encrypted with a private key under a
public-key cryptosystem such as PGP.

MD5 Algorithm
Suppose a b-bit message as input, and that we need to find its
message digest.
Step-1 Padding
Step-2Append length
Step-2Append length
Step-3 Divide the input into 512-bit blocks.
Step-4 Initialize chaining variables (4 variables)
Step-5 Process blocks

Step-1
MD5 is to add padding bits to the original message.
The aim of this step is make length of the original message
equal to a value, which is 64 bits less than an exact multiple
of 512.
Ex: 1000 bits of message (1000+472+64)
Ex: 1000 bits of message (1000+472+64)
The padding consists of a single “1” bit is appended to the
message, and then “0” bits.

Step 2 – append length:
A 64 bit representation of b is appended to the result of the
previous step.
The resulting message has a length that is an exact multiple of
512 bits

Step-3 Divide the input into 512-bit
blocks
Data to be hashed (Digested) 1536 bits
512 bits 512 bits 512 bits

Step-4 Initialize chaining variables
A four-word buffer (A,B,C,D) is used to compute the
message digest.
Here each of A,B,C,D, is a 32 bit register.

5.1 – Copy the four variables (32*4 = 128)
5.2 – Divide the 512- bit block into 16 sub-blocks.
512 bits
5.3 – Process each block with A, B, C, D.
32
bits
32
bits
32
bits
32
bits
32
bits
32
bits
32
bits
32
bits
32
bits
32
bits
32
bits
32
bits
32
bits
32
bits
32
bits
32
bits
512 bits

5.3 - Process each block with A, B, C, D.

Secure Hash Algorithm (SHA)
SHA-1 produces a hash value of 160 bits.
SHA is designed to be computationally infeasible to:
Obtain the original message
Find two message producing the same MD.

Types(Versions) of SHA

Algorithm
Step-1 Padding
Step-2Append length
Step-3 Divide the input into 512-bit blocks.
Step-4 Initialize chaining variables (5 varibles)

5.3- Process each block with A, B, C, D, E.

Comparison of MD5 & SHA-1
Points of
Discussion
MD5 SHA-1
MD length in bits 128 160
Attack try to find
MD
2128 2160
MD
Attack try to find two
messages producing
same message digest
264 280
Speed Faster Slower

RACE Integrity Primitives Evaluation
Message Digest (RIPEMD-160)
RIPEMD is a cryptographic hash based upon MD4. It's been
shown to have weaknesses and has been replaced by
RIPEMD-128 and RIPMD-160. These are cryptographic hash
functions designed by Hans Dobbertin, Antoon
Bosselaers, and Bart Preneel.
Bosselaers, and Bart Preneel.
RIPEMD-160 produces a hash of the same length as SHA1
but is slightly slower. RIPEMD-128 has been designed as a
drop-in replacement for MD4/MD5 whilst avoiding some of
the weaknesses shown for these two algorithms. It is about
half the speed of MD5.

HMAC(HashHMAC(HashHMAC(HashHMAC(Hash----Based MAC)Based MAC)Based MAC)Based MAC)
HMAC has been chosen as a security implementation for Internet
Protocol (IP) and Secure Socket Layer(SSL), widely used in
internet.
The fundamental idea of HMAC is to reuse the existing MD5 or
SHA-1.
SHA-1.

Original
message
Existing MD5 or
SHA-1
MD Encrypt
HMA
C
5
K

How HMAC works?
MD- Message Digest/ Hash function
M – Input message
ipad-A string 00110110 repeated b/8 times
opqd-A string 01011010 repeated b/8 times

How HMAC works?
Step-1 Make the length of K equal to b
Length K<b (Append 0 – left side)
Length K=b (Step -2)
Length K>b (Hash K reduce its length to b)
Step- 2 XOR K with ipad to produce S1
Step- 2 XOR K with ipad to produce S1
Step -3Append M to S1
Step -4 Message Digest algorithm
Step -5 XOR K with opad to produce S2
Step -6Append H toS2
Message DigestAlgorithm

Is unit 5_message authentication and hash functions

More Related Content

What's hot (20)

Viewers also liked (20)

Similar to Is unit 5_message authentication and hash functions (20)

More from Sarthak Patel (7)

Recently uploaded (20)

Is unit 5_message authentication and hash functions