Chapter 3. Public-Key Cryptography and Message Authentication

Network Security Essentials Applications and Standards Third Edition William Stallings Email:[email protected], Mob: 9426669020

Chapter 3 Public-Key Cryptography and Message Authentication

By: Bhargavi H Goswami, Assistant Professor, Sunshine Group of Institutes, Rajkot. Email: [email protected] Cell No: 9426669020

Topic Outline 1. Approaches to Message Authentication 2. Secure Hash Functions and HMAC 3. Public-Key Cryptography Principles 4. Public-Key Cryptography Algorithms 5. Digital Signatures 6. Key Management Email:[email protected], Mob: 9426669020

Authentication • Encryption protects against passive attack. • But for active attacks we needs Authentication. • Authentication Requirements - must be able to verify that: 1. Message came from apparent source or author, 2. Contents have not been altered, 3. Sometimes, it was sent at a certain time or sequence. • Thus provide protection against active attack (falsification of data and transactions) Email:[email protected], Mob: 9426669020

Approaches to Message Authentication Includes following Sub topics: A. Authentication Using Conventional Encryption. B. Message Authentication without Message Encryption. C. Message Authentication Code. D. One way Hash function.

Email:[email protected], Mob: 9426669020

A. Authentication Using Conventional Encryption: a) Genuine sender and receiver: Only the sender and receiver should share a key. b) Include Error Detection Code to avoid alterations. c) Proper Sequencing. d) Include Timestamp to assure no delay.

B. Message Authentication without Message Encryption:

a) An authentication tag is generated and appended to each message. b) Message is neigther E nor D without authentication function. c) Message confidentiality is not provided as message is not Encrypted. d) Advantageous when encryption is overhead and security requirement is not very high. Email:[email protected], Mob: 9426669020

C. Message Authentication Code:

a) Calculate the MAC as a function of the message and the key. MAC = F(KAB, M) b) Involves the use of secret key to generate data block. c) Message plus MAC code are transmitted to intended recipient. d) If the received code matches calculated code, a) Assured message is not been altered. b) Assured that message is from alleged sender. c) Attacker cannot successfully alter sequence number.

e) Similar to encryption. f) Then what is the difference? Algorithm need not be reversible. g) Advantage: Less vulnerable to being broken than encryption due to its mathematical properties. Email:[email protected], Mob: 9426669020

Email:[email protected], Mob: 9426669020

D. One Way Hash Function

• Alternate of MAC. • Similarity with MAC.

– Input: variable size message M. – Output: Fixed size message digest H(M).

• Difference with MAC.

– Does not take Key as input.

• Following three ways of authentication: – Using Conventional Encryption – Using Public Key Encryption – Using Secret Value

Email:[email protected], Mob: 9426669020

One-Way Hash Function

Email:[email protected], Mob: 9426669020

Email:[email protected], Mob: 9426669020

a) Conventional Encryption, only sender and receiver share the encryption key; then authenticity is assured. b) Public Key Encryption, It has 2 advantages: - Provides digital signature and authentication. - Does not require distribution of keys. For above stated methods, computation required is very less. c) Using Secret Value, (next figure) – – – – – –

no encryption is required; authenticity using hash function. Here, A and B share secret key SAB and calculate MDM=H(SAB|M). Then it sends [M|MDM] to B. B has SAB, it can compute H(SAB|M) and verify MDM. Advantage: Secure, as secret key is not sent.

One-Way Hash Function • Secret value is added before the hash and removed before transmission.

Email:[email protected], Mob: 9426669020

In which situation we wish to avoid Encryption altogether?  When Encryption s/w is slow and data to be encrypted is also too small.  Encryption hardware costs are non-negligible and could not be attached to each system in n/w.  Encryption Algorithm spent high proportion of the time in initialization/invocation overhead.  Encryption algorithms may be patented and must be licensed, adding a cost. Eg: RSA public-key algorithm.  Encryption algorithms may be subject to export control. This is true of DES. Email:[email protected], Mob: 9426669020

Secure Hash Functions • •

Purpose of the hash function: is to produce a “fingerprint” of a file, message or data block. Required Properties of a hash function H:

1. 2. 3. 4. 5. 6.

H can be applied to a block of data at any size. H produces a fixed length output. H(x) is easy to compute for any given x in anything, h/w or s/w. For any given value h, it is computationally infeasible to find x such that H(x) = h. Known as One Way Property. For any given block x, it is computationally infeasible to find y  x with H(y) = H(x). Known as Weak Collision Resistance. It is computationally infeasible to find any pair (x, y) such that H(x) = H(y). Known as Strong Collision

Resistance.

Email:[email protected], Mob: 9426669020

• To provide „Message Authentication‟, first 3 properties are required. • 4th property, “one-way” is important if authentication involves use of secret key. • 5th property, “weak collision resistance” guaranties that analyst cannot find alternative msg with same hash value. • If hash function satisfies first 5 properties, its called weak hash function. • If hash function satisfies all 6 properties, its called strong hash function. • This process of message digest also provides data integrity. Email:[email protected], Mob: 9426669020

Simple Hash Function: • All hash functions operate using the following general principles: • “The input is processed one block at a time in an iterative fashion to produce an n-bit hash function.” • One of the simplest hash functions is the bit-by-bit exclusive-OR (XOR) of every block. • This can be expressed as follows: Ci = bi1 XOR bi2 XOR . . . XOR bim where, Ci = ith bit of the hash code, 1