Slide 1

PULIC KEY CRYPTOGRAPHY AND MESSAGE AUTHENTICATION

Slide 2

Approaches to message Authentication Secure Hash Functions and HMAC Public Key Cryptography Principles Public Key Cryptography Algorithms 2NETWORK SECURITY By: Homera Durani

Slide 3

Approaches To Message Authentication Confidentiality protection from passive attacks Authentication you are who you say you are Integrity received as sent, no modifications, insertions, shuffling or replays 3NETWORK SECURITY By: Homera Durani

Slide 4

Security Attacks Message authentication helps prevents these Protection against attacks is known as message authentication. MasqueradeDenial of service Active threats ReplayModification of message contents 4NETWORK SECURITY By: Homera Durani

Slide 5

What is Message Authentication Its the source, of course! Procedure that allows communicating parties to verify that received messages are authentic Characteristics: source is authentic masquerading contents unaltered message modification timely sequencing replay 5NETWORK SECURITY By: Homera Durani

Slide 6

Use of Conventional Encryption? Only sender and receiver share a key Include a time stamp Include error detection code and sequence number 6NETWORK SECURITY By: Homera Durani

Slide 7

Message Authentication without Confidentiality Application that broadcasts a message only one destination needs to monitor for authentication Too heavy a load to decrypt random authentication checking, messages are chosen at random for checking. Computer executables and files checked when assurance required. 7NETWORK SECURITY By: Homera Durani

Slide 8

Life Without Authentication 8NETWORK SECURITY By: Homera Durani

Slide 9

Message Authentication Code Message Authentication Code (MAC) use a secret key to generate a small block of data that is appended to the message Assume: A and B share a common secret key K AB MAC M = F(K AB,M) 9NETWORK SECURITY By: Homera Durani

Slide 10

10NETWORK SECURITY By: Homera Durani

Slide 11

Receiver assured that message is not altered no modification Receiver assured that the message is from the alleged sender no masquerading Include a sequence number, assured proper sequence no replay 11NETWORK SECURITY By: Homera Durani

Slide 12

DES is used Need not be reversible Checksum Stands up to attack But there is an alternative... 12NETWORK SECURITY By: Homera Durani

Slide 13

One Way Hash Function Hash function accepts a variable size message M as input and produces a fixed-size message digest H(M) as output No secret key as input Message digest is sent with the message for authentication Produces a fingerprint of the message 13NETWORK SECURITY By: Homera Durani

Slide 14

Message digest H(M)Shared key Authenticity is assured 14NETWORK SECURITY By: Homera Durani

Slide 15

Digital signatureNo key distribution Less computation since message does not have to be encrypted 15NETWORK SECURITY By: Homera Durani

Slide 16

Encryption software is slow Encryption hardware costs arent cheap Hardware optimized toward large data sizes Algorithms covered by patents Algorithms subject to export control Thus ONE AVOID ENCRYPTION 16NETWORK SECURITY By: Homera Durani

Slide 17

No encryption for message authentication Secret value never sent; cant modify the message Important technique for Digital Signatures Assumes secret value S AB MD M = H(S AB ||M) MD M ||M 17NETWORK SECURITY By: Homera Durani

Slide 18

18NETWORK SECURITY By: Homera Durani

Slide 19

HASH Function Requirements The purpose of a hash function is to produce a fingerprint of a file, message, or other block of data, a hash function H must have the following properties: 1. H can be applied to a block of data at any size 2. H produces a fixed length output 3. H(x) is easy to compute for any given x. 4. For any given block x, it is computationally infeasible to find x such that H(x) = h 5. For any given block x, it is computationally infeasible to find with H(y) = H(x). 6. It is computationally infeasible to find any pair (x, y) such that H(x) = H(y) 19NETWORK SECURITY By: Homera Durani

Slide 20

20NETWORK SECURITY By: Homera Durani

Slide 21

One of the simplest hash functions is the bit by bit exclusive OR(XOR) of every block which can be expressed as follows: Ci= bi1 bi2 bim. Where Ci= ith bit of the hash code, 1