SlideShare a Scribd company logo

Message authentication and hash function

Download as PPT, PDF
O
omarShiekh1

The document discusses message authentication and hash functions. It covers security requirements including integrity, authentication and non-repudiation. It describes different authentication functions such as message encryption, message authentication codes (MACs), and hash functions. It provides examples of how hash functions work and evaluates the security of hash functions and MACs against brute force and cryptanalytic attacks.

Technology
1 of 38
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Most read
15
16
17
18
19
20
21
22
23
24
25
Most read
26
27
28
29
30
31
32
33
Most read
34
35
36
37
38
Network Security Presentation Chapter 11 Message authentication and hash function
. • Names IDs 1) Abdiqadir Osman mohamud 204326915 2) Rita Abdalla Hussein 214306913 3) Omar Ahmed Salad 214306912 4) Abdinasir Abdullahi Dahir 214326902 5) Abdifatah Ismail Sulub 214326917 6) Mohamed Sharif Hussein 214306908
. • Message authentication • Security requirements and attacks • Authentication Functions:- a. Message encryption b. Message authentication code (MAC) c. Hash functions • Practice and real life applications:- Overviewing concepts Capturing traffic using BURP SUIT Intercept network traffic Hashing function in PHP
Message Authentication message authentication is concerned with: protecting the integrity of a message validating identity of originator non-repudiation of origin (dispute resolution)
CS526 Topic 5: Hash Functions and Message Authentication 5 Data Integrity and Source Authentication • Encryption does not protect data from modification by another party. • Why? • Need a way to ensure that data arrives at destination in its original form as sent by the sender and it is coming from an authenticated source.
Communication without authentication Shared key k to generate authenticate message Alice M Bob Eve M’ Very easy.. Eve can simply change the message
Security attacks In the context of communications across a network, the following attacks can be identified: • disclosure • traffic analysis • masquerade • content modification • sequence modification • timing modification • source repudiation • destination repudiation
Security attacks……. • Disclosure: Release of message contents to any person or process not possessing the appropriate cryptographic key. • Traffic analysis: Discovery of the pattern of traffic between parties. In a connection-oriented application, the frequency and duration of connections could be determined. In either a connection-oriented or connectionless environment, the number and length of messages between parties could be determined.
Security attacks……. • Masquerade: Insertion of messages into the network from a fraudulent source. This includes the creation of messages by an opponent that are purported to come from an authorized entity. Also included are fraudulent acknowledgments of message receipt or nonreceipt by someone other than the message recipient.
Security attacks……. • Content modification: Changes to the contents of a message, including insertion, deletion, transposition, and modification. • Sequence modification: Any modification to a sequence of messages between parties, including insertion, deletion, and reordering.
Security attacks……. • Timing modification: Delay or replay of messages. In a connection-oriented application, an entire session or sequence of messages could be a replay of some previous valid session, or individual messages in the sequence could be delayed or replayed. In a connectionless application, an individual message (e.g., datagram) could be delayed or replayed.
Security attacks……. • Source repudiation: Denial of transmission of message by source. • Destination repudiation: Denial of receipt of message by destination.
Authentication Functions • Any message authentication or digital signature mechanism has two levels of functionality. • At the lower level, there must be some sort of function that produces an authenticator: a value to be used to authenticate a message. This lower-level function is then used as a primitive in a higher-level authentication protocol that enables a receiver to verify the authenticity of a message.
Authentication Functions.. This section is concerned with the types of functions that may be used to produce an authenticator. These may be grouped into three classes, as follows: ● Message encryption: The ciphertext of the entire message serves as its authenticator ● Message authentication code (MAC): A function of the message and a secret key that produces a fixed-length value that serves as the authenticator ● Hash function: A function that maps a message of any length into a fixed-length hash value, which serves as the authenticator
Message Encryption • message encryption by itself also provides a measure of authentication • if symmetric encryption is used then: • receiver know sender must have created it • since only sender and receiver now key used • know content cannot of been altered • if message has suitable structure, redundancy or a checksum to detect any changes
Message Encryption • if public-key encryption is used: • encryption provides no confidence of sender • since anyone potentially knows public-key • however if • sender signs message using their private-key • then encrypts with recipients public key • have both secrecy and authentication • again need to recognize corrupted messages • but at cost of two public-key uses on message
Message Authentication Code (MAC) • generated by an algorithm that creates a small fixed-sized block • depending on both message and some key • like encryption though need not be reversible • appended to message as a signature • receiver performs same computation on message and checks it matches the MAC • provides assurance that message is unaltered and comes from sender
Message Authentication Codes Keyed hash function. Authenticate origin of messages Symmetric key, shared between sender and receiver. Both sender and receiver can create and verify MAC. Integrity protection of messages Message changes in transit are detected. An ordinary (key-less) hash function does not provide this. (why?) Two known designs: HMAC (based on hash function) CBC-MAC (based on block cipher in CBC-mode) Are these good constructions? MACk (m) = h (kkm). MACk (m) = h (mkk). 22 / 26
Message Authentication Code
Message Authentication Codes as shown the MAC provides authentication can also use encryption for secrecy generally use separate keys for each can compute MAC either before or after encryption is generally regarded as better done before why use a MAC? sometimes only authentication is needed sometimes need authentication to persist longer than the encryption (eg. archival use) note that a MAC is not a digital signature
MAC Properties • a MAC is a cryptographic checksum MAC = CK(M) • condenses a variable-length message M • using a secret key K • to a fixed-sized authenticator • is a many-to-one function • potentially many messages have same MAC • but finding these needs to be very difficult
Requirements for MACs • taking into account the types of attacks • need the MAC to satisfy the following: 1. knowing a message and MAC, is infeasible to find another message with same MAC 2. MACs should be uniformly distributed 3. MAC should depend equally on all bits of the message
Hash Functions A cryptographic hash function h is a function which takes arbitrary length bit strings as input and produces a fixed length bit string as output, the hash value. A cryptographic hash function should be one-way: given any string y from the range of h, it should be computationally infeasible to find any value x in the domain of h such that h(x) = y. Given a hash function with outputs of n bits, we would like a function for which finding preimages requires O(2n) time. 23 /
Hash Functions • condenses arbitrary message to fixed size h = H(M) • usually assume that the hash function is public and not keyed • cf. MAC which is keyed • hash used to detect changes to message • can use in various ways with message • most often to create a digital signature
Requirements for a HashFunction • The purpose of a hash function is to produce a "fingerprint" of a file, message, or other block of data. To be useful for message authentication, a hash function H must have the following properties. 1. H can be applied to a block of data of any size. 2. H produces a fixed-length output.
HashFunction requirement 3. H(x) is relatively easy to compute for any given x, making both hardware and software implementations practical. 4. For any given value h, it is computationally infeasible to find x such that H(x) = h. This is sometimes referred to in the literature as the one-way property.
HashFunction requirement…. 5. For any given block x, it is computationally infeasible to find y x such that H(y) = H(x). This is sometimes referred to as weak collision resistance. 6.It is computationally infeasible to find any pair (x, y) such that H(x) = H(y). This is sometimes referred to as strong collision resistance
Hash Functions & Digital Signatures
Example Operation of Hash Functions Information 2
Birthday Attacks might think a 64-bit hash is secure but by Birthday Paradox is not birthday attack works thus: opponent generates 2 m/2 variations of a valid message all with essentially the same meaning opponent also generates 2 m/2 variations of a desired fraudulent message two sets of messages are compared to find pair with same hash (probability > 0.5 by birthday paradox) have user sign the valid message, then substitute the forgery which will have a valid signature conclusion is that need to use larger MAC/hash
Some Popular HashAlgorithms Information 3  MD5 (Rivest ) ◦ 128-bit output ◦ Most popular  SHA-1 (NIST- NSA) ◦ US gov’t standard ◦ 160-bit output  RIPEMD-160 ◦ Euro.RIPE project. ◦ 160-bit output Algorithm Speed (MByte/s.) MD5 205 SHA-1 72 RIPEMD-160 51 Crypto++ 5.1 benchmarks,2.1 GHz P4
Usage of hash functions • Commit to message by disclosing hash of message, later showing the message • If collision resistant, you cannot cheat (change message). • Consider playing rock, paper, scissors remotely with a hash function. Or rock-paper-scissors-lizard-Spock. • Verify integrity of downloaded files. • Digital signatures. • SSL/TLS for integrity protection. • Storing passwords in operating systems and web servers. 21 /
Security of Hash Functions and Macs • Just as with symmetric and public-key encryption, we can group attacks on hash functions and MACs into two categories: brute-force attacks and cryptanalysis
Brute-Force Attacks • The nature of brute-force attacks differs somewhat for hash functions and MACs. Hash Functions • The strength of a hash function against brute-force attacks depends solely on the length of the hash • code produced by the algorithm. Recall from our discussion of hash functions that there are three
desirable properties: ● One-way: For any given code h, it is computationally infeasible to find x such that H(x) = h. ● Weak collision resistance: For any given block x, it is computationally infeasible to find y x with H(y) = H(x). ● Strong collision resistance: It is computationally infeasible to find any pair (x, y) such that H (x) = H(y).
Hash Functions & MAC Security cryptanalytic attacks exploit structure like block ciphers want brute-force attacks to be the best alternative have a number of analytic attacks on iterated hash functions CVi = f[CVi-1, Mi]; H(M)=CVN typically focus on collisions in function f like block ciphers is often composed of rounds attacks exploit properties of round functions
Practical applications.. • Hashing passwords • PHP server analysis • Burp suit capturing • message authentication code.pptx
. • .

More Related Content

What's hot (20)

PPTX
Rc4
Amjad Rehman
 
PPTX
RSA Algorithm
Srinadh Muvva
 
PPTX
Key management
Sujata Regoti
 
PDF
Classical encryption techniques
Dr.Florence Dayana
 
PDF
Chapter 1 Introduction of Cryptography and Network security
Dr. Kapil Gupta
 
PPT
Message Authentication Code & HMAC
Krishna Gehlot
 
PPT
Pretty good privacy
Pushkar Dutt
 
PPTX
Cryptographic tools
CAS
 
PPT
Network security cryptographic hash function
Mijanur Rahman Milon
 
PPTX
Message digest 5
Tirthika Bandi
 
PPTX
Hash Function
ssuserdfb2da
 
PPTX
Leaky Bucket & Tocken Bucket - Traffic shaping
Vimal Dewangan
 
PPTX
Key Management and Distribution
Syed Bahadur Shah
 
PPT
block ciphers
Asad Ali
 
PPTX
5. message authentication and hash function
Chirag Patel
 
PDF
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
PPTX
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
RAMESHBABU311293
 
PPT
Message authentication
CAS
 
PPT
Digital signature schemes
ravik09783
 
PDF
Web Security
Dr.Florence Dayana
 
Rc4
Amjad Rehman
 
RSA Algorithm
Srinadh Muvva
 
Key management
Sujata Regoti
 
Classical encryption techniques
Dr.Florence Dayana
 
Chapter 1 Introduction of Cryptography and Network security
Dr. Kapil Gupta
 
Message Authentication Code & HMAC
Krishna Gehlot
 
Pretty good privacy
Pushkar Dutt
 
Cryptographic tools
CAS
 
Network security cryptographic hash function
Mijanur Rahman Milon
 
Message digest 5
Tirthika Bandi
 
Hash Function
ssuserdfb2da
 
Leaky Bucket & Tocken Bucket - Traffic shaping
Vimal Dewangan
 
Key Management and Distribution
Syed Bahadur Shah
 
block ciphers
Asad Ali
 
5. message authentication and hash function
Chirag Patel
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
RAMESHBABU311293
 
Message authentication
CAS
 
Digital signature schemes
ravik09783
 
Web Security
Dr.Florence Dayana
 

Similar to Message authentication and hash function (20)

PDF
BAIT1103 Chapter 2
limsh
 
PPT
cryptography and network security by william stallings
HimaniP19CSE013
 
PPT
ch11.ppt
ssuser4198c4
 
DOCX
Cryptography and Network Security Principles and PracticeSeve.docx
mydrynan
 
PPT
UNIT3_class (1).ppt CRYPTOGRAPHY NOTES AND NETWORK
jeevasreemurali
 
PDF
Cs8792 cns - unit iv
ArthyR3
 
PDF
Cs8792 cns - unit iv
ArthyR3
 
PPTX
Meessage authentication and hash functions.pptx
JohnLagman3
 
PDF
Cns
ArthyR3
 
PPT
ch11.ppt
SomuPatil8
 
PPTX
Unit 3
tamil arasan
 
PPT
Message Authentication: MAC, Hashes
Shafaan Khaliq Bhatti
 
PPTX
unit - III.pptx
sandyBS
 
PPT
Message Authentication
chauhankapil
 
PPT
NSC_Unit-III_final.ppt
DrVASAVIBANDE
 
PPT
Ch11
Joe Christensen
 
PPT
Iss lecture 4
Ali Habeeb
 
PPTX
Unit 4
KRAMANJANEYULU1
 
PPT
SHA New Revised Version - SHA-512 Syllabus Module 3
AnantNimkar1
 
PDF
Message Authentication and Hash Function.pdf
sunil sharma
 
BAIT1103 Chapter 2
limsh
 
cryptography and network security by william stallings
HimaniP19CSE013
 
ch11.ppt
ssuser4198c4
 
Cryptography and Network Security Principles and PracticeSeve.docx
mydrynan
 
UNIT3_class (1).ppt CRYPTOGRAPHY NOTES AND NETWORK
jeevasreemurali
 
Cs8792 cns - unit iv
ArthyR3
 
Cs8792 cns - unit iv
ArthyR3
 
Meessage authentication and hash functions.pptx
JohnLagman3
 
Cns
ArthyR3
 
ch11.ppt
SomuPatil8
 
Unit 3
tamil arasan
 
Message Authentication: MAC, Hashes
Shafaan Khaliq Bhatti
 
unit - III.pptx
sandyBS
 
Message Authentication
chauhankapil
 
NSC_Unit-III_final.ppt
DrVASAVIBANDE
 
Ch11
Joe Christensen
 
Iss lecture 4
Ali Habeeb
 
Unit 4
KRAMANJANEYULU1
 
SHA New Revised Version - SHA-512 Syllabus Module 3
AnantNimkar1
 
Message Authentication and Hash Function.pdf
sunil sharma
 
Ad

Recently uploaded (20)

PDF
From Code to Challenge: Crafting Skill-Based Games That Engage and Reward
aiyshauae
 
PDF
Blockchain Transactions Explained For Everyone
CIFDAQ
 
PDF
IoT-Powered Industrial Transformation – Smart Manufacturing to Connected Heal...
Rejig Digital
 
PDF
NewMind AI - Journal 100 Insights After The 100th Issue
NewMind AI
 
PDF
Chris Elwell Woburn, MA - Passionate About IT Innovation
Chris Elwell Woburn, MA
 
PPTX
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
PDF
CIFDAQ Market Wrap for the week of 4th July 2025
CIFDAQ
 
PDF
What Makes Contify’s News API Stand Out: Key Features at a Glance
Contify
 
PDF
The Rise of AI and IoT in Mobile App Tech.pdf
IMG Global Infotech
 
PDF
POV_ Why Enterprises Need to Find Value in ZERO.pdf
darshakparmar
 
PPTX
AI Penetration Testing Essentials: A Cybersecurity Guide for 2025
defencerabbit Team
 
PDF
Using FME to Develop Self-Service CAD Applications for a Major UK Police Force
Safe Software
 
PPTX
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
PDF
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
PDF
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
PDF
CIFDAQ Market Insights for July 7th 2025
CIFDAQ
 
PDF
"AI Transformation: Directions and Challenges", Pavlo Shaternik
Fwdays
 
PDF
Transcript: New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
PDF
HubSpot Main Hub: A Unified Growth Platform
Jaswinder Singh
 
PPTX
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
From Code to Challenge: Crafting Skill-Based Games That Engage and Reward
aiyshauae
 
Blockchain Transactions Explained For Everyone
CIFDAQ
 
IoT-Powered Industrial Transformation – Smart Manufacturing to Connected Heal...
Rejig Digital
 
NewMind AI - Journal 100 Insights After The 100th Issue
NewMind AI
 
Chris Elwell Woburn, MA - Passionate About IT Innovation
Chris Elwell Woburn, MA
 
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
CIFDAQ Market Wrap for the week of 4th July 2025
CIFDAQ
 
What Makes Contify’s News API Stand Out: Key Features at a Glance
Contify
 
The Rise of AI and IoT in Mobile App Tech.pdf
IMG Global Infotech
 
POV_ Why Enterprises Need to Find Value in ZERO.pdf
darshakparmar
 
AI Penetration Testing Essentials: A Cybersecurity Guide for 2025
defencerabbit Team
 
Using FME to Develop Self-Service CAD Applications for a Major UK Police Force
Safe Software
 
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
CIFDAQ Market Insights for July 7th 2025
CIFDAQ
 
"AI Transformation: Directions and Challenges", Pavlo Shaternik
Fwdays
 
Transcript: New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
HubSpot Main Hub: A Unified Growth Platform
Jaswinder Singh
 
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
Ad

Message authentication and hash function

  • 1. Network Security Presentation Chapter 11 Message authentication and hash function
  • 2. . • Names IDs 1) Abdiqadir Osman mohamud 204326915 2) Rita Abdalla Hussein 214306913 3) Omar Ahmed Salad 214306912 4) Abdinasir Abdullahi Dahir 214326902 5) Abdifatah Ismail Sulub 214326917 6) Mohamed Sharif Hussein 214306908
  • 3. . • Message authentication • Security requirements and attacks • Authentication Functions:- a. Message encryption b. Message authentication code (MAC) c. Hash functions • Practice and real life applications:- Overviewing concepts Capturing traffic using BURP SUIT Intercept network traffic Hashing function in PHP
  • 4. Message Authentication message authentication is concerned with: protecting the integrity of a message validating identity of originator non-repudiation of origin (dispute resolution)
  • 5. CS526 Topic 5: Hash Functions and Message Authentication 5 Data Integrity and Source Authentication • Encryption does not protect data from modification by another party. • Why? • Need a way to ensure that data arrives at destination in its original form as sent by the sender and it is coming from an authenticated source.
  • 6. Communication without authentication Shared key k to generate authenticate message Alice M Bob Eve M’ Very easy.. Eve can simply change the message
  • 7. Security attacks In the context of communications across a network, the following attacks can be identified: • disclosure • traffic analysis • masquerade • content modification • sequence modification • timing modification • source repudiation • destination repudiation
  • 8. Security attacks……. • Disclosure: Release of message contents to any person or process not possessing the appropriate cryptographic key. • Traffic analysis: Discovery of the pattern of traffic between parties. In a connection-oriented application, the frequency and duration of connections could be determined. In either a connection-oriented or connectionless environment, the number and length of messages between parties could be determined.
  • 9. Security attacks……. • Masquerade: Insertion of messages into the network from a fraudulent source. This includes the creation of messages by an opponent that are purported to come from an authorized entity. Also included are fraudulent acknowledgments of message receipt or nonreceipt by someone other than the message recipient.
  • 10. Security attacks……. • Content modification: Changes to the contents of a message, including insertion, deletion, transposition, and modification. • Sequence modification: Any modification to a sequence of messages between parties, including insertion, deletion, and reordering.
  • 11. Security attacks……. • Timing modification: Delay or replay of messages. In a connection-oriented application, an entire session or sequence of messages could be a replay of some previous valid session, or individual messages in the sequence could be delayed or replayed. In a connectionless application, an individual message (e.g., datagram) could be delayed or replayed.
  • 12. Security attacks……. • Source repudiation: Denial of transmission of message by source. • Destination repudiation: Denial of receipt of message by destination.
  • 13. Authentication Functions • Any message authentication or digital signature mechanism has two levels of functionality. • At the lower level, there must be some sort of function that produces an authenticator: a value to be used to authenticate a message. This lower-level function is then used as a primitive in a higher-level authentication protocol that enables a receiver to verify the authenticity of a message.
  • 14. Authentication Functions.. This section is concerned with the types of functions that may be used to produce an authenticator. These may be grouped into three classes, as follows: ● Message encryption: The ciphertext of the entire message serves as its authenticator ● Message authentication code (MAC): A function of the message and a secret key that produces a fixed-length value that serves as the authenticator ● Hash function: A function that maps a message of any length into a fixed-length hash value, which serves as the authenticator
  • 15. Message Encryption • message encryption by itself also provides a measure of authentication • if symmetric encryption is used then: • receiver know sender must have created it • since only sender and receiver now key used • know content cannot of been altered • if message has suitable structure, redundancy or a checksum to detect any changes
  • 16. Message Encryption • if public-key encryption is used: • encryption provides no confidence of sender • since anyone potentially knows public-key • however if • sender signs message using their private-key • then encrypts with recipients public key • have both secrecy and authentication • again need to recognize corrupted messages • but at cost of two public-key uses on message
  • 17. Message Authentication Code (MAC) • generated by an algorithm that creates a small fixed-sized block • depending on both message and some key • like encryption though need not be reversible • appended to message as a signature • receiver performs same computation on message and checks it matches the MAC • provides assurance that message is unaltered and comes from sender
  • 18. Message Authentication Codes Keyed hash function. Authenticate origin of messages Symmetric key, shared between sender and receiver. Both sender and receiver can create and verify MAC. Integrity protection of messages Message changes in transit are detected. An ordinary (key-less) hash function does not provide this. (why?) Two known designs: HMAC (based on hash function) CBC-MAC (based on block cipher in CBC-mode) Are these good constructions? MACk (m) = h (kkm). MACk (m) = h (mkk). 22 / 26
  • 20. Message Authentication Codes as shown the MAC provides authentication can also use encryption for secrecy generally use separate keys for each can compute MAC either before or after encryption is generally regarded as better done before why use a MAC? sometimes only authentication is needed sometimes need authentication to persist longer than the encryption (eg. archival use) note that a MAC is not a digital signature
  • 21. MAC Properties • a MAC is a cryptographic checksum MAC = CK(M) • condenses a variable-length message M • using a secret key K • to a fixed-sized authenticator • is a many-to-one function • potentially many messages have same MAC • but finding these needs to be very difficult
  • 22. Requirements for MACs • taking into account the types of attacks • need the MAC to satisfy the following: 1. knowing a message and MAC, is infeasible to find another message with same MAC 2. MACs should be uniformly distributed 3. MAC should depend equally on all bits of the message
  • 23. Hash Functions A cryptographic hash function h is a function which takes arbitrary length bit strings as input and produces a fixed length bit string as output, the hash value. A cryptographic hash function should be one-way: given any string y from the range of h, it should be computationally infeasible to find any value x in the domain of h such that h(x) = y. Given a hash function with outputs of n bits, we would like a function for which finding preimages requires O(2n) time. 23 /
  • 24. Hash Functions • condenses arbitrary message to fixed size h = H(M) • usually assume that the hash function is public and not keyed • cf. MAC which is keyed • hash used to detect changes to message • can use in various ways with message • most often to create a digital signature
  • 25. Requirements for a HashFunction • The purpose of a hash function is to produce a "fingerprint" of a file, message, or other block of data. To be useful for message authentication, a hash function H must have the following properties. 1. H can be applied to a block of data of any size. 2. H produces a fixed-length output.
  • 26. HashFunction requirement 3. H(x) is relatively easy to compute for any given x, making both hardware and software implementations practical. 4. For any given value h, it is computationally infeasible to find x such that H(x) = h. This is sometimes referred to in the literature as the one-way property.
  • 27. HashFunction requirement…. 5. For any given block x, it is computationally infeasible to find y x such that H(y) = H(x). This is sometimes referred to as weak collision resistance. 6.It is computationally infeasible to find any pair (x, y) such that H(x) = H(y). This is sometimes referred to as strong collision resistance
  • 28. Hash Functions & Digital Signatures
  • 29. Example Operation of Hash Functions Information 2
  • 30. Birthday Attacks might think a 64-bit hash is secure but by Birthday Paradox is not birthday attack works thus: opponent generates 2 m/2 variations of a valid message all with essentially the same meaning opponent also generates 2 m/2 variations of a desired fraudulent message two sets of messages are compared to find pair with same hash (probability > 0.5 by birthday paradox) have user sign the valid message, then substitute the forgery which will have a valid signature conclusion is that need to use larger MAC/hash
  • 31. Some Popular HashAlgorithms Information 3  MD5 (Rivest ) ◦ 128-bit output ◦ Most popular  SHA-1 (NIST- NSA) ◦ US gov’t standard ◦ 160-bit output  RIPEMD-160 ◦ Euro.RIPE project. ◦ 160-bit output Algorithm Speed (MByte/s.) MD5 205 SHA-1 72 RIPEMD-160 51 Crypto++ 5.1 benchmarks,2.1 GHz P4
  • 32. Usage of hash functions • Commit to message by disclosing hash of message, later showing the message • If collision resistant, you cannot cheat (change message). • Consider playing rock, paper, scissors remotely with a hash function. Or rock-paper-scissors-lizard-Spock. • Verify integrity of downloaded files. • Digital signatures. • SSL/TLS for integrity protection. • Storing passwords in operating systems and web servers. 21 /
  • 33. Security of Hash Functions and Macs • Just as with symmetric and public-key encryption, we can group attacks on hash functions and MACs into two categories: brute-force attacks and cryptanalysis
  • 34. Brute-Force Attacks • The nature of brute-force attacks differs somewhat for hash functions and MACs. Hash Functions • The strength of a hash function against brute-force attacks depends solely on the length of the hash • code produced by the algorithm. Recall from our discussion of hash functions that there are three
  • 35. desirable properties: ● One-way: For any given code h, it is computationally infeasible to find x such that H(x) = h. ● Weak collision resistance: For any given block x, it is computationally infeasible to find y x with H(y) = H(x). ● Strong collision resistance: It is computationally infeasible to find any pair (x, y) such that H (x) = H(y).
  • 36. Hash Functions & MAC Security cryptanalytic attacks exploit structure like block ciphers want brute-force attacks to be the best alternative have a number of analytic attacks on iterated hash functions CVi = f[CVi-1, Mi]; H(M)=CVN typically focus on collisions in function f like block ciphers is often composed of rounds attacks exploit properties of round functions
  • 37. Practical applications.. • Hashing passwords • PHP server analysis • Burp suit capturing • message authentication code.pptx