UNIT – III HASH FUNCTIONS & DIGITAL SIGNATURES

Digests – Requirements – MAC – Hash function – Security of Hash and MAC – Birthday Attack –
MD5 – SHA – RIPEMD – Digital Signature Standard – Proof of DSS
Authentication Requirements
Disclosure
• Release of message contents to any person or process not possessing the appropriate
cryptographic key
Traffic analysis
• Discovery of the pattern of traffic between parties.
• In a connection-oriented application, the frequency and duration of connections could be
determined.
• the number and length of messages between parties could be determined on both
environments
Masquerade
• Insertion of messages into the network from a fraudulent source.
• includes the creation of messages by an opponent that are purported to come from an
authorized
entity.
• Also included are fraudulent acknowledgments of message receipt or nonreceipt by someone
else
Content modification
• Changes to the contents of a message, including insertion, deletion, transposition, and
modification
Sequence modification
• Any modification to a sequence of messages between parties,including insertion, deletion,
and
reordering
Timing modification
• Delay or replay of messages.
• In a connection-oriented application, an entire session or sequence of messages could be a
replay of some previous valid session, or individual messages in the sequence could be delayed
or replayed.
• In a connectionless application, an individual message (e.g., datagram) could be delayed or
replayed
Source repudiation
• Denial of transmission of message by source.
Destination repudiation
• Denial of receipt of message by destination
Authentication Functions
Message Authentication
• a mechanism or service used to verify the integrity of a message.
• assures that data received are exactly as sent (i.e., contain no modification, insertion,
deletion, or
replay).
• assures that purported identity of the sender is valid.
• When a hash function is used to provide message authentication, the hash function value is
often referred to as a message digest.
Authentication function is of two levels of functionality
Lower Level
produces an authenticator: a value to be used to authenticate a message.
Higher-Level
enables a receiver to verify the authenticity of a message
Grouped Into Three Classes
Message Encryption
The ciphertext of the entire message serves as its authenticator
Message authentication code (MAC)
A function of the message and a secret key that produces a fixed-length value that serves as the
authenticator
Hash function
A function that maps a message of any length into a fixed-length hash value, which serves as
the
authenticator
Message Encryption
• Message encryption by itself can provide a measure of authentication.
• The analysis differs for symmetric and public-key encryption schemes
Topics
• Basic Uses of Message Encryption
• Symmetric Encryption
o Internal Error Control
o External Error Control
• Public-Key Encryption
Basic Uses of Message Encryption
a) Symmetric encryption: confidentiality and authentication: A -- B:E(K, M)
• Provides confidentiality
o Only A and B share K
• Provides a degree of authentication
o Could come only from A
o Has not been altered in transit
o Requires some formatting/redundancy
• Does not provide signature
o Receiver could forge message
o Sender could deny message
b) Public-key encryption: confidentiality: A B:E(PUb, M)
• Provides confidentiality
o Only B has PRb to decrypt
• Provides no authentication
o Any party could use PUb to encrypt message and claim to be A
c) Public-key encryption: authentication and signature: A B:E(PRa, M)
• Provides authentication and signature
o Only A has PRa to encrypt
o Has not been altered in transit
o Requires some formatting/redundancy
o Any party can use PUa to verify signature
d) Public-key encryption: confidentiality, authentication, and signature: A B:E(PUb, E(PRa,
M))
• Provides confidentiality because of Pub
• Provides authentication and signature because of Pra
Symmetric Encryption
• A message M transmitted from source A to destination B is encrypted using a secret key K
shared
by both
• If no other party knows the key, then confidentiality is provided
• B is assured that the message was generated by A because A is the only other party that
possesses K. Hence, authentication is provided.
• Hence, symmetric encryption provides authentication as well as confidentiality
• It may be difficult to determine automatically if incoming ciphertext decrypts to intelligible
plaintext or not
o an opponent could achieve a certain level of disruption
Solution to this problem
• force the plaintext to have some structure that is easily recognized but that cannot be
replicated without recourse to the encryption function
• for example, append an error-detecting code, also known as a frame check sequence (FCS) or
checksum, to each message before encryption
• the order in which the FCS and encryption functions are performed is critical
• Two classifications: Internal, External
Internal Error Control
• With internal error control, authentication is provided because an opponent would have
difficulty generating ciphertext that, when decrypted, would have valid error control bits.
• If instead the FCS is the outer code, an opponent can construct messages with valid
errorcontrol
codes
• he or she can still hope to create confusion and disrupt operations
External Error Control
TCP Segment
• any sort of structuring added to the transmitted message serves to strengthen the
authentication
capability
• Such structure is provided by the use of a communications architecture consisting of layered
protocols.
• As an example, consider the structure of messages transmitted using the TCP/IP protocol
architecture
• each pair of hosts shared a unique secret key, so that all exchanges between a pair of hosts
used the same key, regardless of application
• header includes not only a checksum (which covers the header) but also other useful
information, such as the sequence number
Message Authentication Code
• use of a secret key to generate a small fixed-size block of data, known as a cryptographic
checksum or MAC that is appended to the message.
• This technique assumes that two communicating parties, say A and B, share a common secret
key K.
Theory of operation
• When A has a message to send to B, it calculates the MAC as a function of the message and
the key:
• MAC = C(K, M), where
o M = input message
o C = MAC function
o K = shared secret key
o MAC = message authentication code
• The message plus MAC are transmitted to the intended recipient.
• The recipient performs the same calculation on the received message, using the same
secret key, to generate a new MAC.
• The received MAC is compared to the calculated MAC
• if the received MAC matches the calculated MAC, then
o The receiver is assured that the message has not been altered
o The receiver is assured that the message is from the alleged sender
o If the message includes a sequence number (such as is used with HDLC, X.25, and
TCP), then the receiver can be assured of the proper sequence
MAC function
• similar to encryption, difference is that the MAC algorithm need not be reversible
• many-to-one function
• The domain of the function consists of messages of some arbitrary length, whereas the range
consists of all possible MACs and all possible keys
o If an n-bit MAC is used, then there are 2n possible MACs, whereas there are N possible
messages with N >> 2n
o with a k-bit key, there are 2k possible keys
• MAC does not provide a digital signature because both sender and receiver share the same ke