Computer and Data Security Lecture 8 Message Authentication and Hash Function Attacks on Communications across Network 1. Disclosure: encryption 2. Traffic analysis: encryption 3. Masquerade: message authentication 4. Content modification: message authentication 5. Sequence modification: message authentication 6. Timing modification: message authentication 7. Source repudiation: digital signatures 8. Destination repudiation: digital signatures Authentication l Receiver wants to verify: Ø Contents of the message have not been modified (data authentication) Ø Source of message is who they claim to be (source authentication) l Different approaches available: Ø Symmetric Key Encryption Ø Message Authentication Codes (MACs) Ø Hash Functions Ø Public Key Encryption (i.e. Digital Signatures) Symmetric Key Encryption for Authentication l Confidentiality: only B (and A) can recover plaintext l Source Authentication: A is only other user with key; must have come from A l Data Authentication: successfully decrypted; data has not been modified l Assumption: decryptor can recognize correct plaintext Message Authentication Codes (MACs) l Message (M) is send from the source (sender). l Message (M) entered the MAC function (C) and use the secret key to generate a small fixed size block of data known as a MAC. l The generated MAC is appended to the message (M). l The message plus MAC are transmitted to the receiver. Hash Functions l Hash function H: variable-length block of data M input; fixed-size hash value h = H(M) output l Applying H to large set of inputs should produce evenly distributed and random looking outputs l Cryptographic hash function: computationally infeasible to find: 1. M that maps to known h (one-way property) 2. M1 and M2 that produce same h (collision-free property) l Used to determine whether or not data has changed l Examples: message authentication, digital signatures, one-way password file. Cryptographic Hash Function Hash Algorithms: MD5 l Message Digest algorithm 5, developed by Ron Rivest in 1991 l Generates 128-bit hash l Was commonly used by applications, passwords, file integrity; no longer recommended l Collision and other attacks possible; tools publicly available to attack MD5 Hash Algorithms: SHA l Secure Hash Algorithm, developed by NIST l Standardized by NIST in FIPS 180 in 1993 l Improvements over time: SHA-0, SHA-1, SHA-2, SHA-3 l SHA-1 (and SHA-0) are considered insecure; no longer recommended l SHA-2 considered secure l SHA-3 in begin standardized by NIST Digital Signatures l Aim of a signature: prove to anyone that a message originated at (or is approved by) a particular user l Symmetric key cryptography Ø Two users, A and B, share a secret key K Ø Receiver of message (user A) can verify that message came from the other user (B) Ø User C cannot prove that the message came from B (it may also have came from A) l Public key cryptography can provide signature: only one user has the private key Digital Signature Operations (Concept) l Signing Ø User signs a message by encrypting with own private key S = E(PRA,M) Ø User attaches signature to message l Verification Ø User verifies a message by decrypting signature with signer’s public key M′ =D(PUA,S) Ø User then compares received message M with decrypted M′; if identical, signature is verified Digital Signature Scheme Digital Signature Operations (Practice) No need to encrypt entire message; encrypt hash of message l Signing Ø User signs a message by encrypting hash of message with own private key S = E(PRA,H(M)) Ø User attaches signature to message Digital Signature Operations (Practice) l Verification Ø User verifies a message by decrypting signature with signer’s public key h = D(PUA,S) Ø User then compares hash of received message, H(M), with decrypted h; if identical, signature is verified Digital Signature Algorithms l RSA l Digital Signature Algorithm (DSA): FIPS-186 l ECDSA: DSA with elliptic curve cryptography l ElGamal signature scheme: DSA is enhancement of ElGamal l Bilinear pairing based signatures, e.g. BLS l Different hash algorithms can be used; e.g. SHA2 Ø Preimage resistant, second preimage resistant, collision resistant .