1 / 34

Lecture 10 Overview

Lecture 10 Overview. Cryptographic Hash Functions. Message Digest Functions Protect integrity Create a message digest or fingerprint of a digital document MD4, MD5, SHA Message Authentication Codes (MACs) Protect both integrity and authenticity

charis
Télécharger la présentation

Lecture 10 Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 10 Overview

  2. Cryptographic Hash Functions • Message Digest Functions • Protect integrity • Create a message digest or fingerprint of a digital document • MD4, MD5, SHA • Message Authentication Codes (MACs) • Protect both integrity and authenticity • Produce fingerprints based on both a given document and a secret key CS 450/650 Lecture 10: Hash Functions

  3. Message Digest Functions • Checksums  fingerprint of a message • If message changes, checksum will not match • Most checksums are good in detecting accidental changes made to a message • They are not designed to prevent an adversary from intentionally changing a message resulting a message with the same checksum • Message digests are designed to protect against this possibility CS 450/650 Lecture 10: Hash Functions

  4. Collision-resistant, One-way hash fnc. • Given M, • it is easy to compute h • Given any h, • it is hard to find any M such that H(M) = h • Given M1, it is difficult to find M2 • such that H(M1) = H(M2) • Functions that satisfy these criteria are called message digest • They produce a fixed-length digest (fingerprint) CS 450/650 Lecture 10: Hash Functions

  5. A MAC Based on a Block Cipher • M1 • M1 • M1 • XOR • XOR • Encrypt • … • Encrypt • Encrypt • MAC • k • k • k CS 450/650 Lecture 10: Hash Functions

  6. Secure Hash Algorithm (SHA) • SHA-0 1993 • SHA-1 1995 • SHA-2 2002 • SHA-224, SHA-256, SHA-384, SHA-512 SHA-1 160-bit message digest A message composed of b bits CS 450/650 Lecture 8: Secure Hash Algorithm

  7. Step 1 -- Padding • Padding the total length of a padded message is multiple of 512 • Every message is padded even if its length is already a multiple of 512 • Padding is done by appending to the input • A single bit, 1 • Enough additional bits, all 0, to make the final 512 block exactly 448 bits long • A 64-bit integer representing the length of the original message in bits CS 450/650 Lecture 8: Secure Hash Algorithm

  8. Step 2 -- Dividing Pad(M) • Pad (M) = B1, B2, B3, …, Bn • Each Bi denote a 512-bit block • Each Bi is divided into 16 32-bit words • W0, W1, …, W15 CS 450/650 Lecture 8: Secure Hash Algorithm

  9. Step 3 – Compute W16 – W79 • To Compute word Wj (16<=j<=79) • Wj-3, Wj-8, Wj-14 , Wj-16 are XORed • The result is circularly left shifted one bit CS 450/650 Lecture 8: Secure Hash Algorithm

  10. Step 5 – Loop For j = 0 … 79 TEMP = CircLeShift_5 (A) + fj(B,C,D) + E + Wj + Kj E = D; D = C; C = CircLeShift_30(B); B = A; A = TEMP Done +  addition (ignore overflow) CS 450/650 Lecture 8: Secure Hash Algorithm

  11. Four functions • For j = 0 … 19 • fj(B,C,D) = (B AND C) OR (B AND D) OR (C AND D) • For j = 20 … 39 • fj(B,C,D) = (B XOR C XOR D) • For j = 40 … 59 • fj(B,C,D) = (B AND C) OR ((NOT B) AND D) • For j = 60 … 79 • fj(B,C,D) = (B XOR C XOR D) CS 450/650 Lecture 8: Secure Hash Algorithm

  12. Step 6 – Final • H0 = H0 + A • H1 = H1 + B • H2 = H2 + C • H3 = H3 + D • H4 = H4 + E CS 450/650 Lecture 8: Secure Hash Algorithm

  13. Done • Once these steps have been performed on each 512-bit block (B1, B2, …, Bn) of the padded message, • the 160-bit message digest is given by H0 H1 H2 H3 H4 CS 450/650 Lecture 8: Secure Hash Algorithm

  14. SHA CS 450/650 Lecture 8: Secure Hash Algorithm

  15. Lecture 11 Digital Signatures CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Hesham El-Rewini

  16. Digital Signatures • A digital signature can be interpreted as indicating the signer’s agreement with the contents of an electronic document • Similar to handwritten signatures on physical documents CS 450/650 Lecture 11: Digital Signatures

  17. Digital Signature Properties • Unforgeable: Only the signer can produce his/her signature • Authentic: A signature is produced only by the signer deliberately signing the document CS 450/650 Lecture 11: Digital Signatures

  18. Digital Signature Properties • Non-Alterable: A signed document cannot be altered without invalidating the signature • Non-Reusable: A signature from one document cannot be moved to another document • Signatures can be validated by other users • the signer cannot reasonably claim that he/she did not sign a document bearing his/her signature CS 450/650 Lecture 11: Digital Signatures

  19. Digital Signature Using RSA • The RSA public-key cryptosystem can be used to create a digital signature for a message m • Asymmetric Cryptographic techniques are well suited for creating digital signatures • The signer must have an RSA public/private key pair • c = Me mod n • M = cd mod n CS 450/650 Lecture 11: Digital Signatures

  20. Signature Generation (Signer) Message Redundancy Function Formatted Message Encrypt Private Key Signature CS 450/650 Lecture 11: Digital Signatures

  21. Signature Verification Signature Public Key Decrypt Formatted Message Verify Message CS 450/650 Lecture 11: Digital Signatures

  22. Example • Generate signature S • d = 53 • e = 413 • n = 629 • m = 250 • Assume that R(X) = X • S = R(m)e mod n • S = 25053 mod 629 = 411 CS 450/650 Lecture 11: Digital Signatures

  23. Example • Verify signature with message recovery • Public key (e) = 413 • n = 629 • S = 411 • R(m) = Se mod n • R(m) = 411413 mod 629 = 250 • Verifier checks that R(m) has proper redundancy created by R (none in this case) • m = R-1(m) = 250 CS 450/650 Lecture 11: Digital Signatures

  24. Creating a forged signature • Choose a random number between 0 and n-1 for S • S = 323 • Use the signer’s public key to decrypt S • R(m) = 323413 mod 629 = 85 • Invert R(m) to m: m = 85 • A valid signature (323) has been created for a random message (85) CS 450/650 Lecture 11: Digital Signatures

  25. Redundancy Function • The choice of a poor redundancy function can make RSA vulnerable to forgery • A good redundancy function should make forging signatures much harder CS 450/650 Lecture 11: Digital Signatures

  26. Example • generate signature S • d = 53 • e = 413 • n = 629 • m = 7 • Assume that R(X) = XX • S = R(m)e mod n • S = 7753 mod 629 = 25 CS 450/650 Lecture 11: Digital Signatures

  27. Example • verify signature with message recovery • Public key (e) = 413 • n = 629 • S = 25 • R(m) = Se mod n • R(m) = 25413 mod 629 = 77 • The verifier then checks that R(m) is of the form XX for some message X • m = R-1(m) = 7 CS 450/650 Lecture 11: Digital Signatures

  28. Forging signature (revisited) • Choose a random number between 0 and n-1 for S • S = 323 • Use the signer’s public key to decrypt S • R(m) = 323413 mod 629 = 85 • However, 85 is not a legal value for R(m) • so S = 323 is not a valid signature CS 450/650 Lecture 11: Digital Signatures

  29. Privacy • Signature provides only authenticity. • How can we provide privacy in addition? CS 450/650 Fundamentals of Integrated Computer Security

  30. Simple Scenario of Digital Signature

  31. Getting a Message Digest from a document Hash Message Digest CS 450/650 Lecture 11: Digital Signatures

  32. Generating Signature Message Digest Signature Encrypt using private key CS 450/650 Lecture 11: Digital Signatures

  33. Appending Signature to document Append Signature CS 450/650 Lecture 11: Digital Signatures

  34. Verifying Signature Hash Message Digest Message Digest Decrypt using public key CS 450/650 Lecture 11: Digital Signatures

More Related