SUNWAY UNIVERSITY

ADVANCED
NETWORK
SECURITY
Part 3
Dr Athirah Mohd Ramly
Public Key Cryptography and
Message Authentication
Understand how the network security works
 Message
Authentication
Encryption protects against passive attack
(eavesdropping)
A different requirement is to protect against active
attack (falsification of data and transactions)
Protection against such attacks is known as
message authentication
Message authentication is a procedure that allows
communicating parties to verify that received
messages are authentic
The two important aspects are to verify that
the contents of the message have not been
altered and that the source is authentic
Using conventional Without message
encryption encryption
•Symmetric encryption alone is not a suitable
An authentication tag is generated and
tool for data authentication
appended to each message for transmission

1. We assume that only the sender and

receiver share a key, so only the genuine The message itself is not encrypted and can
sender would be able to encrypt a message be read at the destination independent of the
successfully authentication function at the destination
2. The receiver assumes that no alterations
have been made and that sequencing is
proper if the message includes an error Because the message is not encrypted,
detection code and a sequence number message confidentiality is not provided
3. If the message includes a timestamp, the
receiver assumes that the message has not
been delayed beyond that normally
expected for network transit
One-way Hash Functions

•Accepts a variable-size message M as input and produces a

fixed-size message digest H(M) as output

•Does not take a secret key as input

•To authenticate a message, the message digest is sent with

the message in such a way that the message digest is
authentic
 Secure Hash Functions
•Is important not only in
message authentication but in
digital signatures

•Purpose is to produce a
“fingerprint” of a file, message, or
other block of data

•To be useful for message

authentication, a hash function
H must have the following
properties:
 Security of Hash Functions

There are two approaches to attacking a

secure hash function:
Cryptanalysis
Involves exploiting logical
weaknesses in the algorithm
Brute-force attack
The strength of a hash function
against this attack depends solely
on the length of the hash code
produced by the algorithm
 The SHA Secure Hash function

SHA was developed by NIST and published as a federal information

processing standard (FIPS 180) in 1993
Was revised in 1995 as SHA-1 and published as FIPS 180-1
The actual standards document is entitled “Secure Hash
Standard”
Based on the hash function MD4 and its design closely models MD4
Produces 160-bit hash values
In 2005 NIST announced the intention to phase out approval of SHA-
1 and move to a reliance on SHA-2 by 2010
Table 3.1 Comparison of SHA Parameters

Note: All sizes are measured in bits.

SHA-3
 HMAC
There has been an increased interest in developing a MAC
derived from a cryptographic hash code, such as SHA-1
Cryptographic hash functions generally execute faster in
software than conventional encryption algorithms such as
DES
Library code for cryptographic hash functions is widely
available
A hash function such as SHA-1 was not designed for use as a
MAC and cannot be used directly for that purpose because
it does not rely on a secret key
There have been a number of proposals for the incorporation of
a secret key into an existing hash algorithm
The approach that has received the most support is HMAC
 HMAC Design Objectives
To use, without modifications, available hash functions --- in particular,
hash functions that perform well in software, and for which code is freely
and widely available
To allow for easy replaceability of the embedded hash function in case
faster or more secure hash functions are found or required
To preserve the original performance of the hash function without
incurring a significant degradation
To use and handle keys in a simple way
To have a well understood cryptographic analysis of the strength of the
authentication mechanism based on reasonable assumptions on the
embedded hash function
Counter with Cipher Block Chaining-Message
Authentication Code (CCM)
NIST standard SP 800-38C
Referred to as an authenticated
encryption mode
“Authenticated encryption” is a
term used to describe
encryption systems that
simultaneously protect
confidentiality and authenticity
of communications
A single key is used for both
encryption and MAC algorithms
 Public-Key Encryption Structure
First publicly proposed by Diffie and Hellman in 1976
Based on mathematical functions rather than on simple operations on bit patterns
Is asymmetric, involving the use of two separate keys
Applications for Public-Key Cryptosystems
Public-key systems are characterized by the use of a cryptographic type of
algorithm with two keys, one held private and one available publicly
Depending on the application, the sender uses either the sender’s private key, the
receiver’s public key, or both to perform some type of cryptographic function
Applications for Public-Key Cryptosystems
 Security Considerations
The security of RSA depends on it being used in such a way
as to counter potential attacks
Possible attack approaches are:
Mathematical attacks
Timing attacks
Chosen ciphertext attacks
To counter sophisticated chosen ciphertext attacks, RSA
Security Inc recommends modifying the plaintext using a
procedure known as optimal asymmetric encryption
padding (OAEP)
 Diffie-Hellman Key Exchange
First published public-key algorithm
A number of commercial products employ this key
exchange technique
Purpose of the algorithm is to enable two users to
exchange a secret key securely that then can be
used for subsequent encryption of messages
The algorithm itself is limited to the exchange
of the keys
Depends for its effectiveness on the difficulty of
computing discrete logarithms
 Digital Signature standard (DSS)
FIPS PUB 186
Makes use of the SHA-1 and presents a new digital
signature technique, the Digital Signature Algorithm
(DSA)
Originally proposed in 1991 and revised in 1993 and
again in 1996
Uses an algorithm that is designed to provide only the
digital signature function
Unlike RSA, it cannot be used for encryption or key
exchange
 Digital Signatures
NIST FIPS PUB 186-4 (Digital Signature Standard (DSS)) defines a
digital signature as: “the result of a cryptographic transformation
of data that, when properly implemented, provides a mechanism
for verifying origin authentication, data integrity, and signatory
non-repudiation”
Thus, a digital signature is a data-dependent bit pattern,
generated by an agent as a function of a file, message, or other
form of data block
FIPS 186-4 specifies the use of one of three digital signature
algorithms:
Digital signature algorithm (DSA)
RSA digital signature algorithm
Elliptic curve digital signature algorithm (ECDSA)
 Elliptic-Curve Cryptography (ECC)

Technique is based on the use of a mathematical

construct known as the elliptic curve
Principal attraction of ECC compared to RSA is
that it appears to offer equal security for a far
smaller bit size, thereby reducing processing
overhead
The confidence level in ECC is not yet as high as
that in RSA
 Summary
Approaches to message authentication Message authentication codes
Authentication using conventional HMAC
encryption MACs based on block ciphers
Message authentication without Public-key cryptography principles
message encryption Public-key encryption structure
Secure hash functions Applications for public-key
Hash function requirements cryptosystems
Security of hash functions Requirements for public-key
Simple hash functions cryptography
The SHA secure hash function Public-key cryptography algorithms
SHA-3 The RSA public-key encryption
Digital signatures algorithm
Digital signature generation and Diffie-Hellman key exchange
verification Other public-key cryptography
RSA digital signature algorithm algorithms