Cryptography and Network security

Chapter - 3
Hash Functions and Message
Authentication

1
Message Authentication and Hash
Functions
 Authentication Requirements
 Authentication Functions
 Message Authentication Codes
 Hash Functions

2
Authentication Requirements
 Kind of attacks (threats) in the context of
communications across a network
1. Disclosure
2. Traffic analysis
3. Masquerade
4. Content modification
5. Sequence modification
6. Timing modification
7. Repudiation
 Measures to deal with first two attacks:
 In the realm of message confidentiality, and are addressed
with encryption
 Measures to deal with threats 3 through 6
 Message authentication
 Measures to deal with threat 7
 Digital signature
3
Authentication Requirements
 Message authentication
A procedure to verify that messages come from
the alleged source and have not been altered
 Message authentication may also verify
sequencing and timeliness
 Digital signature
 An authentication technique that also includes
measures to counter repudiation by either
source or destination

4
Message Authentication
 Three alternative functions can be used to
produce the authenticator:
 message encryption: the entire ciphertext is used
as its authenticator
 message authentication code (MAC): a public
function of the message and a secret key that
produces a fixed-length value that serves as
authenticator
 hash function: A function that maps a message of
any length into a fixed-length hash value, which
serves as the authenticator
Message Encryption
 Message encryption by itself also provides a
measure of authentication
 if symmetric encryption is used then:
 the message must have come from the sender
because it is the only other party that possesses the
key
 the content cannot be altered if message has
suitable structure, redundancy or a checksum to
detect any changes
 Authentication Functions

Basic Uses of Message Encryption

7
 Public key Encryption

 (b) provides confidentiality

but not authentication;
anyone can use the public key
of B;
 (c) as for the symmetric key it
provides message
authentication (the message
must have a structure) but it
provides also digital
signature.
 (d) provides confidentiality as
well.
 Authentication Functions

Ways of Providing Structure

• Append an error-detecting code (frame check
sequence (FCS)) to each message

 Internal and external checksum

9
 Authentication Functions

Confidentiality and Authentication

Implications of Message Encryption

10
 Hash Functions
 condenses arbitrary message to fixed size ( i.e A
hash function H accepts a variable-length block of
data M as input and produces a fixed-size hash value
h = H(M).)
 The principal object of a hash function is data
integrity.
 usually assume hash function is public.
 Hash used to detect changes to message.
want a cryptographic hash function
 computationally infeasible to find data mapping to

specific hash (one-way property)

 computationally infeasible to find two data to same

hash (collision-free property)

 Hash Functions

Hash Function Requirements

1. H can be applied to any size data block
2. H produces fixed-length output
3. H(x) is relatively easy to compute for any given x
4. H is one-way, i.e., given h, it is computationally
infeasible to find any x such that h = H(x)
5. H is weakly collision resistant: given x, it is
computationally infeasible to find any y  x such
that H(x) = H(y)
6. H is strongly collision resistant: it is
computationally infeasible to find any x and y
such that H(x) = H(y)

12
 Authentication Functions

Basic Uses of Hash Function

13
 Authentication Functions

Basic Uses of Hash Function

14
 Authentication Functions

Basic Uses of Hash Function

 Converts a variable size message M into
fixed size hash code H(M) (Sometimes
called a message digest)
 Can be used with encryption for
authentication
 E(M || H(M))
 M || E(H(M))
 M || signed H(M)
 E( M || signed H(M) ) gives confidentiality
 M || H( M || S )
 E( M || H( M || S) )

15
 Authentication Functions

Basic Uses of Hash Function

16
 Hash Functions

Basic Uses of Hash Function

 h = H(M)
 M is a variable-length message, h is a fixed-
length hash value, H is a hash function
 The hash value is appended at the source
 The receiver authenticates the message by
recomputing the hash value
 Because the hash function itself is not
considered to be secret, some means is
required to protect the hash value

17
Message Authentication Code (MAC)
 An alternative way to do message
authentication
 MAC is a cryptographic checksum
 fixed-sized
block
 depending on both message and some key
 like encryption though need not be reversible
 appended to message as a signature
 receiver performs same computation on
message and checks it matches the MAC
 provides assurance that message is
unaltered and comes from sender
 Authentication Functions

Basic Uses of MAC

19
 Authentication Functions

Basic Uses of MAC

20
 Authentication Functions

Why Use MACs?

 i.e.,
why not just use encryption?
 MAC might be cheaper
 Authentication of executable codes
 Architectural flexibility
 Separation of authentication check from
message use

21
 MACs

Message Authentication Codes

 MAC= CK(M)

 Key length requirements

 Sufficient key length to thwart brute force
attack

22
END

23