SlideShare a Scribd company logo

Network and computer security-

Deepak John
Deepak John

The document discusses key management in public-key encryption, detailing methods for distributing public keys and secret keys, and the importance of public-key authorities and certificates. It explores the Diffie-Hellman key exchange and elliptic curve cryptography as techniques for secure key exchange, alongside the concepts of message authentication and hash functions for ensuring message integrity. Finally, it outlines the requirements and security properties for effective cryptographic practices.

Education
1 of 23
Downloaded 28 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 60 3.1 KEY MANAGEMENT  public-key encryption helps address key distribution problems  have two aspects of this:  distribution of public keys  use of public-key encryption to distribute secret keys Distribution of Public Keys  can be considered as using one of:  public announcement  publicly available directory  public-key authority  public-key certificates Public Announcement  users distribute public keys to recipients or broadcast to community at large  major weakness is forgery  anyone can create a key claiming to be someone else and broadcast it Fig 3.1 public announcement Publicly Available Directory  can obtain greater security by registering keys with a public directory  directory must be trusted with properties:  contains {name, public-key} entries  participants register securely with directory  participants can replace key at any time  directory is periodically published  directory can be accessed electronically  still vulnerable to tampering or forgery
MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 61 Fig 3.2 public available directory Public-Key Authority  improve security by tightening control over distribution of keys from directory  has properties of directory  Assumes that a central authority maintains a dynamic directory of public keys of all participants. Fig 3.3 public key authority 1. A sends a time stamped message to the public-key authority containing a request for the current public key of B. 2. The authority responds with a message that is encrypted using the authority's private key, PRauth.The message includes B's public key-Pub, The original request, and the original timestamp. 3. A stores B's public key and also uses it to encrypt a message to B containing an identifier of A (IDA) and a nonce (N1), which is used to identify this transaction uniquely.
MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 62 4. B sends a time stamped message to the public-key authority containing a request for the current public key of A. 5. B retrieves A's public key from the authority in the same manner as A retrieved B’s public key. public keys have been securely delivered to A and B, and they may begin their protected exchange. 6. B sends a message to A encrypted with PUa and containing A's nonce (N1) as well as a new nonce generated by B (N2) Because only B could have decrypted message , the presence of N1 in message assures A that the correspondent is B. 7. A returns N2, encrypted using B's public key, to assure B that its correspondent is A. Public-Key Certificates  certificates allow key exchange without real-time access to public-key authority  certificate consists of a public key plus an identifier of the key owner  with all contents signed by a trusted Certificate Authority (CA)  A user can present his or her public key to the authority in a secure manner, and obtain a certificate.  The user can then publish the certificate. Anyone needed this user's public key can obtain the certificate and verify that it is valid by way of the attached trusted signature.  any other participant, who reads and verifies the certificate as follows: D(PUauth, CA) = D(PUauth, E(PRauth, [T||IDA||PUa])) = (T||IDA||PUa) Fig 3.4 Public-Key Certificates Requirements on this scheme: 1. Any participant can read a certificate to determine the name and public key of the certificate's owner. 2. Any participant can verify that the certificate originated from the certificate authority and is not counterfeit.
MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 63 3. Only the certificate authority can create and update certificates. 3.1.1 Distribution of Secret Keys Using Public-Key Cryptography  use previous methods to obtain public-key Simple Secret Key Distribution . Fig 3.5 Simple Secret Key Distribution 1. A generates a public/private key pair {PUa, PRa} and transmits a message to B consisting of PUa and an identifier of A, IDA. 2. B generates a secret key, Ks, and transmits it to A, encrypted with A's public key. 3. A computes D (PRa, E (PUa, Ks)) to recover the secret key. Because only A can decrypt the message, only A and B will know the identity of Ks.  A and B can now securely communicate using conventional encryption and the session key Ks. At the completion of the exchange, both A and B discard Ks Secret Key Distribution with Confidentiality and Authentication  Provides protection against both active and passive attacks. Fig 3.6 Secret Key Distribution with Confidentiality and Authentication 1. A uses B's public key to encrypt a message to B containing an identifier of A (IDA) and a nonce (N1), which is used to identify this transaction uniquely. 2. B sends a message to A encrypted with PUa and containing A's nonce (N1) as well as a new nonce generated by B (N2) .the presence of N1 in message assures A that the correspondent is B. 3. A returns N2 encrypted using B's public key, to assure B that its correspondent is A.
MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 64 4. A selects a secret key Ks and sends M = E (PUb, E (PRa, Ks)) to B. Encryption of this message with B's public key ensures that only B can read it; encryption with A's private key ensures that only A could have sent it. 5. B computes D (PUa, D (PRb, M)) to recover the secret key. Hybrid Key Distribution  retain use of KDC  shares secret master key with each user  distributes secret session key encrypted using master key  public-key used to distribute master keys  rationale  performance  backward compatibility 3.2 DIFFIE-HELLMAN KEY EXCHANGE  first public-key algorithm by Diffie & Hellman in 1976  is a practical method for public exchange of a secret key  used in a number of commercial products Primitive route  Let p be a prime. Then b is a primitive root for p if the powers of b:1, b, b^2, b^3, ... include all of the residue classes mod p (except 0).  Examples: If p=7, Then 3 is a primitive root for p because the powers of 3 are 1, 3, 2, 6, 4, 5 that is, every number mod 7 occurs except 0. But 2 isn't a primitive root because the powers of 2 are 1, 2, 4, 1, 2, 4, 1, 2, 4... Missing several values. The Algorithm For this scheme, there are two publicly known numbers: a prime number and an integer α that is a primitive root of . Suppose the users A and B wish to exchange a key. User A selects a random integer and computes similarly, user B independently selects a random integer and computes. Each side keeps the value private and makes the value available publicly to the other side. User A computes the key as and user B computes the key as .These two calculations produce identical results:
MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 65 Fig 3.7 the Diffie-Hellman Key Exchange Algorithm Diffie-Hellman Example  users Alice & Bob who wish to swap keys:  agree on prime q=353 and α=3  select random secret keys:  A chooses xA=97, B chooses xB=233  compute respective public keys:  yA=397 mod 353 = 40 (Alice)  yB=3233 mod 353 = 248 (Bob)  compute shared session key as:  KAB= yB xA mod 353 = 24897 = 160 (Alice)  KAB= yA xB mod 353 = 40233 = 160 (Bob) Key Exchange Protocols  users could create random private/public D-H keys each time they communicate  users could create a known private/public D-H key and publish in a directory, then consulted and used to securely communicate with them
MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 66  both of these are vulnerable to a meet-in-the-Middle Attack  authentication of the keys is needed Fig 3.8 Diffie-Hellman Key Exchange 3.3 ELLIPTIC CURVE ARITHMETIC  majority of public-key crypto (RSA, D-H) use either integer or polynomial arithmetic with very large numbers/polynomials  imposes a significant load in storing and processing keys and messages  an alternative is to use elliptic curves  offers same security with smaller bit sizes Elliptic Curves  an elliptic curve is defined by an equation in two variables x & y, with coefficients  consider a cubic elliptic curve of form  y2 = x3 + ax + b
MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 67  where x,y,a,b are all real numbers  consider set of points E(a , b) that satisfy  have addition operation for elliptic curve  geometrically sum of P+Q is reflection of the intersection R Fig 3.9 elliptic curve Consider elliptic curve E: y2 = x3 - x + 1 If P1 and P2 are on E, we can define P3 = P1 + P2 Finite Elliptic Curves  Elliptic curve cryptography uses curves whose variables & coefficients are finite  have two families commonly used:  prime curves Ep(a , b) defined over Zp  use integers modulo a prime  best in software  binary curves E2m(a , b) defined over GF(2n )  use polynomials with binary coefficients  best in hardware 3.4 ELLIPTIC CURVE CRYPTOGRAPHY  Elliptic curve cryptography [ECC] is a public-key cryptosystem  Elliptic curves are used as an extension to other current cryptosystems.  Elliptic Curve Diffie-Hellman Key Exchange  Elliptic Curve Digital Signature Algorithm  The central part of any cryptosystem involving elliptic curves is the elliptic group. Generic Procedures of ECC
MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 68  Both parties agree to some publicly-known data items  The elliptic curve equation  values of a and b  prime, q  The elliptic group computed from the elliptic curve equation  A base point, G, taken from the elliptic group  Similar to the generator used in current cryptosystems  Each user generates their public/private key pair  Private Key = an integer, selected from the interval [1, q-1]  Public Key = product, of private key and base point ( x*B) Fig 3.10 ECC Diffie-Hellman Key Exchange Applications of ECC  Many devices are small and have limited storage and computational power  Where can we apply ECC?  Wireless communication devices  Smart cards
MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 69  Web servers that need to handle many encryption sessions  Any application where security is needed but lacks the power, storage and computational power that is necessary for our current cryptosystems Security of Elliptic Curve Cryptography The security of ECC depends on how difficult it is to determine given and.This is referred to as the elliptic curve logarithm problem. The fastest known technique for taking the elliptic curve logarithm is known as the Pollard rho method. 3.5 MESSAGE AUTHENTICATION  Message authentication is concerned with:  protecting the integrity of a message  validating identity of originator  non-repudiation of origin (dispute resolution)  will consider the security requirements  then three alternative functions used: a) message encryption b) message authentication code (MAC) c) hash function Message Encryption  message encryption by itself also provides a measure of authentication  Symmetric Encryption  Public Key encryption Fig 3.11 symmetric and public key encryption Message Authentication Code (MAC)  generated by an algorithm that creates a small fixed-sized block
MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 70  depending on both message and some key  appended to message as a signature  receiver performs same computation on message and checks it matches the MAC  provides assurance that message is unaltered and comes from sender  MAC= C(K, M), where M = input message, C = MAC function and K = shared secret key Fig 3.12 Message authentication code Requirements for MACs 1. knowing a message and MAC, is infeasible to find another message with same MAC 2. MACs should be uniformly distributed 3. MAC should depend equally on all bits of the message Using Symmetric Ciphers for MACs  can use any block cipher chaining mode and use final block as a MAC  Data Authentication Algorithm (DAA) is a widely used MAC based on DES  using IV=0  encrypt message using DES in CBC mode  and send just the final block as the MAC or the leftmost M bits (16≤M≤64) of final block  but final MAC is now too small for security Fig 3.13 Data Authentication Algorithm (DAA)
MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 71 3.6 HASH FUNCTIONS  A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H (M)  hash used to detect changes to message  The hash code is a function of all the bits of the message and provides an error-detection capability: A change to any bit or bits in the message results in a change to the hash code. Fig 3.14 Black Diagram of Cryptographic Hash Function Three desirable properties: 1. One-way: For any given code h, it is computationally infeasible to find x such that H(x)=h. 2. Weak collision resistance: For any given block x, it is computationally infeasible to find y ≠ x with H(y) = H(x). 3. Strong collision resistance: It is computationally infeasible to find any pair (x, y) such that H(x) = H(y). Requirements for Hash Functions 1. can be applied to any sized message M 2. produces fixed-length output h 3. is easy to compute h=H(M) for any message M 4. Given h is infeasible to find x such that. H(x)=h 5. Given x is infeasible to find y such that. H(y)=H(x) 6. Is infeasible to find any x, y such that. H(y)=H(x)
MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 72 Simple Hash Functions  based on XOR of message blocks  Ci = bi1 XOR bi2 ...XOR bim Where Ci = ith bit of the hash code, 1 ≤ i ≤ n m = number of n-bit blocks in the input bij = ith bit in jth block Hash Functions & MAC Security  brute-force attacks  Hash function: The strength of a hash function against brute-force attacks depends solely on the length of the hash code produced by the algorithm  MAC: with known message-MAC pairs  cryptanalytic attacks exploit structure  like block ciphers want brute-force attacks to be the best alternative  more variety of MACs so harder to generalize about cryptanalysis 3.7 HASH AND MAC ALGORITHMS 3.7.1 Secure Hash Algorithm  SHA originally designed by NIST in 1993  was revised in 1995 as SHA-1 produces 160-bit hash values  adds 3 additional versions of SHA ,SHA-256, SHA-384, SHA-512  designed for compatibility with increased security provided by the AES cipher  structure & detail is similar to SHA-1  but security levels are rather higher SHA-512 Overview  Takes as input a message with a maximum length of less than 2128 bits and produces as output a 512-bit message digest.  The input is processed in 1024-bit blocks. Step 1: Append padding bits and length  Padding is done by appending to the input  A single bit, 1  Enough additional bits, all 0,  Message length is appended
MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 73 Step 2: Initialize hash buffer  512-bit buffer is used to hold intermediate and final results of the hash function.  The buffer can be represented as eight 64-bit registers (a, b, c, d, e, f, g, h).  These registers are initialized to the 64-bit integers Fig 3.15 SHA 512 Step 3: Process the message in 1024-bit blocks  which forms the heart of the algorithm  this module is labeled F  consists of 80 rounds updating a 512-bit buffer Step 4: Output the final state value as the resulting hash  After all N 1024-bit blocks have been processed, the output from the Nth stage is the 512-bit message digest. 3.7.2 Whirlpool  is an iterated cryptographic hash function,  That uses a symmetric-key block cipher (AES) in place of the compression function.  The processing consists of the following steps: Step 1: Append padding bits and length Step 2: Initialize hash matrix Step 3: Process message in 512-bit (64-byte) blocks, using as its core, the block cipher W.
MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 74 Fig 3.16 whirpool Whirlpool Block Cipher W  designed specifically for hash function use with security and efficiency of AES  but with 512-bit block size and hence generate a secure hash  similar structure & functions as AES but  input is mapped row wise  has 10 rounds  uses different S-box design & values Fig 3.17 Whirlpool Block Cipher W Performance & Security  Whirlpool is a very new proposal  hence little experience with use  but many AES findings should apply
MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 75  does seem to need more h/w than SHA, but with better resulting performance 3.7.3 HMAC  Hash-based Message Authentication Code  Design Objectives  use, without modifications, hash functions  allow for easy replicability of embedded hash function  preserve original performance of hash function without significant degradation  Use and handle keys in a simple way.  have well understood cryptographic analysis of authentication mechanism strength  any hash function can be used  eg. SHA-1,512, Whirlpool etc Algorithm  b = number of bits in a block  K+ is K padded with zeros on the left so that the result is b bits in length.  ipad is a pad value of 36 hex repeated to fill block  opad is a pad value of 5C hex repeated to fill block.  M is the message input  Yi = ith block of M,  H = embedded hash function.  L = number of blocks in M.  n = length of hash code produced by embedded hash function  Then HMAC can be represented as: HMACK = Hash [(K+ XOR opad) || Hash [(K+ XOR ipad)||M)]] 1. Append zeros to the left end of K to create a b-bit string K+. 2. XOR (bitwise exclusive-OR) K + with ipad to produce the b-bit block Si. 3. Append M to Si. 4. Apply H to the stream generated in step 3. 5. XOR K+ with opad to produce the b-bit block S0. 6. Append the hash result from step 4 to So. 7. Apply H to the stream generated in step 6 and output the result.
MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 76 Fig 3.18 HMAC HMAC Security  proved security of HMAC relates to that of the underlying hash algorithm  attacking HMAC requires either:  brute force attack on key used  birthday attack  choose hash function used based on speed verses security constraints 3.7.4 CMAC  Cipher-based Message Authentication Code (CMAC).  Mode of operation for use with AES and triple DES.  The operation of CMAC when the message is an integer multiple n of the cipher block length b . Fig 3.19 CMAC  If the message is not an integer multiple of the cipher block length, then the final block is padded to the right (least significant bits) with a 1 and as many 0s as necessary so that the final block is also of length .The CMAC operation then proceeds as before, except that a different n-bit key K2 is used instead of K1.
MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 77 Fig 3.20 CMAC  where T = message authentication code, also referred to as the tag Tlen = bit length of T MSBs(X) = the s leftmost bits of the bit string X 3.8 DIGITAL SIGNATURES & AUTHENTICATION PROTOCOLS 3.8.1 Digital Signature  digital signatures provide the ability to:  verify author, date & time of signature  authenticate message contents  be verified by third parties to resolve disputes  hence include authentication function with additional capabilities Fig 3.21 Digital signature
MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 78 Digital Signature Properties  must depend on the message signed  must use information unique to sender  must be relatively easy to produce  must be relatively easy to recognize & verify  be computationally infeasible to forge  with new message for existing digital signature  with fraudulent digital signature for given message  be practical save digital signature in storage  Two approaches: direct and arbitrated. Direct Digital Signatures  involve only sender & receiver  assumed receiver has sender’s public-key  digital signature made by sender signing entire message or hash with private-key  can encrypt using receivers public-key  important that sign first then encrypt message & signature  security depends on sender’s private-key Arbitrated Digital Signatures  involves use of arbiter A  validates any signed message  then dated and sent to recipient  requires suitable level of trust in arbiter  can be implemented with either private or public-key algorithms  arbiter may or may not see message Digital Signature Standard (DSS)  DSS is the standard, uses the SHA hash algorithm and it cannot be used for encryption or key exchange  includes alternative RSA & elliptic curve signature variants  Two Approaches to Digital Signatures I. RSA approach II. DSS approach
MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 79 Fig 3.22 digital signature approaches Digital Signature Algorithm (DSA)  creates a 320 bit signature
MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 80 Fig 3.23 digital signature algorithm DSS Overview Fig 3.24 DSS overview 3.8.2 Authentication Protocols  used to convince parties of each other’s identity and to exchange session keys  may be one-way or mutual  key issues are  confidentiality – to protect session keys  timeliness – to prevent replay attacks Mutual authentication
MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 81  Enable communicating parties to satisfy themselves mutually about each other's identity and to exchange session keys. Replay Attacks  where a valid signed message is copied and later resent  countermeasures include  use of sequence numbers  timestamps  challenge/response Using Symmetric Encryption  use a two-level hierarchy of keys  usually with a trusted Key Distribution Center (KDC)  each party shares own master key with KDC  KDC generates session keys used for connections between parties  master keys used to distribute these to them Needham-Schroeder Protocol  used to securely distribute a new session key for communications between A & B  key distribution protocol for session between A and B mediated by KDC  protocol overview is: 1. A->KDC: IDA || IDB || N1 2. KDC -> A: EKa[Ks || IDB || N1 || EKb[Ks||IDA] ] 3. A -> B: EKb[Ks||IDA] 4. B -> A: EKs[N2] 5. A -> B: EKs[f(N2)]  Ka and Kb:Secret keys  Ks: session key Using Public-Key Encryption  have a range of approaches based on the use of public-key encryption  need to ensure have correct public keys for other parties  using a central Authentication Server (AS)  various protocols exist using timestamps or non Denning AS Protocol 1. A -> AS: IDA || IDB 2. AS -> A: EPRas[IDA||PUa||T] || EPRas[IDB||PUb||T] 3. A -> B: EPRas[IDA||PUa||T] || EPRas[IDB||PUb||T] || EPUb[EPRas[Ks||T]]
MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 82  timestamps prevent replay but require synchronized clocks One-Way Authentication  required when sender & receiver are not in communications at same time (eg. email)  have header in clear so can be delivered by email system  may want contents of body protected & sender authenticated Using Symmetric Encryption  This scheme requires the sender to issue a request to the intended recipient, await a response that includes a session key, and only then send the message. 1. A->KDC: IDA || IDB || N1 2. KDC -> A: EKa[Ks || IDB || N1 || EKb[Ks||IDA] ] 3. A -> B: EKb[Ks||IDA] || EKs[M] Public-Key Approaches  have seen some public-key approaches  if confidentiality is major concern, can use: A->B: EPUb[Ks] || EKs[M]  has encrypted session key, encrypted message  if authentication needed use a digital signature with a digital certificate: A->B: M || EPRa[H(M)] || EPRas[T||IDA||PUa]  with message, signature, certificate

More Related Content

What's hot (19)

PDF
Certificate less key management scheme in
IJNSA Journal
 
PDF
2 IJAERS-JUN-2015-6-RSA and Modified RSA algorithm using C Programming
Puneeth Puni
 
PPT
Chapter 7 security
AbDul ThaYyal
 
PDF
Securing the cloud computing systems with matrix vector and multi-key using l...
eSAT Publishing House
 
PDF
G1102014246
IOSR Journals
 
DOCX
Unit 3(1)
Vinod Kumar Gorrepati
 
PDF
Secured Source Anonymous Message Authentication Using Wireless Sensor Network
iosrjce
 
DOC
Unit 3(1)
Vinod Kumar Gorrepati
 
PDF
S.a.kalaiselvan udrpg dynamic key management based node
kalaiselvanresearch
 
PDF
7317ijcis01
ijcisjournal
 
PDF
PROVABLE SECURE IDENTITY BASED SIGNCRYPTION SCHEMES WITHOUT RANDOM ORACLES
IJNSA Journal
 
PDF
IRJET- Secure Kerberos System in Distributed Environment
IRJET Journal
 
DOCX
Unit 4
Vinod Kumar Gorrepati
 
PDF
Message authentication between the nodes
Selva Raj
 
PDF
Elliptic Curve based Authenticated Session Key Establishment Protocol for Hig...
IJNSA Journal
 
PPT
Chapter 31
Faisal Mehmood
 
PDF
AN EFFICIENT PROXY SIGNCRYPTION SCHEME BASED ON THE DISCRETE LOGARITHM PROBLEM
Zac Darcy
 
DOC
Criptography approach using magnets
snv09
 
PDF
561 1530-1-pb (1)
Meetendra Singh
 
Certificate less key management scheme in
IJNSA Journal
 
2 IJAERS-JUN-2015-6-RSA and Modified RSA algorithm using C Programming
Puneeth Puni
 
Chapter 7 security
AbDul ThaYyal
 
Securing the cloud computing systems with matrix vector and multi-key using l...
eSAT Publishing House
 
G1102014246
IOSR Journals
 
Unit 3(1)
Vinod Kumar Gorrepati
 
Secured Source Anonymous Message Authentication Using Wireless Sensor Network
iosrjce
 
Unit 3(1)
Vinod Kumar Gorrepati
 
S.a.kalaiselvan udrpg dynamic key management based node
kalaiselvanresearch
 
7317ijcis01
ijcisjournal
 
PROVABLE SECURE IDENTITY BASED SIGNCRYPTION SCHEMES WITHOUT RANDOM ORACLES
IJNSA Journal
 
IRJET- Secure Kerberos System in Distributed Environment
IRJET Journal
 
Unit 4
Vinod Kumar Gorrepati
 
Message authentication between the nodes
Selva Raj
 
Elliptic Curve based Authenticated Session Key Establishment Protocol for Hig...
IJNSA Journal
 
Chapter 31
Faisal Mehmood
 
AN EFFICIENT PROXY SIGNCRYPTION SCHEME BASED ON THE DISCRETE LOGARITHM PROBLEM
Zac Darcy
 
Criptography approach using magnets
snv09
 
561 1530-1-pb (1)
Meetendra Singh
 

Viewers also liked (18)

PDF
Module 2 network and computer security
Deepak John
 
PDF
Module 2 instruction set
Deepak John
 
PDF
introduction to computers
Deepak John
 
PDF
Registers and counters
Deepak John
 
PDF
Module 1 8086
Deepak John
 
PDF
Module 4 registers and counters
Deepak John
 
PPTX
Group 11 introduction to registers and counters
university of education,Lahore
 
PPTX
B sc cs i bo-de u-iii counters & registers
Rai University
 
PPT
Ece221 Ch7 Part1
developmentalnerd
 
PPT
Programmable array logic
Gaditek
 
PDF
Programmable Logic Array ( PLA )
Soudip Sinha Roy
 
PPTX
Counters
Ketaki_Pattani
 
PPT
Counters
Lee Diaz
 
DOCX
Counters In Digital Logic Design
Syed Abdul Mutaal
 
PPT
Counters
Abhilash Nair
 
PDF
Counters
Ravi Maurya
 
PDF
Chapter 5 counter
CT Sabariah Salihin
 
PDF
Chapter 4 flip flop for students
CT Sabariah Salihin
 
Module 2 network and computer security
Deepak John
 
Module 2 instruction set
Deepak John
 
introduction to computers
Deepak John
 
Registers and counters
Deepak John
 
Module 1 8086
Deepak John
 
Module 4 registers and counters
Deepak John
 
Group 11 introduction to registers and counters
university of education,Lahore
 
B sc cs i bo-de u-iii counters & registers
Rai University
 
Ece221 Ch7 Part1
developmentalnerd
 
Programmable array logic
Gaditek
 
Programmable Logic Array ( PLA )
Soudip Sinha Roy
 
Counters
Ketaki_Pattani
 
Counters
Lee Diaz
 
Counters In Digital Logic Design
Syed Abdul Mutaal
 
Counters
Abhilash Nair
 
Counters
Ravi Maurya
 
Chapter 5 counter
CT Sabariah Salihin
 
Chapter 4 flip flop for students
CT Sabariah Salihin
 
Ad

Similar to Network and computer security- (20)

PPTX
CNS 3RD UNIT PPT.pptx
pjeraids
 
PPT
ch10_Key_Management.ppt ch10_Key_Management.ppt ch10_Key_Management.ppt
tahirnaquash2
 
PPT
Unit - 3.ppt
DHANABALSUBRAMANIAN
 
PPT
KEY MGMT.ppt
RizwanBasha12
 
PPTX
UNIT-IV.pptx
SunnyAnchews
 
PPT
ch10_key_management.ppt
PanimalarK
 
PPT
Is unit-4-part-1
vmuniraja
 
PDF
Unit 2_Public Key Cryptograohy_RSA_Example.pdf
KanchanPatil34
 
PPTX
Security
Saqib Shehzad
 
PDF
2. public key cryptography and RSA
Dr.Florence Dayana
 
PPTX
Cyptography and network security unit 3-1
AsrithaKorupolu
 
PDF
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
 
PPTX
3 public key cryptography
Rutvik Mehta
 
PPTX
Encryption in Cryptography
Uttara University
 
PPTX
Cryptography Key Management.pptx
SurendraBasnet6
 
PDF
encryption and decryption
Sri Manakula Vinayagar Engineering College
 
PPTX
Ch9_Cryptokkkllllllllllllllllllllk6e.pptx
LaxmanBhandari22
 
PPT
6. cryptography
7wounders
 
PPT
Java Crypto
phanleson
 
PPTX
Principles of public key cryptography and its Uses
Mohsin Ali
 
CNS 3RD UNIT PPT.pptx
pjeraids
 
ch10_Key_Management.ppt ch10_Key_Management.ppt ch10_Key_Management.ppt
tahirnaquash2
 
Unit - 3.ppt
DHANABALSUBRAMANIAN
 
KEY MGMT.ppt
RizwanBasha12
 
UNIT-IV.pptx
SunnyAnchews
 
ch10_key_management.ppt
PanimalarK
 
Is unit-4-part-1
vmuniraja
 
Unit 2_Public Key Cryptograohy_RSA_Example.pdf
KanchanPatil34
 
Security
Saqib Shehzad
 
2. public key cryptography and RSA
Dr.Florence Dayana
 
Cyptography and network security unit 3-1
AsrithaKorupolu
 
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
 
3 public key cryptography
Rutvik Mehta
 
Encryption in Cryptography
Uttara University
 
Cryptography Key Management.pptx
SurendraBasnet6
 
encryption and decryption
Sri Manakula Vinayagar Engineering College
 
Ch9_Cryptokkkllllllllllllllllllllk6e.pptx
LaxmanBhandari22
 
6. cryptography
7wounders
 
Java Crypto
phanleson
 
Principles of public key cryptography and its Uses
Mohsin Ali
 
Ad

More from Deepak John (20)

PDF
Network concepts and wi fi
Deepak John
 
PDF
Web browser week5 presentation
Deepak John
 
PDF
Information management
Deepak John
 
PDF
It security,malware,phishing,information theft
Deepak John
 
PDF
Email,contacts and calendar
Deepak John
 
PDF
Computer security module 2
Deepak John
 
PDF
Computer security module 1
Deepak John
 
PDF
Combinational and sequential logic
Deepak John
 
PDF
Module 2 logic gates
Deepak John
 
PDF
Module 1 number systems and code1
Deepak John
 
PDF
Module 5 high speed swan,atm,transport layer
Deepak John
 
PDF
Module 4 netwok layer,routing ,vlan,x.25doc
Deepak John
 
PDF
Module 3 wlan,bluetooth vlan
Deepak John
 
PDF
Module 2 lan,data link layer
Deepak John
 
PDF
Module 1 computer networks imtroduction,data link layer
Deepak John
 
PPTX
Computer networks network layer,routing
Deepak John
 
PDF
Computer networks high speed swan,atm,frame realy
Deepak John
 
PDF
Computer networks wireless lan,ieee-802.11,bluetooth
Deepak John
 
PDF
Computer networks lan
Deepak John
 
PDF
Module 5 embedded systems,8051
Deepak John
 
Network concepts and wi fi
Deepak John
 
Web browser week5 presentation
Deepak John
 
Information management
Deepak John
 
It security,malware,phishing,information theft
Deepak John
 
Email,contacts and calendar
Deepak John
 
Computer security module 2
Deepak John
 
Computer security module 1
Deepak John
 
Combinational and sequential logic
Deepak John
 
Module 2 logic gates
Deepak John
 
Module 1 number systems and code1
Deepak John
 
Module 5 high speed swan,atm,transport layer
Deepak John
 
Module 4 netwok layer,routing ,vlan,x.25doc
Deepak John
 
Module 3 wlan,bluetooth vlan
Deepak John
 
Module 2 lan,data link layer
Deepak John
 
Module 1 computer networks imtroduction,data link layer
Deepak John
 
Computer networks network layer,routing
Deepak John
 
Computer networks high speed swan,atm,frame realy
Deepak John
 
Computer networks wireless lan,ieee-802.11,bluetooth
Deepak John
 
Computer networks lan
Deepak John
 
Module 5 embedded systems,8051
Deepak John
 

Recently uploaded (20)

PPTX
2025 Completing the Pre-SET Plan Form.pptx
mansk2
 
PPTX
How to Setup Automatic Reordering Rule in Odoo 18 Inventory
Celine George
 
PDF
The Power of Compound Interest (Stanford Initiative for Financial Decision-Ma...
Stanford IFDM
 
PPTX
Urban Hierarchy and Service Provisions.pptx
Islamic University of Bangladesh
 
PPTX
How to use _name_search() method in Odoo 18
Celine George
 
PPT
M&A5 Q1 1 differentiate evolving early Philippine conventional and contempora...
ErlizaRosete
 
PPTX
Elo the Hero is an story about a young boy who became hero.
TeacherEmily1
 
PPTX
A Case of Identity A Sociological Approach Fix.pptx
Ismail868386
 
PDF
Public Health For The 21st Century 1st Edition Judy Orme Jane Powell
trjnesjnqg7801
 
PPTX
How to Configure Refusal of Applicants in Odoo 18 Recruitment
Celine George
 
PPTX
F-BLOCK ELEMENTS POWER POINT PRESENTATIONS
mprpgcwa2024
 
PDF
Gladiolous Cultivation practices by AKL.pdf
kushallamichhame
 
PPTX
How to Create & Manage Stages in Odoo 18 Helpdesk
Celine George
 
PDF
Andreas Schleicher_Teaching Compass_Education 2040.pdf
EduSkills OECD
 
PDF
DIGESTION OF CARBOHYDRATES ,PROTEINS AND LIPIDS
raviralanaresh2
 
PPTX
Photo chemistry Power Point Presentation
mprpgcwa2024
 
PDF
Our Guide to the July 2025 USPS® Rate Change
Postal Advocate Inc.
 
PPTX
ESP 10 Edukasyon sa Pagpapakatao PowerPoint Lessons Quarter 1.pptx
Sir J.
 
PPTX
Elo the HeroTHIS IS A STORY ABOUT A BOY WHO SAVED A LITTLE GOAT .pptx
JoyIPanos
 
PPTX
Project 4 PART 1 AI Assistant Vocational Education
barmanjit380
 
2025 Completing the Pre-SET Plan Form.pptx
mansk2
 
How to Setup Automatic Reordering Rule in Odoo 18 Inventory
Celine George
 
The Power of Compound Interest (Stanford Initiative for Financial Decision-Ma...
Stanford IFDM
 
Urban Hierarchy and Service Provisions.pptx
Islamic University of Bangladesh
 
How to use _name_search() method in Odoo 18
Celine George
 
M&A5 Q1 1 differentiate evolving early Philippine conventional and contempora...
ErlizaRosete
 
Elo the Hero is an story about a young boy who became hero.
TeacherEmily1
 
A Case of Identity A Sociological Approach Fix.pptx
Ismail868386
 
Public Health For The 21st Century 1st Edition Judy Orme Jane Powell
trjnesjnqg7801
 
How to Configure Refusal of Applicants in Odoo 18 Recruitment
Celine George
 
F-BLOCK ELEMENTS POWER POINT PRESENTATIONS
mprpgcwa2024
 
Gladiolous Cultivation practices by AKL.pdf
kushallamichhame
 
How to Create & Manage Stages in Odoo 18 Helpdesk
Celine George
 
Andreas Schleicher_Teaching Compass_Education 2040.pdf
EduSkills OECD
 
DIGESTION OF CARBOHYDRATES ,PROTEINS AND LIPIDS
raviralanaresh2
 
Photo chemistry Power Point Presentation
mprpgcwa2024
 
Our Guide to the July 2025 USPS® Rate Change
Postal Advocate Inc.
 
ESP 10 Edukasyon sa Pagpapakatao PowerPoint Lessons Quarter 1.pptx
Sir J.
 
Elo the HeroTHIS IS A STORY ABOUT A BOY WHO SAVED A LITTLE GOAT .pptx
JoyIPanos
 
Project 4 PART 1 AI Assistant Vocational Education
barmanjit380
 

Network and computer security-

  • 1. MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 60 3.1 KEY MANAGEMENT  public-key encryption helps address key distribution problems  have two aspects of this:  distribution of public keys  use of public-key encryption to distribute secret keys Distribution of Public Keys  can be considered as using one of:  public announcement  publicly available directory  public-key authority  public-key certificates Public Announcement  users distribute public keys to recipients or broadcast to community at large  major weakness is forgery  anyone can create a key claiming to be someone else and broadcast it Fig 3.1 public announcement Publicly Available Directory  can obtain greater security by registering keys with a public directory  directory must be trusted with properties:  contains {name, public-key} entries  participants register securely with directory  participants can replace key at any time  directory is periodically published  directory can be accessed electronically  still vulnerable to tampering or forgery
  • 2. MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 61 Fig 3.2 public available directory Public-Key Authority  improve security by tightening control over distribution of keys from directory  has properties of directory  Assumes that a central authority maintains a dynamic directory of public keys of all participants. Fig 3.3 public key authority 1. A sends a time stamped message to the public-key authority containing a request for the current public key of B. 2. The authority responds with a message that is encrypted using the authority's private key, PRauth.The message includes B's public key-Pub, The original request, and the original timestamp. 3. A stores B's public key and also uses it to encrypt a message to B containing an identifier of A (IDA) and a nonce (N1), which is used to identify this transaction uniquely.
  • 3. MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 62 4. B sends a time stamped message to the public-key authority containing a request for the current public key of A. 5. B retrieves A's public key from the authority in the same manner as A retrieved B’s public key. public keys have been securely delivered to A and B, and they may begin their protected exchange. 6. B sends a message to A encrypted with PUa and containing A's nonce (N1) as well as a new nonce generated by B (N2) Because only B could have decrypted message , the presence of N1 in message assures A that the correspondent is B. 7. A returns N2, encrypted using B's public key, to assure B that its correspondent is A. Public-Key Certificates  certificates allow key exchange without real-time access to public-key authority  certificate consists of a public key plus an identifier of the key owner  with all contents signed by a trusted Certificate Authority (CA)  A user can present his or her public key to the authority in a secure manner, and obtain a certificate.  The user can then publish the certificate. Anyone needed this user's public key can obtain the certificate and verify that it is valid by way of the attached trusted signature.  any other participant, who reads and verifies the certificate as follows: D(PUauth, CA) = D(PUauth, E(PRauth, [T||IDA||PUa])) = (T||IDA||PUa) Fig 3.4 Public-Key Certificates Requirements on this scheme: 1. Any participant can read a certificate to determine the name and public key of the certificate's owner. 2. Any participant can verify that the certificate originated from the certificate authority and is not counterfeit.
  • 4. MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 63 3. Only the certificate authority can create and update certificates. 3.1.1 Distribution of Secret Keys Using Public-Key Cryptography  use previous methods to obtain public-key Simple Secret Key Distribution . Fig 3.5 Simple Secret Key Distribution 1. A generates a public/private key pair {PUa, PRa} and transmits a message to B consisting of PUa and an identifier of A, IDA. 2. B generates a secret key, Ks, and transmits it to A, encrypted with A's public key. 3. A computes D (PRa, E (PUa, Ks)) to recover the secret key. Because only A can decrypt the message, only A and B will know the identity of Ks.  A and B can now securely communicate using conventional encryption and the session key Ks. At the completion of the exchange, both A and B discard Ks Secret Key Distribution with Confidentiality and Authentication  Provides protection against both active and passive attacks. Fig 3.6 Secret Key Distribution with Confidentiality and Authentication 1. A uses B's public key to encrypt a message to B containing an identifier of A (IDA) and a nonce (N1), which is used to identify this transaction uniquely. 2. B sends a message to A encrypted with PUa and containing A's nonce (N1) as well as a new nonce generated by B (N2) .the presence of N1 in message assures A that the correspondent is B. 3. A returns N2 encrypted using B's public key, to assure B that its correspondent is A.
  • 5. MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 64 4. A selects a secret key Ks and sends M = E (PUb, E (PRa, Ks)) to B. Encryption of this message with B's public key ensures that only B can read it; encryption with A's private key ensures that only A could have sent it. 5. B computes D (PUa, D (PRb, M)) to recover the secret key. Hybrid Key Distribution  retain use of KDC  shares secret master key with each user  distributes secret session key encrypted using master key  public-key used to distribute master keys  rationale  performance  backward compatibility 3.2 DIFFIE-HELLMAN KEY EXCHANGE  first public-key algorithm by Diffie & Hellman in 1976  is a practical method for public exchange of a secret key  used in a number of commercial products Primitive route  Let p be a prime. Then b is a primitive root for p if the powers of b:1, b, b^2, b^3, ... include all of the residue classes mod p (except 0).  Examples: If p=7, Then 3 is a primitive root for p because the powers of 3 are 1, 3, 2, 6, 4, 5 that is, every number mod 7 occurs except 0. But 2 isn't a primitive root because the powers of 2 are 1, 2, 4, 1, 2, 4, 1, 2, 4... Missing several values. The Algorithm For this scheme, there are two publicly known numbers: a prime number and an integer α that is a primitive root of . Suppose the users A and B wish to exchange a key. User A selects a random integer and computes similarly, user B independently selects a random integer and computes. Each side keeps the value private and makes the value available publicly to the other side. User A computes the key as and user B computes the key as .These two calculations produce identical results:
  • 6. MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 65 Fig 3.7 the Diffie-Hellman Key Exchange Algorithm Diffie-Hellman Example  users Alice & Bob who wish to swap keys:  agree on prime q=353 and α=3  select random secret keys:  A chooses xA=97, B chooses xB=233  compute respective public keys:  yA=397 mod 353 = 40 (Alice)  yB=3233 mod 353 = 248 (Bob)  compute shared session key as:  KAB= yB xA mod 353 = 24897 = 160 (Alice)  KAB= yA xB mod 353 = 40233 = 160 (Bob) Key Exchange Protocols  users could create random private/public D-H keys each time they communicate  users could create a known private/public D-H key and publish in a directory, then consulted and used to securely communicate with them
  • 7. MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 66  both of these are vulnerable to a meet-in-the-Middle Attack  authentication of the keys is needed Fig 3.8 Diffie-Hellman Key Exchange 3.3 ELLIPTIC CURVE ARITHMETIC  majority of public-key crypto (RSA, D-H) use either integer or polynomial arithmetic with very large numbers/polynomials  imposes a significant load in storing and processing keys and messages  an alternative is to use elliptic curves  offers same security with smaller bit sizes Elliptic Curves  an elliptic curve is defined by an equation in two variables x & y, with coefficients  consider a cubic elliptic curve of form  y2 = x3 + ax + b
  • 8. MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 67  where x,y,a,b are all real numbers  consider set of points E(a , b) that satisfy  have addition operation for elliptic curve  geometrically sum of P+Q is reflection of the intersection R Fig 3.9 elliptic curve Consider elliptic curve E: y2 = x3 - x + 1 If P1 and P2 are on E, we can define P3 = P1 + P2 Finite Elliptic Curves  Elliptic curve cryptography uses curves whose variables & coefficients are finite  have two families commonly used:  prime curves Ep(a , b) defined over Zp  use integers modulo a prime  best in software  binary curves E2m(a , b) defined over GF(2n )  use polynomials with binary coefficients  best in hardware 3.4 ELLIPTIC CURVE CRYPTOGRAPHY  Elliptic curve cryptography [ECC] is a public-key cryptosystem  Elliptic curves are used as an extension to other current cryptosystems.  Elliptic Curve Diffie-Hellman Key Exchange  Elliptic Curve Digital Signature Algorithm  The central part of any cryptosystem involving elliptic curves is the elliptic group. Generic Procedures of ECC
  • 9. MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 68  Both parties agree to some publicly-known data items  The elliptic curve equation  values of a and b  prime, q  The elliptic group computed from the elliptic curve equation  A base point, G, taken from the elliptic group  Similar to the generator used in current cryptosystems  Each user generates their public/private key pair  Private Key = an integer, selected from the interval [1, q-1]  Public Key = product, of private key and base point ( x*B) Fig 3.10 ECC Diffie-Hellman Key Exchange Applications of ECC  Many devices are small and have limited storage and computational power  Where can we apply ECC?  Wireless communication devices  Smart cards
  • 10. MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 69  Web servers that need to handle many encryption sessions  Any application where security is needed but lacks the power, storage and computational power that is necessary for our current cryptosystems Security of Elliptic Curve Cryptography The security of ECC depends on how difficult it is to determine given and.This is referred to as the elliptic curve logarithm problem. The fastest known technique for taking the elliptic curve logarithm is known as the Pollard rho method. 3.5 MESSAGE AUTHENTICATION  Message authentication is concerned with:  protecting the integrity of a message  validating identity of originator  non-repudiation of origin (dispute resolution)  will consider the security requirements  then three alternative functions used: a) message encryption b) message authentication code (MAC) c) hash function Message Encryption  message encryption by itself also provides a measure of authentication  Symmetric Encryption  Public Key encryption Fig 3.11 symmetric and public key encryption Message Authentication Code (MAC)  generated by an algorithm that creates a small fixed-sized block
  • 11. MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 70  depending on both message and some key  appended to message as a signature  receiver performs same computation on message and checks it matches the MAC  provides assurance that message is unaltered and comes from sender  MAC= C(K, M), where M = input message, C = MAC function and K = shared secret key Fig 3.12 Message authentication code Requirements for MACs 1. knowing a message and MAC, is infeasible to find another message with same MAC 2. MACs should be uniformly distributed 3. MAC should depend equally on all bits of the message Using Symmetric Ciphers for MACs  can use any block cipher chaining mode and use final block as a MAC  Data Authentication Algorithm (DAA) is a widely used MAC based on DES  using IV=0  encrypt message using DES in CBC mode  and send just the final block as the MAC or the leftmost M bits (16≤M≤64) of final block  but final MAC is now too small for security Fig 3.13 Data Authentication Algorithm (DAA)
  • 12. MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 71 3.6 HASH FUNCTIONS  A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H (M)  hash used to detect changes to message  The hash code is a function of all the bits of the message and provides an error-detection capability: A change to any bit or bits in the message results in a change to the hash code. Fig 3.14 Black Diagram of Cryptographic Hash Function Three desirable properties: 1. One-way: For any given code h, it is computationally infeasible to find x such that H(x)=h. 2. Weak collision resistance: For any given block x, it is computationally infeasible to find y ≠ x with H(y) = H(x). 3. Strong collision resistance: It is computationally infeasible to find any pair (x, y) such that H(x) = H(y). Requirements for Hash Functions 1. can be applied to any sized message M 2. produces fixed-length output h 3. is easy to compute h=H(M) for any message M 4. Given h is infeasible to find x such that. H(x)=h 5. Given x is infeasible to find y such that. H(y)=H(x) 6. Is infeasible to find any x, y such that. H(y)=H(x)
  • 13. MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 72 Simple Hash Functions  based on XOR of message blocks  Ci = bi1 XOR bi2 ...XOR bim Where Ci = ith bit of the hash code, 1 ≤ i ≤ n m = number of n-bit blocks in the input bij = ith bit in jth block Hash Functions & MAC Security  brute-force attacks  Hash function: The strength of a hash function against brute-force attacks depends solely on the length of the hash code produced by the algorithm  MAC: with known message-MAC pairs  cryptanalytic attacks exploit structure  like block ciphers want brute-force attacks to be the best alternative  more variety of MACs so harder to generalize about cryptanalysis 3.7 HASH AND MAC ALGORITHMS 3.7.1 Secure Hash Algorithm  SHA originally designed by NIST in 1993  was revised in 1995 as SHA-1 produces 160-bit hash values  adds 3 additional versions of SHA ,SHA-256, SHA-384, SHA-512  designed for compatibility with increased security provided by the AES cipher  structure & detail is similar to SHA-1  but security levels are rather higher SHA-512 Overview  Takes as input a message with a maximum length of less than 2128 bits and produces as output a 512-bit message digest.  The input is processed in 1024-bit blocks. Step 1: Append padding bits and length  Padding is done by appending to the input  A single bit, 1  Enough additional bits, all 0,  Message length is appended
  • 14. MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 73 Step 2: Initialize hash buffer  512-bit buffer is used to hold intermediate and final results of the hash function.  The buffer can be represented as eight 64-bit registers (a, b, c, d, e, f, g, h).  These registers are initialized to the 64-bit integers Fig 3.15 SHA 512 Step 3: Process the message in 1024-bit blocks  which forms the heart of the algorithm  this module is labeled F  consists of 80 rounds updating a 512-bit buffer Step 4: Output the final state value as the resulting hash  After all N 1024-bit blocks have been processed, the output from the Nth stage is the 512-bit message digest. 3.7.2 Whirlpool  is an iterated cryptographic hash function,  That uses a symmetric-key block cipher (AES) in place of the compression function.  The processing consists of the following steps: Step 1: Append padding bits and length Step 2: Initialize hash matrix Step 3: Process message in 512-bit (64-byte) blocks, using as its core, the block cipher W.
  • 15. MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 74 Fig 3.16 whirpool Whirlpool Block Cipher W  designed specifically for hash function use with security and efficiency of AES  but with 512-bit block size and hence generate a secure hash  similar structure & functions as AES but  input is mapped row wise  has 10 rounds  uses different S-box design & values Fig 3.17 Whirlpool Block Cipher W Performance & Security  Whirlpool is a very new proposal  hence little experience with use  but many AES findings should apply
  • 16. MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 75  does seem to need more h/w than SHA, but with better resulting performance 3.7.3 HMAC  Hash-based Message Authentication Code  Design Objectives  use, without modifications, hash functions  allow for easy replicability of embedded hash function  preserve original performance of hash function without significant degradation  Use and handle keys in a simple way.  have well understood cryptographic analysis of authentication mechanism strength  any hash function can be used  eg. SHA-1,512, Whirlpool etc Algorithm  b = number of bits in a block  K+ is K padded with zeros on the left so that the result is b bits in length.  ipad is a pad value of 36 hex repeated to fill block  opad is a pad value of 5C hex repeated to fill block.  M is the message input  Yi = ith block of M,  H = embedded hash function.  L = number of blocks in M.  n = length of hash code produced by embedded hash function  Then HMAC can be represented as: HMACK = Hash [(K+ XOR opad) || Hash [(K+ XOR ipad)||M)]] 1. Append zeros to the left end of K to create a b-bit string K+. 2. XOR (bitwise exclusive-OR) K + with ipad to produce the b-bit block Si. 3. Append M to Si. 4. Apply H to the stream generated in step 3. 5. XOR K+ with opad to produce the b-bit block S0. 6. Append the hash result from step 4 to So. 7. Apply H to the stream generated in step 6 and output the result.
  • 17. MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 76 Fig 3.18 HMAC HMAC Security  proved security of HMAC relates to that of the underlying hash algorithm  attacking HMAC requires either:  brute force attack on key used  birthday attack  choose hash function used based on speed verses security constraints 3.7.4 CMAC  Cipher-based Message Authentication Code (CMAC).  Mode of operation for use with AES and triple DES.  The operation of CMAC when the message is an integer multiple n of the cipher block length b . Fig 3.19 CMAC  If the message is not an integer multiple of the cipher block length, then the final block is padded to the right (least significant bits) with a 1 and as many 0s as necessary so that the final block is also of length .The CMAC operation then proceeds as before, except that a different n-bit key K2 is used instead of K1.
  • 18. MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 77 Fig 3.20 CMAC  where T = message authentication code, also referred to as the tag Tlen = bit length of T MSBs(X) = the s leftmost bits of the bit string X 3.8 DIGITAL SIGNATURES & AUTHENTICATION PROTOCOLS 3.8.1 Digital Signature  digital signatures provide the ability to:  verify author, date & time of signature  authenticate message contents  be verified by third parties to resolve disputes  hence include authentication function with additional capabilities Fig 3.21 Digital signature
  • 19. MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 78 Digital Signature Properties  must depend on the message signed  must use information unique to sender  must be relatively easy to produce  must be relatively easy to recognize & verify  be computationally infeasible to forge  with new message for existing digital signature  with fraudulent digital signature for given message  be practical save digital signature in storage  Two approaches: direct and arbitrated. Direct Digital Signatures  involve only sender & receiver  assumed receiver has sender’s public-key  digital signature made by sender signing entire message or hash with private-key  can encrypt using receivers public-key  important that sign first then encrypt message & signature  security depends on sender’s private-key Arbitrated Digital Signatures  involves use of arbiter A  validates any signed message  then dated and sent to recipient  requires suitable level of trust in arbiter  can be implemented with either private or public-key algorithms  arbiter may or may not see message Digital Signature Standard (DSS)  DSS is the standard, uses the SHA hash algorithm and it cannot be used for encryption or key exchange  includes alternative RSA & elliptic curve signature variants  Two Approaches to Digital Signatures I. RSA approach II. DSS approach
  • 20. MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 79 Fig 3.22 digital signature approaches Digital Signature Algorithm (DSA)  creates a 320 bit signature
  • 21. MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 80 Fig 3.23 digital signature algorithm DSS Overview Fig 3.24 DSS overview 3.8.2 Authentication Protocols  used to convince parties of each other’s identity and to exchange session keys  may be one-way or mutual  key issues are  confidentiality – to protect session keys  timeliness – to prevent replay attacks Mutual authentication
  • 22. MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 81  Enable communicating parties to satisfy themselves mutually about each other's identity and to exchange session keys. Replay Attacks  where a valid signed message is copied and later resent  countermeasures include  use of sequence numbers  timestamps  challenge/response Using Symmetric Encryption  use a two-level hierarchy of keys  usually with a trusted Key Distribution Center (KDC)  each party shares own master key with KDC  KDC generates session keys used for connections between parties  master keys used to distribute these to them Needham-Schroeder Protocol  used to securely distribute a new session key for communications between A & B  key distribution protocol for session between A and B mediated by KDC  protocol overview is: 1. A->KDC: IDA || IDB || N1 2. KDC -> A: EKa[Ks || IDB || N1 || EKb[Ks||IDA] ] 3. A -> B: EKb[Ks||IDA] 4. B -> A: EKs[N2] 5. A -> B: EKs[f(N2)]  Ka and Kb:Secret keys  Ks: session key Using Public-Key Encryption  have a range of approaches based on the use of public-key encryption  need to ensure have correct public keys for other parties  using a central Authentication Server (AS)  various protocols exist using timestamps or non Denning AS Protocol 1. A -> AS: IDA || IDB 2. AS -> A: EPRas[IDA||PUa||T] || EPRas[IDB||PUb||T] 3. A -> B: EPRas[IDA||PUa||T] || EPRas[IDB||PUb||T] || EPUb[EPRas[Ks||T]]
  • 23. MODULE 3 MCA-501 Computer Security ADMN 2012-‘15 Dept. of Computer Science And Applications, SJCET, Palai Page 82  timestamps prevent replay but require synchronized clocks One-Way Authentication  required when sender & receiver are not in communications at same time (eg. email)  have header in clear so can be delivered by email system  may want contents of body protected & sender authenticated Using Symmetric Encryption  This scheme requires the sender to issue a request to the intended recipient, await a response that includes a session key, and only then send the message. 1. A->KDC: IDA || IDB || N1 2. KDC -> A: EKa[Ks || IDB || N1 || EKb[Ks||IDA] ] 3. A -> B: EKb[Ks||IDA] || EKs[M] Public-Key Approaches  have seen some public-key approaches  if confidentiality is major concern, can use: A->B: EPUb[Ks] || EKs[M]  has encrypted session key, encrypted message  if authentication needed use a digital signature with a digital certificate: A->B: M || EPRa[H(M)] || EPRas[T||IDA||PUa]  with message, signature, certificate