Scribd
Upload
49 views44 pages

Unit 4 PPT - CNS

The document covers Unit IV of a course on Cryptography and Network Security, focusing on message authentication and integrity. It discusses various authentication methods, including Message Authentication Codes (MAC), Secure Hash Algorithms (SHA), and Digital Signature Standards (DSS), as well as entity authentication techniques like biometrics and passwords. Additionally, it highlights authentication applications such as Kerberos and X.509, detailing their mechanisms and security features.

Uploaded by

saravanan V
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
49 views44 pages

Unit 4 PPT - CNS

The document covers Unit IV of a course on Cryptography and Network Security, focusing on message authentication and integrity. It discusses various authentication methods, including Message Authentication Codes (MAC), Secure Hash Algorithms (SHA), and Digital Signature Standards (DSS), as well as entity authentication techniques like biometrics and passwords. Additionally, it highlights authentication applications such as Kerberos and X.509, detailing their mechanisms and security features.

Uploaded by

saravanan V
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

CS8792 - CRYPTOGRAPHY AND

NETWORK SECURITY

UNIT IV
DEPARTMENT: CSE
SEMESTER : 07

1
UNIT IV - MESSAGE AUTHENTICATION AND
INTEGRITY
4-1 Authentication requirement – Authentication
function
4-2 MAC – Hash function
4-3 Security of hash function and MAC
4-4 SHA
4-5 Digital signature and authentication protocols
4-6 DSS
4-7 Entity Authentication: Biometrics
4-8 Passwords, Challenge Response protocols
4-9 Authentication applications -Kerberos, X.509

2
Security of hash function and MAC
MAC – Message Authentication Code
 Symmetric and public-key encryption, we can
group attacks on hash functions and MACs into
two categories:
 brute-force attacks
 cryptanalysis
 A brute-force attack on a MAC is a more difficult
undertaking than a brute-force attack on a hash
function because it requires known message-tag
pairs.

.
3
Security of hash function and MAC

 The way to measure the resistance of a hash or


MAC algorithm to cryptanalysis is to compare its
strength to the effort required for a brute-force
attack.
 That is, an ideal hash or MAC algorithm will
require a cryptanalytic effort greater than or equal
to the brute-force effort.

4
Secure Hash Algorithm (SHA)
 SHA originally designed by NIST & NSA in 1993

 It was revised in 1995 as SHA-1

 US standard for use with DSA signature scheme


 standard is FIPS 180-1 1995, also Internet RFC3174

 Based on design of MD4 with key differences

 Produces 160-bit hash values

5
Secure Hash Algorithm
 Most important modern hash functions follow the
basic structure.

 Within this basic structure, two approaches have


been followed in the design of the compression
function, as mentioned previously, which is the
basic building block of the hash function.

6
Secure Hash Algorithm

7
Secure Hash Algorithm
 NIST issued revision FIPS 180-2 in 2002

 Adds 3 additional versions of SHA


 SHA-256, SHA-384, SHA-512

 Designed for compatibility with increased security


provided by the AES cipher

 Structure & detail is similar to SHA-1

 Hence analysis should be similar

 But security levels are rather higher

8
Secure Hash Algorithm

9
Secure Hash Algorithm

C V 0  I V I n i t i a l n - b i t v a lu e
C V i  f (C V i  1 , Yi  1 )
H ( M ) C V L

Y i  i t h i n p u t b lo c k ,
L = # o f i n p u t b lo c k s ,
C V i = C h a in in g v a r ia b le

10
Digital signature Standard (DSS)

 US Govt approved signature scheme


 Designed by NIST & NSA in early 90's
 Published as FIPS-186 in 1991
 Revised in 1993, 1996 & then 2000
 Uses the SHA hash algorithm
 DSS is the standard, DSA is the algorithm
 FIPS 186-2 (2000) includes alternative RSA & elliptic
curve signature variants
 DSA is digital signature only unlike RSA
 It is a public-key technique

DSA – Digital Signature Algorithm


.
11
Digital signature Standard

12
Digital signature Standard

 Creates a 320 bit signature

 With 512-1024 bit security

 Smaller and faster than RSA

 A digital signature scheme only

 Security depends on difficulty of computing discrete


logarithms

 Variant of ElGamal schemes


. 13
Digital signature Standard

 have shared global public key values (p,q,g):

 choose 160-bit prime number q


 choose a large prime p with 2L-1 < p < 2L
 where L= 512 to 1024 bits and is a multiple of 64
 such that q is a 160 bit prime divisor of (p-1)
 choose g = h(p-1)/q

 users choose private & compute public key:


 choose random private key: x<q
 compute public key: y = gx mod p
.
14
Digital signature Standard

To sign a message M the sender:


generates a random signature key k, k<q
nb. k must be random, be destroyed after use, and
never be reused

Then computes signature pair:


r = (gk mod p)mod q
s = [k-1(H(M)+ xr)] mod q

Sends signature (r,s) with message M


.

15
Digital signature Standard

 Having received M & signature (r,s)

 To verify a signature, recipient computes:


 w = s-1 mod q
 u1= [H(M)w ]mod q
 u2= (rw)mod q
 v = [(gu1 yu2)mod p ]mod q

 If v=r then signature is verified


.

16
Digital signature Standard

17
Digital signature Standard
ElGamal Digital Signatures
Signature variant of ElGamal, related to D-H
so uses exponentiation in a finite
with security based difficulty of computing discrete
logarithms, as in D-H
Use private key for encryption (signing)
Uses public key for decryption (verification)
Each user (eg. A) generates their key
chooses a secret key (number): 1 < xA < q-1
compute their public key: yA = axA mod q

18
4.7 Entity Authentication: Biometrics

 We distinguish between (data) origin authentication


(verifying the origin of received data) and entity
authentication (verification of a claimant
identity(identity need to be proved).
 An origin authentication service can be built from a
data integrity mechanism, e.g. a MAC.
 Typically achieved by exchange of messages called an
authentication protocol (called an authentication
exchange in ISO 7498-2).

19
4.7 Entity Authentication: Biometrics

Why Entity Authentication?


 Entity authentication provides a fundamental service:
 It allows one host or user on the network to check with which other
host or user it is communicating.

20
4.7 Entity Authentication: Biometrics

 Suppose we want to design a protocol which


authenticates A to B. Is the following secure?

A B: ‘Hi B, I’m A’
 So we need something stronger.
 Authentication protocols can be built from a
number of different assumptions:
 A and B share a secret (e.g. a password, a
PIN, biometric information, a symmetric key).
 A and B have authentic copies of each other’s
public keys
21
4.7 Entity Authentication: Biometrics

 In strong authentication, one entity ‘proves’ its


identity to another by demonstrating knowledge of a
secret known to be associated with that entity,
without revealing that secret itself during the
protocol.
 Also called ‘challenge-response’ authentication.
 Typically use cryptographic mechanisms to protect the
messages in the protocol:
 Encryption.
 Integrity mechanism (e.g. MAC).
 Digital signature.

22
4.7 Entity Authentication: Biometrics
Example: Passwords Over a Network
 Alice has a user ID and password allowing her to
remotely access a computer B over a network.
 Alice sends the user ID and password over the
network
 B uses Alice’s ID to find an entry in a password file,
and compares the password received with the
password stored.
 B authenticates Alice if the passwords match.
 An example of user authentication based on
something known.
 a special case of entity authentication.

23
4.7 Entity Authentication: Biometrics
 Here the secret associated with Alice is her password.

 This secret itself is revealed during the protocol,


hence we have what might be termed weak
authentication.

 The password might be captured in transit over the


network.
 Depending on the network type and attacker
capabilities,

 So this approach not really suitable for use over


insecure networks.
24
4.7 Entity Authentication: Biometrics
 Biometrics is the measurement of physiological or
behavioral features that identify a person
(authentication by something inherent). Biometrics
measures features that cannot be guessed or shared.

 Several components are needed for biometrics,


including capturing devices, processors, and storage
devices.

 Before using any biometric techniques for


authentication, the corresponding feature of each
person in the community should be available in the
database. This is referred to as enrollment.

25
4.7 Entity Authentication: Biometrics

26
4.8 Passwords, Challenge Response protocols

Passwords

The simplest and oldest method of entity authentication


is the password-based authentication, where the
password is something that the claimant knows.

 Fixed Password
 One-Time Password

27
4.8 Passwords, Challenge Response protocols

Passwords First Approach - User ID and password file

28
4.8 Passwords, Challenge Response protocols

Passwords Second Approach - Hashing the password

29
4.8 Passwords, Challenge Response protocols

Passwords Third Approach - Salting the password

30
4.8 Passwords, Challenge Response protocols
Challenge Response protocols

 In password authentication, the claimant proves her


identity by demonstrating that knows a secret, the
password.

31
4.8 Passwords, Challenge Response protocols

Using a Symmetric-Key Cipher

32
4.8 Passwords, Challenge Response protocols

Using Keyed-Hash Functions

33
4.8 Passwords, Challenge Response protocols

Using an Asymmetric-Key Cipher

34
4.8 Passwords, Challenge Response protocols

Using Digital Signature

35
4.9 Authentication applications -Kerberos, X.509
Authentication applications
 Developed to support application-level authentication
and digital signatures

 Most widely used services:


 Kerberos
 X.509

 Kerberos – a private-key authentication service


 X.509 – a public-key directory authentication service

36
4.9 Authentication applications -Kerberos, X.509
Kerberos

 Symmetric encryption
 using no public keys

 Provides centralised private-key third-party


authentication in a distributed network

 Version 4 and 5

37
4.9 Authentication applications -Kerberos, X.509
Kerberos
 Provide security in a distributed architecture
consisting of dedicated user workstations (clients),
and distributed or centralized servers

 Require the user to prove his identity for each service


invoked

 Require that servers prove their identity to clients

 Secure, Reliable, Transparent, and Scalable

38
4.9 Authentication applications -Kerberos, X.509
Kerberos

39
4.9 Authentication applications -Kerberos, X.509
Kerberos
 A Kerberos environment consists of:
 a Kerberos server
 a number of clients, all registered with server
 application servers, sharing keys with server

40
4.9 Authentication applications -Kerberos, X.509
Kerberos

41
4.9 Authentication applications -Kerberos, X.509
X.509
 Uses public-key cryptology & digital signatures
algorithms not standardised, but RSA
recommended

 Public key certificate associated with each user


Generated by some trusted CA

 Certification Authority (CA) issues certificates

 The notation CA<<A>> represents a certificate for a


client A signed by CA

42
4.9 Authentication applications -Kerberos, X.509
X.509
 issued by a Certification Authority (CA), containing:
 version 1, 2, or 3
 serial number (unique within CA) identifying
certificate
 signature algorithm identifier
 issuer X.500 name (CA)
 period of validity (from - to dates)
 subject X.500 name (name of owner)
 subject public-key info (algorithm, parameters, key)
 issuer unique identifier (v2+)
 subject unique identifier (v2+)
 extension fields (v3)
 signature (of hash of all fields in certificate)
43
4.9 Authentication applications -Kerberos, X.509
X.509

44

You might also like