UNIT - IV

Message and Message Digest:

Message:

A message refers to any data, text, or information that is sent from one entity to another in a
communication system.

It can be in various forms, including plain text, binary data, multimedia, or structured information
like JSON or XML.

Message Digest:

A message digest is a fixed-size output (hash) generated from a message using a cryptographic hash
function (e.g., SHA-256, MD5).

Checking Integrity:

To check the integrity of a message, or document, we run the cryptographic hash

function
again and compare the new message digest with the previous one.
If both are the same, we are sure that the original message has not been changed.
Hash function
A hash function is a mathematical algorithm that transforms input data (message) into a fixed-size
string of characters, which represents the original data uniquely. This output is known as a hash
value or message digest.

Properties Of HASH Fuction:

1. Deterministic

 The same input must always produce the same hash output.

2. Fast Computation

 The function should compute the hash value quickly for any given input.

3. Pre-image Resistance (One-way Property)

 Given a hash output, it should be computationally infeasible to determine the original

input.
4. Second Pre-image Resistance

 Given an input x and its hash H(x), it should be infeasible to find another input y
(where y ≠ x) such that H(y) = H(x).

5. Collision Resistance

 It should be extremely difficult to find two different inputs x and y that produce the
same hash output, i.e., H(x) = H(y).

6. Avalanche Effect

 A small change in the input should produce a significantly different hash output,
making the function highly sensitive to input changes.

7. Fixed Output Length

 The hash function should always produce a fixed-length output, regardless of the
input size.

RANDOM ORACLE MODEL:

The Random Oracle Model, which was introduced in 1993 by Bellare and Rogaway,

It is an ideal mathematical model for a hash function.

A function based on this model behaves as follows:

 1) When a new message of any length is given, the oracle creates and gives a fixed
length message digest that is a random string of 0s and 1s. The oracle records
the message and the message digest.

2) When a message is given for which a digest exists, the oracle simply gives the
digest in the record.

3) The digest for a new message needs to be chosen independently from all previous
digests. This implies that the oracle cannot use a formula or an algorithm to
calculate the digest.
Example:

The table has two columns. The left column shows the messages whose digests have been issued
by the oracle

 The message AB1234CD8765BDAD is given for digest calculation.

 The oracle checks its table. This message is not in the table, so the oracle flips its coin 16
times.
 Assume that result is HHTHHHTTHTHHTTTH, in which the letter H represents heads and the
letter T represents tails.
 The oracle interprets H as a 1-bit and T as a 0-bit and gives 1101110010110001 in binary,
or DCB1 in hexadecimal, as the message digest for this message

Pigeonhole Principle:
pigeonhole principle: if n pigeonholes are occupied by n +1 pigeons, then at least one
pigeonhole is occupied by two pigeons.

if n pigeonholes are occupied by kn +1 pigeons,then at least one pigeonhole is occupied

by k + 1 pigeons.

Example:

 Assume that the messages in a hash function are 6 bits long and the digests are only 4 bits
long.
 Then the possible number of digests (pigeonholes) is 2 4 = 16,
 The possible number of messages (pigeons) is 2 6 = 64.
 This means n = 16 and kn + 1 = 64, so k is larger than 3.
 The conclusion is that at least one digest corresponds to four (k + 1) messages.
 MESSAGE AUTHENTICATION

Message authentication is the process of verifying the integrity and origin of a message to ensure
that it has not been altered in transit and comes from a legitimate sender.

Modification Detection Code (MDC):

The digest created by a cryptographic hash function is normally called a modification detection code
(MDC). The code can detect any modification in the message.

If Alice needs to send a message to Bob and be sure that the message will not change during
transmission, Alice can create a message digest, MDC, and send both the message and the MDC to
Bob. Bob can create a new MDC from the message and compare the received MDC and the new
MDC. If they are the same, the message has not been changed

Figure 11.9 shows that the message can be transferred through an insecure chan nel. Eve can read
or even modify the message. The MDC, however, needs to be trans ferred through a safe channel.
The term safe here means immune to change.

Message Authentication Code (MAC)

 The MAC ensures the integrity of the message and the data origin authentication.
 MAC is that the second includes a secret between Alice and Bob.
Alice uses a hash function to create a MAC from the concatenation of the key and the message, h (K|
M). She sends the message and the MAC to Bob over the insecure channel. Bob separates the
message from the MAC. He then makes a new MAC from the concatenation of the message and the
secret key. Bob then compares the newly cre ated MAC with the one received. If the two MACs
match, the message is authentic and has not been modified by an adversary.

Nested MAC:

To improve the security of a MAC, nested MACs were designed in which hashing is done in two
steps. In the first step, the key is concatenated with the message and is hashed to create an
intermediate digest. In the second step, the key is concatenated with the intermediate digest to
create the final digest.
Hashed MAC(HMAC):

1. The message is divided into N blocks, each of b bits.

2. The secret key is left-padded with 0’s to create a b-bit key.

3. The result of step 2 is exclusive-ored with a constant called ipad (input pad) to create a b-bit block.
4. The resulting block is prepended to the N-block message. The result is N + 1 blocks.

5. The result of step 4 is hashed to create an n-bit digest. We call the digest the inter mediate HMAC

6. The intermediate n-bit HMAC is left padded with 0s to make a b-bit block.

7. Steps 2 and 3 are repeated by a different constant opad (output pad).

8. The result of step 7 is prepended to the block of step 6.

9. The result of step 8 is hashed with the same hashing algorithm to create the final n-bit HMAC.
CMAC: Cipher Based CMAC

 NIST has defined a standard called Data Authentication Algorithm, or CMAC, or

CBCMAC.
 The idea is to create one block of MAC from N blocks of plaintext using a
symmetric-key cipher N times.

 The message is divided into N blocks, each m bits long.

 The size of the CMAC is n bits. If the last block is not m bits, it is padded with a 1-
bit followed by enough 0-bits to make it m bits.
 The first block of the message is encrypted with the symmetric key to create an
m-bit block of encrypted data.
 This block is XORed with the next block and the result is encrypted again to
create a new m-bit block. The process continues until the last block of the
message is encrypted. The n leftmost bit from the last block is the CMAC.
Last Step:

 CMAC also uses another key, k,

 This key is derived from the encryption algorithm with plaintext of m 0-bits using
the cipher key, K. The result is then multiplied by x if no padding is applied and
multiplied by x2 if padding is applied.

Compression function: The fixed-size input function is referred to as a

compression function.
 Iterated Hash Function: A function with fixed-size input is created and is used a
necessary number of times.
It compresses an n-bit string to create an m-bit string where n is normally greater than
m.

Merkle-Damgard Scheme:

Merkle-Damgard Scheme

The Merkle-Damgard scheme is an iterated hash function that is collision resistant if the
compression function is collision resistant.

The scheme uses the following steps:

  The message length and padding are appended to the message to create an augmented
message that can be evenly divided into blocks of n bits, where n is the size of the block to
be processed by the compression function.
 The message is then considered as t blocks, each of n bits. We call each block M1, M 2 ,…, M
t . We call the digest created at t iterations H 1 , H 2 ,…, H t .
 Before starting the iteration, the digest H 0 , is set to a fixed value, normally called IV (initial
value or initial vector).
 The compression function at each iteration operates on H i−1 H i . In other words, we have H
i = ƒ(H i−1 , M i and M i to create a new ), where ƒ is the compression function.
 H t is the cryptographic hash function of the original message, that is, h(M).

Hash Functions Based on Block Ciphers:

Rabin Scheme:

 The iterated hash function proposed by Rabin is very simple.

 The Rabin scheme is based on the Merkle-Damgard scheme.
 The compression function is replaced by any encrypting cipher.
 The message block is used as the key; the previously created digest is used as the plaintext.
The ciphertext is the new message digest.
 It faces Meet-in-the-middle attack

Davies-Meyer Scheme:

The Davies-Meyer scheme is basically the same as the Rabin scheme except that it uses forward feed
to protect against meet-in-the-middle attack.
Matyas-Meyer-Oseas Scheme:

The Matyas-Meyer-Oseas scheme is a dual version of the Davies-Meyer scheme: the message block
is used as the key to the cryptosystem.

The scheme can be used if the data block and the cipher key are the same size.

Miyaguchi-Preneel Scheme:

The Miyaguchi-Preneel scheme is an extended ver sion of Matyas-Meyer-Oseas.

To make the algorithm stronger against attack, the plain text, the cipher key, and the ciphertext are
all exclusive-ored together to create the new digest.
 Digital signature.
PROCESS:

 The sender uses a signing algorithm to sign the message. The message and the signature are
sent to the receiver.
 The receiver receives the message and the signature and applies the verifying algorithm to
the combination.
 If the result is true, the message is accepted; otherwise, it is rejected.

Need for Keys:

 In a digital signature, the signer uses her private key, applied to a signing algo rithm, to sign
the document.
 The verifier, on the other hand, uses the public key of the signer, applied to the verifying
algorithm, to verify the document.
  A digital signature uses the private and public keys of the sender.

Signing the Digest:

 The sender can sign the message digest and the receiver can verify the message digest.

DIGITAL SIGNATURE SCHEMES:

RSA Digital Signature Scheme:

Key Generation:

 chooses two primes p and q.

 calculates n = p × q.
 Calculates φ(n) = (p − 1) (q − 1).
 Chooses e, the public exponent,
 Calculates d,
 Private exponent such that e × d = 1 mod φ(n).
 keeps d; publicly announces n and e.
Signing:

 Alice creates a signature out of the message using her private exponent,

S = M mod n

 Sends the message and the signature to Bob.

Verifying:

 Bob receives M and S. Bob applies Alice’s public exponent to the signature to create a copy
of the message

M′ = S ^e mod n.

 Bob compares the value of M′ with the value of M. If the two values are congruent, Bob
accepts the message.

Digital Signature Standard (DSS): OR

Digital signature algorithm (DSA):

Key Generation:
Signing:

 Alice chooses a random number r (1 ≤ r ≤ q).

 Alice calculates the first signature S1 = (e1^r mod p) mod q.
 Alice creates a digest of message h(M).
 Alice calculates the second signature S2 = (h(M) + d S1)^r−1mod q.
  Alice sends M, S1, and S2 to Bob.

Verifying:

 checks to see if 0 < S1 < q.

 checks to see if 0 < S2 < q.
 calculates a digest of M using the same hash algorithm used by Alice.
 calculates V = [(e1^(h(M)S2−1) e2^(S1S2−1)) mod p] mod q.
 If S1 is congruent to V, the message is accepted; otherwise, it is rejected.

SYMMETRIC-KEY DISTRIBUTION
Key-Distribution Center: KDC:

key-distribution center (KDC) is a trusted third party, each person establishes a shared
secret
key with the KDC,
  A secret key is established between the KDC and each member
 Alice has a secret key with the KDC, which we refer to as KAlice; Bob has a secret
key with the KDC,
 which we refer to as KBob; and so on.
 How Alice can send a confidential message to Bob. The process is as follows:

1) Alice sends a request to the KDC stating that she needs a session (temporary) secret
key between herself and Bob.
2) The KDC informs Bob about Alice’s request.
3) If Bob agrees, a session key is created between the two.

Flat Multiple KDCs:

When the number of people using a KDC increases, the system becomes unmanageable
and a bottleneck can result.
To solve the problem, We can divide the world into domains. Each domain can have one
or more KDCs.
Now if Alice wants to send a confidential message to Bob, who belongs to another
domain, Alice contacts her KDC, which in turn contacts the KDC in Bob’s domain. The two
KDCs can create a secret key between Alice and Bob.

Hierarchical Multiple KDCs:

The flat multiple KDCs can be extended to a hierarchical system of KDCs, with one or
more KDCs at the top of the hierarchy.
For example, there can be local KDCs, national KDCs, and international KDCs. When Alice
needs to communicate with Bob, who lives in another country, she sends her request to a
local KDC; the local KDC relays the request to the national KDC; the national KDC relays
the request to an international
KDC.

Session Keys:
A KDC creates a secret key for each member. This secret key can be used only between
the member and the KDC, not between two members. If Alice needs to communicate
secretly with Bob, she needs a secret key between herself and Bob. A KDC can create a
session key between Alice and Bob, using their keys with the center. The keys of Alice
and Bob are used to authenticate Alice and Bob to the center and to each other before
the session key is established.

A Simple Protocol Using a KDC:

This protocol allows Alice and Bob to establish a shared session key using a KDC.
 KERBEROS:
 Kerberos is an authentication protocol based on symmetric key cryptography and a
trusted third party.
 It was developed at MIT as part of the Project Athena.

Used:

 Windows Active Directory

 UNIX/Linux systems

Main Goal of Kerberos:

 To enable secure authentication

 To establish session keys for secure communication between users and services.

Servers:

Three servers are involved in the Kerberos protocol:

 An authentication server (AS),
 A ticket-granting server (TGS),
 A real (data) server that provides services to others
Authentication Server (AS):
 The authentication server (AS) is the KDC in the Kerberos protocol.
 Each user registers with the AS and is granted a user identity and a password.
Ticket-Granting Server (TGS):
 The ticket-granting server (TGS) issues a ticket for the real server (Bob).
 It also provides the session key (KAB) between Alice and Bob
Real Server:
 The real server (Bob) provides services for the user (Alice).
 Kerberos is designed for a client-server program

Operation
A client process (Alice) can access a process running on the real server (Bob) in six
steps,
 Alice sends her request to the AS in plain text using her registered identity.
 The AS sends a message encrypted with Alice’s permanent symmetric key, K A-
AS.The message contains two items: a session key, K A-TGS, that is used by Alice
tocontact the TGS.
 Alice now sends three items to the TGS. The first is the ticket received from
theAS. The second is the name of the real server (Bob), the third is a timestamp
that is encrypted by KA-TGS.
 Now, the TGS sends two tickets, each containing the session key between
Aliceand Bob, KA-B. The ticket for Alice is encrypted with KA-TGS; the ticket forBob
is encrypted with Bob’s key, KTGS-B.
 Alice sends Bob’s ticket with the timestamp encrypted by K A-B.
 Bob confirms the receipt by adding 1 to the timestamp The message is encrypted
with KA-B and sent to Alice.

Diffie-Hellman Key Agreement

 It was invented by Whitfield Diffie and Martin Hellman in 1976.

 The Diffie-Hellman Key Exchange is a fundamental protocol that allows two parties to
securely est shared secret key over an insecure communication channel.
ALGORITHM:
choose two numbers p and g.
p= is a large prime number.
g = primitive root modulo p (also called generator)

 Alice chooses a large random number x such that 0 ≤ x ≤ p − 1

 calculates
o R1 = g^x mod p.
 Bob chooses another large random number y such that 0 ≤ y ≤ p − 1
 calculates
o R2 = gy mod p.
 Alice sends R1 to Bob.
 Bob sends R2 to Alice
 Alice calculates K = (R2)^x mod p.
 Bob also calculates K = (R1)^y mod p.

EXAMPLE:
Assume that g = 7 and p = 23.

 Alice chooses x = 3 and calculates R1 = 7^3 mod 23 = 21.

 Bob chooses y = 6 and calculates R2 = 7^6 mod 23 = 4.
 Alice sends the number 21 to Bob.
 Bob sends the number 4 to Alice.
 Alice calculates the symmetric key K = 43 mod 23 = 18.
 Bob calculates the symmetric key K = 216 mod 23 = 18.
The value of K is the same for both Alice and Bob; gxy mod p = 718 mod 35 = 18.