CSS MODULE 3

SAMI THAKUR
Message Integrity refers to the assurance that a message has not been altered
or tampered with during transmission or storage. It is a critical aspect of data security, ensuring
that the data received is exactly the same as the data sent. Message integrity is typically
achieved using cryptographic techniques such as hash functions and Message Authentication
Codes (MACs). Below is a detailed explanation of message integrity, including the methods used
to ensure it and their applications.
Why is Message Integrity Important?
• Prevents Tampering: Ensures that the message has not been modified by an attacker.
• Detects Errors: Helps detect accidental changes to the message (e.g., due to
transmission errors).
• Ensures Authenticity: Verifies that the message comes from the claimed sender.

Message vs. Message Digest

Message:
• A message is the original data or information that needs to be transmitted or stored.
• It can be in any form—plain text, a file, an image, or encrypted data.
• Messages can be altered, intercepted, or modified during transmission if not secured.
Message Digest:
• A message digest is a fixed-length hash value generated from a message using a
cryptographic hash function (e.g., SHA-256, MD5).
• It is a unique representation of the original message, ensuring integrity.
• If even a single bit of the message changes, the resulting message digest will be
completely different.
• Used in digital signatures, authentication, and data integrity verification.
Example:
• Message: "Hello, World!"
• Message Digest (SHA-256):
c0535e4be2b79ffd93291305436bf889314e4a3faec05ecffcbb9b5b1d629f38
Key Differences:
Feature Message Message Digest
The original data to be sent or A unique fixed-length hash generated from the
Definition
stored. message.
Feature Message Message Digest
Fixed (based on hash function, e.g., 256 bits for
Size Variable
SHA-256)
Provides integrity check; changing the message
Security Can be intercepted or modified
changes the digest
Data transmission, storage, Authentication, digital signatures, integrity
Use Case
communication verification
Requirements for Hash Functions
A cryptographic hash function must meet the following requirements to ensure security and
reliability:
1. Deterministic – The same input must always produce the same hash value.
2. Fast Computation – The function should generate a hash quickly for any given input.
3. Pre-Image Resistance – It should be computationally infeasible to determine the original
message from its hash.
4. Second Pre-Image Resistance – Given a message and its hash, it should be difficult to
find another message with the same hash.
5. Collision Resistance – No two different inputs should produce the same hash value.
6. Avalanche Effect – A small change in input should produce a significantly different hash.
7. Fixed Output Length – Regardless of input size, the hash output should have a constant
length.

Message Authentication
Message Authentication ensures that a message has not been altered during transmission and
verifies the identity of the sender. It protects against message modification, masquerading, and
replay attacks.
Why Message Authentication is Needed
• Integrity vs. Authentication:
o A message digest (or hash) ensures integrity—it verifies that the message has
not been altered.
o However, a digest alone does not guarantee authentication—it does not prove
the identity of the sender.
• Authentication Requirement:
o To ensure the message is from the claimed sender and not an imposter, message
authentication is required. This involves using a shared secret (e.g., a key) to
create a Message Authentication Code (MAC).
Modification Detection Code (MDC)
• An MDC is a message digest created using a cryptographic hash function (e.g., SHA-256).
• It ensures integrity by allowing the receiver to verify that the message has not been
modified.
• How it works:
o The sender computes the MDC of the message and sends both the message and
the MDC.
o The receiver recomputes the MDC from the received message and compares it
with the received MDC.
o If they match, the message is intact
Message Authentication Code (MAC)
• A MAC ensures both integrity and authentication.
• Unlike an MDC, a MAC uses a shared secret key known only to the sender and receiver.
• How it works:
o The sender computes the MAC as h(K∥M) (hash of the concatenation of the
key K and the message M.
o The sender sends the message M and the MAC to the receiver.
o The receiver recomputes the MAC using the shared key and compares it with the
received MAC.
o If they match, the message is authentic and unaltered.
• Types of MAC:
o Prefix MAC: The key is appended at the beginning of the message (h(K∥M)
o Postfix MAC: The key is appended at the end of the message (h(M∥K)
o Combined MAC: Uses both prefix and postfix approaches, possibly with different
keys.
Nested Message Authentication Code (Nested MAC)
Nested MAC is an approach where two layers of Message Authentication Codes (MACs) are
applied to enhance security. It involves computing a MAC twice—once with an inner key and
then again with an outer key—to strengthen protection against cryptanalysis and key recovery
attacks. This adds an extra layer of security by hashing the key twice.
How Nested MAC Works:
1. First MAC Computation (Inner MAC):
o A MAC is generated using the message and an inner key.
2. Second MAC Computation (Outer MAC):
o The result of the first MAC is then used as input for another MAC operation,
using an outer key.
3. Final Output:
o The second MAC serves as the authentication code for the message.

HMAC (Hashed MAC)

• HMAC is a widely used standard (FIPS 198) for creating a MAC using a cryptographic
hash function.
• Steps in HMAC:
1. Pad the key with zeros to match the block size of the hash function.
2. XOR the padded key with a constant ipad (input pad).
3. Prepend the result to the message and hash it to create an intermediate digest.
4. XOR the padded key with a constant opad (output pad).
5. Prepend the result to the intermediate digest and hash it to produce the final
HMAC.
• Advantages:
o Resistant to length-extension attacks.
 o Compatible with any cryptographic hash function (e.g., SHA-256, SHA-3).

CMAC (Cipher-Based MAC)

• CMAC (or CBC-MAC) is another standard (FIPS 113) that uses a symmetric-key block
cipher (e.g., AES) instead of a hash function.
• How it works:
1. Divide the message into blocks.
2. Encrypt the first block with the symmetric key.
3. XOR the result with the next block and encrypt again.
4. Repeat until the last block is processed.
5. Use a derived key kk in the final step to produce the CMAC.
• Advantages:
o Suitable for environments where block ciphers are preferred over hash functions.
o Provides strong security guarantees when used correctly.
An Iterated Hash Function is a type of cryptographic hash function that
processes input messages in fixed-size blocks, iteratively applying a compression function to
produce the final hash value. This design is used in many widely adopted hash functions, such
as MD5, SHA-1, and SHA-256. The iterative approach allows the hash function to handle
messages of arbitrary length while maintaining a fixed-size output.
Structure of an Iterated Hash Function
An iterated hash function consists of the following components:
1. Compression Function:
o A fixed-size function that takes two inputs:
▪ A chunk of the message (fixed-size block).
▪ The current hash value (also called the chaining variable or intermediate
hash).
o It produces a new hash value of fixed size.
2. Initialization Vector (IV):
o A fixed initial value used as the starting point for the hash computation.
o The IV is specific to the hash function and is defined in its specification.
3. Message Padding:
o The input message is padded to ensure its length is a multiple of the block size.
o Padding typically includes:
▪ A 1 bit followed by 0 bits.
▪ The length of the original message (in bits) appended at the end.
4. Block Processing:
o The padded message is divided into fixed-size blocks.
o Each block is processed sequentially using the compression function, updating
the intermediate hash value at each step.
5. Finalization:
o After all blocks are processed, the final intermediate hash value is output as the
hash of the message.

Merkle-Damgård Scheme
The Merkle-Damgård scheme is a design paradigm used to construct cryptographic hash
functions from a fixed-length compression function. It ensures that the hash function maintains
properties like collision resistance, preimage resistance, and second preimage resistance.
How Merkle-Damgård Works
1. Message Padding:
o The input message is padded to a multiple of the block size (e.g., 512 bits for
SHA-256).
o Padding typically follows MD-strengthening, which appends a 1 bit followed by
0s and the length of the original message.
 2. Initialize Hash State:
o A fixed initialization vector (IV) is used as the starting hash value.
3. Processing Message Blocks:
o The padded message is divided into fixed-size blocks.
o Each block is processed sequentially using a compression function.
o The output of each step is used as input for the next block.
4. Finalization:
o The last output serves as the final hash digest

MD5 (Message Digest Algorithm 5) is a widely used cryptographic

hash function that produces a 128-bit (16-byte) hash value. It was designed by Ronald Rivest in
1991 as a successor to MD4. MD5 was commonly used for verifying data integrity, digital
signatures, and password hashing. However, due to significant cryptographic weaknesses, it is
no longer considered secure for cryptographic purposes.
How MD5 Works
MD5 is based on the Merkle-Damgård construction and processes input messages in 512-bit
blocks. Here’s an overview of its operation:
1. Message Padding:
o The input message is padded to ensure its length is congruent to 448 modulo 512
bits.
o Padding includes:
▪ A 1 bit followed by 0 bits.
▪ A 64-bit representation of the original message length (in bits).
2. Block Processing:
o The padded message is divided into 512-bit blocks.
 o Each block is processed in four rounds of 16 operations each, using a nonlinear
function, modular addition, and left rotations.
3. Compression Function:
o MD5 uses a custom compression function that updates a 128-bit state (divided
into four 32-bit words: A, B, C, D) for each 512-bit block.
o The compression function combines the current state with the message block
using bitwise operations, modular addition, and constants derived from the sine
function.
4. Final Hash:
o After processing all blocks, the final 128-bit state (A, B, C, D) is concatenated to
produce the MD5 hash.

SHA-1
• Purpose: SHA-1 is a cryptographic hash function that produces a 160-bit (20-byte) hash
value, typically represented as a 40-digit hexadecimal number.
• Design: It is based on the Merkle-Damgård construction, similar to MD5, but with a
stronger design.
• Security Status: SHA-1 has been considered insecure since 2005 due to vulnerabilities
like collision attacks. Major tech companies deprecated its use by 2017, and it is no
longer recommended for cryptographic purposes.

Steps in the SHA-1 Algorithm

1. Message Padding
 • The input message is padded to ensure its length (in bits) is congruent to 448 modulo
512.
• Padding involves:
o Appending a single 1 bit.
o Appending enough 0 bits to reach the required length.
• The original message length (in bits) is appended as a 64-bit value.
• This ensures the total message length is a multiple of 512 bits.
2. Divide into 512-bit Blocks
• The padded message is divided into 512-bit blocks.
• Each block is further divided into sixteen 32-bit words (M0,M1,…,M15M0,M1,…,M15).
3. Expand into 80 Words
Public Key Infrastructure (PKI) is a framework that enables secure
communication and authentication over insecure networks (like the internet) using asymmetric
encryption. It binds public keys to entities (users, devices, or services) through digital
certificates, which are issued and managed by trusted authorities.
Key Components of PKI
1. Asymmetric Encryption
• PKI relies on asymmetric encryption, which uses a pair of keys:
o Public Key: Shared openly and used to encrypt data or verify digital signatures.
o Private Key: Kept secret and used to decrypt data or create digital signatures.
• Example: If Alice wants to send a secure message to Bob:
o Alice encrypts the message with Bob’s public key.
o Bob decrypts the message using his private key.
2. Digital Certificates
• A digital certificate (or X.509 certificate) is an electronic document that binds a public
key to an entity (e.g., a person, device, or organization).
• It contains:
o The public key of the certificate holder.
o The distinguished name (DN) of the owner (e.g., name, organization, email).
o The issuer’s name (the Certificate Authority).
o The validity period (start and expiration dates).
o The digital signature of the issuer (Certificate Authority).
• Digital certificates are used to verify the identity of the certificate holder.
3. Certificate Authority (CA)
 • A Certificate Authority (CA) is a trusted entity that issues and manages digital
certificates.
• The CA:
o Verifies the identity of the certificate requester.
o Signs the certificate with its private key to ensure its authenticity.
o Publishes its public key for certificate validation.
• Examples of CAs: DigiCert, Let’s Encrypt, GlobalSign.
4. Registration Authority (RA)
• The Registration Authority (RA) acts as an intermediary between the user and the CA.
• It verifies the identity of the certificate requester before the CA issues the certificate.
• In some cases, the CA and RA functions are performed by the same entity.
5. Certificate Database
• A secure repository that stores issued certificates and their metadata (e.g., validity
period, revocation status).
6. Certificate Revocation List (CRL)
• A list of certificates that have been revoked before their expiration date (e.g., due to
compromise or misuse).
• Clients can check the CRL to ensure a certificate is still valid.
7. Online Certificate Status Protocol (OCSP)
• A protocol used to check the real-time status of a certificate (valid, revoked, or
unknown).
8. Certificate Management System
• A system that manages the lifecycle of certificates, including issuance, renewal, and
revocation.
9. Certificate Policy
• A document that outlines the rules and procedures for managing certificates within the
PKI.
• It defines how certificates are issued, used, and revoked.
How PKI Works
1. Key Generation:
o The user generates a public-private key pair.
2. Certificate Request:
o The user submits a Certificate Signing Request (CSR) to the CA, which includes
their public key and identity information.
3. Identity Verification:
o The CA (or RA) verifies the user’s identity.
4. Certificate Issuance:
o The CA issues a digital certificate, signing it with its private key.
5. Certificate Distribution:
o The certificate is distributed to the user and stored in a certificate database.
6. Certificate Usage:
 o The user can now use the certificate to:
▪ Encrypt data.
▪ Create digital signatures.
▪ Authenticate themselves.
7. Certificate Validation:
o When a certificate is presented (e.g., during a secure connection), the recipient
validates it by:
▪ Checking the CA’s digital signature.
▪ Verifying the certificate’s validity period.
▪ Checking the CRL or using OCSP to ensure the certificate has not been
revoked.
8. Certificate Expiration or Revocation:
o Certificates have a limited validity period and must be renewed or revoked if
compromised.
Applications of PKI
1. Secure Web Communications (HTTPS):
o PKI is used to secure websites with SSL/TLS certificates, enabling encrypted
connections (e.g., e-commerce, online banking).
2. Digital Signatures:
o PKI enables the creation of digital signatures, which ensure the authenticity and
integrity of electronic documents.
3. Email Encryption:
o PKI is used to encrypt and digitally sign emails (e.g., S/MIME).
4. Virtual Private Networks (VPNs):
o PKI authenticates users and devices accessing VPNs.
5. Smart Card Authentication:
o PKI is used to authenticate users accessing secure systems using smart cards.
6. IoT Device Security:
o PKI ensures secure communication between IoT devices.
7. Code Signing:
o PKI is used to sign software code, ensuring its authenticity and integrity.

Digital Signatures vs. Digital Certificates

• Digital Signature:
o A cryptographic value attached to an electronic document, created using the
sender’s private key.
o Used to verify the authenticity and integrity of the document.
• Digital Certificate:
o A document that binds a public key to an entity, issued by a trusted CA.
o Used to verify the identity of the certificate holder.