Network Security Essentials: Applications

and Standards
Sixth Edition

Chapter 3
Public Key Cryptography
and Message
Authentication

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Message Authentication
• Encryption protects against passive attack (eavesdropping)
• A different requirement is to protect against active attack
(falsification of data and transactions)
– Protection against such attacks is known as message
authentication
• Message authentication is a procedure that allows
communicating parties to verify that received messages are
authentic
– The two important aspects are to verify that the contents of
the message have not been altered and that the source is
authentic

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Approaches to Message Authentication (1 of
2)

Using conventional encryption

• Symmetric encryption alone is not a suitable tool for data
authentication
– We assume that only the sender and receiver share a key,
so only the genuine sender would be able to encrypt a
message successfully
– The receiver assumes that no alterations have been made
and that sequencing is proper if the message includes an
error detection code and a sequence number
– If the message includes a timestamp, the receiver
assumes that the message has not been delayed beyond
that normally expected for network transit

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Approaches to Message Authentication (2 of
2)

Without message encryption

• An authentication tag is generated and appended to each
message for transmission
• The message itself is not encrypted and can be read at
the destination independent of the authentication function
at the destination
• Because the message is not encrypted, message
confidentiality is not provided

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Figure 3-1: Message Authentication Using a
Message Authentication Code (MAC)

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

One-Way Hash Functions
• Accepts a variable-size message M as input and
produces a fixed-size message digest H M as output
• Does not take a secret key as input
• To authenticate a message, the message digest is sent
with the message in such a way that the message digest
is authentic

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Figure 3-2: Message Authentication Using a
One-Way Hash Function

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Secure Hash Functions (1 of 3)
• Is important not only in message authentication but in
digital signatures
• Purpose is to produce a “fingerprint” of a file, message, or
other block of data
• To be useful for message authentication, a hash function
H must have the following properties:

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Secure Hash Functions (2 of 3)
1. H can be applied to a block of data of any size.
2. H produces a fixed-length output.
3. H x is relatively easy to compute for any given x,
making both hardware and software implementations
practical.
4. For any given code h, it is computationally infeasible to
find x such that H xh. A hash function with this
property is referred to as one-way or preimage resistant.

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Secure Hash Functions (3 of 3)
5. For any given block x, it is computationally infeasible to
find y x with H y H x A hash function with this
property is referred to as second preimage resistant.
This is sometimes referred to as weak collision
resistant.
6. It is computationally infeasible to find any pair x, y 
such that H xH y . A hash function with this property
is referred to as collision resistant. This is sometimes
referred to as strong collision resistant.

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Security of Hash Functions
• There are two approaches to attacking a secure hash
function:
– Cryptanalysis
▪Involves exploiting logical weaknesses in the
algorithm
– Brute-force attack
▪The strength of a hash function against this attack
depends solely on the length of the hash code
produced by the algorithm

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Figure 3-3: Simple Hash Function Using
Bitwise XOR

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

The SHA Secure Hash function
• SHA was developed by NIST and published as a federal
information processing standard (F IPS 180) in 1993
• Was revised in 1995 as SHA-1 and published as FIPS 180-1
– The actual standards document is entitled “Secure Hash
Standard”
• Based on the hash function MD4 and its design closely models
MD4
• Produces 160-bit hash values
• In 2005 NIST announced the intention to phase out approval of
SHA-1 and move to a reliance on S HA-2 by 2010

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Table 3-1: Comparison of SHA Parameters

Blank SHA-I SHA-224 SHA-256 SHA-384 SHA-512

Message 160 224 256 384 512

Digest Size
less than 2 to the sixty fourth power less than 2 to the sixty fourth power less than 2 to the sixty fourth power less than 2 to the 120 eighth power less than 2 to the 120 eighth power

Message 128
Size 2 64
2 64
2 64
2  2128

Block Size 512 512 512 1024 1024

Word Size 32 32 32 64 64

Number of 80 64 64 80 80
Steps

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Figure 3-4: Message Digest Generation
Using SHA-512

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Figure 3-5: SHA-512 Processing of a Single
1024-Bit Block

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

SHA-3
Basic requirements that must be satisfied by any
candidate for SHA-3
1. It must be possible to replace SHA-2 with SHA-3 in any
application by a simple drop-in substitution. Therefore, S
HA-3 must support hash value lengths of 224, 256, 384,
and 512 bits.
2. SHA-3 must preserve the online nature of SHA-2. That
is, the algorithm must process comparatively small
blocks (512 or 1024 bits) at a time instead of requiring
that the entire message be buffered in memory before
processing it.

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

HMAC (1 of 2)
• There has been an increased interest in developing a MA
C derived from a cryptographic hash code, such as SHA-
1
– Cryptographic hash functions generally execute faster
in software than conventional encryption algorithms
such as DES
– Library code for cryptographic hash functions is
widely available
– A hash function such as SHA-1 was not designed for
use as a MAC and cannot be used directly for that
purpose because it does not rely on a secret key

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

HMAC (2 of 2)
• There have been a number of proposals for the
incorporation of a secret key into an existing hash
algorithm
– The approach that has received the most support is H
MAC.
• Has been issued as RFC 2104
• Has been chosen as the mandatory-to-implement MAC
for IP Security
• Is used in other Internet protocols, such as Transport
Layer Security (TLS) and Secure Electronic Transaction
(SET)
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
HMAC Design Objectives (1 of 2)
• To use, without modifications, available hash functions ---
in particular, hash functions that perform well in software,
and for which code is freely and widely available
• To allow for easy replace ability of the embedded hash
function in case faster or more secure hash functions are
found or required
• To preserve the original performance of the hash function
without incurring a significant degradation

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

HMAC Design Objectives (2 of 2)
• To use and handle keys in a simple way
• To have a well understood cryptographic analysis of the
strength of the authentication mechanism based on
reasonable assumptions on the embedded hash function

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Figure 3-6: HMAC Structure

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Figure 3-7: Cipher-Based Message
Authentication Code (CMAC)

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Counter with Cipher Block Chaining-
Message Authentication Code (CCM)
• NIST standard SP 800-38C
• Referred to as an
authenticated encryption
mode
– “Authenticated encryption”
is a term used to describe
encryption systems that
simultaneously protect
confidentiality and
authenticity of
communications
• A single key is used for both
encryption and MAC algorithms

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Figure 3-8: Counter with Cipher Block Chaining-
Message Authentication Code (CCM)

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Public-Key Encryption Structure (1 of 2)
• First publicly proposed by Diffie and Hellman in 1976
• Based on mathematical functions rather than on simple
operations on bit patterns
• Is asymmetric, involving the use of two separate keys

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Public-Key Encryption Structure (2 of 2)
Misconceptions:
• Public-key encryption is more secure from cryptanalysis
than conventional encryption
• Public-key encryption is a general-purpose technique that
has made conventional encryption obsolete
• There is a feeling that key distribution is trivial when using
public-key encryption, compared to the rather
cumbersome handshaking involved with key distribution
centers for conventional encryption

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Figure 3-9: Public-Key Cryptography

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Applications for Public-Key Cryptosystems
• Public-key systems are characterized by the use of a
cryptographic type of algorithm with two keys, one held
private and one available publicly
• Depending on the application, the sender uses either the
sender’s private key, the receiver’s public key, or both to
perform some type of cryptographic function

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Table 3-2: Applications for Public-Key
Cryptosystems

Algorithm Encryption/Decryption Digital Signature Key Exchange

RSA Yes Yes Yes

Diffie-Hellman No No Yes

DSS No Yes No

Elliptic Curve Yes Yes Yes

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Figure 3-10: The RSA Algorithm

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Figure 3-11: Example of RSA Algorithm

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Security Considerations
• The security of RSA depends on it being used in such a
way as to counter potential attacks
• Possible attack approaches are:
– Mathematical attacks
– Timing attacks
– Chosen cipher text attacks
• To counter sophisticated chosen cipher text attacks, RSA
Security Inc. recommends modifying the plaintext using a
procedure known as optimal asymmetric encryption
padding (OAEP)

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Figure 3-12: Encryption Using Optimal
Asymmetric Encryption Padding (O AEP)

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Diffie-Hellman Key Exchange
• First published public-key algorithm
• A number of commercial products employ this key exchange
technique
• Purpose of the algorithm is to enable two users to exchange a
secret key securely that then can be used for subsequent
encryption of messages
– The algorithm itself is limited to the exchange of the keys
• Depends for its effectiveness on the difficulty of computing
discrete logarithms

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Figure 3-13: Diffie-Hellman Key Exchange

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Figure 3-14: Man-In-The-Middle Attack

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Digital Signature Standard (DSS)
• FIPS PUB 186
• Makes use of the SHA-1 and presents a new digital
signature technique, the Digital Signature Algorithm (DS
A)
• Originally proposed in 1991 and revised in 1993 and
again in 1996
• Uses an algorithm that is designed to provide only the
digital signature function
• Unlike RSA, it cannot be used for encryption or key
exchange

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Digital Signatures (1 of 2)
• NIST FIPS PUB 186-4 (Digital Signature Standard (DS
S)) defines a digital signature as: “the result of a
cryptographic transformation of data that, when properly
implemented, provides a mechanism for verifying origin
authentication, data integrity, and signatory non-
repudiation”
• Thus, a digital signature is a data-dependent bit pattern,
generated by an agent as a function of a file, message, or
other form of data block

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Digital Signatures (2 of 2)
• FIPS 186-4 specifies the use of one of three digital
signature algorithms:
– Digital signature algorithm (DSA)
– RSA digital signature algorithm
– Elliptic curve digital signature algorithm (ECDSA)

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Elliptic-Curve Cryptography (E CC)
• Technique is based on the use of a mathematical
construct known as the elliptic curve
• Principal attraction of ECC compared to RSA is that it
appears to offer equal security for a far smaller bit size,
thereby reducing processing overhead
• The confidence level in ECC is not yet as high as that in
RSA

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Figure 3-15: Simplified Depiction of
Essential Elements of Digital Signature

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Figure 13-16: RSA-PSS Encoding and
Signature Generation

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Summary (1 of 3)
• Approaches to message authentication
– Authentication using conventional encryption
– Message authentication without message encryption
• Secure hash functions
– Hash function requirements
– Security of hash functions
– Simple hash functions
– The SHA secure hash function
– SHA-3

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Summary (2 of 3)
• Digital signatures
– Digital signature generation and verification
– RSA digital signature algorithm
• Message authentication codes
– HM AC
– MACs based on block ciphers
• Public-key cryptography principles
– Public-key encryption structure
– Applications for public-key cryptosystems
– Requirements for public-key cryptography
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
Summary (3 of 3)
• Public-key cryptography algorithms
– The RSA public-key encryption algorithm
– Diffie-Hellman key exchange
– Other public-key cryptography algorithms

Copyright © 2017 Pearson Education, Inc. All Rights Reserved

Copyright

Copyright © 2017 Pearson Education, Inc. All Rights Reserved