Cryptographic Tools:

Hashes and Digital Signatures

Lecture 8
Attacks on Communications
across Network
Disclosure: encryption
Traffic analysis: encryption
Masquerade: message authentication
Content modification: message authentication
Sequence modification: message
authentication
Timing modification: message authentication
Source repudiation: digital signatures
Destination repudiation: digital signatures
Authentication
 Receiver wants to verify:
 Contents of the message have not been modified
(data authentication)
 Source of message is who they claim to be
(source authentication)
Different approaches available:
 Symmetric Key Encryption
 Message Authentication Codes (MACs)
 Hash Functions
 Public Key Encryption (i.e. Digital Signatures)
Symmetric Encryption for
Authentication
Confidentiality: only B (and A) can recover
plaintext
Source Authentication: A is only other user
with key; must have come from A
Data Authentication: successfully decrypted;
data has not been modified
Assumption: decryptor can recognize correct
plaintext
Symmetric Encryption for
Authentication
Recognizing Correct
Plaintext
Example 1
B receives ciphertext (supposedly from A, using
shared
secret key K):
DPNFCTEJLYONCJAEZRCLASJTDQFY
B decrypts with key K to obtain plaintext:
SECURITYANDCRYPTOGRAPHYISFUN
Was the plaintext encrypted with key K (and hence
sent by A)?
Is the ciphertext received the same as the
ciphertext sent by A?
Recognizing Correct
Plaintext
Example 2
B receives ciphertext (supposedly from A, using
shared
secret key K):
QEFPFPQEBTOLKDJBPPXDBPLOOVX
B decrypts with key K to obtain plaintext:
FTUEUEFTQIDAZSYQEEMSQEADDKM
Was the plaintext encrypted with key K (and hence
sent by A)?
Is the ciphertext received the same as the
ciphertext sent by A?
Recognizing Correct
Plaintext
Example 3
B receives ciphertext (supposedly from A, using
shared
secret key K):
0110100110101101010110111000010
B decrypts with key K to obtain plaintext:
0101110100001101001010100101110
Was the plaintext encrypted with key K (and hence
sent by A)?
Is the ciphertext received the same as the
ciphertext sent by A?
Recognizing Correct
Plaintext
Valid plaintexts should be small subset of all
possible messages:
 E.g. 26n possible messages of length n; only small
subset are valid English phrases.
Plaintext messages have structure
BUT automatically detecting structure can be
difficult
Add structure to make it easier, e.g.
 Error detecting code or Frame Check Sequence
 Packet header
Authentication with Message Authentication
Codes
Append small, fixed-size block of data to message:
cryptographic checksum or MAC
T = MAC(K, M)
M = input message
MAC = MAC function
K = shared secret key of k bits
T = message authentication code (or tag) of n bits
MAC function also called keyed hash function
MAC function similar to encryption, but does not
need to be reversible
 Easier to design stronger MAC functions than
encryption functions
Message Authentication Codes
Requirement of MACs
Objective of Attacker
 Assume MAC function is known, key K is not
 For valid MAC code for given message x
Requirement of MAC Function
Computation Resistance : Given one or more
text-MAC pairs (xi , MAC(K, xi )), it should be
computationally infeasible to compute any
other text-MAC pair (x, MAC(K, x)) for a new
input x ≠ xi.
Security of MACs
Brute Force Attack on Key
 Attacker knows (x1, T1) where T1 = MAC(K, x1)
 Key size of k bits: brute force on key, 2K
 But . . . many tags match T1
 For keys that produce tag T1, try again with
(x2, T2)
 Effort to find K is approximately 2K
Security of MACs
Brute Force Attack on MAC value
For xm, find Tm without knowing K
Similar effort required as one-way/weak
collision resistant property for hash
functions
For n bit MAC value length, effort is 2n
Effort to break MAC: min(2K, 2n)
Security of MACs
Cryptanalysis
 Many different MAC algorithms; attacks
specific to algorithms
 MAC algorithms generally considered
secure
MAC Algorithms
Data Authentication Algorithm (DAA): based
on DES; considered insecure
Cipher-Based Message Authentication Code
(CMAC): mode of operation used with Triple-
DES and AES
OMAC, PMAC, UMAC, VMAC, . . .
HMAC, function derived from cryptographic
hash functions
Hash Functions
Hash function H: variable-length block of data M input;
fixed-size hash value h = H(M) output
Applying H to large set of inputs should produce evenly
distributed and random looking outputs
Cryptographic hash function: computationally
infeasible to find:
 M that maps to known h (one-way property)
 M1 and M2 that produce same h (collision-free property)
Used to determine whether or not data has changed
Examples: message authentication, digital signatures,
one-way password file, intrusion/virus detection, PRNG
Secure Hash Functions
Authentication with Hash
Functions
Message Authentication
Verify the integrity of a message
 Ensure data received are exactly as sent
 Assure identity of the sender is valid
Hash function used to provide message
authentication called message digest
Message
Authentication
 Hash Function Requirements
 Applied to any size data.
 H produces a fixed-length output.
 H(x) is relatively easy to compute for any given x
 One-way property
 computationally infeasible to find x such that H(x) = h
 Weak collision resistance
 computationally infeasible to find y ≠ x such that H(y) = H(x)
 Strong collision resistance
 computationally infeasible to find any pair (x, y) such that H(x)
= H(y)
 Hash Functions
two attack approaches
cryptanalysis
 exploit logical weakness in algorithm
brute-force attack
 trial many inputs
 strength proportional to size of hash code (2n)
SHA most widely used hash algorithm
SHA-1 gives 160-bit hash
more recent SHA-256, SHA-384, SHA-512 provide
improved size and security
 Public Key Authentication
Authentication and/or data integrity
 Public Key Infrastructure (PKI)
Public Key Infrastructure (PKI): integrated
system of software, encryption methodologies,
protocols, legal agreements, and third-party
services enabling users to communicate
securely
PKI systems based on public key
cryptosystems; include digital certificates and
certificate authorities (CAs)
Public Key Infrastructure
PKIX Management
 functions:
registration
initialization
certification
key pair recovery
key pair update
revocation request
cross certification
 protocols:
 CMP(certificate management protocols ),
 CMC(certificate management messages )
PKI services
PKI protects information assets in several ways:
 Authentication – Digital Certificate
 To identify a user who claim who he/she is, in order to access the
resource.
 Non-repudiation – Digital Signature
 To make the user becomes unable to deny that he/she has sent the
message, signed the document or participated in a transaction.
 Confidentiality - Encryption
 To make the transaction secure, no one else is able to read/retrieve
the ongoing transaction unless the communicating parties.
 Integrity - Encryption
 To ensure the information has not been tampered during transmission.
 Authorization - Digital certificates
 Digital certificates issued in a PKI environment can replace user IDs and
passwords, enhance security, and reduce some of the overhead required
for authorization processes and controlling access privileges
 Public-Key Authority
Assume each user
has already
security published
public-key at
authority; each
user knows
authorities public
key.
Problem: authority
can be bottleneck
Alternative: public-
key certificates
Public-Key Certificates
Assume public
keys sent to
CA can be
authenticated
by CA; each
user has
certificate of
CA.
 Digital Signatures
Encrypted messages that can be
mathematically proven to be authentic
Created in response to rising need to verify
information transferred using electronic
systems
Asymmetric encryption processes used to
create digital signatures
Digital Signature
Digital signature can be used in all electronic
communications
Web, e-mail, e-commerce
It is an electronic stamp or seal that append to
the document.
Ensure the document being unchanged during
transmission.

All copyrights reserved by C.C. Cheung 2003.

 How digital Signature works?

User A Transmit via the Internet

Use A’s private key to sign the document

User B received
Verify the signature the document with
by A’s public key stored signature attached
at the directory
User B

All copyrights reserved by C.C. Cheung 2003.

 Digital Signature Generation and
Verification

Message Sender Message Receiver

Message Message

Hash function Hash function

Public
Digest Key

Private Encryption Decryption

Key
Signature Expected Digest Digest
All copyrights reserved by C.C. Cheung 2003.
Digital Signature Algorithms

RSA
Digital Signature Algorithm (DSA): FIPS-186
ECDSA: DSA with elliptic curve cryptography
ElGamal signature scheme: DSA is
enhancement of ElGamal
Bilinear pairing based signatures, e.g. BLS
Different hash algorithms can be used; e.g.
SHA2
Pre-image resistant, second pre-image
resistant, collision resistant
Digital Certificates
Digital Certificate is a data with digital
signature from one trusted Certification
Authority (CA).
This data contains:
Who owns this certificate
Who signed this certificate
The expired date
User name & email address

All copyrights reserved by C.C. Cheung 2003.

Digital Certificates
Electronic document containing key value and
identifying information about entity that
controls key

Digital signature attached to certificate’s

container file to certify file is from entity it
claims to be from
Figure 8-5 Digital Signatures
Digital Certificate

 Reference

All copyrights reserved by C.C. Cheung 2003.

Certification Authority (CA)
A trusted agent who certifies public keys for
general use (Corporation or Bank).
User has to decide which CAs can be trusted.
The model for key certification based on friends
and friends of friends is called “Web of Trust”.
The public key is passing from friend to friend.
Works well in small or high connected worlds.
What if you receive a public key from someone you
don’t know?
A Certificate Authority is an agency that
manages the issuance of certificates and
serves as the electronic notary public to verify
their worth and integrity.
All copyrights reserved by C.C. Cheung 2003.
Protocols for Secure
Communications
Secure Socket Layer (SSL) protocol: uses public
key encryption to secure channel over public
Internet

Secure Hypertext Transfer Protocol (S-HTTP):

extended version of Hypertext Transfer Protocol;
provides for encryption of individual messages
between client and server across Internet
S-HTTP is the application of SSL over HTTP; allows
encryption of information passing between
computers through protected and secure virtual
connection
Principles of Information Security, 2nd edition
Protocols for Secure Communications (continued)

Securing E-mail with S/MIME, PEM, and PGP

Secure Multipurpose Internet Mail Extensions

(S/MIME): builds on Multipurpose Internet Mail
Extensions (MIME) encoding format by adding
encryption and authentication
Privacy Enhanced Mail (PEM): proposed as
standard to function with public key
cryptosystems; uses 3DES symmetric key
encryption
Pretty Good Privacy (PGP): uses IDEA Cipher for
message encoding
Principles of Information Security, 2nd edition
Protocols for Secure Communications (continued)
Securing Web transactions with SET, SSL, and S-
HTTP
Secure Electronic Transactions (SET): developed by
MasterCard and VISA in 1997 to provide protection
from electronic payment fraud

Uses DES to encrypt credit card information

transfers

Provides security for both Internet-based credit

card transactions and credit card swipe systems in
retail stores
Principles of Information Security, 2nd edition
References & further readings
Computer Security: Principles and
Practice :Chapter 2 – Cryptographic Tools by
William Stallings and Lawrie Brown
Cryptography and network security by
William stalling chapters :11,12,13,14