CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

Contents

1. CRYPTOGRAPHIC HASH FUNCTIONS

2. MESSAGE AUTHENTICATION CODES

3. DIGITAL SIGNATURES

2

3

1. CRYPTOGRAPHIC HASH FUNCTIONS

Applications of Cryptographic Hash Functions Two Simple Hash Functions Requirements and Security Hash Functions Based on Cipher Block Chaining Secure Hash Algorithm (SHA) SHA-3

4

KEY POINTS

A hash function maps a variable-length message into a fixed-length hash value, or message digest.

Virtually all cryptographic hash functions involve the iterative use of a compression function.

The compression function used in secure hash algorithms falls into one of two categories: a function specifically designed for the hash function or an algorithm based on a symmetric block cipher. SHA and Whirlpool are examples of these two approaches, respectively.

5

A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h=H(M). A “good” hash function has the property that the results of applying the function to a large set of inputs will produce outputs that are evenly distributed and apparently random.

A cryptographic hash function is an algorithm for which it is computationally infeasible (because no attack is significantly more efficient than brute force) to find either (a) a data object that maps to a pre-specified hash result (the one-way property) or (b) two data objects that map to the same hash result (the collision-free property).

6

7

APPLICATIONS OF CRYPTOGRAPHIC HASH FUNCTIONS

Message Authentication

The message plus concatenated hash code is encrypted using symmetric encryption. Because only A and B share the secret key, the message must have come from A and has not been altered. The hash code provides the structure or redundancy required to achieve authentication. Because encryption is applied to the entire message plus hash code, confidentiality is also provided

8

Message Authentication (cont.)

Only the hash code is encrypted, using symmetric encryption. This reduces the processing burden for those applications that do not require confidentiality.

9

Message Authentication (cont.)

It is possible to use a hash function but no encryption for message authentication. The technique assumes that the two communicating parties share a common secret value S. A computes the hash value over the concatenation of M and S and appends the resulting hash value to M. Because B possesses S, it can recompute the hash value to verify. Because the secret value itself is not sent, an opponent cannot modify an intercepted message and cannot generate a false message.

10

Message Authentication (cont.)

Confidentiality can be added to the approach of method (c) by encrypting the entire message plus the hash code.

11

Digital Signatures

12

SECURE HASH ALGORITHM (SHA)

13

2. MESSAGE AUTHENTICATION CODES

Message Authentication Requirements Message Authentication Functions Requirements for Message Authentication Codes Security of MACs MACs Based on Hash Functions: HMAC MACs Based on Block Ciphers: DAA and CMAC Authenticated Encryption: CCM and GCM Pseudorandom Number Generation Using Hash

Functions and Macs

14

KEY POINTS

Message authentication is a mechanism or service used to verify the integrity of a message. Message authentication assures that data received are exactly as sent by (i.e., contain no modification, insertion, deletion, or replay) and that the purported identity of the sender is valid.

Symmetric encryption provides authentication among those who share the secret key.

15

KEY POINTS (cont.)

A message authentication code (MAC) is an algorithm that requires the use of a secret key. A MAC takes a variable-length message and a secret key as input and produces an authentication code. A recipient in possession of the secret key can generate an authentication code to verify the integrity of the message.

One means of forming a MAC is to combine a cryptographic hash function in some fashion with a secret key.

Another approach to constructing a MAC is to use a symmetric block cipher in such a way that it produces a fixed-length output for a variable-length input.

16

MESSAGE AUTHENTICATION REQUIREMENTS

1. Disclosure: Release of message contents to any person or process not possessing the appropriate cryptographic key.

2. Traffic analysis: Discovery of the pattern of traffic between parties…

3. Masquerade: Insertion of messages into the network from a fraudulent source …

4. Content modification: Changes to the contents of a message, including insertion, deletion, transposition, and modification.

17

MESSAGE AUTHENTICATION REQUIREMENTS (cont.)

5. Sequence modification: Any modification to a sequence of messages between parties, including insertion, deletion, and reordering.

6. Timing modification: Delay or replay of messages.

7. Source repudiation: Denial of transmission of message by source.

8. Destination repudiation: Denial of receipt of message by destination.

18

MESSAGE AUTHENTICATION FUNCTIONS

Hash function: A function that maps a message of any length into a fixed-length hash value, which serves as the authenticator.

Message encryption: The ciphertext of the entire message serves as its authenticator.

Message authentication code (MAC): A function of the message and a secret key that produces a fixed-length value that serves as the authenticator.

19

Basic Uses of Message Encryption

20

21

Message Authentication Code

22

Basic Uses of Message Authentication code (MAC)

23

SECURITY OF MACS

Brute-Force Attacks Cryptanalysis

24

MACS BASED ON HASH FUNCTIONS: HMAC

25

Security of HMAC

26

MACS BASED ON BLOCK CIPHERS: DAA AND CMAC

27

Cipher-Based Message Authentication Code (CMAC)

28

AUTHENTICATED ENCRYPTION: CCM AND GCMCounter with Cipher Block Chaining-Message Authentication Code

(CCM)

29

Counter with Cipher Block Chaining-Message Authentication Code (CCM) (cont.)

30

3. DIGITAL SIGNATURES

Digital Signatures ElGamal Digital Signature Scheme Schnorr Digital Signature Scheme Digital Signature Standard

31

KEY POINTS

A digital signature is an authentication mechanism that enables the creator of a message to attach a code that acts as a signature. Typically the signature is formed by taking the hash of the message and encrypting the message with the creator’s private key. The signature guarantees the source and integrity of the message.

The digital signature standard (DSS) is an NIST standard that uses the secure hash algorithm (SHA).

32

DIGITAL SIGNATURES

33

Simplified Depiction of Essential Elements of Digital Signature Process

34

ELGAMAL DIGITAL SIGNATURE SCHEME

35

36

DIGITAL SIGNATURE STANDARD

37

The Digital Signature Algorithm (DSA)

38

39

40