This document discusses public key cryptography and message authentication. It covers message authentication techniques like message authentication codes and one-way hash functions. A message authentication code uses a secret key to generate a small block of data to authenticate messages. One-way hash functions create a fixed-length fingerprint of a message to detect changes through properties like being collision free. Secure hash functions like SHA-1 and SHA-2 were developed by the NSA and NIST to satisfy requirements for hash functions used in message authentication.
3. Message Authentication
Encryption protects against passive attack (eavesdropping)
Falsification of data and transaction can be against active attack.
Message authentication protects against active attacks.
Message authentication is a procedure to allow parties to
verify that received message is authentic (content is not altered
and source is authentic).
3
4. Message Authentication …
Message authentication is concerned with :
◦ protecting the integrity of a message (or data)
◦ validating identity of originator
◦ non-repudiation of origin (dispute resolution)
How to achieve it :
◦ With message encryption
◦ Encrypt the whole message with symmetric key encryption (not suitable , for example, may change
the block sequence in transmission which causes to have different data)
◦ Without message encryption (is not provides)
◦ Message authentication code (MAC)
◦ One-way hash function
4
5. Message Authentication Code
5
A secret key is used to generate small block of data,
knows as a message authentication mode (MCA).
Key makes the technique more secure (altering the
message and recreating the MAC in the middle!).
Solution: NIST recommends to use DES algorithm
on the message and then use the last 16 or 32 bit of
ciphertext as MAC.
7. One-way Hash Function
7
Hash function: A transformation of a message of
arbitrary length into a fixed-length number
◦ h = H (M)
◦ No secret key
Hash function creates a fingerprint (message digest) of
a message
◦ Used to detect changes to message
◦ usually assume hash function is public
◦ one-way property
◦ collision free (no same hash for two different data)
◦ cyclic redundancy check (CRC)
◦ XOR of every block of message
◦ http://www.fileformat.info/tool/hash.htm
Good for data integrity, but useless for security
8. One-way Hash Function…
8
Three different ways to authenticate message with
hash function: (secret key, public key and secret value)
9. Simple Insecure Hash Functions
9
Bit-by-bit exclusive-OR (XOR) of every block
◦ Ci = bi1 xor bi2 xor . . . xor bim
One-bit circular shift on hash value
◦ rotate current hash value to left by 1bit and XOR block
13. Secure Hash Function
13
SHA originally designed by NIST & NSA in 1993
Was revised in 1995 as SHA-1
160 bit Message digest (output)
SHA-2 (SHA-224, 256, 384, and 512) in 2002