Chapter 6 New HASH Function - 6.pdf¢  Chapter 6 New HASH Function 6.1 Message Authentication Message

  • View
    14

  • Download
    0

Embed Size (px)

Text of Chapter 6 New HASH Function - 6.pdf¢  Chapter 6 New HASH Function 6.1 Message...

  • Chapter 6

    New HASH Function

    6.1 Message Authentication

    Message authentication is a mechanism or service used for verifying

    the integrity of a message. Message authentication assures that the

    data received are exactly as sent by i.e., contain no modification,

    insertion, deletion, or replay and that the purported identity of

    the sender is valid. Symmetric encryption provides authentication

    among those who share the secret key. Encryption of a message

    by a sender’s private key also provides a form of authentication.

    The two most common cryptographic techniques for message au-

    thentication are a message authentication code (MAC) and secure

    hash function. A MAC is an algorithm that requires the use of a

    secret key. A MAC takes a variable length message and a secret

    key as input and produces an authentication code . A recipient in

    possession of the secret key can generate an authentication code

    to verify the integrity of the message. A hash function maps a

    110

  • variable length message into a fixed length hash value, or message

    digest. For message authentication, a secure hash function must

    be combined in some fashion with a secret key.

    6.1.1 Authentication Requirements

    In the context of communication across a network, the following

    attacks can be identified:

    • Disclosure: Release of message contents to any person or pro-

    cess not processing the appropriate cryptographic key.

    • Traffic analysis: Discovery of the pattern of traffic between

    parties. In a connection-oriented application, the frequency

    and duration of connections could be determined. In either a

    connected-oriented or connectionless environment, the num-

    ber and length of the messages between the parties could be

    determined.

    • Masquerade: Insertion of messages into the network from a

    fraudulent source. This includes the creation of messages by

    an opponent that are purported to come from an authorized

    entity. Also included are fraudulent acknowledgments of mes-

    sage receipt or non receipt by someone other than the message

    recipient.

    • Content modification: changes to the contents of a message,

    111

  • including insertion, deletion, transposition, and modification.

    • Sequence modification: Any modification to a sequence of

    messages between parties, including insertion, deletion, and

    recording.

    • Timing modification: Delay or replay of messages. In a connection-

    oriented application, an entire session or sequence of messages

    could be a replay of some previous valid session, or individual

    messages in the sequence could be delayed or replayed. In

    a connectionless application, an individual message could be

    delayed or replayed.

    • Source repudiation: Denial of transmission of message by

    source.

    • Destination repudiation: Denial of receipt of message by des-

    tination.

    6.1.2 Authentication Functions

    Following are the commonly used functions for authentication.

    • Message Encryption: The cipher text of the entire message

    serves as its authentication. A message ′M ′ transmitted from

    source ′A′ to destination ′B′ is encrypted using a secret key ′K ′

    shared by ′A′ and ′B′. If no other party knows the key, then

    confidentiality is provided: No other party can recover the

    112

  • plaintext of the message. In addition, we may say that ′B′ is

    assured that the message was generated by ′A′. The message

    must have come from ′A′ because ′A′ is the only other party

    that possesses secret key ′K ′ and therefore the only other

    party with the information necessary to construct ciphertext

    that can be decrypted with ′K ′. Furthermore, if message ′M ′

    is recovered, B knows that none of the bits of ′M ′ have been

    altered, because an opponent that does not know ′K ′ would

    not know how to alter the bits in the ciphertext to produce

    desired changes in the plaintext

    • Message Authentication Code (MAC): A function of the mes-

    sage and a secret key that produces a fixed-length value that

    serves as authentication. An alternative technique involves

    the use of a secret key to generate a small fixed-size block

    of data, known as a cryptographic checksum or MAC that is

    appended to the message. This technique assumes that two

    communication parties say ′A′ and ′B′, share a common se-

    cret key ′K ′. When ′A′ has a message to be sent to ′B′, it

    calculates the MAC as a function of the message and the key.

    The message and the MAC are transmitted to the intended

    recipient ′B′. The recipient performs the same calculation on

    the received message, using the same secret key to generate a

    new MAC. The received MAC is compared to the calculated

    113

  • MAC and if they match, then accept the received message.

    • Hash Function: A function that maps a message of any length

    into a fixed-length hash value, which serves as an authentica-

    tion.

    A hash function accepts a variable-size message ′M ′ as input

    and produces a fixed-size output, referred to as a hash code H(M).

    The hash code is also referred to as a message digest or hash value.

    The hash code is a function of all the bits of the message and pro-

    vides an error-detection capability. A change to any bit or bits

    in the message results in a change to the hash code. Fig.6.1 a

    simple block diagram hash function generator. The message ′M ′

    Figure 6.1: Encrypt message plus hash code

    plus concatenated hash code H(M) is encrypted using symmetric

    encryption. Because only ′A′ and ′B′ share the secret key, the mes-

    sage must have come from ′A′ and has not been altered. The hash

    code provides the structure or redundancy required to achieve au-

    thentication. Because encryption is applied to the entire message

    plus hash code, confidentiality is also provided. Fig.6.2 shows the

    114

  • block diagram of hash function generator using a shared secret key.

    Only the hash code is encrypted using the symmetric encryption.

    Figure 6.2: Encrypt hash code with shared secret key

    This reduces the processing burden for those applications that do

    not require confidentiality. Fig.6.3 shows hash function generator

    using sender’s private key in public key cryptography

    Figure 6.3: Encrypt hash code with sender’s Private key

    Only the hash code is encrypted, using the public key encryp-

    tion algorithm with the sender’s private key, this provides authen-

    tication. It also provides digital signature, because only the sender

    could have produced the encrypted hash code as shown in Fig.6.4

    If confidentiality as well as the digital signature is desired then

    the message plus the private- key-encrypted hash code can be en-

    crypted using a symmetric secret key. This is a common technique

    115

  • Figure 6.4: Encrypt result of encrypted hash code with shared secret key

    used as shown in Fig.6.5

    Figure 6.5: Compute hash code of message plus secret key

    It is possible to use a hash function but no encryption for mes-

    sage authentication as shown in Fig.6.6. The technique assumes

    that the two communicating parties share a common secret value

    K. A computes the hash over the communication message of M

    and K and appends the resulting hash value to M . Because the

    secret key value itself, if not sent, an opponent cannot modify an

    intercepted message and cannot generate a false message.

    116

  • Figure 6.6: Encrypt the result of hash code of message plus secret key

    6.2 Hash Functions

    A hash function value h is generated by a function ′H ′ of the form

    h = H(M), where ′M ′ is a variable-length message and H(M) is

    the fixed length hash value. The hash value is appended to the

    message at the source at a time when the message is assumed or

    known to be correct. The receiver authenticates that message by

    recomputing the hash value.

    6.2.1 Requirements for a hash function

    To be useful for message authentication, a hash function H must

    have the following properties.

    • H can be applied to a block of data of any size.

    • H produces a fixed-length output.

    • H(x) is relatively easy to compute for any given x, making

    both hardware and software implementing practical.

    • For any given value h, it is computationally unfeasible to find

    117

  • x such that H(x) = h. This is referred as the one-way prop-

    erty.

    • For any given block x, it is computationally unfeasible to find

    y 6= x, such that H(y) = H(x). This is referred to as weak

    collision resistance.

    • It is computationally unfeasible to find any pair(x, y) such

    that H(x) = H(y). This is referred to as strong collision

    resistance.

    6.2.2 Security of Hash Function

    The strength of a hash function against brute-force attacks de-

    pends solely on the length of the hash code pr

Related documents