prev

next

out of 29

View

14Download

0

Embed Size (px)

Chapter 6

New HASH Function

6.1 Message Authentication

Message authentication is a mechanism or service used for verifying

the integrity of a message. Message authentication assures that the

data received are exactly as sent by i.e., contain no modification,

insertion, deletion, or replay and that the purported identity of

the sender is valid. Symmetric encryption provides authentication

among those who share the secret key. Encryption of a message

by a sender’s private key also provides a form of authentication.

The two most common cryptographic techniques for message au-

thentication are a message authentication code (MAC) and secure

hash function. A MAC is an algorithm that requires the use of a

secret key. A MAC takes a variable length message and a secret

key as input and produces an authentication code . A recipient in

possession of the secret key can generate an authentication code

to verify the integrity of the message. A hash function maps a

110

variable length message into a fixed length hash value, or message

digest. For message authentication, a secure hash function must

be combined in some fashion with a secret key.

6.1.1 Authentication Requirements

In the context of communication across a network, the following

attacks can be identified:

• Disclosure: Release of message contents to any person or pro-

cess not processing the appropriate cryptographic key.

• Traffic analysis: Discovery of the pattern of traffic between

parties. In a connection-oriented application, the frequency

and duration of connections could be determined. In either a

connected-oriented or connectionless environment, the num-

ber and length of the messages between the parties could be

determined.

• Masquerade: Insertion of messages into the network from a

fraudulent source. This includes the creation of messages by

an opponent that are purported to come from an authorized

entity. Also included are fraudulent acknowledgments of mes-

sage receipt or non receipt by someone other than the message

recipient.

• Content modification: changes to the contents of a message,

111

including insertion, deletion, transposition, and modification.

• Sequence modification: Any modification to a sequence of

messages between parties, including insertion, deletion, and

recording.

• Timing modification: Delay or replay of messages. In a connection-

oriented application, an entire session or sequence of messages

could be a replay of some previous valid session, or individual

messages in the sequence could be delayed or replayed. In

a connectionless application, an individual message could be

delayed or replayed.

• Source repudiation: Denial of transmission of message by

source.

• Destination repudiation: Denial of receipt of message by des-

tination.

6.1.2 Authentication Functions

Following are the commonly used functions for authentication.

• Message Encryption: The cipher text of the entire message

serves as its authentication. A message ′M ′ transmitted from

source ′A′ to destination ′B′ is encrypted using a secret key ′K ′

shared by ′A′ and ′B′. If no other party knows the key, then

confidentiality is provided: No other party can recover the

112

plaintext of the message. In addition, we may say that ′B′ is

assured that the message was generated by ′A′. The message

must have come from ′A′ because ′A′ is the only other party

that possesses secret key ′K ′ and therefore the only other

party with the information necessary to construct ciphertext

that can be decrypted with ′K ′. Furthermore, if message ′M ′

is recovered, B knows that none of the bits of ′M ′ have been

altered, because an opponent that does not know ′K ′ would

not know how to alter the bits in the ciphertext to produce

desired changes in the plaintext

• Message Authentication Code (MAC): A function of the mes-

sage and a secret key that produces a fixed-length value that

serves as authentication. An alternative technique involves

the use of a secret key to generate a small fixed-size block

of data, known as a cryptographic checksum or MAC that is

appended to the message. This technique assumes that two

communication parties say ′A′ and ′B′, share a common se-

cret key ′K ′. When ′A′ has a message to be sent to ′B′, it

calculates the MAC as a function of the message and the key.

The message and the MAC are transmitted to the intended

recipient ′B′. The recipient performs the same calculation on

the received message, using the same secret key to generate a

new MAC. The received MAC is compared to the calculated

113

MAC and if they match, then accept the received message.

• Hash Function: A function that maps a message of any length

into a fixed-length hash value, which serves as an authentica-

tion.

A hash function accepts a variable-size message ′M ′ as input

and produces a fixed-size output, referred to as a hash code H(M).

The hash code is also referred to as a message digest or hash value.

The hash code is a function of all the bits of the message and pro-

vides an error-detection capability. A change to any bit or bits

in the message results in a change to the hash code. Fig.6.1 a

simple block diagram hash function generator. The message ′M ′

Figure 6.1: Encrypt message plus hash code

plus concatenated hash code H(M) is encrypted using symmetric

encryption. Because only ′A′ and ′B′ share the secret key, the mes-

sage must have come from ′A′ and has not been altered. The hash

code provides the structure or redundancy required to achieve au-

thentication. Because encryption is applied to the entire message

plus hash code, confidentiality is also provided. Fig.6.2 shows the

114

block diagram of hash function generator using a shared secret key.

Only the hash code is encrypted using the symmetric encryption.

Figure 6.2: Encrypt hash code with shared secret key

This reduces the processing burden for those applications that do

not require confidentiality. Fig.6.3 shows hash function generator

using sender’s private key in public key cryptography

Figure 6.3: Encrypt hash code with sender’s Private key

Only the hash code is encrypted, using the public key encryp-

tion algorithm with the sender’s private key, this provides authen-

tication. It also provides digital signature, because only the sender

could have produced the encrypted hash code as shown in Fig.6.4

If confidentiality as well as the digital signature is desired then

the message plus the private- key-encrypted hash code can be en-

crypted using a symmetric secret key. This is a common technique

115

Figure 6.4: Encrypt result of encrypted hash code with shared secret key

used as shown in Fig.6.5

Figure 6.5: Compute hash code of message plus secret key

It is possible to use a hash function but no encryption for mes-

sage authentication as shown in Fig.6.6. The technique assumes

that the two communicating parties share a common secret value

K. A computes the hash over the communication message of M

and K and appends the resulting hash value to M . Because the

secret key value itself, if not sent, an opponent cannot modify an

intercepted message and cannot generate a false message.

116

Figure 6.6: Encrypt the result of hash code of message plus secret key

6.2 Hash Functions

A hash function value h is generated by a function ′H ′ of the form

h = H(M), where ′M ′ is a variable-length message and H(M) is

the fixed length hash value. The hash value is appended to the

message at the source at a time when the message is assumed or

known to be correct. The receiver authenticates that message by

recomputing the hash value.

6.2.1 Requirements for a hash function

To be useful for message authentication, a hash function H must

have the following properties.

• H can be applied to a block of data of any size.

• H produces a fixed-length output.

• H(x) is relatively easy to compute for any given x, making

both hardware and software implementing practical.

• For any given value h, it is computationally unfeasible to find

117

x such that H(x) = h. This is referred as the one-way prop-

erty.

• For any given block x, it is computationally unfeasible to find

y 6= x, such that H(y) = H(x). This is referred to as weak

collision resistance.

• It is computationally unfeasible to find any pair(x, y) such

that H(x) = H(y). This is referred to as strong collision

resistance.

6.2.2 Security of Hash Function

The strength of a hash function against brute-force attacks de-

pends solely on the length of the hash code pr