Cryptography and Network Security

1

Hash Functions Hash Functions

◦ condense arbitrary size message to fixed size◦ by processing message in blocks◦ through some compression function◦ either custom or block cipher based◦ It takes variable length block of data M as input and produces a

fixed size hash value hwhere h=H(M)

2

3

Use Of Hash Functions

4

Hash FunctionsProperties of good hash function◦ Output produced is truly random in nature and evenly

distributed.◦ A change to any bit or bits in Message should result into big

change in the hash code.

5

Cryptographic Hash FunctionIt is an algorithm for which it is computationally infeasible to

find: A data object that maps to predefined hash result (one

way property)

Two data objects that maps to the same hash result( collision free property)

Because of these characters hash function are often used to determine whether or not data has changed

6

Properties of Hash Function

7

Iterated hash function All cryptographic hash functions need to create a fixed-size digest out of a variable-size message . Creating such function is best accomplished using iterations Instead of using variable-size input, a function with fixed size input is created and is used a necessary number of times. This fixed-size input is referred as compression functioncompression function. It compresses an n-bit string to create an m-bit string where n is greater than m. this scheme is iterated cryptographic hash iterated cryptographic hash functionsfunctions.

8

Two groups of Compressionfunctions

Two approaches compression function is made from Scratch hash functions based on block ciphers

First approach

1.Message digest (MD)

2.Secure hash algorithm (SHA)

9

Secure Hash Algorithm(SHA)

• The Secure Hash Algorithm is a family of cryptographic hash functions published by the National Institute of Standards and Technology (NIST) as a U.S. Federal Information Processing Standard (FIPS). It sometimes referred to as Secure Hash Standard (SHS).

10

SHA-0Published in 1993

160-bit hash function

It was withdrawn shortly after publication due to an undisclosed "significant flaw" and replaced by the slightly revised version SHA-1

11

SHA-1Published in 1995 160-bit hash function based on MD-5 algorithmdesigned by the National Security Agency (NSA) to be part of the Digital Signature Algorithm.Cryptographic weaknesses were discovered in SHA-1, and the standard was no longer approved for most cryptographic uses after 2010.

12

SHA-2Published in 2001.Was wholly accepted by cryptographers in the year 2011. A family of two similar hash functions, with different block sizes, known as SHA-256 and SHA-512.They differ in the word size; SHA-256 uses 32-bit words where SHA-512 uses 64-bit words.

13

Secure Hash Algorithm(SHA)SHA originally designed by NIST & NSA in 1993was revised in 1995 as SHA-1US standard for use with DSA signature scheme

◦ standard is FIPS 180-1 1995, also Internet RFC3174◦ nb. the algorithm is SHA, the standard is SHS

based on design of MD5 with key differences produces 160-bit hash values recent 2005 results on security of SHA-1 have raised concerns on its use in future applications

14

Revised Secure Hash Standard

NIST issued revision FIPS 180-2 in 2001 adds 3 additional versions of SHA

◦ SHA-256, SHA-384, SHA-512

designed for compatibility with increased security provided by the AES cipher

structure & detail is similar to SHA-1 hence analysis should be similar but security levels are rather higher

15

SHA IS BASED ON MERKEL DAMGARD SCHEME

16

Merkel Damgard Scheme

17

18

19

Message Digest Generation Using SHA-512

20

The processing of SHA-512 consists of the following steps: • Step 1: Append padding bits • Step 2: Append length • Step 3: Initialize hash buffer • Step 4: Process the message in 1024-bit (128-word) blocks, which forms the heart of the algorithm • Step 5: Output the final state value as the resulting hash

21

Padding bits to be appended in step 1

The message is padded so that its length is congruent to 896 modulo 1024 [length = 896(mod 1024)]

This padding is always added, even if the message is in desired length already.

Thus number of padding bits is in the range 1 to 1024.

It consists of a single 1 followed by necessary no. of 0’s.

22

Appending length in step 2 Here we add 128 bits consisting of the length of the original message (before padding in Step 1).

The length of the message is taken in hexadecimal format for adding in this 128 bit pad.

Thus the length of the block becomes of length 1024 ( = 896 + 128).

23

Length Field and Padding

( |M| + |P| + 128 ) = 0 mod 1024 -> |P| = ( - |M| - 128 ) MOD 1024

Format of the padding is one 1 followed by the necessary number of 0s

24

Initialize Hash Buffer A 512-bit buffer is used to hold intermediate and final results of the hash function. The buffer can be represented as eight 64-bit registers (a, b, c, d, e, f, g, h). These registers are initialized to the following 64-bit integers (hexadecimal values):

a = 6A09E667F3BCC908 e = 510E527FADE682D1

b = BB67AE8584CAA73B d = A54FF53A5F1D36F1

c = 3C6EF372FE94F82B f = 9B05688C2B3E6C1F

g = 1F83D9ABFB41BD6B h = 5BE0CDI9137E2179

These values are stored in big-endianformat, which is the most significant byte of a word in the low-address (leftmost) byte position. These words were obtained by taking the first sixty-four bits of the fractional parts of the square roots of the first eight prime numbers.

25

SHA-512 Compression Function

heart of the algorithmprocessing message in 1024-bit blocksconsists of 80 roundsupdating a 512-bit buffer divided in eight blocks, based on fractional

part of square root of first 8 prime numbersusing a 64-bit value Wt derived from the current message blockand a round constant based on cube root of first 80 prime numbers

26

27

28

SHA-512 Round Function

29

The elements are:

Ch(e,f,g) = (e AND f) XOR (NOT e AND g) Maj(a,b,c) = (a AND b) XOR (a AND c) XOR (b AND c) ∑(a) = ROTR(a,28) XOR ROTR(a,34) XOR ROTR(a,39) ∑(e) = ROTR(e,14) XOR ROTR(e,18) XOR ROTR(e,41) + = addition modulo 2^64 Kt = a 64-bit additive constant Wt = a 64-bit word derived from the current 512-bit input block.

30

Calculation of W Wt is used in each of the 80 rounds of each block where t = ( 0 to 79). Each wt is of length 64 bits

Wt is calculated as follows: First 16 Wt’s(0 to 15) are taken as it is from the message (16 x 64=1024).

Rest of the Wt’s are calculated using the formula – Wt= ∂1(x) [W(t-2)] + W(t-7) + ∂0(x) [W(t-15)] + W(t-16).

31

Where, ∂0(x) = ROTR(x,1) XOR ROTR(x,8) XOR SHR(x,7) ∂1(x) = ROTR(x,19) XOR ROTR(x,61) XOR SHR(x,6).

32

The structure of each of the 80 rounds is shown. Each 64-bit word shuffled along one place, and in some cases manipulated using a series of simple logical functions (ANDs, NOTs, ORs, XORs, ROTATEs), in order to provide the avalanche & completeness properties of the hash function.

33

Initialize hash values: first 64 bits of the fractional parts of the square roots of the first 8 primes 2..19):

h[0..7] := 0x6a09e667f3bcc908, 0xbb67ae8584caa73b, 0x3c6ef372fe94f82b, 0xa54ff53a5f1d36f1, 0x510e527fade682d1, 0x9b05688c2b3e6c1f, 0x1f83d9abfb41bd6b, 0x5be0cd19137e2179

34

k[0..79] := [0x428a2f98d728ae22, 0x7137449123ef65cd, 0xb5c0fbcfec4d3b2f, 0xe9b5dba58189dbbc, 0x3956c25bf348b538, 0x59f111f1b605d019, 0x923f82a4af194f9b, 0xab1c5ed5da6d8118, 0xd807aa98a3030242, 0x12835b0145706fbe, 0x243185be4ee4b28c, 0x550c7dc3d5ffb4e2, 0x72be5d74f27b896f, 0x80deb1fe3b1696b1, 0x9bdc06a725c71235, 0xc19bf174cf692694, 0xe49b69c19ef14ad2, 0xefbe4786384f25e3, 0x0fc19dc68b8cd5b5, 0x240ca1cc77ac9c65, 0x2de92c6f592b0275, 0x4a7484aa6ea6e483, 0x5cb0a9dcbd41fbd4, 0x76f988da831153b5, 0x983e5152ee66dfab, 0xa831c66d2db43210, 0xb00327c898fb213f, 0xbf597fc7beef0ee4, 0xc6e00bf33da88fc2, 0xd5a79147930aa725, 0x06ca6351e003826f, 0x142929670a0e6e70, 0x27b70a8546d22ffc, 0x2e1b21385c26c926, 0x4d2c6dfc5ac42aed, 0x53380d139d95b3df, 0x650a73548baf63de, 0x766a0abb3c77b2a8, 0x81c2c92e47edaee6, 0x92722c851482353b, 0xa2bfe8a14cf10364, 0xa81a664bbc423001, 0xc24b8b70d0f89791, 0xc76c51a30654be30, 0xd192e819d6ef5218, 0xd69906245565a910, 0xf40e35855771202a, 0x106aa07032bbd1b8, 0x19a4c116b8d2d0c8, 0x1e376c085141ab53, 0x2748774cdf8eeb99, 0x34b0bcb5e19b48a8, 0x391c0cb3c5c95a63, 0x4ed8aa4ae3418acb, 0x5b9cca4f7763e373, 0x682e6ff3d6b2b8a3, 0x748f82ee5defb2fc, 0x78a5636f43172f60, 0x84c87814a1f0ab72, 0x8cc702081a6439ec, 0x90befffa23631e28, 0xa4506cebde82bde9, 0xbef9a3f7b2c67915, 0xc67178f2e372532b, 0xca273eceea26619c, 0xd186b8c721c0c207, 0xeada7dd6cde0eb1e, 0xf57d4f7fee6ed178, 0x06f067aa72176fba, 0x0a637dc5a2c898a6, 0x113f9804bef90dae, 0x1b710b35131c471b, 0x28db77f523047d84, 0x32caab7b40c72493, 0x3c9ebe0a15c9bebc, 0x431d67c49c100d4c, 0x4cc5d4becb3e42b6, 0x597f299cfc657e2a, 0x5fcb6fab3ad6faec, 0x6c44198c4a475817]

35

Applications The SHA-2 hash function is implemented in some widely used security applications and protocols, including TLS and SSL, PGP, SSH

SHA-512 is part of a system to authenticate archival video from the International Criminal Tribunal of the Rwandan genocide

36

TLS and SSL Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both of which are frequently referred to as 'SSL', are cryptographic protocols designed to provide communications security over a computer network. Several versions of the protocols are in widespread use in applications such as web browsing, email, Internet faxing, instant messaging, and voice-over-IP (VoIP).

37

Pretty Good Privacy Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications.

38

DNSSEC The Domain Name System Security Extensions (DNSSEC) is a suite of Internet Engineering Task Force (IETF) specifications for securing certain kinds of information provided by the Domain Name System (DNS) as used on Internet Protocol (IP) networks.

39

It is a set of extensions to DNS which provide to DNS clients (resolvers) origin authentication of DNS data, authenticated denial of existence, and data integrity, but not availability or confidentiality.

40

SSH Secure Shell, or SSH, is a cryptographic (encrypted) network protocol to allow remote login and other network services to operate securely over an unsecured network.

SSH provides a secure channel over an unsecured network in a client-server architecture, connecting an SSH client application with an SSH server.

41

Features of SHA-512 The algorithm is used to compute a message digest for a message or data file that is provided as input. The message or data file should be considered to be a bit string. The length of the message is the number of bits in the message (the empty message has length 0).

42

If the number of bits in a message is a multiple of 8, for compactness we can represent the message in hex.

The purpose of message padding is to make the total length of a padded message a multiple of 512.

43

Why not SHA-1? SHA-1 , a standard hash function developed by NIST, creates digests of 160 bits. The function is attacks. To launch a collision attack, the adversary needs to test 2160/2 = 280 tests in the collision algorithm. Even if the adversary can perform 230 (more than one billion) tests in a second, it takes 250 seconds (more than ten thousand years) to launch an attack..

44

Drawback of SHA-2? The SHA-2 functions were not quickly adopted, despite better security than SHA-1.

Reasons might include lack of support for SHA-2 on systems running Windows XP SP2 or older and a lack of perceived urgency since SHA-1 collisions have not yet been found.

45

SHA-512 is secure The new hash function, that is a NIST standard, is SHA-512 , which has a 512-bit digest. This function is definitely resistant to collision attacks based on the Random Oracle Model. It needs 2512/2 = 2256 tests to find a collision with the probability of 1/2.

46

47

48