Chap 11. Message Authentication and Hash Functions PDF

Chap 11. Message Authentication and Hash Functions Authentication Requirements Authentication Requirements Kind of attacks in the context of communications across a network 1. Disclosure Confidentiality 2. Traffic analysis 3. Masquerade 4. Content modification Message Digital 5. Sequence modification Authentication Signature 6. Timing modification 7. Source repudiation 8. Destination repudiation Specialized Digital Signature Authentication Requirements Authentication Requirements Message authentication A procedure to verify that received messages come from the alleged source and have not been altered Message authentication may also verify sequencing and timeliness Digital signature An authentication technique that also includes measures to counter repudiation by the source The objective of digital signatures is to authenticate and verify documents and data. This is necessary to avoid tampering and digital modification or forgery during the transmission of official documents. Authentication Functions Authentication Functions Message authentication or digital signature mechanism can be viewed as having two levels At lower level: there must be some sort of functions producing an authenticator – a value to be used to authenticate a message This lower level functions is used as primitive in a higher level authentication protocol Three classes of functions that may be used to produce an authenticator 1. Message encryption Ciphertext itself serves as authenticator 2. Message authentication code (MAC)  In cryptography, a message authentication code (MAC), sometimes known as a tag, is a short piece of information used for authenticating a message. In other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed.  A function of the message and a secret key that produces a fixed- length value that serves as the authenticator 3. Hash function A function that maps a message of any length into a fixed-length hash value that serves as the authenticator Authentication Functions Message Encryption Symmetric encryption can serve as authenticator Symmetric encryption provides authentication as well as confidentiality Requires recognizable plaintext or other structure to distinguish between well-formed legitimate plaintext and meaningless random bits e.g., ASCII text, an appended checksum(a basic checksum may simply be the number of bytes in a file), or use of layered protocols Public-key encryption also can serve as authenticator Remember: unlike symmetric encryption, which uses the same secret key to encrypt and decrypt sensitive information, asymmetric encryption, also known as public-key cryptography or public-key encryption, uses mathematically linked public- and private-key pairs to encrypt and decrypt senders’ and recipients’ sensitive data. Authentication Functions Basic Uses of Message Encryption SYMMETRIC ENCRYPTION A message M transmitted from source to destination B is encrypted using a secret key K shared by A and B. If no other party knows the key, then confidentiality is provided: No other party can recover the plaintext of the message. In addition, B is assured that the message was generated by A. Why? The message must have come from A, because A is the only other party that possesses K and therefore the only other party with the information necessary to construct ciphertext that can be decrypted with K. both sender and receiver use private key to encrypt/decrypt ensures both authentication and confidentiality. So we may say that symmetric encryption provides authentication as well as confidentiality. Authentication Functions Basic Uses of Message Encryption Authentication Functions Basic Uses of Message Encryption Basic Uses of Message Encryption Basic Uses of Message Encryption Symmetric Encryption A message M transmitted from source A to destination B is encrypted using a secret key K shared by both If no other party knows the key, then confidentiality is provided B is assured that the message was generated by A because A is the only other party that possesses K. Hence, authentication is provided. Hence, symmetric encryption provides authentication as well as confidentiality It may be difficult to determine automatically if incoming ciphertext decrypts to intelligible plaintext or not an opponent could achieve a certain level of disruption Solution to this problem force the plaintext to have some structure for example, append an error-detecting code, also known as a frame check sequence (FCS) or checksum, to each message before encryption the order in which the FCS and encryption functions are performed is critical Two classifications: Internal, External Authentication Functions Ways of Providing Structure - 1 Append an error-detecting code (frame check sequence (FCS) or checksum) to each message before encryption Data frames often get corrupted while transmission through a communication medium. FCS bits are added to the frame prior to its transmission across the network. FCS code is again calculated at the destination site and compared with FCS bits of the frame, if FCS matches then the transmission is considered successful else frames are discarded. Hence, it is used for error detection. Authentication Functions Internal error control We could, for example, append an error-detecting code, also known as a frame check sequence (FCS) or checksum, to each message before encryption, as illustrated in Figure (a). A prepares a plaintext message M and then provides this as input to a function F that produces an FCS. The FCS is appended to M and the entire block is then encrypted. At the destination, B decrypts the incoming block and treats the results as a message with an appended FCS. B applies the same function F to attempt to reproduce the FCS. If the calculated FCS is equal to the incoming FCS, then the message is considered aut hentic. Authentication Functions Message Authentication Code Uses a shared secret key to generate a fixed-size block of data (known as a cryptographic checksum or MAC) that is appended to the message This technique assumes that two communicating parties, say A and B, share a common secret key K. Generated by an algorithm that creates a small fixed-sized block Provides assurance that message is unaltered and comes from sender Receiver performs same computation on message and checks it matches the MAC MAC = CK(M), where C is a MAC function Assurances: Message has not been altered Message is from the alleged sender Message sequence is unaltered (requires internal sequencing) Similar to encryption but MAC algorithm need not be reversible Authentication Functions Message Authentication Code Theory of operation When A has a message to send to B, it calculates the MAC as a function of the message and the key: MAC = C(K, M), where M = input message C = MAC function K = shared secret key MAC = message authentication code The message plus MAC are transmitted to the intended recipient. The recipient performs the same calculation on the received message, using the same secret key, to generate a new MAC. The received MAC is compared to the calculated MAC if the received MAC matches the calculated MAC, then The receiver is assured that the message has not been altered The receiver is assured that the message is from the alleged sender Authentication Functions Basic Uses of MAC Authentication Functions Basic Uses of MAC Authentication Functions Basic Uses of MAC Authentication Functions Basic Uses of MAC The process depicted in Figure (a) provides authentication but not confidentiality, because the message as a whole is transmitted in the clear. Confidentiality canbe provided by performing message encryption either after (Figure b) or be fore (Figure c) the MAC algorithm. In both these cases, two separate keys are needed, each of which is shared by the sender and the receiver. In the first case (Figure b), the MAC is calculated with the message as input and is then concatenated to the message. The entire block is then encrypted. In the second case (Figure c), the message is encrypted first. Then the MAC is calculated using the resulting ciphertext and is concatenated to the ciphertext to form the transmitted block. Typically, it is preferable to tie the authentication directly to the plaintext, so the method of Figure b is used. Authentication Functions Why Use MACs? Why not just use encryption? Cleartext stays clear MAC might be cheaper Sometimes only authentication is needed Broadcast Authentication of executable codes Sometimes need authentication to persist longer than the encryption (e.g., archival use) Separation of authentication and confidentiality provides architectural flexibility MAC does not provide a digital signature Because both sender and receiver share the same key Authentication Functions Hash Function One-way hash function Converts a variable size message M into fixed size hash code H(M) (Sometimes called a message digest) Unlike the MAC, a hash code does not use a key but is a function only of the input message Provides message integrity Can be used with encryption or a shared key for authentication E(M || H(M)) : identical to the internal error control strategy M || E(H(M)) : a MAC M || signed H : typical digital signature E(M || signed H) M || H(M || K) : keyed hash (no encryption) E(M || H(M || K))

Chap 11. Message Authentication and Hash Functions PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue