CSCE CSCE 815 815 Network Network Security Security Lecture Lecture 88
34 Slides450.00 KB
CSCE CSCE 815 815 Network Network Security Security Lecture Lecture 88 SHA Operation and Kerberos
Resources Stallings Web Site: http://williamstallings.com/ Network Security Essentials, Second Edition Instructors Resources PowerPoint Slides Henric Johnson Tables and Figures Student Resources: look here for yourself! Resources for Cryptography and Network Security, Third Edition http://williamstallings.com/Crypto3e.html Instructors Resources –2– Figures, Tables PowerPoint Lawrie Brown CSCE 815 Sp 03
Test 1 Feb 20 Sample Test ? (next Time) Open vs Closed? Questions 1. Analyze this sequence of ciphertext given table of frequencies. 2. Analyze this ciphertext knowing it is a very simple permutation. 3. Describe approach to decipher composition of substitution and permutation. 4. DES ? 5. RSA ? 6. SHA, MAC, –3– CSCE 815 Sp 03
–4– CSCE 815 Sp 03
Birthday Attacks You might think a 64-bit hash is secure But by Birthday Paradox is not The Birthday attack works thus: opponent generates 2m/2 variations of a valid message all with essentially the same meaning opponent also generates 2m/2 variations of a desired fraudulent message two sets of messages are compared to find pair with same hash (probability 0.5 by birthday paradox) have user sign the valid message, then substitute the forgery which will have a valid signature Conclusion is that need to use larger MACs –5– CSCE 815 Sp 03
One-way HASH function –6– CSCE 815 Sp 03
One-way HASH function Secret value is added before the hash and removed before transmission. –7– CSCE 815 Sp 03
SHA Overview pad message so its length is 448 mod 512 append a 64-bit length value to message initialize 5-word (160-bit) buffer (A,B,C,D,E) to (67452301,efcdab89,98badcfe,10325476,c3d2e1f0) process message in 16-word (512-bit) chunks: expand 16 words into 80 words by mixing & shifting use 4 rounds of 20 bit operations on message block & buffer add output to input to form new buffer value output hash value is the final buffer value –8– CSCE 815 Sp 03
Message Digest Generation Using SHA-1 –9– CSCE 815 Sp 03
SHA-1 Processing of single 512-Bit Block – 10 – CSCE 815 Sp 03
Figure 12-6 (C&NS) SHA one step – 11 – CSCE 815 Sp 03
SHA-1 Compression Function Each round has 20 steps which replaces the 5 buffer words thus: (A,B,C,D,E) -(E f(t,B,C,D) S5(A) Wt Kt),A,S30(B),C,D) A,B,C,D,E refer to the five words of the buffer t is the step number Kt is a constant value derived from step ft(t,B,C,D) is nonlinear function for round Wt is derived from the message block Sk – circular shift by k bits here means addition modulo 232 – 12 – CSCE 815 Sp 03
Ktt - Constants for SHA-1 steps Step Number Kt (in hex) Integer portion of -1 t 20 5A827999 230 x sqrt(2) 19 t 40 6ED9EBA1 230 x sqrt(3) 39 t 60 8F1BBCDC 230 x sqrt(5) 59 t 80 CA62C1D6 230 x sqrt(10) – 13 – CSCE 815 Sp 03
ftt – Round Functions for SHA-1 steps Step Number ft (t,B,C,D) -1 t 20 (B C) V (B’ D) 19 t 40 B C D 39 t 60 (B C) V (B D) V (C D) 59 t 80 B C D Where B’ means B complement, and on this slide means XOR – 14 – CSCE 815 Sp 03
Wtt words 32 bit Wt words For the first 16 words Wt 16 words of current block Henceforth Wt S1(Wt-16 Wt-14 Wt-8 Wt-3) means XOR – 15 – CSCE 815 Sp 03
– 16 – CSCE 815 Sp 03
Message Digest Generation Using SHA-1 revisited – 17 – CSCE 815 Sp 03
Output Stage of SHA-1 After all 512 bit blocks have been processed Where IV initial vector, initial value of five words L number of 512 bit blocks in padded message MD final Message Digest ABCDEq output of last round of processing of the qth block Algorithm CV0 IV for q 0 to L CVq 1 CVq ABCDEq MD CVL – 18 – CSCE 815 Sp 03
Other Secure Hash Functions MD5 Message Digest Algorithm RFC 1321 Ron Rivest 128 bit message digest with faster processors security has become questionable RIPEMD-160 Round European group produces 160 bit digest processes text in 512 bit blocks – 19 – CSCE 815 Sp 03
Other Secure HASH functions- table 3.1 SHA-1 MD5 RIPEMD-160 Digest length 160 bits 128 bits 160 bits Basic unit of processing 512 bits 512 bits 512 bits Number of steps 80 (4 rounds of 20) 64 (4 rounds of 16) 160 (5 paired rounds of 16) – 20 – Maximum message 264-1 bits size CSCE 815 Sp 03
Message Authentication Codes revisited MAC based on MAC algorithm and Key K Hash Functions one way function not based on key – 21 – CSCE 815 Sp 03
Keyed Hash Functions as MACs have desire to create a MAC using a hash function rather than a block cipher because hash functions are generally faster not limited by export controls unlike block ciphers hash includes a key along with the message original proposal: KeyedHash Hash(Key Message) some weaknesses were found with this eventually led to development of HMAC – 22 – CSCE 815 Sp 03
HMAC Use a MAC derived from a cryptographic hash code, such as SHA-1. Motivations: Cryptographic hash functions executes faster in software than encryption algorithms such as DES Library code for cryptographic hash functions is widely available No export restrictions from the US RFC 2104 – 23 – CSCE 815 Sp 03
HMAC Design Objectives Proposal to include secret key in hash function RFC 2104 lists design objectives for HMAC 1. To use available hash functions 2. Allow easy replaceability of hash function 3. Maintain performance of original hash 4. Use and handle keys simply 5. Have well understood cryptographic analysis of strength of the authentication method – 24 – CSCE 815 Sp 03
HMAC Structure fig 3.6 – 25 – CSCE 815 Sp 03
HMAC Details Hash embedded hash function (e.g., SHA-1) M – message L – number of blocks in M Yi – the ith block of M 0 i L b number of bits in a block n length of hash code produced by embedded hash K secret Key K K padded on left with zeroes so length is b Ipad 00110110 repeated b/8 times Opad 01011100 repeated b/8 times – 26 – CSCE 815 Sp 03
Diffie Hellman Key Exchange First published public-key algorithm (1976) Purpose is to allow two users to exchange a private key Diffie-Hellman depends on the difficulty in computing discrete logarithms (inverse exponentials) Choose a prime p, consider the sequence a mod p, a2 mod p, a3 mod p, ap-1 mod p If these are distinct and a permutation of 1 p-1, then 1. 2. b ai mod p then ‘i’ is the discrete logarithm of b a is called a primitive root of p Diffie-Hellman fig 3.10 – 27 – CSCE 815 Sp 03
Diffie-Hellman Algorithm fig 3.10 Global public elements q – a prime and ‘a’ a primitive root of q User A key generation Select private XA, calculate public YA aXA mod q User B key generation Select private XB, calculate public YB aXB mod q Generation of Secret Key by User A K (YB)XA mod q Generation of Secret Key by User B K (YA)XB mod q – 28 – CSCE 815 Sp 03
Other Public-Key Cryptographic Algorithms Meaning other than RSA Digital Signature Standard (DSS) Makes use of the SHA-1 Not for encryption or key echange Elliptic-Curve Cryptography (ECC) – 29 – Good for smaller bit size Low confidence level, compared with RSA Very complex CSCE 815 Sp 03
Diffie-Hellman Key Exchange fig 3.11 – 30 – CSCE 815 Sp 03
Key Management Major contribution of public-key encryption is to address the problem of key distribution Private keys as in RSA to distribute key for AES Public keys Public Key Certificates Public keys are public. Why not just broadcast? Forgery of public announcement Darth sends out “I’m Bob and my public key is XXX” Then Darth can read secret messages for Bob and Bob can’t Public Key certificate: public key User Id signed by trusted third party X.509 protocol for certificates (next time) – 31 – CSCE 815 Sp 03
Key Management Public-Key Certificate Use fig 3.12 – 32 – CSCE 815 Sp 03
Public-Key Distribution of Secret Keys How to share private key between Bob and Alice Diffie-Hellman Works but no user authentication Alternative 1. Prepare message. 2. Encrypt message using conventional encryption using onetime session key. 3. Encrypt session key using public-key with Alice’s public key. 4. Attach the encrypted session key to the message and send to Alice. Only Alice is capable of decrypting the session key. Bob get’s public key from Alice’s public-key certificate. – 33 – CSCE 815 Sp 03
Summary have considered: – 34 – message authentication using message encryption MACs hash functions some current hash algorithms: MD5, SHA-1, RIPEMD-160 HMAC authentication using hash function Diffie-Hellman Key Exchange CSCE 815 Sp 03
