Scribd Logo
Upload

Welcome to Scribd!

  • CO1508 Computer Systems & Security - Week 07 Cryptography - Hash Functions & Digital Signatures

    Uploaded by

    Edward Lee
    22 views7 pages
    The document is a weekly reading on cryptography that discusses hash functions like HMAC, MD5, and SHA-1. It provides examples of how to generate HMAC codes and visualize hash functions in Cryptool. It also covers digital signatures, generating digital signatures with RSA, and exploiting hash collisions to attack digital signatures. Exercises are provided to sign documents and verify signatures, as well as break ciphertexts using cryptanalysis.

    Original Description:

    Original Title

    CO1508 Practical 07

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document is a weekly reading on cryptography that discusses hash functions like HMAC, MD5, and SHA-1. It provides examples of how to generate HMAC codes and visualize hash functions in Cryptool. It also covers digital signatures, generating digital signatures with RSA, and exploiting hash collisions to attack digital signatures. Exercises are provided to sign documents and verify signatures, as well as break ciphertexts using cryptanalysis.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    22 views7 pages

    CO1508 Computer Systems & Security - Week 07 Cryptography - Hash Functions & Digital Signatures

    Uploaded by

    Edward Lee
    The document is a weekly reading on cryptography that discusses hash functions like HMAC, MD5, and SHA-1. It provides examples of how to generate HMAC codes and visualize hash functions in Cryptool. It also covers digital signatures, generating digital signatures with RSA, and exploiting hash collisions to attack digital signatures. Exercises are provided to sign documents and verify signatures, as well as break ciphertexts using cryptanalysis.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 7

    Page 1 of 7

    CO1508 Computer Systems & Security – Week 07


    Cryptography – Hash Functions & Digital Signatures

    Summary
    You are going to learn a new hash algorithm called Hash Message Authentication Code
    (HMAC) and practice some examples of other hash functions such as MD5 and SHA-1 using
    Cryptool 1. You’ll also learn about digital signatures, RSA signature and mount attacks
    against the hash value of a digital signature.

    Activities

    1. HMAC Hash Algorithm

    Keyed Hash Message Authentication Code (HMAC) ensures integrity and authentication of a
    message. It requires a common key for both sender and recipient. It follows similar principle
    of other hash algorithms but adds a secret key to the process.

    Open Cryptool 1 and select Indiv. Procedures > Hash > Generation of HMACs. Read the
    description carefully before proceeding.

    CO1508 Computer Systems and Security, UCLAN – 2019-2020


    Page 2 of 7

    Select SHA-1 as a hash function and double hashing as HMAC variants.

    Enter your key “cowabunga”. The HMAC code generated from the message and the key is

    72 28 A5 7D 50 11 86 09 2E C2 C4 76 2C 98 9A 49 AA C9 E5 6A

    Now, select from Indiv. Procedures > Hash > Hash Demonstration.

    Select a hash function from Selection of hash function (any hash function you want).

    Add a space after ‘CrypTool’ in the plaintext. You will see at least 47% to 53% bits differ. A
    good hash function reacts highly sensitively to even the smallest change in the plaintext:
    Avalanche effect (small change, big impact).

    Now, for the following exercises you can select either SHA-1, HMAC, or MD5.

    Exercise 1

    Use an example to show that Hash function can help to protect the integrity of your
    message. You can encrypt your plaintext message, tamper the ciphertext and use hash
    function to check whether the decrypted messaged is changed.

    Exercise 2

    Use an example to show that if you tamper both ciphertext and hash value properly, you
    can escape from the integrity check of the hash function.

    CO1508 Computer Systems and Security, UCLAN – 2019-2020


    Page 3 of 7

    Show your tutor your solutions before moving on to the next stage.

    2. Digital Signature Visualisation

    Select from Digital Signatures/PKI > Signature Demonstration (Signature Generation)

    Click on “Select hash function”. Choose SHA-1 and click OK


    Click “Generate Key” and “Generate prime numbers” in the dialogue then enter 2^200 as
    the lower limit and 2^201 as upper limit and click Generate prime numbers and apply
    primes.
    Click Store key button.
    Click Provide certificate then enter your details:
    Name: Your last name
    First name: Your first name
    Key identifier: Your key
    PIN: cryptool
    PIN verification: cryptool
    Then click “Create Certificate and PSE”. Click on Certificate and have a look at the
    generated one with your name.

    CO1508 Computer Systems and Security, UCLAN – 2019-2020


    Page 4 of 7

    Click Compute hash value then Encrypt hash value.


    Now, click Generate signature then Store signature.

    Click OK and you’ll see the digital signature generated using RSA and SHA-1 (as hash
    algorithm) for the document startingexample-en.txt
    Close the signature window before moving on to the next stage.

    3. RSA Digital Signature

    Select Digital Signatures/PKI > PKI > Generate/Import Keys.


    Enter your details as you did before, keep everything to default and click on Generate new
    key pair button.
    After receiving the confirmation message, click OK then click Show key pair…
    Choose your new generated key and click on Show certificate

    Now, close all the windows and make sure the startingexample-en.txt is open. We’ll sign
    this document as follows:

    CO1508 Computer Systems and Security, UCLAN – 2019-2020


    Page 5 of 7

    Select Digital Signatures/PKI > Sign Message and enter the following details:
    Choose hash function: SHA-1
    Choose signature algorithm: RSA
    Choose a key/PSE to be used when signing: Your key
    PIN code: cryptool
    And click on Sign button.

    Now, examine the signature. You’ll notice the signature is at the beginning of the document
    to be signed.

    To get a clearer idea, choose Digital Signature/PKI > Extract Signature to see clearly the
    signature value and document that is signed.

    Click on Verify to verify the signature and choose the right originator from the list. If it’s
    correct, you’ll receive a message saying, “Correct signature!”

    Try to modify the text by adding/deleting something and try Digital Signature/PKI > Verify
    Signature again. You should receive a negative result this time “Invalid signature!”

    This is how digital signatures can guarantee the integrity of the message to make sure it’s
    not altered or tampered with.

    CO1508 Computer Systems and Security, UCLAN – 2019-2020


    Page 6 of 7

    4. Exploiting Hash Collision to Attack Digital Signatures

    Before we start, remember that hash collision occurs when two different messages produce
    the same hash value. We’ll try to exploit this vulnerability to break the digital signature.

    Select Analysis > Hash > Attack on the Hash Value of the Digital Signature. Click Options
    and select MD5 under Hash function and 40 for Significant bit length and click Apply.

    After that, click Start search and wait ☺ You should then receive a message saying the
    attack was successful. Click OK to move on. You should see something like this:

    Close this window and have a look at the two messages: harmless message and dangerous
    message. It’s two different messages with the same hash value, which means you can get

    CO1508 Computer Systems and Security, UCLAN – 2019-2020


    Page 7 of 7

    the original message (ordering a typewriter), modify it (to order Porsche!), sign it again
    (using the receiver’s public key) and it’ll be undetected!!!

    You can try larger numbers than 40 for the Significant bit length. However, beware that the
    larger you go the longer it’ll take to find a successful attack (it might take days if you put 128
    bits). Don’t try this now ☺ unless you want to sleep here for the next few days waiting!

    Exercise 3

    Generate a new key pair and a digital signature for a file you choose. Then, export the public
    key and the signature to two different files.

    Verify the digital signature by importing the public key and the signature that is alleged to
    be the signature of the specified data file (you’ve chosen) and to verify the authenticity of
    the signature.

    Exercise 4

    List the frequencies for the top 4 characters found in the following ciphertext then break it:

    MKLAJZHAIUQWKHJABZNXBVHAGKFASDFGALQPIWRYIOQYWIERMASVZMNBZXCKJASDFGLK
    JFHWQERYIOQWTYIOASUDYFLASKJDHFZMZVBCXMVQLWERYIQRASDFQIWUERYIHKMFMAK
    HLSDFYUIOQWYREIORYIWQEUFHAKDFHLKASHFKVBBBNASMDFSADFWQEUYRUUEYRUUUQ
    KASJHFKJDSHFSNBNBNBNBABABAAASKJFHLKJSADHFIDUASFOYDASIYFQWERBQWBRKLJLKAS
    SADFDFDASDA.

    Exercise 5

    Break this ciphertext. What is the plaintext? What is the key?

    OTWEWNGWCBPQABIZVQAPMLJGZWTTQVOBQUMAPMIDGZCAB

    EQVBMZLZIXMLAXZQVOQVLMMXAVWEIVLLIZSNZWAB

    JQZLWNLMTQOPBVIUMLGWCBPAEQNBTGTMNBBPMVMAB

    ITIAKWCTLVBBQUMQBEPQTMQBEIAQVUGBZCAB

    CO1508 Computer Systems and Security, UCLAN – 2019-2020

    You might also like