Professional Documents
Culture Documents
Unit 6 PHT - Mac - 1
Unit 6 PHT - Mac - 1
Authentication
Codes & Hash
Functions
Message Authentication
▪ Message authentication is a procedure to verify that received
message came from the genuine source and has not been altered.
▪ Message authentication may also verify sequencing and
timeliness.
▪ Message authentication is a mechanism or service used to verify
the integrity of a message.
▪ Message authentication assures that data received are exactly
same as sent (i.e., message contains no modification, no insertion,
no deletion, or no replay).
Message Authentication Requirements
1. Disclosure: Release of message contents.
2. Traffic analysis: Analyses the traffic and observe the pattern of
traffic between parties.
3. Masquerade: Insertion of messages into the network from a
fraudulent source.
4. Content modification: Changes to the contents of a message.
5. Sequence modification: Any modification to a sequence of
messages between parties.
6. Timing modification: Delay or replay of messages.
7. Source repudiation: Denial of transmission of message by source.
8. Destination repudiation: Denial of receipt of message by
destination.
Message Authentication Requirements
1. Disclosure Requires Message
2. Traffic analysis Confidentiality
3. Masquerade
4. Content modification Requires Message
Authentication
5. Sequence modification
6. Timing modification
7. Source repudiation Requires Digital
Signature
8. Destination repudiation
Authentication Functions
Types of functions that may be used to produce an authenticator.
1) Message Encryption: Ciphertext of the entire message serves as
its authenticator
2) Message Authentication Code(MAC): A function of the message
and a secret key that produces a fixed length value that serves as
the authenticator.
3) Hash Function: A function that maps a message of any length
into a fixed-length hash value, which serves as the authenticator.
Message Encryption
Source A Destination B
M E D M
K 𝑬(𝑲, 𝑴) K
(a) Symmetric encryption : confidentiality and authentication
M E D M
M E E D D M
MAC = C ( K , M )
Message Authentication Code
Source A Destination B
C
M K ll M
Compare
K
C
C(K, M)
(a) Message authentication
▪ The receiver is assured that the message has not been altered.
▪ If an attacker alters the message but does not alter the MAC, then
the receiver’s calculation of the MAC will differ from the received
MAC.
Message Authentication Code
▪ The receiver is assured that the message is from the alleged
sender.
▪ Because no one else knows the secret key, no one else could
prepare a message with a proper MAC.
▪ A MAC function is similar to encryption. One difference is that the
MAC algorithm need not be reversible, as it must be for
decryption.
Message Authentication Code
Source A Destination B
C
M K1 ll E D M
Compare
K1
C K2 K2
E(K2, [M||C(K1, M)]) C(K1, M)
(b) Message authentication and confidentiality; authentication tied to plaintext
E(K2, M)
D
E ll C
M K1 M
Compare K2
K2 K1
C
H E D
E(K, H(M))
S ll H
H(M || S)
▪ It is possible to use a hash function but no encryption for message
authentication.
▪ A and B share a common secret value S.
▪ A computes the hash value over the concatenation of M and S
and appends the resulting hash value to M. Because B possesses
S, it can recompute the hash value to verify the message.
▪ An opponent cannot modify an intercepted message.
Message authentication method - 4
Source A Destination B
ll H
E D M S
M ll
Compare
ll H K K
S
H(M || S)
E (K, [ M || H(M || S)])
MAC = C ( K , M )
Digital Signature
▪ A digital signature is a mathematical technique used to validate
the authenticity and integrity of a message, software or digital
document.
▪ The operation of the digital signature is similar to that of the MAC.
▪ In the case of the digital signature, the hash value of a message is
encrypted with a user’s private key.
▪ Anyone who knows the user’s public key can verify the integrity of
the message that is associated with the digital signature.
Digital Signature
▪ How are we going to efficiently compute signatures of large
messages?
X1 X2 … XN
S1 S2 … SN
Three Problems
▪ Computational overhead
▪ Message overhead
▪ Security limitations
• Attacker could re-order or re-use signed blocks.
Digital Signature
Solution:
▪ Instead of signing the whole message, sign only a digest (=hash)
Also secure, but much faster.
▪ Needed: Hash Functions
X1 X2 … XN
Kpr Sig
S
Digital Signature method - 1
Source A Destination B
H
M ll M Compare
PRa PUa
H E D
E(PRa, H(M))
H E K K D
E(PRa, H(M))
E (K, [ M || E(PRa, H(M)])
C1 C2 CN
Data Authentication Algorithm (DAA)
Time = 1 Time = 2 Time = N
D1
D2 DN
(64 bits)
O1
O2 ON
(64 bits)
Data Authentication Algorithm (DAA)
𝑂1 = 𝐸 𝐾, 𝐷1
𝑂2 = 𝐸 𝐾, 𝐷2 ⊕ 𝑂1
𝑂3 = 𝐸(𝐾, 𝐷3 ⊕ 𝑂2 )
.
.
𝑂𝑁 = 𝐸(𝐾, 𝐷𝑁 ⊕ 𝑂𝑁−1 )
Data Authentication Algorithm (DAA)
▪ The data (e.g. message, record, file, or program) to be
authenticated are grouped into contiguous 64-bit blocks D1, D2, …,
Dn.
▪ If necessary, the final block is padded on the right with zeroes to
form a full 64-bit block.
▪ Using the DES encryption algorithm E and a secret key K, a data
authentication code (DAC) is calculated.
Simple Hash Function
▪ The input (message, file, etc.) is viewed as a sequence of n-bit
blocks.
▪ The input is processed one block at a time in an iterative fashion
to produce an n-bit hash function.
▪ One of the simplest hash functions is the bit-by-bit exclusive-OR
(XOR) of every block.
𝑪𝒊 = 𝒃𝒊𝟏 ⊕ 𝒃𝒊𝟐 ⊕ … ⊕ 𝒃𝒊𝒎
Where,
𝐶𝑖 = ith bit of the hash code 1 ≤ i ≤ n
m = number of n-bit blocks in the input
𝑏𝑖𝑗 = ith bit in jth block
SHA - Secure Hash Algorithm
SHA - 1 SHA - 224 SHA - 256 SHA - 384 SHA - 512
Message
160 224 256 384 512
Digest Size
Message Size < 264 < 264 < 264 < 2128 < 2128
Block Size 512 512 512 1024 1024
Word Size 32 32 32 64 64
Number of
80 64 64 80 80
Steps
SHA - 512
▪ The algorithm takes input as a message with a maximum length of
less than 2128 bits and produces output as a 512-bit message
digest.
▪ The input is processed in 1024-bit blocks.
Message Digest Generation using SHA - 512
F F F
+ + +
Message
schedule
a b c d e f g e 64
W0 K0
Round 0
a b c d e f g e 64
W79 K79
Round 79
+ + + + + + + +
Hi
SHA - 512 Processing of a Single 1024-Bit Block
▪ Each round takes as input the 512-bit buffer value, abcdefgh, and
updates the contents of the buffer.
▪ At input to the first round, the buffer has the value of the
intermediate hash value, Hi-1.
▪ Each round t makes use of a 64-bit value Wt, derived from the
current 1024-bit block being processed.
▪ The output of the eightieth round is added to the input to the first
round (Hi-1) to produce Hi.
Step – 5 Output
▪ After all Nth block of 1024-bit have been processed, the output
from the Nth stage is the 512-bit message digest.
SHA - 512 Round Function
SHA - 512 Round Function – Cont…
a b c d e f g h
Ch +
Ʃ Maj
+ Ʃ +
+ +
+ Wt
+ Kt
a b c d e f g h
ℎ=𝑔
𝑔=𝑓
𝑓=𝑒
𝑒 = 𝑑 + 𝑇1
𝑑=𝑐
𝑐=𝑏
𝑏=𝑎
𝑎 = 𝑇1 + 𝑇2
512
𝑇1 = ℎ + Ch 𝑒, 𝑓, 𝑔 + 𝑒 + 𝑊𝑡 + 𝐾𝑡
1
512
𝑇2 = 𝑎 + Maj 𝑎, 𝑏, 𝑐
0
SHA - 512 Round Function Elements
▪ Maj(a,b,c) = (a AND b) XOR (b AND c) XOR (a AND c) Majority of
arguments are true.
▪ Conditional function = (e AND f) XOR (NOT e and g)
▪ ∑(a) = ROTR(a,28) XOR ROTR(a,34) XOR ROTR(a,39)
▪ ∑(e) = ROTR(e,14) XOR ROTR(e,18) XOR ROTR(e,41)
▪ + = addition modulo 264
▪ Kt = a 64-bit additive constant.
▪ Wt = a 64-bit word derived from plaintext.
▪ ROTR = Circular right shift rotataion