cryptographic data integrity algorithms
DESCRIPTION
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS. Contents. CRYPTOGRAPHIC HASH FUNCTIONS MESSAGE AUTHENTICATION CODES DIGITAL SIGNATURES. 1. CRYPTOGRAPHIC HASH FUNCTIONS. Applications of Cryptographic Hash Functions Two Simple Hash Functions Requirements and Security - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/1.jpg)
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS
![Page 2: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/2.jpg)
Contents
1. CRYPTOGRAPHIC HASH FUNCTIONS2. MESSAGE AUTHENTICATION CODES3. DIGITAL SIGNATURES
2
![Page 3: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/3.jpg)
3
1. CRYPTOGRAPHIC HASH FUNCTIONS
Applications of Cryptographic Hash Functions Two Simple Hash Functions Requirements and Security Hash Functions Based on Cipher Block Chaining Secure Hash Algorithm (SHA) SHA-3
![Page 4: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/4.jpg)
4
KEY POINTS
A hash function maps a variable-length message into a fixed-length hash value, or message digest.
Virtually all cryptographic hash functions involve the iterative use of a compression function.
The compression function used in secure hash algorithms falls into one of two categories: a function specifically designed for the hash function or an algorithm based on a symmetric block cipher. SHA and Whirlpool are examples of these two approaches, respectively.
![Page 5: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/5.jpg)
5
A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h=H(M). A “good” hash function has the property that the results of applying the function to a large set of inputs will produce outputs that are evenly distributed and apparently random.
A cryptographic hash function is an algorithm for which it is computationally infeasible (because no attack is significantly more efficient than brute force) to find either (a) a data object that maps to a pre-specified hash result (the one-way property) or (b) two data objects that map to the same hash result (the collision-free property).
![Page 6: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/6.jpg)
6
![Page 7: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/7.jpg)
7
APPLICATIONS OF CRYPTOGRAPHIC HASH FUNCTIONS
Message Authentication
The message plus concatenated hash code is encrypted using symmetric encryption. Because only A and B share the secret key, the message must have come from A and has not been altered. The hash code provides the structure or redundancy required to achieve authentication. Because encryption is applied to the entire message plus hash code, confidentiality is also provided
![Page 8: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/8.jpg)
8
Message Authentication (cont.)
Only the hash code is encrypted, using symmetric encryption. This reduces the processing burden for those applications that do not require confidentiality.
![Page 9: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/9.jpg)
9
Message Authentication (cont.)
It is possible to use a hash function but no encryption for message authentication. The technique assumes that the two communicating parties share a common secret value S. A computes the hash value over the concatenation of M and S and appends the resulting hash value to M. Because B possesses S, it can recompute the hash value to verify. Because the secret value itself is not sent, an opponent cannot modify an intercepted message and cannot generate a false message.
![Page 10: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/10.jpg)
10
Message Authentication (cont.)
Confidentiality can be added to the approach of method (c) by encrypting the entire message plus the hash code.
![Page 11: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/11.jpg)
11
Digital Signatures
![Page 12: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/12.jpg)
12
SECURE HASH ALGORITHM (SHA)
![Page 13: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/13.jpg)
13
2. MESSAGE AUTHENTICATION CODES
Message Authentication Requirements Message Authentication Functions Requirements for Message Authentication Codes Security of MACs MACs Based on Hash Functions: HMAC MACs Based on Block Ciphers: DAA and CMAC Authenticated Encryption: CCM and GCM Pseudorandom Number Generation Using Hash
Functions and Macs
![Page 14: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/14.jpg)
14
KEY POINTS
Message authentication is a mechanism or service used to verify the integrity of a message. Message authentication assures that data received are exactly as sent by (i.e., contain no modification, insertion, deletion, or replay) and that the purported identity of the sender is valid.
Symmetric encryption provides authentication among those who share the secret key.
![Page 15: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/15.jpg)
15
KEY POINTS (cont.)
A message authentication code (MAC) is an algorithm that requires the use of a secret key. A MAC takes a variable-length message and a secret key as input and produces an authentication code. A recipient in possession of the secret key can generate an authentication code to verify the integrity of the message.
One means of forming a MAC is to combine a cryptographic hash function in some fashion with a secret key.
Another approach to constructing a MAC is to use a symmetric block cipher in such a way that it produces a fixed-length output for a variable-length input.
![Page 16: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/16.jpg)
16
MESSAGE AUTHENTICATION REQUIREMENTS
1. Disclosure: Release of message contents to any person or process not possessing the appropriate cryptographic key.
2. Traffic analysis: Discovery of the pattern of traffic between parties…
3. Masquerade: Insertion of messages into the network from a fraudulent source …
4. Content modification: Changes to the contents of a message, including insertion, deletion, transposition, and modification.
![Page 17: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/17.jpg)
17
MESSAGE AUTHENTICATION REQUIREMENTS (cont.)
5. Sequence modification: Any modification to a sequence of messages between parties, including insertion, deletion, and reordering.
6. Timing modification: Delay or replay of messages.7. Source repudiation: Denial of transmission of message
by source.8. Destination repudiation: Denial of receipt of message
by destination.
![Page 18: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/18.jpg)
18
MESSAGE AUTHENTICATION FUNCTIONS
Hash function: A function that maps a message of any length into a fixed-length hash value, which serves as the authenticator.
Message encryption: The ciphertext of the entire message serves as its authenticator.
Message authentication code (MAC): A function of the message and a secret key that produces a fixed-length value that serves as the authenticator.
![Page 19: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/19.jpg)
19
Basic Uses of Message Encryption
![Page 20: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/20.jpg)
20
![Page 21: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/21.jpg)
21
Message Authentication Code
![Page 22: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/22.jpg)
22
Basic Uses of Message Authentication code (MAC)
![Page 23: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/23.jpg)
23
SECURITY OF MACS
Brute-Force Attacks Cryptanalysis
![Page 24: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/24.jpg)
24
MACS BASED ON HASH FUNCTIONS: HMAC
![Page 25: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/25.jpg)
25
Security of HMAC
![Page 26: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/26.jpg)
26
MACS BASED ON BLOCK CIPHERS: DAA AND CMAC
![Page 27: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/27.jpg)
27
Cipher-Based Message Authentication Code (CMAC)
![Page 28: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/28.jpg)
28
AUTHENTICATED ENCRYPTION: CCM AND GCMCounter with Cipher Block Chaining-Message Authentication Code (CCM)
![Page 29: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/29.jpg)
29
Counter with Cipher Block Chaining-Message Authentication Code (CCM) (cont.)
![Page 30: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/30.jpg)
30
3. DIGITAL SIGNATURES
Digital Signatures ElGamal Digital Signature Scheme Schnorr Digital Signature Scheme Digital Signature Standard
![Page 31: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/31.jpg)
31
KEY POINTS
A digital signature is an authentication mechanism that enables the creator of a message to attach a code that acts as a signature. Typically the signature is formed by taking the hash of the message and encrypting the message with the creator’s private key. The signature guarantees the source and integrity of the message.
The digital signature standard (DSS) is an NIST standard that uses the secure hash algorithm (SHA).
![Page 32: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/32.jpg)
32
DIGITAL SIGNATURES
![Page 33: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/33.jpg)
33
Simplified Depiction of Essential Elements of Digital Signature Process
![Page 34: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/34.jpg)
34
ELGAMAL DIGITAL SIGNATURE SCHEME
![Page 35: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/35.jpg)
35
![Page 36: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/36.jpg)
36
DIGITAL SIGNATURE STANDARD
![Page 37: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/37.jpg)
37
The Digital Signature Algorithm (DSA)
![Page 38: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/38.jpg)
38
![Page 39: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/39.jpg)
39
![Page 40: CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS](https://reader035.vdocuments.us/reader035/viewer/2022081422/5681632f550346895dd3ab14/html5/thumbnails/40.jpg)
40