1. Lecture 4Cryptographic Tools (cont)

2. Message Authentication protects againstactive attacks contents have not been verifies received alteredmessage is from authentic source timely and in correctauthenticsequencecan use only sender & receiverconventional share a key encryption 3. Message Authentication Codes 4. Secure Hash Functions 5. MessageAuthentication Using aOne-WayHash Function 6. Hash Function Requirements can be applied to a block of data of any size produces a fixed-length output H(x) is relatively easy to compute for any given x one-way or pre-image resistant infeasible to find x such that H(x) = h second pre-image or weak collision resistant infeasible to find y x such that H(y) = H(x) collision resistant or strong collision resistance infeasible to find any pair (x, y) such that H(x) = H(y) 7. Security of Hash Functions approaches to attack a secure hash function cryptanalysis exploit logical weaknesses in the algorithm brute-force attack strength of hash function depends solely on the length of thehash code produced by the algorithm additional secure hash function applications: Passwords: hash of a password is stored by anoperating system intrusion detection: store H(F) for each file on a systemand secure the hash values 8. Public-Key Encryption Structure asymmetric uses two separate keyspublicly public key andsome form ofproposed bybased onprivate keyprotocol is Diffie and mathematical public key isneeded for Hellman infunctions made public fordistribution 1976others to use 9. Public-Key Encryption 10. Private-Key Encryption 11. Requirements for Public-Key Crypto. computationallyeasy to createkey pairscomputationally easyuseful if either key can for sender knowing be used for each rolepublic key to encryptmessagescomputationally computationally easyinfeasible for opponentfor receiver knowingto otherwise recoverprivate key to decryptoriginal message ciphertextcomputationallyinfeasible for opponent to determine private keyfrom public key 12. Applications for Public-Key Cryptosystems 13. Digital Signatures used for authenticating both source and dataintegrity created by encrypting hash code with privatekey does not provide confidentiality even in the case of complete encryption message is safe from alteration but noteavesdropping 14. Public Key Certificates 15. Digital Envelopes protects a messagewithout needing tofirst arrange forsender and receiverto have the samesecret key equates to the samething as a sealedenvelope containingan unsigned letter 16. Random Uses include generation of:Numbers keys for public-key algorithms stream key for symmetricstream cipher symmetric key for use as atemporary session key or increating a digital envelope handshaking to prevent replayattacks session key 17. Random Number RequirementsRandomness Unpredictability criteria: uniform distributioneach number is statistically frequency of occurrence ofindependent of other each of the numbers should numbers in the sequence be approximately the sameopponent should not be able independence no one value in theto predict future elements sequence can be inferred of the sequence on the from the others basis of earlier elements 18. Random versus Pseudorandom cryptographic applications typically use algorithms forrandom number generation algorithms are deterministic and therefore produce sequences of numbers that are not statistically random pseudorandom numbers are: sequences produced that satisfy statistical randomness tests likely to be predictable true random number generator (TRNG): uses a nondeterministic source to produce randomness most operate by measuring unpredictable natural processes e.g. radiation, gas discharge, leaky capacitors increasingly provided on modern processors 19. Summary symmetric encryption hash functions conventional or single-key only type message authentication creation of digital signaturesused prior to public-key five parts: plaintext, encryption digital signaturesalgorithm, secret key, ciphertext, and hash code is encrypted withdecryption algorithm private key two attacks: cryptanalysis and brute digital envelopesforce protects a message without most commonly used algorithms are needing to first arrange for senderblock ciphers (DES, triple DES, AES) and receiver to have the same public-key encryptionsecret key based on mathematical functions random numbers asymmetric requirements: randomness and six ingredients: plaintext, encryptionunpredictabilityalgorithm, public and private key, validation: uniform distribution,ciphertext, and decryption algorithm independence pseudorandom numbers