Downloaded 220 times
![MAC requirements Knowing M and Ck(M) it should not be possible to make Mâ-> Ck(Mâ) = Ck(M) For any random M, Mâ; Pr[Ck(M) =Ck(Mâ)] should be 2 -n for n MAC bits If Mâ = f(M); Pr[Ck(M) =Ck(Mâ)] should be 2 -n](https://image.slidesharecdn.com/messageauthentication-091201224745-phpapp02/85/Message-Authentication-11-320.jpg)
![Step 4 Four rounds 16 steps in each round Details of each round Inputs A,B,C,D ( 32 bits each) 512 bit block Message ( 16 x 32) T[ i ] 32 bit array of cont from sin value Processing F,G,H &I functions in each round Output A,B,C,D](https://image.slidesharecdn.com/messageauthentication-091201224745-phpapp02/85/Message-Authentication-23-320.jpg)
![MAC requirements Knowing M and Ck(M) it should not be possible to make Mâ-> Ck(Mâ) = Ck(M) For any random M, Mâ; Pr[Ck(M) =Ck(Mâ)] should be 2 -n for n MAC bits If Mâ = f(M); Pr[Ck(M) =Ck(Mâ)] should be 2 -n](https://image.slidesharecdn.com/messageauthentication-091201224745-phpapp02/75/Message-Authentication-11-2048.jpg)
![Step 4 Four rounds 16 steps in each round Details of each round Inputs A,B,C,D ( 32 bits each) 512 bit block Message ( 16 x 32) T[ i ] 32 bit array of cont from sin value Processing F,G,H &I functions in each round Output A,B,C,D](https://image.slidesharecdn.com/messageauthentication-091201224745-phpapp02/75/Message-Authentication-23-2048.jpg)
Uploaded byRam Dutt Shukla
Message Authentication
Message authentication provides a way to verify that a received message is from the alleged source and has not been altered. It includes mechanisms for non-repudiation by the source. Authentication functions include lower level authenticators and higher level functions that use authenticators to verify message authenticity. Message authentication codes are appended to messages by the sender and verified by the receiver recomputing the code. MAC attacks aim to find the key or authenticate incorrect messages without finding the key. Hash functions map messages to fixed length values to verify integrity.
More Related Content
![Transport Layer [Autosaved]](https://cdn.slidesharecdn.com/ss_thumbnails/transportlayerautosaved-091201224714-phpapp01-thumbnail.jpg?width=600ounds&width=560&fit=bounds)
Message Authentication
- 1.
- 2. Message authentication Procedureto verify that Recvd message is from alleged source Message has not been altered There is no change in message sequence message is not delayed or a replay Includes mechanism for non-repudiation by source
- 3. Authentication functions Lowerlevel function Authenticator or value Higher level function Use authenticator to verify authenticity of message Functions to produce authenticator Message encryption cirhertext Message authentication code ( MAC) F(K,M) -> fixed length value Hash Function Mapping of message -> fixed length value
- 4.
- 5.
- 6. Message Authentication codes ( MAC) MAC also known as cryptographic checksum MAC = C k (M) M : variable length message K : Shared key between sender and receiver C k (M) : Fixed length authenticator MAC is appended to the message at src Receiver verifies by re-computing MAC
- 7.
- 8. MAC attacks Inencryption security depends on length of key brute force attack requires 2 k-1 combinations of k bit key Mac is many to one function Known M1 and MAC1 If k > n ( length of MAC) Brute force attack can result in 2 k-n matches == ïš C k-n (M1) = MAC1
- 9. MAC attack tofind Key Round 1: given M1, MAC1 = C k (M1) Compute MAC i = Ck i (M i ) for all 2 k keys Number of matches ~ 2 k-n Round 2: given M2, MAC2 = C k (M2) Compute MAC i = Ck i (M i ) for all 2 k-n keys Number of matches ~ 2 k-2n And so onâŠâŠ. Brute force over many rounds
- 10. Mac attack withoutfinding key Mac algo M = X1||X2||âŠ||Xm -- ï Xi = 64 bit blocks ï M = X1 ï X2 ï âŠ. ï Xm C k (M) = E k ( ï M) encryption by DES ECB Attack Replace X1..Xm-1 by Y1..Ym-1 Ym = Y1 ï Y2 ï âŠ. ï Ym-1 ï ï M Attacker inserts new message which will be authenticated correctly by receiver
- 11. MAC requirements KnowingM and Ck(M) it should not be possible to make Mâ-> Ck(Mâ) = Ck(M) For any random M, Mâ; Pr[Ck(M) =Ck(Mâ)] should be 2 -n for n MAC bits If Mâ = f(M); Pr[Ck(M) =Ck(Mâ)] should be 2 -n
- 12. MAC based onDES
- 13. HASH functions h= H(M) M = variable length message H(M) is fixed length hash value Hash is appended to M by sender Receiver re-computes hash to verify M
- 14. Requirements of Hashfunction Applied on any length of block of data Output fixed length H(x) easy to compute H(x) should exhibit one way property For given x, infeasible to find y!=x with H(y) = H(x): weak collision resistance Infeasible to find any pair (x,y) such that H(y) = H(x)
- 15.
- 16.
- 17. What is Birthdayattack? Derived from "birthday paradoxâ A lthough there are 365 days in a year T he probability is greater than 1/2 that T wo of more people share the same birthday in any randomly chosen group of 23 people.
- 18. Birthday Attack Aclass of attacks against cryptographic functions including both encryption functions and hash functions. The attacks take advantage of a statistical property: Given a cryptographic function having an N-bit output for 2 N/2 randomly chosen inputs the function will produce at least two outputs that are identical With a probability greater than1/2
- 19. More on Birthdayattacker Birthday attacks enable an attacker to find two inputs for which a cryptographic /hash function produces the same cipher text M uch faster than a brute-force attack can N o birthday attack can enable an a ttacker T o decrypt a given cipher text or find a hash input that results in a given hash result any faster than a brute-force attack can.
- 20.
- 21. MD5 processing stepsStep 1: Appending padding bits To ensure each block size is 512 bit Min 1 bit to max 512 bit padding Padding bits : 10000âŠ.. (Msg + pad bits + 64 bit for length) = n x 512 Step 2: Append length 64 bit long filed for length of message Step 3: Initialize MD buffer A,B,C,D buffers of 32 bit size each Step 4: Process message in 512-bit blocks 16 words of 32 bit each Step 5: output 128 bit ( also fed back to input)
- 22.
- 23. Step 4 Fourrounds 16 steps in each round Details of each round Inputs A,B,C,D ( 32 bits each) 512 bit block Message ( 16 x 32) T[ i ] 32 bit array of cont from sin value Processing F,G,H &I functions in each round Output A,B,C,D
- 24.
- 25.
- 26.
- 27. SHA-1 processing stepsStep 1: Appending padding bits To ensure each block size is 512 bit Min 1 bit to max 512 bit padding Padding bits : 10000âŠ.. (Msg + pad bits + 64 bit for length) = n x 512 Step 2: Append length 64 bit long filed for length of message Step 3: Initialize MD buffer A,B,C,D,E buffers of 32 bit size each Step 4: Process message in 512-bit blocks 20 words of 32 bit each Step 5: output 128 bit ( also fed back to input)
- 28.
- 29.
- 30.