1 / 34

CSCE 815 Network Security Lecture 8

CSCE 815 Network Security Lecture 8. SHA Operation and Kerberos. Resources. Stallings Web Site: http://williamstallings.com/ Network Security Essentials, Second Edition Instructors Resources PowerPoint Slides Henric Johnson Tables and Figures

heller
Download Presentation

CSCE 815 Network Security Lecture 8

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSCE 815 Network Security Lecture 8 SHA Operation and Kerberos

  2. Resources • Stallings Web Site: http://williamstallings.com/ • Network Security Essentials, Second Edition • Instructors Resources • PowerPoint Slides Henric Johnson • Tables and Figures • Student Resources: look here for yourself! • Resources for Cryptography and Network Security, Third Edition http://williamstallings.com/Crypto3e.html • Instructors Resources • Figures, Tables • PowerPoint Lawrie Brown

  3. Test 1 Feb 20 • Sample Test ??? (next Time) Open vs Closed??? • Questions • Analyze this sequence of ciphertext given table of frequencies. • Analyze this ciphertext knowing it is a very simple permutation. • Describe approach to decipher composition of substitution and permutation. • DES ? • RSA ? • SHA, MAC,

  4. Birthday Attacks • You might think a 64-bit hash is secure • But by Birthday Paradox is not • The Birthday attackworks thus: • opponent generates 2m/2variations of a valid message all with essentially the same meaning • opponent also generates 2m/2 variations of a desired fraudulent message • two sets of messages are compared to find pair with same hash (probability > 0.5 by birthday paradox) • have user sign the valid message, then substitute the forgery which will have a valid signature • Conclusion is that need to use larger MACs

  5. One-way HASH function

  6. One-way HASH function • Secret value is added before the hash and removed before transmission.

  7. SHA Overview pad message so its length is 448 mod 512 append a 64-bit length value to message initialize 5-word (160-bit) buffer (A,B,C,D,E) to (67452301,efcdab89,98badcfe,10325476,c3d2e1f0) process message in 16-word (512-bit) chunks: • expand 16 words into 80 words by mixing & shifting • use 4 rounds of 20 bit operations on message block & buffer • add output to input to form new buffer value output hash value is the final buffer value

  8. Message Digest Generation Using SHA-1

  9. SHA-1 Process-ing of single 512-Bit Block

  10. Figure 12-6 (C&NS) SHA one step

  11. SHA-1 Compression Function • Each round has 20 steps which replaces the 5 buffer words thus: (A,B,C,D,E) <-(E+f(t,B,C,D)+S5(A)+Wt+Kt),A,S30(B),C,D) • A,B,C,D,E refer to the five words of the buffer • t is the step number • Kt is a constant value derived from step • ft(t,B,C,D) is nonlinear function for round • Wt is derived from the message block • Sk – circular shift by k bits • + here means addition modulo 232

  12. Kt - Constants for SHA-1 steps • Step Number Kt (in hex) Integer portion of • -1 < t <20 5A827999 230 x sqrt(2) • 19 < t <40 6ED9EBA1 230 x sqrt(3) • 39 < t <60 8F1BBCDC 230 x sqrt(5) • 59 < t <80 CA62C1D6 230 x sqrt(10)

  13. ft – Round Functions for SHA-1 steps • Step Number ft (t,B,C,D) • -1 < t <20 (B ^ C) V (B’ ^ D) • 19 < t <40 B + C + D • 39 < t <60 (B ^ C) V (B ^ D) V (C ^ D) • 59 < t <80 B + C + D • Where B’ means B complement, and • + on this slide means XOR

  14. Wt words • 32 bit Wt words • For the first 16 words Wt = 16 words of current block • Henceforth • Wt = S1(Wt-16 + Wt-14 + Wt-8 + Wt-3) • + means XOR

  15. Message Digest Generation Using SHA-1 revisited

  16. Output Stage of SHA-1 • After all 512 bit blocks have been processed • Where • IV = initial vector, initial value of five words • L = number of 512 bit blocks in padded message • MD = final Message Digest • ABCDEq = output of last round of processing of the qth block • Algorithm • CV0 = IV • for q = 0 to L • CVq+1 = CVq + ABCDEq • MD = CVL

  17. Other Secure Hash Functions • MD5 Message Digest Algorithm • RFC 1321 Ron Rivest • 128 bit message digest • with faster processors security has become questionable • RIPEMD-160 Round • European group • produces 160 bit digest • processes text in 512 bit blocks

  18. Other Secure HASH functions- table 3.1

  19. Message Authentication Codes revisited • MAC based on MAC algorithm and Key K • Hash Functions • one way function not based on key

  20. Keyed Hash Functions as MACs • have desire to create a MAC using a hash function rather than a block cipher • because hash functions are generally faster • not limited by export controls unlike block ciphers • hash includes a key along with the message • original proposal: KeyedHash = Hash(Key|Message) • some weaknesses were found with this • eventually led to development of HMAC

  21. HMAC • Use a MAC derived from a cryptographic hash code, such as SHA-1. • Motivations: • Cryptographic hash functions executes faster in software than encryption algorithms such as DES • Library code for cryptographic hash functions is widely available • No export restrictions from the US • RFC 2104

  22. HMAC Design Objectives • Proposal to include secret key in hash function • RFC 2104 lists design objectives for HMAC • To use available hash functions • Allow easy replaceability of hash function • Maintain performance of original hash • Use and handle keys simply • Have well understood cryptographic analysis of strength of the authentication method

  23. HMAC Structure fig 3.6

  24. HMAC Details • Hash = embedded hash function (e.g., SHA-1) • M – message • L – number of blocks in M • Yi – the ith block of M 0 < i < L • b = number of bits in a block • n = length of hash code produced by embedded hash • K = secret Key • K+ = K padded on left with zeroes so length is b • Ipad = 00110110 repeated b/8 times • Opad = 01011100 repeated b/8 times

  25. Diffie Hellman Key Exchange • First published public-key algorithm (1976) • Purpose is to allow two users to exchange a private key • Diffie-Hellman depends on the difficulty in computing discrete logarithms (inverse exponentials) • Choose a prime p, consider the sequence • a mod p, a2 mod p, a3 mod p, … ap-1 mod p • If these are distinct and a permutation of 1 … p-1, then • b = ai mod p then ‘i’ is the discrete logarithm of b • a is called a primitive root of p • Diffie-Hellman fig 3.10

  26. Diffie-Hellman Algorithm fig 3.10 • Global public elements • q – a prime and ‘a’ a primitive root of q • User A key generation • Select private XA, calculate public YA = aXA mod q • User B key generation • Select private XB, calculate public YB = aXB mod q • Generation of Secret Key by User A • K = (YB)XA mod q • Generation of Secret Key by User B • K = (YA)XB mod q

  27. Other Public-Key Cryptographic Algorithms • Meaning other than RSA • Digital Signature Standard (DSS) • Makes use of the SHA-1 • Not for encryption or key echange • Elliptic-Curve Cryptography (ECC) • Good for smaller bit size • Low confidence level, compared with RSA • Very complex

  28. Diffie-Hellman Key Exchange fig 3.11

  29. Key Management • Major contribution of public-key encryption is to address the problem of key distribution • Private keys as in RSA to distribute key for AES • Public keys • Public Key Certificates • Public keys are public. Why not just broadcast? • Forgery of public announcement • Darth sends out “I’m Bob and my public key is XXX” • Then Darth can read secret messages for Bob and Bob can’t • Public Key certificate: public key + User Id signed by trusted third party • X.509 protocol for certificates (next time)

  30. Key ManagementPublic-Key Certificate Use fig 3.12

  31. Public-Key Distribution of Secret Keys • How to share private key between Bob and Alice • Diffie-Hellman • Works but no user authentication • Alternative • Prepare message. • Encrypt message using conventional encryption using one-time session key. • Encrypt session key using public-key with Alice’s public key. • Attach the encrypted session key to the message and send to Alice. • Only Alice is capable of decrypting the session key. • Bob get’s public key from Alice’s public-key certificate.

  32. Summary • have considered: • message authentication using • message encryption • MACs • hash functions • some current hash algorithms: MD5, SHA-1, RIPEMD-160 • HMAC authentication using hash function • Diffie-Hellman Key Exchange

More Related