Download Netwrok security notes for bca 5th sem and more Study notes Network security in PDF only on Docsity!
V BCA
NETWORK SECURITY
UNIT 4
Cryptographic Hash Functions
Message and message digest
The electronic equivalent of the document and fingerprint pair is the
message and digest pair.
To preserve the integrity of a message the message is passed through an
algorithm called a cryptographic hash function. The function creates a compressed image of the message that can be used like a fingerprint.
The below figure shows the message cryptographic Hash Function and
message digest
Iterated hash function
All cryptographic hash functions need to create a fixed-size digest out of a
variable-size message. Creating such a function is best accomplished using iteration.
Instead of using a hash function with variable-size input, a function with
fixed-size input is created and is used a necessary number of times.
The fixed-size input function is referred to as a compression function
A cryptographic hash function takes a message of arbitrary length and
creates a message digest of fixed length.
Merkle-Damgard Scheme
The scheme uses the following steps:
- The message length and padding are appended to the message to create an augmented message that can be evenly divided into blocks of n bits, where n is the size of the block to be processed by the compression function.
- The message is then considered as t blocks, each of n bits. We call each block M 1 , M 2 ...., Mt. We call the digest created at t iterations H 1 , H 2 ,..., Ht.
- Before starting the iteration, the digest H 0 is set to a fixed value, normally called IV (initial value or initial vector).
- The compression function at each iteration operates on Hi-1 and Mi to create a new Hj.
- Ht,, is the cryptographic hash function of the original message, that is, h(M).
Two Groups of Compression Functions
The compression function is made from scratch.
Message Digest (MD)
A symmetric-key block cipher serves as a compression function.
Hash function schemes
Rabin Scheme
The iterated hash function proposed by Rabin is very simple. The Rabin scheme is based on the Merkle-Damgard scheme. The compression function is replaced by any encrypting cipher. The message block is used as the key; the previously created digest is used as the plaintext. The ciphertext is the new message digest.
SHA-512(secure hash algorithm with 512 bits)
SHA-512 is the version of SHA with a 512-bit message digest. This version,
like the others in the SHA family of algorithms, is based on the Merkle- Damgard scheme.
Message digest creation SHA-
Message Preparation
SHA-512 insists that the length of the original message be less than 2^128 bits. If the length is equal or less than 2^128 bits, it will not be processed by SHA-
Padding and length field in SHA-
Compression function in SHA-
SHA-512 creates a 512-bit (eight 64-bit words) message digest from a multiple-block message where each block is 1024 bits. The processing of each block of data in SHA- 512 involves 80 rounds. Below figure shows the general outline for the compression function. In each round, the contents of eight previous buffers, one word from the expanded block (W;), and one 64-bit constant (K) are mixed together and then operated on to create a new set of eight buffers. At the beginning of processing, the values of the eight buffers are saved into eight temporary variables. At the end of the processing. This last operation is called the final adding, as shown in the figure.
Structure of each round in SHA-
In each round, eight new values for the 64-bit buffers are created from the values of the buffers in the previous round. As below figure shows, six buffers are the exact copies of one of the buffers in the previous round as shown below:
A B B C C D E F F G G H
Two of the new buffers, A and E, receive their inputs from some complex functions that involve some of the previous buffers, the corresponding word for this round (wi). and the corresponding constant for this round (Ki). figure shows the structure of each round.
Block and state in the Whirlpool cipher
Like the AES cipher, the Whirlpool cipher uses states and blocks. However,
the size of the block or state is 512 bits.
A block is considered as a row matrix of 64 bytes; a state is considered as a
square matrix of 8 x 8 bytes.
Structure of Each Round Each round uses four transformations.
Figure shows the structure of each round. Each round uses four transformations.
SubBytes provide a nonlinear transformation. A byte is represented as two hexadecimal digits. The left digit defines the row and the right digit defines the column of the substitution table. The two hexadecimal digits at the junction of the row and the column are the new byte. Figure 12.16 shows the idea.
SubBytes Like in AES, SubBytes provide a nonlinear transformation.
MixRows transformation diffuses the bits. The MixRows transformation is a matrix transformation where bytes are interpreted as 8-bit words (or polynomials) with coefficients in GF(2). Multiplication of bytes is done in GF(28), but the modulus is different from the one used in AES. The Whirlpool cipher uses (Ox11D) or (78 + x4 + x + x + 1) as the modulus. Addition is the same as XORing of 8-bit words. Figure shows the MixRows transformation.
AddRoundKey transformation in the Whirlpool cipher
The AddRoundKey transformation in the Whirlpool cipher is done byte by byte, because each round key is also a state of an 8 x 8 matrix. Figure shows the process. A byte from the data state is added, in GF(28) field, to the corresponding byte in the round-key state. The result is the new byte in the new state.
Key expansion in the Whirlpool cipher
As figure shows, Instead of using a new algorithm for creating round key. Whirlpool uses a copy of the encryption algorithm (without the pre-round) to creating the round keys. The output of each round in the encryption algorithm is the round key for that round.
Whirlpool is using ten round constants (RCS) as the virtual round keys for the key expansion algorithm.
DIGITAL SIGNATURE
COMPARISON
Inclusion
A conventional signature is included in the document; it is part of the
document. But when we sign a document digitally, we send the signature as a separate document.
Verification Method
For a conventional signature, when the recipient receives a document, she
compares the signature on the document with the signature on file.
A digital signature needs a public-key system.
The signer signs with her private key; the verifier verifies with the signer’s
public key.
A cryptosystem uses the private and public keys of the receiver: a digital
signature uses the private and public keys of the sender.
Signing the Digest
SERVICES
Security services are message confidentiality, message authentication,
message integrity, and nonrepudiation.
A digital signature can directly provide the last three; for message
confidentiality we still need encryption/decryption.
Message Authentication
A secure digital signature scheme, like a secure conventional signature can
provide message authentication.
A digital signature provides message authentication.
Message Integrity
The integrity of the message is preserved even if we sign the whole message
because we cannot get the same signature if the message is changed.
Nonrepudiation
Using a trusted center for nonrepudiation
Confidentiality
Adding confidentiality to a digital signature scheme
A digital signature does not provide privacy.
If there is a need for privacy, another layer of encryption/decryption must be
applied.
DIGITAL SIGNATURE SCHEMES
Several digital signature schemes have evolved during the last few decades.
Some of them have been implemented.
RSA Digital Signature Scheme
Key Generation
Key generation in the RSA digital signature scheme is exactly the same as key
generation in the RSA
Signing and Verifying
RSA Signature on the Message Digest
ElGamal Digital Signature Scheme
Key Generation
The key generation procedure here is exactly the same as the one used in the cryptosystem.
Verifying and Signing
Schnorr Digital Signature Scheme
Key Generation
- Alice selects a prime p, which is usually 1024 bits in length.
- Alice selects another prime q.
- Alice chooses e 1 to be the qth root of 1 modulo p.
Verifying and Signing
DSS Versus RSA
Computation of DSS signatures is faster than computation of RSA signatures
when using the same p.
DSS Versus ElGamal
DSS signatures are smaller than ElGamal signatures because q is smaller than p.
Elliptic Curve Digital Signature Scheme
Key Generation Key generation follows these steps:
- Alice chooses an elliptic curve Ep(a, b).
- Alice chooses another prime q the private key d.
- Alice chooses e 1 (…, …), a point on the curve.
- Alice calculates e 2 (…, …) = d × e 1 (…, …).
- Alice’s public key is (a, b, p, q, e1, e2); her private key is d.
Signing and Verifying
VARIATIONS AND APPLICATIONS
Time Stamped Signatures Sometimes a signed document needs to be time stamped to prevent it from being replayed by an adversary. This is called time-stamped digital signature scheme
Blind Signatures Sometimes we have a document that we want to get signed without revealing the contents of the document to the signer.
KEY MANAGEMENT
Symmetric-key distribution
Symmetric-key cryptography is more efficient than asymmetric-key cryptography for enciphering large messages. Symmetric-key cryptography, however, needs a shared secret key between two parties. The distribution of keys is another problem.
Key-Distribution Center: KDC
