Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
24 views

Authentication and Hash Function

Uploaded by

vaibhavkirar459
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
24 views

Authentication and Hash Function

Uploaded by

vaibhavkirar459
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 14

Authentication and Hash Function

1.Authentication Requirements

Different attacks identified in communication across network includes:


Disclosure – release of message content.
Traffic Analysis - discovery of the pattern of traffic between parties.
Masquerade: Insertion of messages into the network from a fraudulent source.
Content Modification: Changes to the contents of a message.
Sequence Modification: Any modification to a sequence of messages between parties.
Timing Modification: Delay or replay of messages.
Source Repudiation: Denial of transmission of message by source.
Destination Repudiation: Denial of receipt of message by destination.
2.Authentication Functions

Message authentication or digital signature mechanism has two levels of functionality.


Lower level - a function that produces an authenticator to authenticate a message.
Higher level - enables a receiver to verify the authenticity of a message.

Types of functions that may be used to produce an authenticator.


Message Encryption - ciphertext of the entire message serves as its authenticator.
Message Authentication Code - A function of the message and a secret key that produces a fixed-
length value.
Hash Function - A function that maps a message of any length into a fixed-length hash value.
2.a.Message Encryption
Message encryption by itself can provide a measure of authentication.
The analysis differs for symmetric and public-key encryption schemes.

I. Symmetric Encryption
A message M transmitted from source A to destination B is encrypted using a secret key K shared by
A and B.
If no other party knows the key, then confidentiality is provided.
Symmetric encryption provides authentication as well as confidentiality.
2.a.Message Encryption

B is assured that the message was generated by A.


Since A, is the only other party that possesses K.
if M is recovered, B knows that none of the bits of M have been altered, because an opponent that
does not know K would not know how to alter bits in the ciphertext.
2.a.Message Encryption

II. Public Key Encryption


The straightforward use of public-key encryption provides confidentiality but not authentication.
Source (A) uses the public key PUb of the destination (B) to encrypt message M.
Only B has the corresponding private key PRb, only B can decrypt the message.
Provides no authentication because any opponent could also use B's public key to encrypt a
message, claiming to be A.
Symmetric encryption provides authentication as well as confidentiality.
2.a.Message Encryption

To provide authentication, A uses its private key to encrypt the message, and B uses A's public key
to decrypt.
Provides authentication using the same type of reasoning as in the symmetric encryption case
The message must have come from A because A is the only party that possesses PR a .
Signature - The only party with the information necessary to construct ciphertext that can be
decrypted with PUa.
2.a.Message Encryption

A can encrypt M first using its private key, which provides the digital signature, and then using
B's public key, which provides confidentiality.
B knows A’s public key so this authenticates that the message is from source A.
2.b.Message Authentication Code
Involves the use of a secret key to generate a small fixed-size block of data.
The generated cryptographic checksum or MAC is appended to the message.
This technique assumes that two communicating parties, say A and B, share a common secret key
K.
When A has a message to send to B, it calculates the MAC as a function of the message and the
key: MAC = C(K,M), where
M = input message.
C = MAC function.
K = shared secret key.
MAC = message authentication code.
2.b.Message Authentication Code
The message plus MAC are transmitted to the intended recipient.
The recipient performs the same calculation on the received message, using the same secret key, to
generate a new MAC.
The received MAC is compared to the calculated MAC.
The receiver is assured that the message has not been altered.
If an attacker alters the message but does not alter the MAC, then the receiver's calculation of the
MAC will differ from the received MAC.
Because the attacker is assumed not to know the secret key, the attacker cannot alter the MAC to
correspond to the alterations in the message.
2.b.Message Authentication Code
The receiver is assured that the message is from the alleged sender.
Because no one else knows the secret key, no one else could prepare a message with a proper
MAC.

The message includes a sequence number.


Therefore receiver can be assured of the proper sequence because an attacker cannot successfully
alter the sequence number.
2.c.Hash Function
A variation on the message authentication code is the one-way hash function.
A hash function accepts a variable-size message M as input and produces a fixed size output,
referred to as a hash code H(M).
Unlike a MAC, a hash code does not use a key but is a function only of the input message.
The hash code is also referred to as a message digest or hash value.
The hash code is a function of all the bits of the message and provides an error-detection
capability:
A change to any bit or bits in the message results in a change to the hash code.
2.c.Hash Function
a) The message plus concatenated hash code is encrypted using symmetric encryption.
The hash code provides the structure or redundancy required to achieve authentication.
Since encryption is applied to the entire message plus hash code, confidentiality is also provided.
2.c.Hash Function
b) Only the hash code is encrypted, using symmetric encryption.
This reduces the processing burden for those applications that do not require confidentiality.

c) Only the hash code is encrypted, using public-key encryption and using the sender's private key.
As with (b), this provides authentication and also digital signature.

You might also like