Network

Security

Chapter 3

Public Key Cryptography

and Message Authentication
 Quotations
Every Egyptian received two names, which were known respectively as the
true name and the good name, or the great name and the little name; and
while the good or little name was made public, the true or great name
appears to have been carefully concealed.
—The Golden Bough, Sir James George Frazer

To guard against the baneful influence exerted by strangers is therefore an

elementary dictate of savage prudence. Hence before strangers are allowed
to enter a district, or at least before they are permitted to mingle freely
with the inhabitants, certain ceremonies are often performed by the
natives of the country for the purpose of disarming the strangers of their
magical powers, or of disinfecting, so to speak, the tainted atmosphere by
which they are supposed to be surrounded.

2/12/2022 2 —The Golden Bough, Sir James George Frazer

Approaches to Message
Authentication
Using conventional Without message
encryption encryption
• Symmetric encryption alone is
not a suitable tool for data • An authentication tag is
authentication generated and appended to each
• We assume that only the sender message for transmission
and receiver share a key, so only
the genuine sender would be able
to encrypt a message successfully • The message itself is not
• The receiver assumes that no encrypted and can be read at the
alterations have been made and destination independent of the
that sequencing is proper if the authentication function at the
message includes an error destination
detection code and a sequence
number
• If the message includes a • Because the message is not
timestamp, the receiver assumes encrypted, message
that the message has not been confidentiality is not provided
delayed beyond that normally
expected for network transit

3 2/12/2022
4 2/12/2022
One-way Hash Functions

• Accepts a variable-size message M as input and

produces a fixed-size message digest H(M) as output

• Does not take a secret key as input

• To authenticate a message, the message digest is sent

with the message in such a way that the message digest
is authentic

5 2/12/2022
6 2/12/2022
 Secure Hash Functions
• Is important not only • H can be applied to a block of data of any size.
1.
in message
authentication but in
digital signatures 2.
• H produces a fixed-length output.

• Purpose is to produce • H(x) is relatively easy to compute for any given x, making both hardware
a “fingerprint” of a 3. and software implementations practical.
file, message, or other
block of data • For any given code h, it is computationally infeasible to find x such that
H(x) = h. A hash function with this property is referred to as one-way or
4. preimage resistant.
• To be useful for
message • For any given block x, it is computationally infeasible to find y x with
H(y) = H(x). A hash function with this property is referred to as second
authentication, a 5. preimage resistant. This is sometimes referred to as weak collision
hash function H must resistant.
have the following
• It is computationally infeasible to find any pair (x, y) such that H(x) =
properties: H(y).
6. • A hash function with this property is referred to as collision resistant.
This is sometimes referred to as strong collision resistant.
2/12/2022 7
 Security of Hash
Functions
• There are two approaches to attacking a secure hash
function:
• Cryptanalysis
• Involves exploiting logical weaknesses in the algorithm
• Brute-force attack
• The strength of a hash function against this attack depends
solely on the length of the hash code produced by the
algorithm

8 2/12/2022
9 2/12/2022
 The sha Secure Hash
function
• SHA was developed by NIST and published as a federal
information processing standard (FIPS 180) in 1993
• Was revised in 1995 as SHA-1 and published as FIPS 180-1
• The actual standards document is entitled “Secure Hash
Standard”

• Based on the hash function MD4 and its design closely

models MD4
• Produces 160-bit hash values
• In 2005 NIST announced the intention to phase out
approval of SHA-1 and move to a reliance on SHA-2 by
2010
10 2/12/2022
 Table 3.1
Comparison of SHA Parameters

Note: All sizes are measured in bits.

11 2/12/2022
12 2/12/2022
13 2/12/2022
 Sha-3

2. SHA-3 must preserve

1. It must be possible to
the online nature of SHA-2.
replace SHA-2 with SHA-3
That is, the algorithm must
in any application by a
process comparatively small
simple drop-in substitution.
blocks (512 or 1024 bits) at
Therefore, SHA-3 must
a time instead of requiring
support hash value lengths
that the entire message be
of 224, 256, 384, and 512
buffered in memory before
bits.
processing it.

Basic
requirements
that must be
satisfied by
any candidate
for SHA-3

14 2/12/2022
 HMAC
• There has been an increased interest in developing a MAC
derived from a cryptographic hash code, such as SHA-1
• Cryptographic hash functions generally execute faster in software
than conventional encryption algorithms such as DES
• Library code for cryptographic hash functions is widely available
• A hash function such as SHA-1 was not designed for use as a
MAC and cannot be used directly for that purpose because it does
not rely on a secret key

• There have been a number of proposals for the incorporation

of a secret key into an existing hash algorithm
• The approach that has received the most support is HMAC

HMAC

• Has been issued as RFC 2104

• Has been chosen as the mandatory-to-implement MAC for IP
Security
• Is used in other Internet protocols, such as Transport Layer
15 Security (TLS) and Secure Electronic Transaction (SET) 2/12/2022
HMAC Design Objectives
• To use, without modifications, available hash functions --- in
particular, hash functions that perform well in software, and
for which code is freely and widely available
• To allow for easy replaceability of the embedded hash
function in case faster or more secure hash functions are
found or required
• To preserve the original performance of the hash function
without incurring a significant degradation
• To use and handle keys in a simple way
• To have a well understood cryptographic analysis of the
strength of the authentication mechanism based on
reasonable assumptions on the embedded hash function

16 2/12/2022
17 2/12/2022
18 2/12/2022
Counter with Cipher Block Chaining-
Message Authentication Code (CCM)
• NIST standard SP 800-
38C
• Referred to as an
authenticated encryption CTR mode
CMAC
authentication
mode of operation algorithm
• “Authenticated
encryption” is a term
used to describe
encryption systems that
simultaneously protect AES
confidentiality and encryption
algorithm
authenticity of
communications

• A single key is used for

both encryption and MAC
algorithms Key algorithmic ingredients

19 2/12/2022
20 2/12/2022
 Public-Key
encryption structure
• First publicly proposed by Diffie and Hellman in 1976
• Based on mathematical functions rather than on simple
operations on bit patterns
• Is asymmetric, involving the use of two separate keys

Misconceptions:

• Public-key encryption is more secure from cryptanalysis

than conventional encryption
• Public-key encryption is a general-purpose technique
that has made conventional encryption obsolete
• There is a feeling that key distribution is trivial when
using public-key encryption, compared to the rather
cumbersome handshaking involved with key distribution
21 centers for conventional encryption 2/12/2022
22 2/12/2022
 Applications for
public-key cryptosystems
• Public-key systems are characterized by the use of a
cryptographic type of algorithm with two keys, one
held private and one available publicly
• Depending on the application, the sender uses either
the sender’s private key, the receiver’s public key, or
both to perform some type of cryptographic function
The sender encrypts a
Encryption/decryption message with the
recipient’s public key

The use of public-key

The sender “signs” a
cryptosystems can be
Digital signature message with its private
classified into three
key
categories:

Two sides cooperate to

Key exchange
23 exchange a session key2/12/2022
 Table 3.2
applications for public-key cryptosystems

24 2/12/2022
25 2/12/2022
26 2/12/2022
 Diffie-Hellman Key
Exchange
• First published public-key algorithm

• A number of commercial products employ this key

exchange technique

• Purpose of the algorithm is to enable two users to

exchange a secret key securely that then can be used
for subsequent encryption of messages
• The algorithm itself is limited to the exchange of the keys

• Depends for its effectiveness on the difficulty of

computing discrete logarithms

2/12/2022 27
28 2/12/2022
29 2/12/2022
 Digital Signature
standard (DSS)
• FIPS PUB 186

• Makes use of the SHA-1 and presents a new digital signature

technique, the Digital Signature Algorithm (DSA)

• Originally proposed in 1991 and revised in 1993 and again in

1996

• Uses an algorithm that is designed to provide only the digital

signature function

• Unlike RSA, it cannot be used for encryption or key

exchange
30 2/12/2022
 Elliptic-curve
cryptology (ECC)
• Technique is based on the use of a mathematical
construct known as the elliptic curve
• Principal attraction of ECC compared to RSA is
that it appears to offer equal security for a far
smaller bit size, thereby reducing processing
overhead
• The confidence level in ECC is not yet as high as
that in RSA

31 2/12/2022
 Summary
• Approaches to message • Message authentication codes
authentication • HMAC
• Authentication using • MACs based on block ciphers
conventional encryption
• Message authentication without • Public-key cryptography principles
message encryption • Public-key encryption structure
• Applications for public-key cryptosystems
• Secure hash functions
• Requirements for public-key cryptography
• Hash function requirements
• Security of hash functions • Public-key cryptography algorithms
• Simple hash functions • The RSA public-key encryption algorithm
• The SHA secure hash function • Diffie-Hellman key exchange
SHA-3 • Other public-key cryptography algorithms
• Digital signatures
32 2/12/2022