Information Security CS 526 Lecture 6 - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

Information Security CS 526 Lecture 6

Description:

Due by 12:25pm on September 17. There will be a quiz on ... Hash Functions for Authentication. Require an authentic channel to transmit the hash of a ... – PowerPoint PPT presentation

Number of Views:37
Avg rating:3.0/5.0
Slides: 13
Provided by: NINGH7
Category:

less

Transcript and Presenter's Notes

Title: Information Security CS 526 Lecture 6


1
Information Security CS 526Lecture 6
  • Message Authentication Code

2
Announcements
  • Homework 1 assigned
  • Due by 1225pm on September 17
  • There will be a quiz on Wednesday September 10

3
Limitation of Using Hash Functions for
Authentication
  • Require an authentic channel to transmit the hash
    of a message
  • anyone can compute the hash value of a message,
    as the hash function is public
  • not always possible
  • How to address this?
  • use more than one hash functions
  • use a key to select which one to use

4
Hash Family
  • A hash family is a four-tuple (X,Y,K,H ), where
  • X is a set of possible messages
  • Y is a finite set of possible message digests
  • K is the keyspace
  • For each K?K, there is a hash function hK?H .
    Each hK X ?Y
  • Alternatively, one can think of H as a function
    K?X?Y

5
Message Authentication Code
  • A MAC scheme is a hash family, used for message
    authentication
  • MAC CK(M)
  • The sender and the receiver share K
  • The sender sends (M, Ck(M))
  • The receiver receives (X,Y) and verifies that
    CK(X)Y, if so, then accepts the message as from
    the sender
  • To be secure, an adversary shouldnt be able to
    come up with (X,Y) such that CK(X)Y.

6
HMAC
HMACKM Hash(K ? opad) Hash(K ?
ipad)M)
  • K is the key padded (with 0) to B bytes, the
    input block size of the hash function
  • ipad the byte 0x36 repeated B times
  • opad the byte 0x5C repeated B times.

7
HMAC Overview
8
HMAC Security
  • If used with a secure hash functions (e.g.,
    SHA-256) and according to the specification (key
    size, and use correct output), no known practical
    attacks against HMAC

9
CBC-MAC
  • Given a block cipher E with block size m
  • Given message M M1 M2 Mn
  • MAC of M is the last ciphertext block of Ek(M)
  • z0IV0m
  • zi Ek(zi-1?Mi) for 1 ? i ? n
  • MACzn
  • Random IV is needed in CBC encryption to prevent
    codebook attack on first block, not needed here.

10
Properties of CBC-MAC
  • Secure for messages of a fixed number of blocks
    assuming the block cipher is PRP
  • Not secure with variable lengths
  • Slower than HMAC

11
Readings for This Lecture
  • Message Authentication Code on wikipedia
  • http//en.wikipedia.org/wiki/Cryptographic_hash_fu
    nction

12
Coming Attractions
  • Operating System Security Basics
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Information Security CS 526 Lecture 6" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!