More on Hashing and Security - PowerPoint PPT Presentation

About This Presentation
Title:

More on Hashing and Security

Description:

... can calculate a Y that hashes to X (using SHA-1) Means that hash signature of X also matches Y So attacker can replace X with Y When is that bad? – PowerPoint PPT presentation

Number of Views:57
Avg rating:3.0/5.0
Slides: 20
Provided by: PeterR221
Learn more at: https://lasr.cs.ucla.edu
Category:
Tags: hashing | more | security

less

Transcript and Presenter's Notes

Title: More on Hashing and Security


1
More on Hashing and Security
  • Hashing is useful for various security purposes
  • Message authentication codes
  • Hash chains
  • Breaks on hash algorithms have various bad
    security effects

2
Thinking More About Hashing
  • What is a hashing function?
  • Takes one value and produces another
  • The output cant be used to determine the input
  • For many hash functions
  • But the output also not computable without the
    input

3
The Basic Hash Operation
  • X H(X)
  • Cant guess X based on X
  • Cant produce X without knowing X
  • Given X, H(), and X, cant produce Y such that
    H(Y) X
  • So, given H(), only someone knowing X could have
    produced X

4
Message Authentication Codes
  • MACs
  • Essentially something to authenticate that a
    message hasnt changed
  • A kind of digital signature
  • Usually used in communications contexts

5
Authenticating a Message
  • Could just sign message with public keys
  • Could hash message and sign with public key
  • What if you dont need to authenticate
    originator?
  • Just need to be sure it hasnt changed
  • Typical case for a MAC

6
Basic MAC
  • Take message X
  • Hash it with function H()
  • Getting X
  • Attach X to X
  • Receiver checks that X and X match
  • By repeating hash operation H() on X

7
A Little Problem
  • If everyone knows H(), everyone can create X
  • Worse, everyone can take Y and produce proper
    Y
  • Attacker can replace X/X message with Y/Y
    message
  • Often need to prevent that . . .

8
Keyed Hashes
  • Use HMACs, instead
  • keyed-Hash Message Authentication Codes
  • Feed secret key into input of a hash function
  • H(X,K)
  • Often H() is ordinary hash function
  • Typically by combining key with input
  • In slightly complex way
  • Feed combination into hash function
  • Cheaper than hashing and PK signature of hash

9
Security of Keyed Hash Functions
  • Attacker assumed to know H() and X
  • Often knows X
  • Since hash is used as MAC
  • Doesnt know K
  • If hash function is good, cant create proper Y
    for arbitrary Y

10
Hash Security Properties and HMACs
  • Cant guess X based on X
  • Important, since X includes key
  • Cant produce X without knowing X
  • Otherwise attacker can forge messages
  • Given X, H(), and X, cant produce Y such that
    H(Y) X
  • Otherwise attacker can create new message with
    old HMAC

11
Hash Chains
  • Say I start with a value X

Now I apply hash function H()
Now I apply H() repetitively to the results
Thats a hash chain
12
Properties of a Hash Chain
  • Generally, the values are pseudorandom
  • X and X are not obviously related
  • If you dont know H(), the next link is
    unpredictable
  • X is not derivable from X
  • Even if you do know H()
  • So X can be secret, even if you know X and H()

13
Using Hash Chains
  • Cryptographic key generation
  • Create a key
  • Use it for a while
  • Then use secret hash function on that key to
    create a new one
  • If hashs pseudorandom and non-reversible
    properties strong, relatively safe

14
Reverse Hash Chains
  • Generate a hash chain
  • Of some chosen length
  • Then reverse it






15
Whats So Great About That?
  • I know the entire reverse hash chain
  • I can gradually tell others about it, element by
    element
  • When they know , what can I now do?
  • I can tell them about
  • They now know something useful

16
OK, What Do They Know?
  • That I knew when I told them
  • They can check that with the hash
  • So both messages come from the same source
  • If they authenticated the first message, the hash
    value authenticates the second

17
Complications
  • There are serious issues with this
  • Cut-and-paste attacks
  • Man-in-the-middle
  • Well discuss these later
  • But proper use can allow most authentications to
    pay hash costs
  • Much lower than other crypto costs

18
What If Hash Is Broken?
  • What if
  • You can guess X based on X?
  • You can produce X without knowing X
  • Given X, H(), and X, you can produce Y such that
    H(Y) X
  • Which of these produce problems for hash chains?

19
For Example, The SHA-1 Break
  • Given X, can calculate a Y that hashes to X
    (using SHA-1)
  • Means that hash signature of X also matches Y
  • So attacker can replace X with Y
  • When is that bad?
Write a Comment
User Comments (0)
About PowerShow.com