More on Hashing and Security

1
More on Hashing and Security

• Hashing is useful for various security purposes
• Message authentication codes
• Hash chains
• Breaks on hash algorithms have various bad
  security effects

2
Thinking More About Hashing

• What is a hashing function?
• Takes one value and produces another
• The output cant be used to determine the input
• For many hash functions
• But the output also not computable without the
  input

3
The Basic Hash Operation

• X H(X)
• Cant guess X based on X
• Cant produce X without knowing X
• Given X, H(), and X, cant produce Y such that
  H(Y) X
• So, given H(), only someone knowing X could have
  produced X

4
Message Authentication Codes

• MACs
• Essentially something to authenticate that a
  message hasnt changed
• A kind of digital signature
• Usually used in communications contexts

5
Authenticating a Message

• Could just sign message with public keys
• Could hash message and sign with public key
• What if you dont need to authenticate
  originator?
• Just need to be sure it hasnt changed
• Typical case for a MAC

6
Basic MAC

• Take message X
• Hash it with function H()
• Getting X
• Attach X to X
• Receiver checks that X and X match
• By repeating hash operation H() on X

7
A Little Problem

• If everyone knows H(), everyone can create X
• Worse, everyone can take Y and produce proper
  Y
• Attacker can replace X/X message with Y/Y
  message
• Often need to prevent that . . .

8
Keyed Hashes

• Use HMACs, instead
• keyed-Hash Message Authentication Codes
• Feed secret key into input of a hash function
• H(X,K)
• Often H() is ordinary hash function
• Typically by combining key with input
• In slightly complex way
• Feed combination into hash function
• Cheaper than hashing and PK signature of hash

9
Security of Keyed Hash Functions

• Attacker assumed to know H() and X
• Often knows X
• Since hash is used as MAC
• Doesnt know K
• If hash function is good, cant create proper Y
  for arbitrary Y

10
Hash Security Properties and HMACs

• Cant guess X based on X
• Important, since X includes key
• Cant produce X without knowing X
• Otherwise attacker can forge messages
• Given X, H(), and X, cant produce Y such that
  H(Y) X
• Otherwise attacker can create new message with
  old HMAC

11
Hash Chains

• Say I start with a value X

Now I apply hash function H()
Now I apply H() repetitively to the results
Thats a hash chain
12
Properties of a Hash Chain

• Generally, the values are pseudorandom

• X and X are not obviously related

• If you dont know H(), the next link is
  unpredictable

• X is not derivable from X
• Even if you do know H()
• So X can be secret, even if you know X and H()

13
Using Hash Chains

• Cryptographic key generation
• Create a key
• Use it for a while
• Then use secret hash function on that key to
  create a new one
• If hashs pseudorandom and non-reversible
  properties strong, relatively safe

14
Reverse Hash Chains

• Generate a hash chain
• Of some chosen length

• Then reverse it

15
Whats So Great About That?

• I know the entire reverse hash chain
• I can gradually tell others about it, element by
  element
• When they know , what can I now do?
• I can tell them about
• They now know something useful

16
OK, What Do They Know?

• That I knew when I told them
• They can check that with the hash
• So both messages come from the same source
• If they authenticated the first message, the hash
  value authenticates the second

17
Complications

• There are serious issues with this
• Cut-and-paste attacks
• Man-in-the-middle
• Well discuss these later
• But proper use can allow most authentications to
  pay hash costs
• Much lower than other crypto costs

18
What If Hash Is Broken?

• What if
• You can guess X based on X?
• You can produce X without knowing X
• Given X, H(), and X, you can produce Y such that
  H(Y) X
• Which of these produce problems for hash chains?

19
For Example, The SHA-1 Break

• Given X, can calculate a Y that hashes to X
  (using SHA-1)
• Means that hash signature of X also matches Y
• So attacker can replace X with Y
• When is that bad?