ECEG-6530

Computer (and Network) Security

Hash functions, PKI

1
Hash function

 Hash function is a public function which

accepts a variable size message M as input
and produces a fixed-size output, referred to
as a hash code H(M).

2
 The hash code is also referred to as a
message digest or hash value.
 The hash code is a function of all the bits of
the message and provides an error-detection
capability:
A change to any bit or bits in the message
results in a change to the hash code.

3
 Unlike a MAC, a hash code does not use a
key but is a function only of the input
message.
 Figure 11.5 illustrates a verity of ways
in which a hash code can be used to provide
message authentication, as follows:

4
Confidentiality and authentication

Authentication

Authentication,
digital signature

5
Authentication, digital signature, confidentiality

Authentication (no encryption needed!)

Authentication, confidentiality

6
 The message plus concatenated hash code is
encrypted using symmetric encryption.
 Here only A and B share the secret key; the message
must have come from A and has not been altered.
 Hash code provides the structure or redundancy
required to achieve authentication because
encryption is applied to the entire message plus hash
code, confidentiality is also provided.

7
 Only the hash code is encrypted, using
symmetric encryption.
 This reduces the processing burden for
those applications that do not require
confidentiality.
 Note that the combination of hashing and
encryption results in an overall function that
is, in fact, a MAC (figure 11.4a).

8
That is, EK[H(M)] is a function of a variable-length
message M and a secret key D, and it produces a fixed-
size output that is secure against an opponent who does
not know the secret key.

9
 Only the hash code is encrypted, using
public-key encryption and using the
sender’s private key.
 As with (b), this provides authentication.
 It also provides a digital signature, because
only the sender could have produced the
encrypted hash code.
 In fact, this is the essence of the digital
signature technique.

10
If confidentiality as well as a digital signature is desired,
then the message plus the public-key-encrypted hash
code can be encrypted using a symmetric secret key.
This is a common technique.

11
12
13
 Confidentiality can be added to the
approach of (e) by encrypted the entire
message plus the hash code.

 When confidentiality is not required,

methods (b) and (c) have an advantage over
those that encrypt the entire message in that
less computation is required.

14
Requirements for Hash function
 A hash function H takes a message M of variable length
and transforms it into a fixed-length hash value h
– h = H(M)

 A hash function H must have the following properties:

– One-way property: for any given value h, it is computationally
infeasible to find x such that H(x) = h.
– Weak collision resistance: for any given message x, it is
computationally infeasible to find y ≠ x with H(y) = H(x)
– Strong collision resistance: it is computationally infeasible to find
any pair (x,y), such that H(x) = H(y).

15
Other Hash Function Uses
 to create a one-way password file
– store hash of password not actual password
 for intrusion detection and virus detection
– keep & check hash of files on system
 pseudorandom function (PRF) or
pseudorandom number generator (PRNG)

16
Two Simple Insecure Hash Functions

 consider two simple insecure hash functions

 bit-by-bit exclusive-OR (XOR) of every block
– Ci = bi1 xor bi2 xor . . . xor bim
– a longitudinal redundancy check
– reasonably effective as data integrity check
 one-bit circular shift on hash value
– for each successive n-bit block
• rotate current hash value to left by1bit and XOR block
– good for data integrity but useless for security

17
Hash Function Requirements

18
 Introduction to PKI,
Certificates
& Public Key Cryptography

19
Introduction to PKI, Certificates & Public Key
Cryptography
Role of Computer Security
CIA

• Confidentiality: protection against data disclosure

• Integrity: protection against data modification

• Availability: protection against data disponibility

Identification & Authentication (I&A)

Provide a way of identifying entities, and controlling this identity

Non-repudiability
Bind an entity to its actions

20
Introduction to PKI, Certificates & Public Key
Cryptography

How to implement CIA, I&A, N-R ? With

Cryptography !

Main cryptographic tools:

• Hash Functions

• Secret Key Cryptography

• Public Key Cryptography

And their combinations:

• Certificates

• PKI
21
Introduction to PKI, Certificates & Public Key
Cryptography

Main cryptographic tools

Hash Functions:
Bind one entity with a unique ID => Signature
Hash + Encryption => trusted signature

Symmetric Key Cryptography

2 users share a secret key S and
an algorithm.

S(S(M)) = M

Problem:
how to exchange secret keys ?
=>Secret Key Server (ex: kerberos)

22
 Introduction to PKI, Certificates & Public Key
Cryptography
Main cryptographic tools
Public Key Cryptography:
Each user has a public key P and a private key S, and an algorithm A.
P(S(M)) = S(P(M)) = M
 No shared secret !

Authentication with Public Key Crypto

Encryption with Public Key Crypto

23
Introduction to PKI, Certificates & Public Key
Cryptography

Main cryptographic tools, PKI

How to distribute public keys ?

 Public Key Server (PKS), key exchange protocols

Public Key Infrastructure (PKI):

PKI = N x (Entities with private keys) + public key exchange system

REM: Public Key algorithms are slow

 Need to use both Public & Secret Key Cryptography
 Public Key Protocols work in 3 phases
1. Authentication via Public Key Cryptography (challenge)
2. Exchange of a session Secret Key, encrypted with Public Key Crypto
3. Session encrypted with Symmetric Cryptography

24
Introduction to PKI, Certificates & Public Key
Cryptography
Certificate
A certificate binds an entity with its public key.
It’s just a digitally signed piece of data.

 digital ID card

Certificate =
an entity’s description (name, etc.) The certificate is issued
+ and signed by a trusted
entity’s public key Certificate Authority (CA)
+
expiration date, serial number, etc.
+ Digital signature:
CA’s name CA signature = certificate hash,
+ encrypted with CA’s private key
a signature issued by a CA

25
Introduction to PKI, Certificates & Public Key
Cryptography

Certificate

The certificate’s CA is the only entity able to create/modify the certificate

 the CA has to be trusted

Certificates enable:
• Clients to authenticate servers
• Servers to authenticate clients
• Public key exchange without Public Key Server
 No disclosure of private/secret keys.

Certificates are usually stored encrypted.

Special features:
• chains of CAs, to distribute the task of issuing Certificates
• Certificate Revocation List, to disable certificates

26
Introduction to PKI, Certificates & Public Key
Cryptography

Usual cryptographic algorithms & infrastructures

Hash: MD4, MD5, SHA-1

Symmetric Key: DES, 3DES, AES (Rijnael),

IDEA, RC4

Public/Private Key: RSA, Diffie-Hellman

Certificat: X509

PKI: IPSec, SSL, (kerberos)

27
 Introduction to PKI, Certificates & Public Key
Cryptography

example: IPSec

IPSec works at IP level.

Provide authentication and encryption. Used to build VPNs.

Configuration:
• 2 transfert modes: tunnel or transport
• 2 transfert protocols:
• AH (Authentication Header) => authenticated traffic
• ESP (Encapsulating Security Payload) => encrypted traffic

Key exchange protocols:

Internet Key Exchange (IKE),
Internet Security Association and Key Management Protocol (ISAKMP),
etc.

28
Introduction to PKI, Certificates & Public Key
Cryptography

Weaknesses of PKI and Certificates

PKI:
• unsecured server: hackable Public Key/Certificate servers
• unsecured client: private keys/passwords can be stolen/spied
• weak algorithm: short keys, implementation or design breach

Certificate:
• unsecured computer:
• certificate password:
• untrustable CA:
• users:
certificates can be stolen, password spied
certificates are stored encrypted, with weak password
easy to be issued a certificate from a CA
they seldom check if CA can be trusted before
accepting certificates (netscape GUI)

Attack example:
• hack client’s computer, steal certificate & password
• man in the middle

29
Public Key Infrastructure
( PKI )

INTRODUCTION

30
Enterprise PKI

31
What is PKI?
Public/Private key pair
The public key is a string of bits
A public key certificate answers the following questions (and
many more)
• Whose certificate is it?
• What can it be used for?
• Is it still valid?
• Example uses:
– Is this really the key for Jack Nathan?
– Can this key be used to send an encrypted message to John Smith?
– Was the key used for digitally signing this document valid at the
time of signing?
– Fetch me the key of Mike Jones

32
Security Services That Can Be
Supported By PKI

 Authentication - Ability to verify the

identity of an entity
 Confidentiality - Protection of information
from unauthorized disclosure
 Data Integrity - Protection of information
from undetected modification
 Non-repudiation - Prevention of an entity
from denying previous actions
 Key estalishment
33
A Fully Functional PKI
 Certification authority
 Certificate repository
 Certificate revocation
 Key backup and recovery
 Automatic key update
 Key history management
 Cross-certification
 Support for non-repudiation
 Time stamping
 Client software
34
Secret Key Cryptography
 Classical form of cryptography
 Single key used to encrypt and decrypt data
 Strengths
–Very fast relative to public key
cryptography
–Relatively short keys
 Weakness: Key must be shared among
interested parties
35
Public Key Cryptography
• Each entity has a PAIR of mathematically related
keys
– Private Key - known by ONE
– Public Key - known by Many
 Not feasible to determine Private Key from Public
Key
 Strength – no shared private keys
 Weakness
– Relatively slow
– Requires longer keys for same level of
security
36
Public Key Cryptography (cont.)
 Public key is best suited to
– Digital signatures (e.g., RSA and DSA)
– Key Management
• Key transfer (e.g., RSA)
• Key agreement (e.g., Diffie-Hellman)

37
 Cryptography
encryption
message encryption key
algorithm

Transmission
Channel

decryption
decryption key message
algorithm

38
Public Key Cryptosystem (RSA)
 A public encryption method that relies on a public
encryption algorithm, a public decryption
algorithm, and a public encryption key.
 Using the public key and encryption algorithm,
everyone can encrypt a message.
 The decryption key is known only to authorized
parties.
 Asymmetric method.
– Encryption and decryption keys are different; one is not
easily computed from the other.

39
Public Key Cryptosystem (RSA)
 p and q are two prime numbers.
 n = pq
 m = (p-1)(q-1)
 a is such that 1 < a < m and gcd(m,a) = 1.
 b is such that (ab) mod m = 1.
 a is computed by generating random positive
integers and testing gcd(m,a) = 1 using the
extended Euclid’s gcd algorithm.
 The extended Euclid’s gcd algorithm also
computes b when gcd(m,a) = 1.
40
RSA Encryption And Decryption
 Message M < n.
 Encryption key = (a,n).
 Decryption key = (b,n).
 Encrypt => E = Ma mod n.
 Decrypt => M = Eb mod n.

41
Breaking RSA
 Factor n and determine p and q, n = pq.
 Now determine m = (p-1)(q-1).
 Now use Euclid’s extended gcd algorithm
to compute gcd(m,a). b is obtained as a
byproduct.
 The decryption key (b,n) has been
determined!

42
Security Of RSA
 Relies on the fact that prime factorization is
computationally very hard.
 Let q be the number of bits in the binary
representation of n.
 No algorithm, polynomial in q, is known to
find the prime factors of n.
 Try to find the factors of a 100 bit number.

43
Why Do We Need Certificates?

 Associate the public key with a name or

entity
 What is this key good for?
– Signatures or encryption?
– Authorization
– Secure mail, secure web, or digital
signatures
– How can I trust it?
44
Example Public Key Certificate

45
A Certificate with Policy
Information

46
Problems with Identity Certificates
 Which “Don Smith?” does this certificate corresponds to?
 Suppose there are two “Don Smith” s in the same
organization, how do we know to whom a given certificate
belongs?
 Where directory do we look up for “Don Smith?”
 Examples:
– PGP: Used for email encryption
• Identity is name + email address
– SPKI: Used for authorization/access control
• Identity is a name meaningful within the domain of application
– Account name on a server
– Credit card number
– Merchant ID
– PGP and SPKI also use the public key as a unique ID

47
Basic Certificate Contents
 Version
 Serialnumber
 Signature (algorithm identifier: DSA with SHA-
1)Issuer
 Validity
 Subject (Name)
 Subject PublicKeyInfo
 IssueruniqueID (optional)
 subjectuniqueID (optional)
48
PKI ARCHITECTURES

49
Conventional PKI Architecture
RA CA CA RA

Repository Repository

Relying party Relying party Relying party

User User User User

CA: Certification Authority

RA: Registration Authority

50
PKI Architectures
 Single CA
 Hierarchical PKI
 Mesh PKI
 Trust lists (Browser model)
 Bridge CAs

51
Single CA

 A CA that issues certificates to users and systems,

but not to other CAs
– Easy to build
– Easy to maintain
– All users trust this CA
– Paths have one certificate and one CRL
– Doesn’t scale particularly well

52
Hierarchical PKI
 CAs have a hierarchical relationship (as in a
tree)
 All CAs trust the root CA
 Root CA certifies its child CAs, and they in
turn certify their child CAs, and so on.
 Easy to establish/verify trust relationship
between any two CAs

53
Strict Hierarchy of CAs

54
Mesh PKI
 CAs have peer-to-peer relationships
 Users trust the CA that issued their
certificates

55
Trust lists (Browser)
 User trusts more than one CA
 Each CA could be a single CA or part of a PKI
– For hierarchies, should be the root
– For mesh PKIs, could be any CA

56
Bridge CA
 Designed to address the shortcomings of the trust
lists and cross-certified enterprise architecture
 To unify many PKIs into a single PKI---acts as a
sort of trust arbitrator
 If the trust domain is implemented as a
hierarchical PKI, the bridge CA will establish a
relationship with the root CA
 If the domain is implemented as a mesh, the
bridge will establish a relationship with one of its
CAs.

57
Cross-certification
 CA of one organization being certified (for
trust purposes) by another CA of a different
organization
 Peer-to-peer relationships among CAs
 Appropriate when a small number of
enterprise PKIs intend to establish trust
relationships

58