Professional Documents
Culture Documents
1
Hash function
2
The hash code is also referred to as a
message digest or hash value.
The hash code is a function of all the bits of
the message and provides an error-detection
capability:
A change to any bit or bits in the message
results in a change to the hash code.
3
Unlike a MAC, a hash code does not use a
key but is a function only of the input
message.
Figure 11.5 illustrates a verity of ways
in which a hash code can be used to provide
message authentication, as follows:
4
Confidentiality and authentication
Authentication
Authentication,
digital signature
5
Authentication, digital signature, confidentiality
Authentication, confidentiality
6
The message plus concatenated hash code is
encrypted using symmetric encryption.
Here only A and B share the secret key; the message
must have come from A and has not been altered.
Hash code provides the structure or redundancy
required to achieve authentication because
encryption is applied to the entire message plus hash
code, confidentiality is also provided.
7
Only the hash code is encrypted, using
symmetric encryption.
This reduces the processing burden for
those applications that do not require
confidentiality.
Note that the combination of hashing and
encryption results in an overall function that
is, in fact, a MAC (figure 11.4a).
8
That is, EK[H(M)] is a function of a variable-length
message M and a secret key D, and it produces a fixed-
size output that is secure against an opponent who does
not know the secret key.
9
Only the hash code is encrypted, using
public-key encryption and using the
sender’s private key.
As with (b), this provides authentication.
It also provides a digital signature, because
only the sender could have produced the
encrypted hash code.
In fact, this is the essence of the digital
signature technique.
10
If confidentiality as well as a digital signature is desired,
then the message plus the public-key-encrypted hash
code can be encrypted using a symmetric secret key.
This is a common technique.
11
12
13
Confidentiality can be added to the
approach of (e) by encrypted the entire
message plus the hash code.
14
Requirements for Hash function
A hash function H takes a message M of variable length
and transforms it into a fixed-length hash value h
– h = H(M)
15
Other Hash Function Uses
to create a one-way password file
– store hash of password not actual password
for intrusion detection and virus detection
– keep & check hash of files on system
pseudorandom function (PRF) or
pseudorandom number generator (PRNG)
16
Two Simple Insecure Hash Functions
17
Hash Function Requirements
18
Introduction to PKI,
Certificates
& Public Key Cryptography
19
Introduction to PKI, Certificates & Public Key
Cryptography
Role of Computer Security
CIA
Non-repudiability
Bind an entity to its actions
20
Introduction to PKI, Certificates & Public Key
Cryptography
• Hash Functions
• Certificates
• PKI
21
Introduction to PKI, Certificates & Public Key
Cryptography
Hash Functions:
Bind one entity with a unique ID => Signature
Hash + Encryption => trusted signature
S(S(M)) = M
Problem:
how to exchange secret keys ?
=>Secret Key Server (ex: kerberos)
22
Introduction to PKI, Certificates & Public Key
Cryptography
Main cryptographic tools
Public Key Cryptography:
Each user has a public key P and a private key S, and an algorithm A.
P(S(M)) = S(P(M)) = M
No shared secret !
23
Introduction to PKI, Certificates & Public Key
Cryptography
24
Introduction to PKI, Certificates & Public Key
Cryptography
Certificate
A certificate binds an entity with its public key.
It’s just a digitally signed piece of data.
digital ID card
Certificate =
an entity’s description (name, etc.) The certificate is issued
+ and signed by a trusted
entity’s public key Certificate Authority (CA)
+
expiration date, serial number, etc.
+ Digital signature:
CA’s name CA signature = certificate hash,
+ encrypted with CA’s private key
a signature issued by a CA
25
Introduction to PKI, Certificates & Public Key
Cryptography
Certificate
Certificates enable:
• Clients to authenticate servers
• Servers to authenticate clients
• Public key exchange without Public Key Server
No disclosure of private/secret keys.
Special features:
• chains of CAs, to distribute the task of issuing Certificates
• Certificate Revocation List, to disable certificates
26
Introduction to PKI, Certificates & Public Key
Cryptography
Certificat: X509
27
Introduction to PKI, Certificates & Public Key
Cryptography
example: IPSec
Configuration:
• 2 transfert modes: tunnel or transport
• 2 transfert protocols:
• AH (Authentication Header) => authenticated traffic
• ESP (Encapsulating Security Payload) => encrypted traffic
28
Introduction to PKI, Certificates & Public Key
Cryptography
Certificate:
• unsecured computer: certificates can be stolen, password spied
• certificate password: certificates are stored encrypted, with weak password
• untrustable CA: easy to be issued a certificate from a CA
• users: they seldom check if CA can be trusted before
accepting certificates (netscape GUI)
Attack example:
• hack client’s computer, steal certificate & password
• man in the middle
29
Public Key Infrastructure
( PKI )
INTRODUCTION
30
Enterprise PKI
31
What is PKI?
Public/Private key pair
The public key is a string of bits
A public key certificate answers the following questions (and
many more)
• Whose certificate is it?
• What can it be used for?
• Is it still valid?
• Example uses:
– Is this really the key for Jack Nathan?
– Can this key be used to send an encrypted message to John Smith?
– Was the key used for digitally signing this document valid at the
time of signing?
– Fetch me the key of Mike Jones
32
Security Services That Can Be
Supported By PKI
37
Cryptography
encryption
message encryption key
algorithm
Transmission
Channel
decryption
decryption key message
algorithm
38
Public Key Cryptosystem (RSA)
A public encryption method that relies on a public
encryption algorithm, a public decryption
algorithm, and a public encryption key.
Using the public key and encryption algorithm,
everyone can encrypt a message.
The decryption key is known only to authorized
parties.
Asymmetric method.
– Encryption and decryption keys are different; one is not
easily computed from the other.
39
Public Key Cryptosystem (RSA)
p and q are two prime numbers.
n = pq
m = (p-1)(q-1)
a is such that 1 < a < m and gcd(m,a) = 1.
b is such that (ab) mod m = 1.
a is computed by generating random positive
integers and testing gcd(m,a) = 1 using the
extended Euclid’s gcd algorithm.
The extended Euclid’s gcd algorithm also
computes b when gcd(m,a) = 1.
40
RSA Encryption And Decryption
Message M < n.
Encryption key = (a,n).
Decryption key = (b,n).
Encrypt => E = Ma mod n.
Decrypt => M = Eb mod n.
41
Breaking RSA
Factor n and determine p and q, n = pq.
Now determine m = (p-1)(q-1).
Now use Euclid’s extended gcd algorithm
to compute gcd(m,a). b is obtained as a
byproduct.
The decryption key (b,n) has been
determined!
42
Security Of RSA
Relies on the fact that prime factorization is
computationally very hard.
Let q be the number of bits in the binary
representation of n.
No algorithm, polynomial in q, is known to
find the prime factors of n.
Try to find the factors of a 100 bit number.
43
Why Do We Need Certificates?
45
A Certificate with Policy
Information
46
Problems with Identity Certificates
Which “Don Smith?” does this certificate corresponds to?
Suppose there are two “Don Smith” s in the same
organization, how do we know to whom a given certificate
belongs?
Where directory do we look up for “Don Smith?”
Examples:
– PGP: Used for email encryption
• Identity is name + email address
– SPKI: Used for authorization/access control
• Identity is a name meaningful within the domain of application
– Account name on a server
– Credit card number
– Merchant ID
– PGP and SPKI also use the public key as a unique ID
47
Basic Certificate Contents
Version
Serialnumber
Signature (algorithm identifier: DSA with SHA-
1)Issuer
Validity
Subject (Name)
Subject PublicKeyInfo
IssueruniqueID (optional)
subjectuniqueID (optional)
48
PKI ARCHITECTURES
49
Conventional PKI Architecture
RA CA CA RA
Repository Repository
50
PKI Architectures
Single CA
Hierarchical PKI
Mesh PKI
Trust lists (Browser model)
Bridge CAs
51
Single CA
52
Hierarchical PKI
CAs have a hierarchical relationship (as in a
tree)
All CAs trust the root CA
Root CA certifies its child CAs, and they in
turn certify their child CAs, and so on.
Easy to establish/verify trust relationship
between any two CAs
53
Strict Hierarchy of CAs
54
Mesh PKI
CAs have peer-to-peer relationships
Users trust the CA that issued their
certificates
55
Trust lists (Browser)
User trusts more than one CA
Each CA could be a single CA or part of a PKI
– For hierarchies, should be the root
– For mesh PKIs, could be any CA
56
Bridge CA
Designed to address the shortcomings of the trust
lists and cross-certified enterprise architecture
To unify many PKIs into a single PKI---acts as a
sort of trust arbitrator
If the trust domain is implemented as a
hierarchical PKI, the bridge CA will establish a
relationship with the root CA
If the domain is implemented as a mesh, the
bridge will establish a relationship with one of its
CAs.
57
Cross-certification
CA of one organization being certified (for
trust purposes) by another CA of a different
organization
Peer-to-peer relationships among CAs
Appropriate when a small number of
enterprise PKIs intend to establish trust
relationships
58