HMAC, RIPEMD160 & Digital Signature

Message Authentication Problem

Message Authentication is concerned with:
protecting the integrity of a message
validating identity of originator
How to detect changes by adversary to message?
Ancient solution :
sign and seal
More technique: break to message part and
authenticator part (“tag”)
How to do this digitally?
Create a tag t(M) and send tag securely
Communication without authentication

Very easy..

Eve can simply

Eve change the message

M M’

Alice Bob

Shared key k to generate authenticate message

Integrity Protection with MAC
k=??,
MAC=??
Eve can not forge
Eve MAC when k is
unknown

M M’

MAC (k,M) MAC??

Alice Bob

Key : k Key : k

Shared key k to generate authenticate message

MAC Authentication (I)
MAC allows two or more mutually trusting parties to
authenticate messages sent between members

Only Alice and me know

Eve k, one of us sent M.

If I do not send M,
Alice Bob then Alice must
have sent it.
M
Key : k Key : k

MAC (k,M)
MAC Authentication (II)
MAC allows two or more mutually trusting parties to
authenticate messages sent between members

Chris Only Alice, Chris, Doug

Eve and me know k, one of
us sent M.
Key : k

Alice Bob

M
Key : k Key : k

Doug MAC (k,M)

Key : k
Integrity with Hash
Forge M’ and
compute h(M’)

Eve
No shared key

M M’

h (M) h (M)

Alice Bob

Can we simply send the hash with the message to serve message authentication ?
Ans: No, Eve can change the message and recompute the hash.
Using hash needs more appropriate procedure to guarantee integrity
Message Authentication Code
A function of the message and a secret key that produces a
fixed-length value that serves as the authenticator
Generated by an algorithm :
generated from message + secret key : MAC = C(K,M)
A small fixed-sized block of data
appended to message as a signature when sent
Receiver performs same computation on message and checks
it matches the MAC
Keyed Hash Functions as MACs
Want a MAC based on a hash function
● because hash functions are generally faster
● crypto hash function code is widely available
Need a hashing including a key along with message
But hashing is internally has no key!
Original proposal:
KeyedHash = Hash(Key|Message)
● some weaknesses were found with this

Eventually led to development of HMAC

HMAC
Hash-based Message Authentication Code
Developed by Mihir Bellare, Ran Canetti, and Hugo
Krawczyk in1996
Specified as Internet standard RFC2104
Use cryptographic hash function in combination with
a secret key
Any hash function can be used
● eg. MD5, SHA-1, RIPEMD-160, Whirlpool
● HMAC-MD5, HMAC-SHA1, HMAC-RIPEND-160,
HMAC-Whirlpool
HMAC-SHA1 and HMAC-MD5 are used within
the IPsec and TLS protocols
HMAC Overview
Scheme consists of 2-stage nested : an
inner and outer hash
K+ is expanded key k padded with zeros on
the left so that the result is b bits in length
Intermediate result of first hash padded to
increase complexity next hash
Different “round keys” generated for
each hash
Stage 1: k1 = K+ ⊕ ipad
Stage 2: k2 = K+ ⊕ opad
Ipad : a string of repeated 0x36
00110110,00110110, . . .,00110110
Opad : is a string of repeated 0x5C
01011100,01011100, . . .,01011100

HMAC(K,M) = H( (K+⊕opad) | H( (K+ ⊕ ipad)| M) )

Simplified Visualize
Summary
A Hash is used to guarantee the integrity of data, a MAC
guarantees integrity AND authentication
A Hash take a single input – a message and produces a
message digest
A MAC algorithm takes two inputs -- a message and a
secret key -- and produces a MAC
A HMAC algorithm is simply a specific type of MAC
algorithm that uses a hash algorithm internally to
generate the MAC
RIPEMD-160
RIPEMD-160 was developed in Europe as part of RIPE
project in 96
by researchers involved in attacks on MD4/5
initial proposal strengthen following analysis to
become RIPEMD-160
somewhat similar to MD5/SHA
uses 2 parallel lines of 5 rounds of 16 steps
creates a 160-bit hash value
slower, but probably more secure, than SHA
RIPEMD-160 Overview
1. pad message so its length is 448 mod 512
2. append a 64-bit length value to message
3. initialise 5-word (160-bit) buffer (A,B,C,D,E) to
(67452301,efcdab89,98badcfe,10325476,c3d2e1f0)
4. process message in 16-word (512-bit) chunks:
use 10 rounds of 16 bit operations on message block &
buffer – in 2 parallel lines of 5
add output to input to form new buffer value
5. output hash value is the final buffer value
RIPEMD-160 Round
RIPEMD-160 Compression Function
RIPEMD-160 Design Criteria
use 2 parallel lines of 5 rounds for increased complexity
for simplicity the 2 lines are very similar
step operation very close to MD5
permutation varies parts of message used
circular shifts designed for best results
RIPEMD-160 verses MD5 & SHA-1
brute force attack harder (160 like SHA-1 vs 128 bits for
MD5)
not vulnerable to known attacks, like SHA-1 though
stronger (compared to MD4/5)
slower than MD5 (more steps)
all designed as simple and compact
Digital Signature

20
Digital Signature
1. Digital Signature is a type of electronic signature
that encrypts documents with digital codes that are
particularly difficult to duplicate
2. In case of digital signature message is encrypted
with the private key and decrypted with the public
key.
On BOB
On FRANK side
Digital Signature Algorithm

26
At Sender Side

1. Message digest is generated using a set of Hash functions.

2. A message digest is encrypted using senders private key.

3. The resulting encrypted message is known as digital

signature.

4. Digital signature is attached with data or message and send

to receiver.
At Receiver Side
1. Receiver uses senders public key to decrypt senders digital
signature to obtain message digest send by receiver.

2. Receiver uses same message digest algorithm, which is used

by sender

3. Now, receiver will compare these two message digest

4. If message digest are equal then signature is valid else not.

Advantages
• Authentication:
– Identification of person sign.
• Integrity of data:
– Every change is detected.
• Non Repudiation:
– Author has encrypted sign on message.
• Speed:
– Contracts are easily written, completed, and signed by all
concerned parties in a little amount of time no matter how far the
parties are geographically.
Disadvantages
Expiry
Certificate issue procedures
Software compatibility