Professional Documents
Culture Documents
Unit 3
Unit 3
Original data
Message digest
algorithm
Message Digest
Message Digest: Example
▪Original number is 7391743
▪Operation Result
▪Multiply 7 by 3 21
▪Discard first digit 1
▪Multiply 1 by 9 9
▪Multiply 9 by 1 9
▪Multiply 9 by 7 63
▪Discard first digit 3
▪Multiply 3 by 4 12
▪Discard first digit 2
▪Multiply 2 by 3 6
•Message digest is 6
Message Digest Demands - 1
Original data
Message
Should be possible and the
digest
result should always be the
algorithm
same
Message
digest
Message Digest Demands - 2
Message
digest
Reverse
Message
Must not be possible digest
algorithm
Original data
Message Digest Demands - 3
Message Message
digest digest
algorithm algorithm
Message Message
digest 1 digest 2
a b c d e
Process P
Add
s5 Add
Add W[t]
Add K[t]
a b c d e
One Iteration of SHA – 1
• W[t] –
Value of W[t]
For t=0 to 15 Same as M[t] i.e.16 input sub blocks of 32 bits
1 1 and 19 5A 92 79 99
2 20 and 39 6E D9 EB A1
3 40 and 59 9F 1B BC DC
4 60 and 79 CA 62 C1 D6
Message Digests - Advantages
• The generation of a digest is very fast and the digest
itself is very small and can easily be encrypted and
transmitted over the internet
• It is very easy and fast (and therefore cheap) to
check some data for validity
• The algorithms are well known and implemented in
most major programming languages, so they can be
used in almost all environments
Message Digests - Weaknesses
Very easy..
M M’
Alice Bob
Integrity Protection with MAC
k=??,
MAC=??
Eve can not forge
Eve MAC when k is
unknown
M M’
Alice Bob
Key : k Key : k
If I do not send M,
Alice Bob then Alice must
have sent it.
M
Key : k Key : k
MAC (k,M)
MAC Authentication (II)
Alice Bob
M
Key : k Key : k
Key : k
Integrity with Hash
▪ Can we simply send the hash with the message to serve
message authentication ?
▪ Ans: No, Eve can change the message and recompute the hash.
▪ Using hash needs more appropriate procedure to guarantee
integrity
Forge M’ and
compute h(M’)
Eve
No shared key
M M’
h (M) h (M)
Alice Bob
Message Authentication Requirements
Possible Attacks in the context of communication:
▪ Disclosure
▪ Release of message contents to any person or process not
possessing the appropriate cryptographic key.
▪ Traffic analysis
▪ Discovery of the pattern of traffic between parties.
▪ Connection- oriented application
▪ the frequency and duration of connections could be determined.
▪ Connection-oriented or connectionless environment
▪ the number and length of messages between parties could be
determined.
Message Authentication Requirements
Possible Attacks in the context of communication :
▪ Masquerade
▪ Insertion of messages into the network from a fraudulent
source.
▪ fraudulent acknowledgments of message receipt
▪ nonreceipt by someone other than the message recipient.
▪ Content modification
▪ Changes to the contents of a message, including insertion,
deletion, transposition, and modification.
▪ Sequence modification
▪ Any modification to a sequence of messages between
parties, including insertion, deletion, and reordering.
Message Authentication Requirements
Possible Attacks in the context of communication :
▪ Timing modification:
▪ Delay or replay of messages.
▪ Connection-oriented application
▪ an entire session or sequence of messages could be a replay of
some previous valid session, or individual messages in the
sequence could be delayed or replayed.
▪ Connectionless application
▪ an individual message (e.g., datagram) could be delayed or
replayed.
▪ Source repudiation
▪ Denial of transmission of message by source.
▪ Destination repudiation
▪ Denial of receipt of message by destination.
Message Authentication Requirements
• Message authentication mechanism
• some sort of function that produces an authenticator
• a value to be used to authenticate a message.
User B received
the document with
Verify the signature signature attached
by A’s public key stored
at the directory
User B
54
Digital Signature Generation & Verification
Message Message
Digest
Digest
Algorithm Hash function Algorithm Hash function
Digest
Public Key
Digital Certificate
Issuer Name
Subject Name
Extensions
Version Identifies a particular version of the X.509 protocol, which is used for this digital
certificate. Currently, this field can contain 1, 2 or 3.
Certificate Serial Number Contains a unique integer number, which is generated by the CA.
Signature Algorithm Identifies the algorithm used by the CA to sign this certificate.
Identifier
Issuer Name Identifies the Distinguished Name (DN) of the CA that created and signed
this certificate.
Validity (Not Before / Not Contains two date-time values (Not Before and Not After), which specify the
After) timeframe within which the certificate should be considered as valid. These
values generally specify the date and time up to seconds or milliseconds.
Subject Name Identifies the Distinguished Name (DN) of the end entity (i.e. the user or the
organization) to whom this certificate refers. This field must contain an entry
unless an alternative name is defined in Version 3 extensions.
Subject Public Key Contains the subject’s public key and algorithms related to that key. This field can
Information never be blank.
X.509 Certificate
▪ Certification Authority : Trusted organization that
issues certificates and maintains status information
about certificates.
End user
Registratio Certificatio
n n Authority
End user Authority (CA)
(RA)
End user
X.509 Certificate
▪ Registration Authority (RA)
▪ Acts on behalf of a CA & provides following services :
▪ Accepting & verifying registration information about new
users
▪ Generating keys on behalf of the end users
▪ Accepting & authorizing requests for key back ups &
recovery
▪ Accepting & authorizing requests for certificate revocation
X.509 Certificate
▪ Digital Certificate Creation
Key generation
Registration
Verification
Certificate creation
Digital Certificate Request
Digital Certificate Contents
X.509 Certificate
▪ Why to Trust Digital Certificate
▪ Because it is digitally signed by Certification Authority.
▪ How does CA sign a digital certificate :
▪ Calculates a message digest of all fields of certificate using
algorithm like MD 5, SHA -1.
▪ Encrypts the digest with its private key
▪ Inserts the calculated digital signature in the certificate.
Creation
Version
of CA Signature on Digital Certificate
Certificate Serial Number
Signature Algorithm
Identifier
Message
Issuer Name Digest
Validity (Not Before / Not
After)
Algorithm
Subject Name
Digital
Signature
Algorithm
CA’s Private
Key
Digital
Signature
Verification of CA Signature on a Certificate
Version
Certificate Serial Number
Signature Algorithm Identifier Step 1
Issuer Name Message
Validity (Not Before / Not After) Digest
Subject Name
Subject Public Key Information
Algorithm
Issuer Unique Identifier
Subject Unique Identifier
Extensions
Step 2
Certification Authority’s Digital Signature Message
Digest
Step 3 (MD1)
Digital
Signature
Step 6
Is
De-signing Step 4 MD1 =
MD2
Algorithm
(Decryption)
CA’s Public
Key
Message Step 5 Valid Invalid
Digest Certificate Certificate
(MD2) Accept Reject
X.509 Certificate
▪ Certificate Revocation
▪ Reasons for certificate revocation :
▪ Certificate holder’s private key is compromised – user
initiates revocation process
▪ CA realizes some mistake made while issuing certificate –
CA initiates revocation process
▪ Certificate holder leaves a job and certificate was issued
while he was employed in that job – Employer initiates
revocation process
▪ CA must authenticate Certificate Revocation Requester
before accepting revocation request.
CA Hierarchy (Chain of Trust)
▪ There can be multiple level CAs
▪ Useful for delegation of work
Root CA
… …
Same Root CA
Root CA
Alice … … Bob
Verifying Root CA
Digital Certificate
…
Issuer Name: ???
Subject Name: Root
…
Digital Certificate
…
Issuer Name: Root
Subject Name: A3
…
Digital Certificate
…
Issuer Name: A3
Subject Name: B11
…
Digital Certificate
…
Issuer Name: B11
Subject Name: Bob
…
Verifying Root CA
Self – certification :
▪ Root CA signs its own certificate
Digital Certificate
…
Issuer Name: Root
Subject Name: Root
…
Cross-Certification of CAs
▪ In some cases, even root CAs can be different
▪ In such cases, they certify each other
▪ Creates a cross level trust
Alice … … Bob
Certificate Revocation
Reasons for certificate revocation :
▪ Certificate holder’s private key is compromised – user
initiates revocation process
▪ CA realizes some mistake made while issuing certificate
– CA initiates revocation process
▪ Certificate holder leaves a job and certificate was issued
while he was employed in that job – Employer initiates
revocation process
▪ CA must authenticate Certificate Revocation
Requester before accepting revocation request.
Certificate Revocation Check Mechanisms
CA: XYZ
Certificate Revocation List (CRL)
This CRL: 1 Jan 2002, 10:00 am
Next CRL: 12 Jan 2002, 10:00 am
Signature Algorithm Identifies the algorithm used by the CA to sign the CRL (e.g. it could be SHA-1 with RSA, which indicates
Identifier that the CA first calculated the message digest of the CRL using the SHA-1 algorithm, and then signed it
(i.e. encrypted the message digest with its private key) using the RSA algorithm.
This Update (Date and Contains the date and time value when this CRL was issued.
Time)
Next Update (Date and Contains the date and time value when the next CRL will be issued.
Time)
User Certificate Serial Contains the certificate number of the revoked certificate. This field repeats for every revoked certificate.
Number
Revocation Date Contains the revocation date and time of the revoked certificate. This field repeats for every revoked
certificate.
CRL Entry Extensions Discussed subsequently, these extensions are one per revoked certificate.
CRL Extensions Discussed subsequently, these extensions are one per entire CRL.
A B A B A B A B
“A” 1 “A” 1 “A” 1 “A”
1
R 2 R 2 R 2 Epw (R) 2
A B A B
1 Certificate chain 1 Certificate chain
R 2 EA.pu(R) 2
3 EA.pr(R) 3 R
(a) (b)
Mutual Authentication
A B
1 “A”,RA
EK(RA), RB 2
3 EK (RB)
C B A
1 “A”,RA
EK(RA), RB 2
1’ “B”,RB
EK(RB), RA 2’
3 EK (RB)
A B
1 “A”,RA
EK(RA), EK(RB) 2
3 DK(EK (RB))=RB
A B
1 “A”,RA, A’s Certificate
3 [RB]A
A C B
1 “A”,RA
1’ “A”,RA
[RA, RB]B 2’
[RA, RB]C 2
3 [RB]A
3’ [RB]A
A B
1 “A”,RA
3 [“B”, RB]A
EB{ KAB }
B
Kerberos
Kerberos
▪ trusted key server system from MIT
▪ provides centralised private-key third-party authentication in
a distributed network
▪ allows users access to services distributed through network
▪ without needing to trust all workstations
▪ rather all trust a central authentication server
▪ two versions in use: 4 & 5
Kerberos
Kerberos Requirements
▪ its first report identified requirements as:
▪ secure
▪ reliable
▪ transparent
▪ scalable
▪ implemented using an authentication protocol based on
Needham-Schroeder
Kerberos
Kerberos v4 Overview
▪ a basic third-party authentication scheme
▪ have an Authentication Server (AS)
▪ users initially negotiate with AS to identify self
▪ AS provides a non-corruptible authentication credential (ticket
granting ticket TGT)
▪ have a Ticket Granting server (TGS)
▪ users subsequently request access to other services from TGS on
basis of users TGT
▪ using a complex protocol using DES
Kerberos
Kerberos v4 Dialogue
Kerberos
Kerberos 4 Overview
Kerberos Realms
a Kerberos environment consists of:
◦ a Kerberos server
◦ a number of clients, all registered with server
◦ application servers, sharing keys with server
this is termed a realm
◦ typically a single administrative domain
if have multiple realms, their Kerberos
servers must share keys and trust
Kerberos Realms
Kerberos
Kerberos Version 5
▪ developed in mid 1990’s
▪ specified as Internet standard RFC 1510
▪ provides improvements over v4
▪ addresses environmental shortcomings
▪ encryption alg, network protocol, byte order, ticket lifetime,
authentication forwarding, interrealm auth
▪ and technical deficiencies
▪ double encryption, non-std mode of use, session keys, password
attacks
Kerberos v5 Dialogue