Part 3

DATA INTEGRITY

1
Course Outcomes (CO)

• Acquire knowledge on the fundamentals of

CO1 security goals, cryptographic services and
mechanisms.

• Explain the concepts and practical workings of

CO2 cryptographic mechanisms from history to
present.

• Apply relevant theories and principles to real

CO3 life problems and situations.
Outline

Data Integrity

Chapter 11:
Cryptographic Hash Functions

Chapter 12:
Message Authentication Codes
Data Integrity

● Data integrity refers to maintaining and assuring the accuracy, completeness

and consistency of data over the entire lifecycle
● Why is it important?
Hashing and MAC

Hashing
• It is where the data inside a document is hashed
using an algorithm such as SHA1, MD5

Message Authentication Code (MAC)

• Also known as a keyed hash function
• Typically used between two parties that share a
secret key to authenticate information exchanged
between those parties
Hashing VS Encryption

Source: https://slideplayer.com/slide/5875900/
Hashing VS Encryption

Source: wikipedia
 Hashing VS Encryption

Source: https://www.ssl2buy.com/wiki/difference-between-hashing-and-encryption
Outline

Data Integrity

Chapter 11:
Cryptographic Hash Functions

Chapter 12:
Message Authentication Codes
 Hash Functions
● A hash function H accepts a variable-
length block of data M as input and
produces a fixed-size hash value

h = H(M)
● The input is padded out to an integer multiple
of some fixed length (e.g., 1024 bits)
● Hash value = message digest
Cryptographic Hash Function
h = H(M)
● An algorithm for which it is
computationally infeasible to find either:
a) a data object that maps to a pre-specified
hash result (the one-way property)
b) two data objects that map to the same hash
result (the collision-free property)
 Applications of Cryptographic Hash Functions

Message Authentication Digital Signatures

• A mechanism or • Operation is similar to

service used to verify MAC
the integrity of a • The hash value of a
message message is encrypted
• Assures that data with a user’s private
received are exactly as key
sent • Anyone who knows the
user’s public key can
verify the integrity of
the message
 Applications of Cryptographic Hash
Functions (cont.) – Other Applications
Create one-way password file
• When a user enters a
password, the hash of that
password is compared to the
stored hash value for
verification
• This approach to password
protection is used by most
operating systems
Virus detection
• Store H(F1) for a file F1
and secure the hash value,
h1
• A new h value computed for
a file F2; are compared to
h1
• If they are identical, it
indicates for similarity of
contents
• Thus, the other copy of F2
is considered a virus if F1 is
a virus.
Construct a pseudorandom
function (PRF) or a
IDS
pseudorandom number
generator (PRNG)
• Hashes are used in intrusion • A common application for a
detection software (IDS), hash-based PRF is for the
which scans for generation of symmetric
modifications to files as a keys
sign of an intruder.
• They compute the message
digest of executables and
compare on the fly against
the cached value.
• One can determine if a file
has been modified by
recomputing H(F)
• An intruder would need to
change F without changing
H(F)
Plaintext Passwords Vs.
Encrypted / Hashed Passwords
Plain text Encrypted / Hashed
password file password file
User key in User key in
password password
e.g. password =
my_password
System stores System hash
my_password password
e.g. hashed password
It is difficult to crack =1500020F0C
hashed password unless System store
hash code is known!!
1500020F0C
Verification Process of Hashed Passwords
Example of available standards: SHA-256, SHA-3

User key in password

System derive
e.g. password =
hashed
my_password
reference
System hash password password

e.g. hashed e.g. hashed

input reference
Input password
password
password == =1500020F0C
=1500020F0C
reference
password?
Yes No

Access granted Access denied

Problem of Hashed Passwords

What if ???
Bob’s password Alice’s password
= my_password = my_password

Bob’s hashed password = Alice’s hashed password =1500020F0C

If a hacker:
- knows Bob’s password
- Discovered that: Bob’s hashed password = Alice’s
hashed password
Alice’s password is known (&& The Hash code too.)
 Salted Hashed Passwords
● Solution : Add ‘salt’
to password to make User key in password
it unique e.g. password =
● Salt = unique my_password
random code System add salt to password
e.g. salted password =
my_passwordUNT1079

System hash salted password

Therefore, Bob &
Alice will never have e.g. hashed salted
password
the same hashed =1124520Z0D
password even if System store 1124520Z0D
they use the same and salt
password
Requirements and Security
Preimage Collision
x is the preimage of h for a hash value, Occurs if we have
h = H(x) x  y and H(x) = H(y)

x is a data block whose hash value, Because we are using hash functions for
using the function H, is h data integrity, collisions are clearly
undesirable

Because H is a many-to-one mapping,

for any given hash value h, there will in-
general be multiple preimages
Requirements for a Cryptographic Hash Function H
Requirement
Variable input size
Fixed output Size
Efficiency
Preimage resistant (one-
way property)
Second preimage resistant
(weak collision resistant)
Collision resistant (strong
collision resistant)
Pseudo randomness
Description
H can be applied to a block of data of any size.
H produces a fixed-length output.
H(x) is relatively easy to compute for any given x. making
both hardware and software implementations practical.
For any given hash value h. It is computationally infeasible
to find y such that H(y)=h.
For any given block x, it is computationally infeasible to
find any second input, y, which has the same output as any
specified input, even H(y) = H(x)
It is computationally infeasible to find any pair (x, y) such
that H(x)=H(y)
Output of H meets standard tests for
Pseudo randomness
 2nd Requirement: Fixed Length

● A fixed-length output
4th Requirement: Preimage Resistance

● Is the one-way property

● Given only the message digest (h), it should be hard to
get any message(M) or preimage that generates that
digest
● This property is important if the authentication
technique involves the use of a secret value
5th Requirement: Second Preimage Resistance
● Guarantees that it is impossible to find an alternative message with the
same hash value as a given message
● Given one message (M1), it should be hard to find another message
(M2) or second preimage that has the same message digest (h)
Requirements for a Cryptographic Hash Function H (cont.)

● The first three properties are requirements for the practical application of a
hash function
● A hash function that satisfies the first five properties in Table is referred to
as a weak hash function
● If the sixth property, collision resistant, is also satisfied, then it is referred
to as a strong hash function
6th Requirement: Collision Resistance
● It should be hard to find any two different messages (M 1 and M2)
with the same message digest (h)
 Attacks on Hash Function
Brute-Force Attacks
Does not depend on the
specific algorithm, only
depends on bit length
Method is to pick values at
random and try each one
until a collision occurs
Cryptanalysis
An attack based on
weaknesses in a particular
cryptographic algorithm
Seek to exploit some
property of the algorithm to
perform some attack other
than an exhaustive search
 Secure Hash Algorithm (SHA)
● Most widely used hash function
● Developed by the National Institute of Standards and Technology (NIST) and
published as a federal information processing standard (FIPS180) in 1993
● Was revised in 1995 as SHA-1
● Based on the hash function MD4 and its design closely models MD4
● Produces 160-bit hash values
● In 2002 NIST produced a revised version of the standard that defined three new
versions of SHA with hash value lengths of 256, 384, and 512
○ Collectively known as SHA-2
 Comparison of SHA Parameters

Algorithm Message Size Block Size Word Size Message

Digest Size
SHA-1 <264 512 32 160
SHA-224 <264 512 32 224
SHA-256 <264 512 32 256
SHA-384 <2128 1024 64 384
SHA-512 <2128 1024 64 512
SHA-512/224 <2128 1024 64 224
SHA-512/256 <2128 1024 64 256

Note: All sizes are measured in bits.

 SHA-512
generated from plaintext

● Plaintext block size: 1024-bits

● No. of rounds: 80
○ Each round will produce a word, QWord (W): 64 bits
○ Each round uses K-constant: hexadecimal
○ Each round will use Buffers: results
■ Store intermediate results (output of one block  input to next block =
chaining process)
■ Store output (Hash code)
■ Each buffer size: 64 bits
■ Total buffers: 512 / 64 = 8
 SHA-512 Process

● Step 1: Append Padding Bits

○ Pad the bits 100……., so that length of plaintext is <128 and multiple of 1024 bits
● Step 2: Append Length
○ Append 128 bits representation of original plaintext such that length = multiple of 1024
bits
● Step 3: Initialized Hash Buffer
○ (a,b,c,d,e,f,g,h) 64 bits in hexadecimal
● Step 4: Process Message in 1024-bit (128-byte) blocks
○ Process each block of plaintext in 80 rounds
● Step 5: Output in Buffer
○ In hash code = 512 bits
Overall Process of SHA-512
 Plaintext, L
128 bits
Padding representation
bits

Each block,
1024 bits

Round
function

Buffer

Output of previous block is given to the

next round

The heart of the algorithm is a module that consists of 80 rounds; this module is labeled F
SHA-512 Processing of a Single 1024-bit Block
From plaintext

From buffer

From K-constant

Output of previous block is

given to the next round

Data from initialization vector

(in buffer) will be added
(addition modulo 264)
 Creation of 80-Word Input Sequence for
SHA-512 Processing of Single Block

The remaining values are defined as:

16 words Wt = (Wt-2) + Wt-7 + (Wt-15) + Wt-16
1 word = 64 bits
16 words = 1024 bits
The first 16 values of Wt are derived from
the 1024 bits message
Creation of 80-Word Input Sequence for
SHA-512 Processing of Single Block (cont.)
Wt = (Wt-2) + Wt-7 + (Wt-15) + Wt-16

where
● (x) = ROTR1(x)  ROTR8(x)  SHR7(x)
● (x) = ROTR19(x)  ROTR61(x)  SHR6(x)
● ROTRn(x) = circular right shift (rotation) of the
64-bit argument x by n bits
● SHRn(x) = right shift of the 64-bit argument x by
n bits with padding by zeros on the left
● + = addition modulo 264
Exercise

● In SHA-512, the 64-bit word values, Wt are derived from

the 1024-bit message. The first 16 values of Wt are taken
directly from the 16 words of the current block. The
remaining values are defined as follows:
Wt = (Wt-2) + Wt-7 + (Wt-15) + Wt-16
● Show the equation for the values of W16, W17, W18, W19,
W20 , W21, W22.
SHA-512 Constants (K) = 80 constants
 Elementary SHA-512 Operation (Single
Round) – in Buffer
• Six of eight words
of the output of
the round
function involve
permutation
(b,c,d,f,g,h) by
means of rotation
(grey-shaded)
• Two output words
(a,e) are
generated by
substitution
SHA-512 Algorithm
SHA-3

● NIST neglected the use of SHA-1 in 2011 and

disallowed its use for digital signatures at the end of
2013, based on both the Wang, et. al, attack and the
potential for brute-force attack.
● To ensure that practitioners have secure and efficient
hash algorithms to provide long-term security, NIST
organized an international competition to select a
new hash algorithm standard, SHA-3, which is
specified in FIPS 202.
https://csrc.nist.gov/News/2017/Research-Results-on-SHA-1-Collisions
Outline

Data Integrity

Chapter 11:
Cryptographic Hash Functions

Chapter 12:
Message Authentication Codes
Message Authentication

● Message authentication is concerned with:

○ Protecting the integrity of a message
○ Validating identity of originator
○ Non-repudiation of origin (dispute resolution)

● Will consider the security requirements

● Three alternative functions used:
○ Message encryption = ciphertext
○ Hash functions
■ H(M), H is hash function, produces fixed length code = h,
hash code
○ Message Authentication Code (MAC)
■ C(M,K), C is MAC function, produces fixed length code =
MAC = message digest
 Message Authentication
Message Authentication
Message encryption Hash functions
Code (MAC)

Ciphertext Hash code MAC

act as an authenticator
Message Authentication Requirements
● In communications from a computer to computer, the
following attacks could be identified:
○ Disclosure: Release of message contents
○ Traffic analysis: Discovery of the pattern of traffic between
parties
○ Masquerade: Insertion of messages into the network from a
fraudulent source
○ Content modification: Modification of the contents of a
message
○ Sequence modification: Modification to a sequence of
messages between parties
○ Timing modification: Delay or replay of messages
○ Source repudiation: Denial of transmission of message by
source
○ Destination repudiation: Denial of receipt of message by
destination
 Message Encryption - Symmetric

● Encryption can also provide authentication

● If symmetric encryption is used then:
○ Receiver knows that the sender must have created it; since only the sender
and receiver know the key
Message Encryption - Asymmetric
● Only achieved confidentiality, no authentication

● Achieves authentication and signature, no secrecy

 Message Encryption - Asymmetric
● Sender signs message using their private-key
● Then encrypts with recipients public key
● Achieves confidentiality, authentication and signature
Message Authentication Code (MAC)

● Generated by an algorithm that creates a small fixed-sized block

● Depending on both message and some key
● Like encryption though need not be reversible
● Appended to message as a signature
● Receiver performs same computation on message and checks if it matches
the MAC
● Provides assurance that message is unaltered and comes from the sender
● MAC can be used to provide message authentication
 Message Authentication Code (MAC) (cont.)

● A small fixed-sized block of data

● Generated from message + secret key
● MAC = C(K,M)
● Appended to message when sent

M MAC

MAC
Message Authentication Code (MAC) (cont.)

M MAC

MAC

MAC
MAC
Hash Functions

● H(M) = h
● Figures A, B, C and D illustrate a variety of
ways in which a hash code can be used to
provide message authentication
 A

● The message plus concatenated hash code is encrypted using

symmetric encryption. Since only A and B share the secret key,
the message must have come from A and has not been altered.
● The hash code provides the structure or redundancy required to
achieve authentication.
 B

● Only the hash code is encrypted, using symmetric encryption. This reduces the
processing burden for those applications not requiring confidentiality.
 C

● No encryption for message authentication.

● The technique assumes that the two communicating parties share a common secret
value S.
● A computes the hash value over the concatenation of M and S and appends the
resulting hash value to M.
● Because B possesses S, it can re-compute the hash value to verify.
● Because the secret value itself is not sent, an opponent cannot modify an
intercepted message and cannot generate a false message.
 D

● Confidentiality can be added to the approach of (c) by encrypting the

entire message plus the hash code.
 HMAC
● Secure Hash VS HMAC
○ Secure hash uses a hashing algorithm to produce a fixed-length hash of the message
regardless of the message length.
○ HMAC is similar but uses a key as an additional input to the hashing engine. It also
produces a fixed-length hash regardless of the input message length

https://www.maximintegrated.com/en/design/technical-documents/app-notes/7/7015.html
 Message Authentication using HMAC

● Alice calculates the HMAC of a message by feeding it to a SHA-3 engine along

with a specific key. Alice has securely shared this key previously with Bob
● Bob then generates his own HMAC of the message using the same key Alice
shared with him earlier
● Bob compares the HMAC he generated with the one he received from Alice. If
they match, the message has not been tampered with and is authentic.
Summary

● Applications of cryptographic hash functions

○ Message authentication
○ Digital signatures
○ Other applications
● Secure hash algorithm (SHA)
○ SHA-512 logic
○ SHA-512 round function
● Message authentication function
○ Message encryption
○ Message authentication code
○ Hash function
Department of Computing
College of Computing and Informatics
Universiti Tenaga Nasional