Professional Documents
Culture Documents
DATA INTEGRITY
1
Course Outcomes (CO)
Data Integrity
Chapter 11:
Cryptographic Hash Functions
Chapter 12:
Message Authentication Codes
Data Integrity
Hashing
• It is where the data inside a document is hashed
using an algorithm such as SHA1, MD5
Source: https://slideplayer.com/slide/5875900/
Hashing VS Encryption
Source: wikipedia
Hashing VS Encryption
Source: https://www.ssl2buy.com/wiki/difference-between-hashing-and-encryption
Outline
Data Integrity
Chapter 11:
Cryptographic Hash Functions
Chapter 12:
Message Authentication Codes
Hash Functions
● A hash function H accepts a variable-
length block of data M as input and
produces a fixed-size hash value
h = H(M)
● The input is padded out to an integer multiple
of some fixed length (e.g., 1024 bits)
● Hash value = message digest
Cryptographic Hash Function
h = H(M)
● An algorithm for which it is
computationally infeasible to find either:
a) a data object that maps to a pre-specified
hash result (the one-way property)
b) two data objects that map to the same hash
result (the collision-free property)
Applications of Cryptographic Hash Functions
What if ???
Bob’s password Alice’s password
= my_password = my_password
x is a data block whose hash value, Because we are using hash functions for
using the function H, is h data integrity, collisions are clearly
undesirable
Preimage resistant (one- For any given hash value h. It is computationally infeasible
way property) to find y such that H(y)=h.
● A fixed-length output
4th Requirement: Preimage Resistance
● The first three properties are requirements for the practical application of a
hash function
● A hash function that satisfies the first five properties in Table is referred to
as a weak hash function
● If the sixth property, collision resistant, is also satisfied, then it is referred
to as a strong hash function
6th Requirement: Collision Resistance
● It should be hard to find any two different messages (M 1 and M2)
with the same message digest (h)
Attacks on Hash Function
Each block,
1024 bits
Round
function
Buffer
The heart of the algorithm is a module that consists of 80 rounds; this module is labeled F
SHA-512 Processing of a Single 1024-bit Block
From plaintext
From buffer
From K-constant
where
● (x) = ROTR1(x) ROTR8(x) SHR7(x)
● (x) = ROTR19(x) ROTR61(x) SHR6(x)
● ROTRn(x) = circular right shift (rotation) of the
64-bit argument x by n bits
● SHRn(x) = right shift of the 64-bit argument x by
n bits with padding by zeros on the left
● + = addition modulo 264
Exercise
Data Integrity
Chapter 11:
Cryptographic Hash Functions
Chapter 12:
Message Authentication Codes
Message Authentication
act as an authenticator
Message Authentication Requirements
● In communications from a computer to computer, the
following attacks could be identified:
○ Disclosure: Release of message contents
○ Traffic analysis: Discovery of the pattern of traffic between
parties
○ Masquerade: Insertion of messages into the network from a
fraudulent source
○ Content modification: Modification of the contents of a
message
○ Sequence modification: Modification to a sequence of
messages between parties
○ Timing modification: Delay or replay of messages
○ Source repudiation: Denial of transmission of message by
source
○ Destination repudiation: Denial of receipt of message by
destination
Message Encryption - Symmetric
M MAC
MAC
Message Authentication Code (MAC) (cont.)
M MAC
MAC
MAC
MAC
Hash Functions
● H(M) = h
● Figures A, B, C and D illustrate a variety of
ways in which a hash code can be used to
provide message authentication
A
● Only the hash code is encrypted, using symmetric encryption. This reduces the
processing burden for those applications not requiring confidentiality.
C
https://www.maximintegrated.com/en/design/technical-documents/app-notes/7/7015.html
Message Authentication using HMAC