lecture6

lecture6 - Lecture 6: Hash Functions, Message...

Info iconThis preview shows pages 1–11. Sign up to view the full content.

View Full Document Right Arrow Icon
Lecture 6: Hash Functions, Message Authentication and Key Distribution CS 392/6813: Computer Security Fall 2010 Nitesh Saxena * Adopted from Previous Lectures by Nasir Memon 2 Course Administration ± HW3 was posted – due Oct 22 ± HW2 is being graded ± Delay due to MyPoly debacle ± HW2 solution will be provided soon ± Mid-Term on 10/28 ± Closed-books/closed-notes ± In-class ± Would cover lecture material until 10/21 ± Final Exam on Dec 16
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
3 Outline of Today’s lecture ± Hash Functions ± Properties ± Known Hash Function ± SHA-1 ± Message Authentication using hash fns: HMAC ± “Private Key” Distribution ± “Public Key” Distribution: PKI ± Certification ± Revocation 4 Cryptographic Hash Functions ± Requirements of cryptographic hash functions: ± Can be applied to data of any length. ± Output is fixed length ± Relatively easy to compute h(x), given x and deterministic ± Infeasible to get x, given h(x). One-wayness property ± Given x, infeasible to find y such that h(x) = h(y). Weak-collision resistance property . ± Infeasible to find any pair x and y such that h(x) = h(y). Strong-collision resistance property .
Background image of page 2
5 Hash Output Length ± How long should be the output (n bits) of a cryptographic hash function? ± To find collision - randomly select messages and check if hash matches any that we know. ± Throwing k balls in N = 2 n bins. How large should k be, before probability of landing two balls in the same becomes greater than ½? ± Birthday paradox - a collision can be found in roughly sqrt(N) = 2 (n/2) trials for an n bit hash ± In a group of 23 )(~ sqrt(365)) people, at least two of them will have the same birthday (with a probability > ½) ± Hence n should be at least 160 6 Birthday Paradox ± Probability that hash values of k random messages are distinct is (that is, no collisions) is: () 1 1 23 1 / 1 (1 ) / 2 ) / 2 12 1 11 1 1 (as for small , 1 ,as 1 ) 2! 3! = So for at least one collision we have probability of whose va 1 k i k in x x i kk N N ki NN N n xx x ee e e e = −− =   =− =     ≅≅ = + K L lue is above 0.5 when 1.17 kN =
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
7 Generic Hash Function 8
Background image of page 4
9 10
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
11 12
Background image of page 6
13 14
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
15 16
Background image of page 8
17 Other Hash Functions ± Many other hash functions ± SHA-2 (SHA-256) ± MD5 – Message Digest algorithm 5 ± Very similar to SHA – study on your own ± MD4 ± MD6 ± .. 18 Current Security of MD5 and SHA-1 ± SHA-1 ± B’day attack requires 2 80 calls ± Faster attacks 2 69 calls http://www.infosec.sdu.edu.cn/paper/sha1-crypto-auth-new- 2-yao.pdf ± MD5 ± Output is 128-bits, so B’day attack requires 2 64 calls only ± Faster attacks to find a collision: http://eprint.iacr.org/2004/199.pdf ± Better use stronger versions, such as SHA-256 ± Although, these attacks are still not practical – they only find two random messages that collide
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
19 Message Authentication Codes ± Integrity as well as authentication ± (m, MAC) ± We want MAC to be as small and as secure as possible ± Security based on the length of the key and also how the MAC is computed ±
Background image of page 10
Image of page 11
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 11/02/2010 for the course CS 392 taught by Professor Staff during the Spring '08 term at NYU Poly.

Page1 / 30

lecture6 - Lecture 6: Hash Functions, Message...

This preview shows document pages 1 - 11. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online