{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

lecture6

# lecture6 - Lecture 6 Hash Functions Message Authentication...

This preview shows pages 1–11. Sign up to view the full content.

Lecture 6: Hash Functions, Message Authentication and Key Distribution CS 392/6813: Computer Security Fall 2010 Nitesh Saxena * Adopted from Previous Lectures by Nasir Memon 2 Course Administration HW3 was posted – due Oct 22 HW2 is being graded Delay due to MyPoly debacle HW2 solution will be provided soon Mid-Term on 10/28 Closed-books/closed-notes In-class Would cover lecture material until 10/21 Final Exam on Dec 16

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
3 Outline of Today’s lecture Hash Functions Properties Known Hash Function SHA-1 Message Authentication using hash fns: HMAC “Private Key” Distribution “Public Key” Distribution: PKI Certification Revocation 4 Cryptographic Hash Functions Requirements of cryptographic hash functions: Can be applied to data of any length. Output is fixed length Relatively easy to compute h(x), given x and deterministic Infeasible to get x, given h(x). One-wayness property Given x, infeasible to find y such that h(x) = h(y). Weak-collision resistance property . Infeasible to find any pair x and y such that h(x) = h(y). Strong-collision resistance property .
5 Hash Output Length How long should be the output (n bits) of a cryptographic hash function? To find collision - randomly select messages and check if hash matches any that we know. Throwing k balls in N = 2 n bins. How large should k be, before probability of landing two balls in the same becomes greater than ½? Birthday paradox - a collision can be found in roughly sqrt(N) = 2 (n/2) trials for an n bit hash In a group of 23 )(~ sqrt(365)) people, at least two of them will have the same birthday (with a probability > ½) Hence n should be at least 160 6 Birthday Paradox Probability that hash values of k random messages are distinct is (that is, no collisions) is: ( ) ( ) 1 1 2 3 1 / 1 ( 1)/2 ( 1)/2 1 2 1 1 1 1 1 (as for small , 1 ,as 1 ) 2! 3! = So for at least one collision we have probability of whose va 1 k i k i n x x i k k N k k N k i N N N n x x x x x e e e e e = =  = =   ≅ − = − + K L lue is above 0.5 when 1.17 k N =

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
7 Generic Hash Function 8
9 10

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
11 12
13 14

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
15 16
17 Other Hash Functions Many other hash functions SHA-2 (SHA-256) MD5 – Message Digest algorithm 5 Very similar to SHA – study on your own MD4 MD6 .. 18 Current Security of MD5 and SHA-1 SHA-1 B’day attack requires 2 80 calls Faster attacks 2 69 calls http://www.infosec.sdu.edu.cn/paper/sha1-crypto-auth-new- 2-yao.pdf MD5 Output is 128-bits, so B’day attack requires 2 64 calls only Faster attacks to find a collision: http://eprint.iacr.org/2004/199.pdf Better use stronger versions, such as SHA-256 Although, these attacks are still not practical – they only find two random messages that collide

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
1 19 Message Authentication Codes Integrity as well as authentication (m, MAC) We want MAC to be as small and as secure as possible Security based on the length of the key and also how the MAC is computed A MAC can be constructed based on any
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

### Page1 / 30

lecture6 - Lecture 6 Hash Functions Message Authentication...

This preview shows document pages 1 - 11. Sign up to view the full document.

View Full Document
Ask a homework question - tutors are online