21-NetworkSecurity

Error sequence number time stamp authentication

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: message not encrypted useful when don’t want encryption because: messages broadcast to multiple destinations • have one destination responsible for authentication one side heavily loaded • encryption adds to workload • can authenticate random messages programs authenticated without encryption can be programs executed without decoding executed Message Authentication Code Message generate authentication code based on shared generate key and message key common key shared between A and B iif only sender and receiver know key and code f matches: matches: receiver assured message has not altered receiver assured message is from alleged sender iif message has sequence number, receiver assured f of proper sequence of can use various algorithms, eg. DES can Message Authentication Code Message One Way Hash Function One accepts variable size message and produces accepts fixed size tag (message digest) fixed but without use of a secret key send digest with message in manner that validates authenticity advantages of authentication without encryption encryption is slow encryption hardware expensive encryption hardware optimized for large data sets algorithms covered by patents algorithms subject to export controls (from USA) Using One Way Hash Hash Functions Secure Hash Functions Secure produce a “fingerprint” of message/file must have the following properties: can be applied to any size data block produce fixed length output easy to compute not feasible to reverse not feasible to find two messages with the not same hash same giving “weak” & “strong” hash functions also used for data integrity Secure Hash Algorithm Secure Secure Hash Algorithm (SHA) SHA defined in FIPS 180 (1993), 160-bit hash SHA-1 defined in FIPS 180-1 (1995) SHA-256, SHA-384, SHA-512 defined in FIPS SHA-256, 180-2 (2002), 256/384/512-bit hashes 180-2 SHA-1 being phased out, attack known SHA-512 processes input message S...
View Full Document

Ask a homework question - tutors are online