© Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain...

16
© Prem Uppuluri © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.

Transcript of © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain...

Page 1: © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.

© Prem Uppuluri© Prem Uppuluri

Hashes and Message Digests

Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.

Page 2: © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.

© Prem Uppuluri

So far…

• We looked at:– Symmetric or secret-key cryptography

• Primarily used for encryption/decryption.

– Asymmetric or Public key cryptography• Primarily used for

– Key exchange (used to setup secret key in order to user symmetric key cryptography) and

– Digital signatures.

– Next: Using “secure hash functions” or cryptographic checksums to achieve integrity of messages.

Page 3: © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.

© Prem Uppuluri

Use of secure hash.

• When you download software from the internet, most companies provide you with a “checksum” associated with the download.– E.g., on this site (download for CentOS) you will find an

MD5 checksum: http://mirror.stanford.edu/yum/pub/centos/5.5/isos/i386/

• The checksum is used to determine the integrity of the download. – So what is this checksum (secure hash)?– How is it used?

Page 4: © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.

© Prem Uppuluri

What is a hash function?

(A) Potatoes deep fried in butter.(B) Potatoes deep fried in olive oil.(C)A one-way function which takes any

input and converts it into a fixed sized output.

Page 5: © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.

© Prem Uppuluri

Overview of a hash function

Hash Function (the function is publicly known)

Output of a fixed size. (called hash value or hash key or

fingerprint)

Input of any size.

Page 6: © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.

© Prem Uppuluri

Hash Function Properties

• a Hash Function H produces a fingerprint of some file/message/datah = H(M)

– condenses a variable-length message M to a fixed-sized fingerprint

– You can't recover M just knowing h !• assumed to be public

Page 7: © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.

© Prem Uppuluri

A One-way hash function

Hash Function

Output of a fixed size. (called hash value or

hash key)

Input of any size.

Given an output hash value, there is no way to generate or get back the original input.

Page 8: © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.

© Prem Uppuluri

Secure One-way Hash function.

It is a one-way hash functions with three additional properties:

– Given an input and its hash, it is computationally infeasible to find another message with the same hash.

– In fact, it is computationally infeasible to find any two messages with the same hash key.

– Sometimes uses a secret key as a second input (in addition to the original input).

Page 9: © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.

© Prem Uppuluri

Summary of Requirements for Secure Hash Functions and notations used.

1. can be applied to any sized message M2. produces fixed-length output h3. is easy to compute h=H(M) for any message M4. given h is infeasible to find x s.t. H(x)=h

• one-way property

5. given x is infeasible to find y s.t. H(y)=H(x)• weak collision resistance

6. is infeasible to find any x,y s.t. H(y)=H(x)• strong collision resistance

Notes based on © William Stallings, Cryptography and Network Security. Slides by © Dr. Lawrie Brown, Australian Defence Institute. (http://www.box.net/shared/h164at4gsc)

Page 10: © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.

© Prem Uppuluri

Example

• Is this a hash function? Is it 1-way? Is it secure?

– H(x) = x.substring(0,4)• x is some text (series of strings).• Substring method returns a substring in the

string. In the above example,– If x = “ITEC is cool”– H(x) = “ITEC “

Page 11: © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.

© Prem Uppuluri

Simple Hash Functions

• based on XOR (exclusive or) of message blocks• not secure since we can manipulate any

message and either not change hash, or change hash also

• need a stronger cryptographic function

Notes based on © William Stallings, Cryptography and Network Security. Slides by © Dr. Lawrie Brown, Australian Defence Institute. (http://www.box.net/shared/h164at4gsc)

Page 12: © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.

© Prem Uppuluri

Examples of secure hash algorithms

• MD5 (message digest version 5)– Try it out here: http://

www.miraclesalad.com/webtools/md5.php

– What do you observe? – Regardless of the size of the input, the

hash is the same value: 128 bits.

• SHA-2 (Secure Hash Algorithm)

Page 13: © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.

© Prem Uppuluri

How to use hash functions.

• Examples:– Recall the example of software

download. How do you ensure that a software you created hasn’t been tampered with?

• Compute its hash and store. When someone downloads the software, they will recompute the hash and compare. If the hash is different someone tampered the software.

– Another use: Storing passwords (in UNIX).

Page 14: © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.

© Prem Uppuluri

How to use hash functions.

Another use: Storing passwords (in UNIX).

UNIX uses the DES algorithm.Given a password: “abc12345”, UNIX does the follows:

(1) Take a string of 0’s. (2) Compute a 7 digit hash of the string of 0’s with the password as a key.

Page 15: © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.

© Prem Uppuluri

Hash vs. Secret-key cryptography• They both are used differently.

– Secret key cryptography is normally used for:• Confidentiality (encrypting messages).

– Secure Hashes are “normally” used for: • Generating a cryptographic checksum – to check for

integrity.• Generating a digital signature – for non-repudiation.• Generating a “secret key” to be used in secret key

cryptography.» This is because secure hashes incorporate randomness.

• Secure hashes need to be larger than 64 bits to be secure. Why? The Birthday paradox.

Notes based on © William Stallings, Cryptography and Network Security. Slides by © Dr. Lawrie Brown, Australian Defence Institute. (http://www.box.net/shared/h164at4gsc)

Page 16: © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.

© Prem Uppuluri

Birthday Attacks

• might think a 64-bit hash is secure• but by Birthday Paradox is not• birthday attack works as follows

– opponent generates 2m/2 variations of a valid message all with essentially the same meaning

– opponent also generates 2m/2 variations of a desired fraudulent message

– two sets of messages are compared to find pair with same hash (probability > 0.5 by birthday paradox)

– have user sign the valid message, then substitute the forgery which will have a valid signature

• conclusion is that need to use larger MACsNotes from © William Stallings, Cryptography and Network Security. Slides by © Dr. Lawrie Brown, Australian Defence Institute. (http://www.box.net/shared/h164at4gsc)