Cipher Text - Fakultät für Informatik und Elektrotechnik ... · PDF file1 Hochschule...
Transcript of Cipher Text - Fakultät für Informatik und Elektrotechnik ... · PDF file1 Hochschule...
1
Hochschule Wismar
Andreas Ahrens 50July 2015, Tallinn, Estonia
Cipher Text
Hochschule Wismar
• A cipher is a series of well-defined steps that can be followed as a procedure when encrypting and decrypting messages.
• Each encryption method uses a specific algorithm, called a cipher, to encrypt and decrypt messages.
• There are several methods of creating cipher text:– Transposition – Substitution
Cipher Text
July 2015, Tallinn, Estonia Andreas Ahrens 51
Hochschule WismarClassification
Andreas Ahrens 52
Cryptography
Symmetric Ciphers
Asymmetric Ciphers
Block Ciphers
Stream Ciphers
The majority of today‘s protocols are hybrid schemes, i.e., theyuse both symmetric ciphers (e.g., for encryption and message authentication) and asymmetric ciphers (e.g., for key exchange anddigital signature).
Reference: Text-book Parr, Pelzl
July 2015, Tallinn, Estonia
2
Hochschule Wismar
In transposition ciphers, no letters are replaced; they are simply rearranged.
For example: Spell it backwards.
Modern encryption algorithms, such as the DES (Data Encryption Standard) and 3DES, still use transposition as part of the algorithm.
Transposition Ciphers
July 2015, Tallinn, Estonia Andreas Ahrens 53
Hochschule WismarTransposition Rail Fence Cipher
F...K...T...T...A...W..L.N.E.S.A.T.A.K.T.A.N..A...A...T...C...D...
3
Ciphered text
FKTTAWLNESATAKTAN
AATCD
The clear text message.
1
Use a rail fence cipher and a key of 3.
2
Solve the ciphertext.
FLANK EASTATTACK AT DAWN
Clear text
July 2015, Tallinn, Estonia Andreas Ahrens 54
Hochschule Wismar
• Substitution ciphers substitute one letter for another. – In their simplest form, substitution ciphers retain the letter
frequency of the original message.
• Examples include:– Caesar Cipher– Vigenère Cipher
Substitution Cipher
July 2015, Tallinn, Estonia Andreas Ahrens 55
3
Hochschule Wismar
3
Clear text
FLANK EASTATTACK AT DAWN
The encrypted message becomes …
1
Encode using a key of 3. Therefore, A becomes a D, B an E, …2
The cleartext message.
IODQN HDVW DWWDFN DW GDZQ
Ciphered text
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Let’s Encode using the Caesar Cipher!
July 2015, Tallinn, Estonia Andreas Ahrens 56
Hochschule Wismar
3
Ciphered text
OZ OY IUUR
The clear text message.
1
Use a shift of 6 (ROT6).2
Solve the ciphertext.
IT is cool
Clear text
Let’s Decode
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
D E F G H I J K L M
July 2015, Tallinn, Estonia Andreas Ahrens 57
Hochschule Wismar
Ciphered text
3IODQN HDVW
DWWDFN DW GDZQ
The clear text message would be encoded using a key of 3.
1FLANK EAST
ATTACK AT DAWN
Shifting the inner wheel by 3, then the
A becomes D, B becomes E, and so
on.
2
The clear text message would appear as follows using a key of 3.
Clear text
Caesar Cipher Disk
July 2015, Tallinn, Estonia Andreas Ahrens 58
4
Hochschule WismarSymmetric Cryptography
Andreas Ahrens 59
Mathematical description: Encryption with symmetric cipher. Oscar obtains only ciphertext y,
that looks like random bitsSyntax: x is the plaintext y is the ciphertext K is called the key
Unsecurechannel
(e.g. Internet)Alice
(good)Bob
(good)
Oscar(bad guy)
x xEncryption
e( )Decryption
d( )
Key Generator
K K
y
y
Secure Channel
y
Reference: Text-book Parr, Pelzl
July 2015, Tallinn, Estonia
Hochschule Wismar
Andreas Ahrens 60
Symmetric Cryptography
Symmetric Cryptography:
Encryption equation y = eK(x)
Decryption equation x = dK(y)
Encryption and decryption are inverse operations if the same key K is used on both sides:
dK(y) = dK(eK(x)) = x
Reference: Text-book Parr, Pelzl
July 2015, Tallinn, Estonia
Hochschule Wismar
Andreas Ahrens 61July 2015, Tallinn, Estonia
Substitution Cipher
Historical cipher
Idea: replace each plaintext letter by a fixed other letter.
Plaintext Ciphertext
A KB DC W
Example:
ABBA would be encrypted as KDDK
How secure is the Substitution Cipher?
Let’s have a look at how often the letters appear in the alphabet (Letter Frequency Analysis)
Reference: Text-book Parr, Pelzl
5
Hochschule Wismar
Andreas Ahrens 62July 2015, Tallinn, Estonia
Replaces each plaintext letter by another one. Replacement rule: Take letter that follows after k positions in the
alphabet Needs mapping from letters → numbers:
A B C D E F G H I J K L M0 1 2 3 4 5 6 7 8 9 10 11 12
N O P Q R S T U V W X Y Z13 14 15 16 17 18 19 20 21 22 23 24 25
Example for k = 7 Plaintext = ATTACK = 0, 19, 19, 0, 2, 10 Ciphertext = HAAHJR = 7, 0, 0, 7, 9, 17
Note that the letters ”wrap around” at the end of the alphabet, which can mathematically be expressed as reduction modulo 26, e.g.,
19 + 7 = 26 ≡ 0 mod 26
Substitution CipherReference: Text-book Parr, Pelzl
Hochschule Wismar
Andreas Ahrens 63July 2015, Tallinn, Estonia
Substitution Cipher
How secure is the Substitution Cipher?
Let’s have a look at how often the letters appear in the alphabet (Letter Frequency Analysis)
Letter Frequency Analysis Letters have very different frequencies in the English language The frequency of plaintext letters is preserved in the ciphertext
For Example: „e“ is the most common letter in English; almost 13% of all
letters in a typical English text are „e“ In Practice:
not only frequencies of individual letters can be used for an attack, but also the frequency of letter pairs (i.e., „th“ is very common in English)
Reference: Text-book Parr, Pelzl
Hochschule Wismar
Andreas Ahrens 64July 2015, Tallinn, Estonia
Short Introduction to Modular Arithmetic
6
Hochschule Wismar
Andreas Ahrens 65July 2015, Tallinn, Estonia
Short Introduction to Modular Arithmetic
Why do we need to study modular arithmetic?
Important for asymmetric cryptography (RSA, elliptic curves, etc.)
Most cryptosystems are based on sets of numbers that are discrete (sets with integers are particularly useful) finite (i.e., if we only compute with a finely many numbers)
It is crucial to have an operation which „keeps the numbers within limits“, i.e., after addition and multiplication they should never leave the set.
Let’s have a look!
Reference: Text-book Parr, Pelzl
Hochschule Wismar
Andreas Ahrens 66July 2015, Tallinn, Estonia
Modulo Operation
Let a, r, m be integers and m > 0. We write
a ≡ r mod m
if (r-a) is divisible by m or if m divides a-r m is called the modulus and r is called the remainder
It is always possible to write
a = q ·m + r for 0 ≤ r < m
with the quotient q and the remainder r.
Examples: Let a = 11 and m = 9 : 11 ≡ 2 mod 9 (11 = 1·9 + 2) Let a = 19 and m = 9 : 19 ≡ 1 mod 9 (19 = 2·9 + 1)
Short Introduction to Modular ArithmeticReference: Text-book Parr, Pelzl
Hochschule Wismar
Andreas Ahrens 67July 2015, Tallinn, Estonia
How do we perform modular division?
First, note that rather than performing a division, we prefer to multiply by the inverse.
The inverse a-1 of a number a is defined such that:
a a-1 ≡ 1 mod m
The inverse of 7 mod 9 is 4 since 7 x 4 ≡ 28 ≡ 1 mod 9.
How is the inverse computed? The multiplicative inverse of a number a mod m only exists if
and only if: gcd (a, m) = 1 (gcd, greatest common divisor)(note that in the example above gcd(7, 9) = 1, so that the inverse of 7 exists modulo 9)
Short Introduction to Modular ArithmeticReference: Text-book Parr, Pelzl
7
Hochschule Wismar
Andreas Ahrens 68July 2015, Tallinn, Estonia
Modular Arithmetic
There is the neutral element 0 with respect to addition, i.e., for all a
a + 0 ≡ a mod m
For all a , there is always an additive inverse element –a such that
a + (-a) ≡ 0 mod m
There is the neutral element 1 with respect to multiplication, i.e., for all a
a x 1 ≡ a mod m
The multiplicative inverse a-1 is defined such that
a x a-1 ≡ 1 mod m
Short Introduction to Modular ArithmeticReference: Text-book Parr, Pelzl
Hochschule Wismar
Andreas Ahrens 69July 2015, Tallinn, Estonia
Replaces each plaintext letter by another one. Replacement rule: Take letter that follows after k positions in the
alphabet Needs mapping from letters → numbers:
A B C D E F G H I J K L M0 1 2 3 4 5 6 7 8 9 10 11 12
N O P Q R S T U V W X Y Z13 14 15 16 17 18 19 20 21 22 23 24 25
Example for k = 7 Plaintext = ATTACK = 0, 19, 19, 0, 2, 10 Ciphertext = HAAHJR = 7, 0, 0, 7, 9, 17
Note that the letters ”wrap around” at the end of the alphabet, which can mathematically be expressed as reduction modulo 26, e.g.,
19 + 7 = 26 ≡ 0 mod 26
Shift CipherReference: Text-book Parr, Pelzl
Hochschule Wismar
Andreas Ahrens 70July 2015, Tallinn, Estonia
Shift Cipher
Mathematical description of the cipher
Let k, x, y ε {0,1, …, 25}
Encryption: y = ek(x) ≡ x + k mod 26
Decryption: x = dk(y) ≡ y - k mod 26
How secure is the shift cipher? Exhaustive key search (key space is only 26!) Letter frequency analysis, similar to attack against substitution
cipher
Reference: Text-book Parr, Pelzl
8
Hochschule Wismar
Andreas Ahrens 71July 2015, Tallinn, Estonia
Extension of the shift cipher: rather than just adding the key to the plaintext, we also multiply by the key
Key consists of two parts: k = (a, b)
Let k, x, y ε {0,1, …, 25} Encryption: y = ek(x) ≡ a x + b mod 26 Decryption: x = dk(y) ≡ a-1(y – b) mod 26
Since the inverse of a is needed for inversion, we can only use values for a for which: gcd(a, 26) = 1. There are 12 values for a that fulfill this condition
a ε {1,3,5,7,9,11,15,17,19,21,23,25}
Again, several attacks are possible, including: Exhaustive key search and letter frequency analysis, similar to
the attack against the substitution cipher
Affine Cipher
Hochschule Wismar
Andreas Ahrens 72July 2015, Tallinn, Estonia
Affine Cipher
Example Let the key be k = (a,b) = (9,13)
Plaintext = ATTACK = 0, 19, 19, 0, 2, 10 Ciphertext = NCCNFZ = 13, 2, 2, 13, 5, 25
Reference: Text-book Parr, Pelzl
Hochschule Wismar
Andreas Ahrens 73July 2015, Tallinn, Estonia
Short Introduction to Modular Arithmetic
Modular Reduction
Example: We want to compute 37 mod 7 (note that exponentiation is extremely important in public-key cryptography).
1st Approach: Exponentiation followed by modular reduction
Example: 37 = 2187 ≡ 3 mod 7 the intermediate result is 2187 even though we know that the
final result can’t be larger than 6.
Reference: Text-book Parr, Pelzl
9
Hochschule Wismar
Andreas Ahrens 74July 2015, Tallinn, Estonia
Short Introduction to Modular Arithmetic
2nd Approach: Exponentiation with intermediate modular reduction Example: 37 = 33 · 34 = 27 x 81
At this point we reduce the intermediate results 27 modulo 7 and 81 mod 7
37 = 33 · 34 = 27 x 81 ≡ 6 x 4 mod 76 x 4 = 24 ≡ 3 mod 7
We can perform all these multiplications without a pocket calculator, whereas mentally computing 37 = 2187 is a bit challenging for most of us
For most algorithms it is advantageous to reduce intermediate results as soon as possible.
Hochschule Wismar
Andreas Ahrens 75July 2015, Tallinn, Estonia
Cryptoanalysis
Hochschule Wismar
Andreas Ahrens 76July 2015, Tallinn, Estonia
Cryptoanalysis
Attacks against cryptographic system: Bribing, blackmailing etc. can be used to obtain a secret key.
Kerckhoff‘s Principle is paramount in modern cryptography: A cryptosystem should be secure even if the attacker (Oscar) knows
all details about the system, with the exception of the secret key.
The system should be secure when the attacker knows the encryption and decryption algorithms.
Reference: Text-book Parr, Pelzl
10
Hochschule WismarCryptoanalysis
Andreas Ahrens 77
Kerckhoff‘s Principle is paramount in modern cryptography The attacker (Oscar) knows all details about the system, with the
exception of the secret keySyntax: x is the plaintext y is the ciphertext K is called the key
Unsecurechannel
(e.g. Internet)Alice
(good)Bob
(good)
Oscar(bad guy)
x xEncryption
e( )Decryption
d( )
Key Generator
K K
y
y
Secure Channel
y
Reference: Text-book Parr, Pelzl
July 2015, Tallinn, Estonia
Hochschule Wismar
• The practice and study of determining the meaning of encrypted information (cracking the code), without access to the shared secret key.
• Been around since cryptography.
Cryptoanalysis
July 2015, Tallinn, Estonia Andreas Ahrens 78
Hochschule Wismar
Brute-Force Method
Ciphertext-Only Method
Known-Plaintext Method
Chosen-Plaintext Method
Chosen-Ciphertext Method
Meet-in-the-Middle Method
Cryptoanalysis Methods
July 2015, Tallinn, Estonia Andreas Ahrens 79
11
Hochschule Wismar
An attacker tries every possible key with the decryption algorithm knowing that eventually one of them will work. All encryption algorithms are vulnerable to this attack.
The objective of modern cryptographers is to have a keyspace large enough that it takes too much time (money) to accomplish a brute-force attack.
For example: The best way to crack Caesar cipher encrypted code is to use brute force. There are only 25 possible rotations. Therefore, it is not a big effort to try all possible rotations and see
which one returns something that makes sense.
Brute-Force Method
July 2015, Tallinn, Estonia Andreas Ahrens 80
Hochschule Wismar
• On average, a brute-force attack succeeds about 50 percent of the way through the keyspace, which is the set of all possible keys.
Brute-Force Method
July 2015, Tallinn, Estonia Andreas Ahrens 81
Hochschule Wismar
• The English alphabet is used more often than others. – E, T, and A are the most
popular letters.– J, Q, X, and Z are the least
popular.
• Caesar ciphered message:– The letter D appears 6 times.– The letter W appears 4 times.– Therefore it is probable that
they represent the more popular letters.
• In this case, the D represents the letter A, and the W represents the letter T.
Frequency Analysis Method
IODQN HDVW DWWDFN DW GDZQ
Ciphered text
Clear text
FLANK EASTATTACK AT DAWN
July 2015, Tallinn, Estonia Andreas Ahrens 82
12
Hochschule Wismar
An attacker has: The ciphertext of several messages, all of which have been
encrypted using the same encryption algorithm, but the attacker has no knowledge of the underlying plaintext.
The attacker could use statistical analysis to deduce the key.
These kinds of attacks are no longer practical, because modern algorithms produce pseudorandom output that is resistant to statistical analysis.
Ciphertext-Only Method
July 2015, Tallinn, Estonia Andreas Ahrens 83
Hochschule Wismar
An attacker has: Access to the ciphertext of several messages. Knowledge (underlying protocol, file type, or some characteristic
strings) about the plaintext underlying that ciphertext.
The attacker uses a brute-force attack to try keys until decryption with the correct key produces a meaningful result.
Modern algorithms with enormous keyspaces make it unlikely for this attack to succeed because, on average, an attacker must search through at least half of the keyspace to be successful.
Known-Plaintext Method
July 2015, Tallinn, Estonia Andreas Ahrens 84
Hochschule Wismar
The meet-in-the-middle attack is a known plaintext attack.
The attacker knows: A portion of the plaintext and the corresponding ciphertext.
The plaintext is encrypted with every possible key, and the results are stored. The ciphertext is then decrypted using every key, until one of the
results matches one of the stored values.
Meet-in-the-Middle Method
July 2015, Tallinn, Estonia Andreas Ahrens 85
13
Hochschule Wismar
An attacker chooses which data the encryption device encrypts and observes the ciphertext output. A chosen-plaintext attack is more powerful than a known-plaintext
attack because the chosen plaintext might yield more information about the key.
This attack is not very practical because it is often difficult or impossible to capture both the ciphertext and plaintext.
Chosen-Plaintext Method
July 2015, Tallinn, Estonia Andreas Ahrens 86
Hochschule Wismar
An attacker chooses different ciphertext to be decrypted and has access to the decrypted plaintext. With the pair, the attacker can search through the keyspace and
determine which key decrypts the chosen ciphertext in the captured plaintext.
This attack is analogous to the chosen-plaintext attack. Like the chosen-plaintext attack, this attack is not very practical. Again, it is difficult or impossible for the attacker to capture both
the ciphertext and plaintext.
Chosen-Ciphertext Method
July 2015, Tallinn, Estonia Andreas Ahrens 87
Hochschule Wismar
Andreas Ahrens 88July 2015, Tallinn, Estonia
Key Management
14
Hochschule Wismar
Often considered the most difficult part of designing a cryptosystem.
There are several essential characteristics of key management to consider:– Key Generation – Key Verification– Key Storage– Key Exchange– Key Revocation and destruction
Key Management
July 2015, Tallinn, Estonia Andreas Ahrens 89
Hochschule Wismar
Key Generation:– Caesar to choose the key of his cipher. – Modern cryptographic system key generation is usually automated.
Key Verification:– Almost all cryptographic algorithms have some weak keys that
should not be used (e.g., Caesar cipher ROT 0 or ROT 25). – With the help of key verification procedures, these keys can be
regenerated if they occur.
Key Storage:– Modern cryptographic systems store keys in memory.
Key Management
July 2015, Tallinn, Estonia Andreas Ahrens 90
Hochschule Wismar
Key Exchange:– Key management procedures should provide a secure key exchange
mechanism over an untrusted medium.
Key Revocation and Destruction:– Revocation notifies all interested parties that a certain key has been
compromised and should no longer be used. – Destruction erases old keys in a manner that prevents malicious
attackers from recovering them.
Key Management
July 2015, Tallinn, Estonia Andreas Ahrens 91
15
Hochschule Wismar
The key length is the measure in bits and the keyspace is the number of possibilities that can be generated by a specific key length.
As key lengths increase, keyspace increases exponentially
Key Length and Keyspace
July 2015, Tallinn, Estonia Andreas Ahrens 92
Hochschule Wismar
Symmetric keys which can be exchanged between two routers supporting a VPN.
Asymmetric keys which are used in secure HTTPS applications.
Digital signatures which are used when connecting to a secure website.
Hash keys which are used in symmetric and asymmetric key generation, digital signatures, and other types of applications.
Types of Cryptographic Keys
July 2015, Tallinn, Estonia Andreas Ahrens 93
Hochschule Wismar
Andreas Ahrens 94July 2015, Tallinn, Estonia
Cryptographic Hashes
16
Hochschule Wismar
A hash function takes binary data (message), and produces a condensed representation, called a hash. The hash is also commonly called a Hash value, Message digest, or
Digital fingerprint.
Hashing is based on a one-way mathematical function that is relatively easy to compute, but significantly harder to reverse.
Hashing is designed to verify and ensure: Data integrity Authentication
Cryptographic Hashes
July 2015, Tallinn, Estonia Andreas Ahrens 95
Hochschule Wismar
To provide proof of authenticity when it is used with a symmetric secret authentication key, such as IP Security (IPsec) or routing protocol authentication.
To provide authentication by generating one-time and one-way responses to challenges in authentication protocols such as the PPP CHAP.
To provide a message integrity check proof such as those accepted when accessing a secure site using a browser.
To confirm that a downloaded file (e.g., Cisco IOS images) has not been altered.
Hashes are used …
July 2015, Tallinn, Estonia Andreas Ahrens 96
Hochschule Wismar
Hashing is collision free which means that two different input values will result in different hash results.
Collision Free
July 2015, Tallinn, Estonia Andreas Ahrens 97
17
Hochschule Wismar
Take an arbitrarily length of clear text data to be hashed.
Put it through a hash function.
It produces a fixed length message digest (hash value).
H(x) is: Relatively easy to computer
for any given x. One way and not reversible.
If a hash function is hard to invert, it is considered a one-way hash.
Cryptographic Hash Math
MD5SHA-1
July 2015, Tallinn, Estonia Andreas Ahrens 98
Hochschule Wismar
Andreas Ahrens 99July 2015, Tallinn, Estonia
Hashing for Integrity
Hochschule Wismar
Hash functions (MD5 and SHA-1) can ensure message integrity but not confidentiality. For instance, the sender wants to ensure that the message is not
altered on its way to the receiver.
Hash for Integrity
July 2015, Tallinn, Estonia Andreas Ahrens 100
18
Hochschule WismarHash for Integrity
MD5SHA-1
MD5SHA-1
The sending device inputs the message into a hashing
algorithm and computes its fixed-length digest or
fingerprint.
The receiving device removes the fingerprint from the message and inputs the message into the same
hashing algorithm.
The fingerprint is attached to the message and both are sent
to the receiver in plaintext.
If the resulting hash is equal to the one that is attached to the message, the message has not
been altered during transit.
July 2015, Tallinn, Estonia Andreas Ahrens 101
Hochschule Wismar
Hashing only prevents the message from being changed accidentally, such as by a communication error.
It’s still susceptible to man-in-the-middle attacks.– A potential attacker could intercept the message, change it,
recalculate the hash, and append it to the message. – There is nothing unique to the sender in the hashing procedure, so
anyone can compute a hash for any data, as long as they have the correct hash function.
These are two well-known hash functions:– Message Digest 5 (MD5) with 128-bit digests– Secure Hash Algorithm 1 (SHA-1) with 160-bit digests
Hash for Integrity
July 2015, Tallinn, Estonia Andreas Ahrens 102
Hochschule Wismar
The MD5 algorithm was developed by Ron Rivest and is used in a variety of Internet applications today.– It is a one-way function.– It is also collision resistant.
MD5 is essentially a complex sequence of simple binary operations, such as exclusive OR (XORs) and rotations, that are performed on input data and produce a 128-bit digest.
Message Digest 5 (MD5)
July 2015, Tallinn, Estonia Andreas Ahrens 103
19
Hochschule Wismar
The U.S. National Institute of Standards and Technology (NIST) developed the Secure Hash Algorithm (SHA).– SHA-1, published in 1994, corrected an unpublished flaw in SHA. – It’s very similar to the MD4 and MD5 hash functions.
The SHA-1 algorithm takes a message of less than 264 bits in length and produces a 160-bit message digest.
This makes SHA-1 slightly slower than MD5, but the larger message digest makes it more secure against brute-force collision and inversion attacks.
Secure Hash Algorithm (SHA)
July 2015, Tallinn, Estonia Andreas Ahrens 104
Hochschule WismarMD5 versus SHA-1
More secureLess Secure
SlowerFaster
Algorithm must process a 160-bit buffer
Algorithm must process a 128-bit buffer
Computation involves 80 stepsComputation involves 64 steps
Based on MD4Based on MD4
SHA-1MD5
July 2015, Tallinn, Estonia Andreas Ahrens 105
Hochschule Wismar
NIST published four additional hash functions collectively known as SHA-2 with longer digests: SHA-224 (224 bit) SHA-256 (256 bit) SHA-384 (384 bit) SHA-512 (512 bit)
In response to a SHA-1 vulnerability announced in 2005, NIST recommends a transition from SHA-1 to the approved SHA-2 family.
A newer more secure cryptographic hashing algorithm called SHA-3 has been developed by NIST. SHA-3 will eventually replace SHA-1 and SHA-2 and it should be used if available.
Secure Hash Algorithm (SHA)
July 2015, Tallinn, Estonia Andreas Ahrens 106
20
Hochschule Wismar
SHA-1 and SHA-2 are more resistant to brute-force attacks because their digest is at least 32 bits longer than the MD5 digest.
Secure Hash Algorithm (SHA)
July 2015, Tallinn, Estonia Andreas Ahrens 107
Hochschule Wismar
Andreas Ahrens 108July 2015, Tallinn, Estonia
Hashing for Authenticity
Hochschule Wismar
HMAC (or KHMAC) is a message authentication code (MAC) that is calculated using a hash function and a secret key. – Hash functions are the basis of the protection mechanism of
HMACs. – The output of the hash function now depends on the input data and
the secret key.
Authenticity is guaranteed because only the sender and the receiver know the secret key.– Only they can compute the digest of an HMAC function. – This characteristic defeats man-in-the-middle attacks and provides
authentication of the data origin.
Keyed-Hash Message Authentication Code
July 2015, Tallinn, Estonia Andreas Ahrens 109
21
Hochschule Wismar
The cryptographic strength of the HMAC depends on the:– Cryptographic strength of the underlying hash function.– Size and quality of the key.– Size of the hash output length in bits.
Cisco technologies use two well-known HMAC functions:– Keyed MD5 or HMAC-MD5 is based on the MD5 hashing algorithm.– Keyed SHA-1 or HMAC-SHA-1 is based on the SHA-1 hashing
algorithm.
Keyed-Hash Message Authentication Code
July 2015, Tallinn, Estonia Andreas Ahrens 110
Hochschule WismarHMAC in Action
SecretKey
Pay to Terry Smith $100.00
One Hundred and xx/100 Dollars
4ehIDx67NMop9
SecretKey
HMAC(Authenticated
Fingerprint)4ehIDx67NMop9
If the generated HMAC matches the sent HMAC, then integrity and
authenticity have been verified.
If they don’t match, discard the message.
Data
Pay to Terry Smith $100.00
One Hundred and xx/100 Dollars
Received Data
Pay to Terry Smith $100.00
One Hundred and xx/100 Dollars
HMAC(Authenticated
Fingerprint)4ehIDx67NMop9
July 2015, Tallinn, Estonia Andreas Ahrens 111