09-04-2012, 03:22 PM
Message Authentication and Hash Functions
[attachment=19777]
Authentication Requirements
Kind of attacks (threats) in the context of communications across a network
Disclosure
Traffic analysis
Masquerade
Content modification
Sequence modification
Timing modification
Repudiation
Measures to deal with first two attacks:
In the realm of message confidentiality, and are addressed with encryption
Measures to deal with items 3 thru 6
Message authentication
Measures to deal with items 7
Digital signature
Authentication Functions
Three classes of functions that may be used to produce an authenticator
Message encryption
Ciphertext itself serves as authenticator
Message authentication code (MAC)
A public function of the message and a secret key that produces a fixed-length value that serves as the authenticator
Hash function
A public function that maps a message of any length into a fixed-length hash value, which serves as the authenticator
Message Authentication Code
Uses a shared secret key to generate a fixed-size block of data (known as a cryptographic checksum or MAC) that is appended to the message
MAC = CK(M)
Assurances:
Message has not been altered
Message is from alleged sender
Message sequence is unaltered (requires internal sequencing)
Similar to encryption but MAC algorithm needs not be reversible
Hash Function
Converts a variable size message M into fixed size hash code H(M) (Sometimes called a message digest)
Can be used with encryption for authentication
Brute-Force Attack of Hash Functions
Three desirable properties of hash functions
One-way: For any given code h, it is computationally infeasible to find x s.t. H(x) = h
Weak collision resistance: For any given block x, it is computationally infeasible to find y x s.t. H(y) = H(x)
Strong collision resistance: It is computationally infeasible to find any pair (x, y) s.t. H(y) = H(x)
Brute-force attack on n-bit hash code
One-way and weak collision require 2n effort
Strong collision requires 2n/2 effort
If strong collision resistance is required (and this is desirable for a general-purpose secure hash code), 2n/2 determines the strength of hash code against brute-force attack
Currently, two most popular hash codes, SHA-1 and RIPEMD-160, provide a 160-bit hash code length