Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Security
Essen1als
Chapter
3
Fourth
Edi1on
by
William
Stallings
Public
Key
Cryptography
and
RSA
Message
size
<
264
<
264
<
264
<
2128
<
2128
Block
size
512
512
512
1024
1024
Word
size
32
32
32
64
64
Number
of
steps
80
64
64
80
80
SHA-‐512
Overview
SHA-‐512
Compression
Func1on
• heart
of
the
algorithm
• processing
message
in
1024-‐bit
blocks
• consists
of
80
rounds
– upda1ng
a
512-‐bit
buffer
– using
a
64-‐bit
value
Wt
derived
from
the
current
message
block
– and
a
round
constant
based
on
cube
root
of
first
80
prime
numbers
Keyed
Hash
Func1ons
as
MACs
Ø want
a
MAC
based
on
a
hash
func1on
l because
hash
func1ons
are
generally
faster
l crypto
hash
func1on
code
is
widely
available
Ø hash
includes
a
key
along
with
message
Ø original
proposal:
KeyedHash = Hash(Key|Message)
l some
weaknesses
were
found
with
this
Ø eventually
led
to
development
of
HMAC
HMAC
Design
Objec1ves
Ø use,
without
modifica1ons,
hash
func1ons
Ø allow
for
easy
replaceability
of
embedded
hash
func1on
Ø preserve
original
performance
of
hash
func1on
without
significant
degrada1on
Ø use
and
handle
keys
in
a
simple
way.
Ø have
well
understood
cryptographic
analysis
of
authen1ca1on
mechanism
strength
HMAC
• specified
as
Internet
standard
RFC2104
• uses
hash
func1on
on
the
message:
HMACK(M)= Hash[(K+ XOR opad) ||
Hash[(K+ XOR ipad) || M)] ]
– where
K+ is
the
key
padded
out
to
size
– opad,
ipad are
specified
padding
constants
• overhead
is
just
3
more
hash
calcula1ons
than
the
message
needs
alone
• any
hash
func1on
can
be
used
– eg.
MD5,
SHA-‐1,
RIPEMD-‐160,
Whirlpool
HMAC
Overview
HMAC
Security
• proved
security
of
HMAC
relates
to
that
of
the
underlying
hash
algorithm
• aZacking
HMAC
requires
either:
– brute
force
aZack
on
key
used
– birthday
aZack
(but
since
keyed
would
need
to
observe
a
very
large
number
of
messages)
• choose
hash
func1on
used
based
on
speed
verses
security
constraints
1-‐(364/365)30
àabout
7.9%
1-‐365!/((365-‐n)!.365n)
à
about
70%
CMAC
• previously
saw
the
DAA
(CBC-‐MAC)
• widely
used
in
govt
&
industry
• but
has
message
size
limita1on
• can
overcome
using
2
keys
&
padding
• thus
forming
the
Cipher-‐based
Message
Authen1ca1on
Code
(CMAC)
• adopted
by
NIST
SP800-‐38B
CMAC
Overview
Authen1cated
Encryp1on
Ø simultaneously
protect
confiden1ality
and
authen1city
of
communica1ons
l oWen
required
but
usually
separate
Ø approaches
l Hash-‐then-‐encrypt:
E(K,
(M
||
H(M))
l MAC-‐then-‐encrypt:
E(K2,
(M
||
MAC(K1,
M))
l Encrypt-‐then-‐MAC:
(C=E(K2,
M),
T=MAC(K1,
C)
l Encrypt-‐and-‐MAC:
(C=E(K2,
M),
T=MAC(K1,
M)
Ø
decryp1on
/verifica1on
straighlorward
Ø but
security
vulnerabili1es
with
all
these
Counter
with
Cipher
Block
Chaining-‐Message
Authen1ca1on
Code
(CCM)
• NIST
standard
SP
800-‐38C
for
WiFi
• varia1on
of
encrypt-‐and-‐MAC
approach
•
algorithmic
ingredients
– AES
encryp1on
algorithm
– CTR
mode
of
opera1on
– CMAC
authen1ca1on
algorithm
• single
key
used
for
both
encryp1on
&
MAC
CCM
Opera1on
Private-‐Key
Cryptography
Ø tradi1onal
private/secret/single
key
cryptography
uses
one
key
Ø shared
by
both
sender
and
receiver
Ø if
this
key
is
disclosed
communica1ons
are
compromised
Ø also
is
symmetric,
par1es
are
equal
Ø hence
does
not
protect
sender
from
receiver
forging
a
message
&
claiming
is
sent
by
sender
Public-‐Key
Cryptography
• probably
most
significant
advance
in
the
3000
year
history
of
cryptography
• uses
two
keys
–
a
public
&
a
private
key
• asymmetric
since
par1es
are
not
equal
• uses
clever
applica1on
of
number
theore1c
concepts
to
func1on
• complements
rather
than
replaces
private
key
crypto
Why
Public-‐Key
Cryptography?
• developed
to
address
two
key
issues:
– key
distribuMon
–
how
to
have
secure
communica1ons
in
general
without
having
to
trust
a
KDC
with
your
key
– digital
signatures
–
how
to
verify
a
message
comes
intact
from
the
claimed
sender
• public
inven1on
due
to
Whilield
Diffie
&
Mar1n
Hellman
at
Stanford
Uni
in
1976
– known
earlier
in
classified
community
Public-‐Key
Cryptography
• public-‐key/two-‐key/asymmetric
cryptography
involves
the
use
of
two
keys:
– a
public-‐key,
which
may
be
known
by
anybody,
and
can
be
used
to
encrypt
messages,
and
verify
signatures
– a
related
private-‐key,
known
only
to
the
recipient,
used
to
decrypt
messages,
and
sign
(create)
signatures
• infeasible
to
determine
private
key
from
public
• is
asymmetric
because
– those
who
encrypt
messages
or
verify
signatures
cannot
decrypt
messages
or
create
signatures
Public-‐Key
Cryptography
Example
–
Ecash