Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of Engineering and Technology Digital Signatures CQUniversity Australia Prepared by Steven Gordon on 15 Apr 2020, auth.tex, r1850 1/27
Cryptography Contents Authentication and Data Integrity Aims of Aims of Authentication Authentication Authentication with Symmetric Key Encryption Authentication with Symmetric Key Encryption Authentication with Hash Functions Authentication with MACs Authentication with Hash Functions Digital Signatures Authentication with MACs Digital Signatures 2/27
Cryptography Attacks on Information Transfer Authentication and Data Integrity 1. Disclosure: encryption Aims of Authentication 2. Traffic analysis: encryption Authentication 3. Masquerade: message authentication with Symmetric Key Encryption 4. Content modification: message authentication Authentication with Hash 5. Sequence modification: message authentication Functions Authentication 6. Timing modification: message authentication with MACs 7. Source repudiation: digital signatures Digital Signatures 8. Destination repudiation: digital signatures 3/27
Cryptography Aims of Authentication Authentication and Data Integrity ◮ Receiver wants to verify: Aims of 1. Contents of the message have not been modified ( data Authentication authentication ) Authentication with Symmetric 2. Source of message is who they claim to be ( source Key Encryption authentication ) Authentication ◮ Different approaches available: with Hash Functions ◮ Symmetric Key Encryption Authentication ◮ Hash Functions with MACs ◮ Message Authentication Codes (MACs) Digital Signatures ◮ Public Key Encryption (i.e. Digital Signatures) 4/27
Cryptography Contents Authentication and Data Integrity Aims of Aims of Authentication Authentication Authentication with Symmetric Key Encryption Authentication with Symmetric Key Encryption Authentication with Hash Functions Authentication with MACs Authentication with Hash Functions Digital Signatures Authentication with MACs Digital Signatures 5/27
Cryptography Symmetric Encryption for Authentication Authentication and Data Integrity Aims of Authentication Authentication with Symmetric Key Encryption Authentication Credit: Figure 12.1(a) in Stallings, Cryptography and Network Security , 5th Ed., Pearson 2011 with Hash Functions Authentication with MACs Digital Signatures 6/27
Cryptography Recognising Correct Plaintext in English Authentication (question) and Data Integrity Aims of B receives ciphertext (supposedly from A , using shared Authentication secret key K ): Authentication with Symmetric DPNFCTEJLYONCJAEZRCLASJTDQFY Key Encryption B decrypts with key K to obtain plaintext: Authentication with Hash SECURITYANDCRYPTOGRAPHYISFUN Functions Was the plaintext encrypted with key K (and hence sent by Authentication with MACs A )? Is the ciphertext received the same as the ciphertext Digital Signatures sent by A ? 7/27
Cryptography Recognising Correct Plaintext in English Authentication (question) and Data Integrity Aims of B receives ciphertext (supposedly from A , using shared Authentication secret key K ): Authentication with Symmetric QEFPFPQEBTOLKDJBPPXDBPLOOVX Key Encryption B decrypts with key K to obtain plaintext: Authentication with Hash FTUEUEFTQIDAZSYQEEMSQEADDKM Functions Was the plaintext encrypted with key K (and hence sent by Authentication with MACs A )? Is the ciphertext received the same as the ciphertext Digital Signatures sent by A ? 8/27
Cryptography Recognising Correct Plaintext in Binary Authentication (question) and Data Integrity Aims of B receives ciphertext (supposedly from A , using shared Authentication secret key K ): Authentication with Symmetric 0110100110101101010110111000010 Key Encryption B decrypts with key K to obtain plaintext: Authentication with Hash 0101110100001101001010100101110 Functions Was the plaintext encrypted with key K (and hence sent by Authentication with MACs A )? Is the ciphertext received the same as the ciphertext Digital Signatures sent by A ? 9/27
Cryptography Recognising Correct Plaintext Authentication and Data Integrity ◮ Many forms of information as plaintext can be Aims of recognised at correct Authentication ◮ However not all, and often not automatically Authentication with Symmetric Key Encryption ◮ Authentication should be possible without decryptor Authentication having to know context of the information being with Hash Functions transferred Authentication ◮ Authentication purely via symmetric key encryption is with MACs Digital Signatures insufficient ◮ Solutions: ◮ Add structure to information, such as error detecting code ◮ Use other forms of authentication, e.g. MAC 10/27
Cryptography Contents Authentication and Data Integrity Aims of Aims of Authentication Authentication Authentication with Symmetric Key Encryption Authentication with Symmetric Key Encryption Authentication with Hash Functions Authentication with MACs Authentication with Hash Functions Digital Signatures Authentication with MACs Digital Signatures 11/27
Cryptography Authentication by Hash and then Encrypt Authentication and Data Integrity Aims of Authentication Authentication with Symmetric Key Encryption Authentication with Hash Functions Credit: Figure in Stallings, Cryptography and Network Security , 5th Ed., Pearson 2011 Authentication with MACs Digital Signatures 12/27
Cryptography Authentication by Encrypting a Hash Authentication and Data Integrity Aims of Authentication Authentication with Symmetric Key Encryption Authentication with Hash Functions Authentication Credit: Figure in Stallings, Cryptography and Network Security , 5th Ed., Pearson 2011 with MACs Digital Signatures 13/27
Cryptography Attack of Authentication by Encrypting a Hash Authentication (exercise) and Data Integrity Aims of If a hash function did not have the Second Preimage Authentication Resistant property, then demonstrate an attack on the Authentication with Symmetric scheme in The figure on slide 13. Key Encryption Authentication with Hash Functions Authentication with MACs Digital Signatures 14/27
Cryptography Authentication with Hash of a Shared Secret Authentication and Data Integrity Aims of Authentication Authentication with Symmetric Key Encryption Authentication with Hash Functions Credit: Figure in Stallings, Cryptography and Network Security , 5th Ed., Pearson 2011 Authentication with MACs Digital Signatures 15/27
Cryptography Attack of Authentication with Hash of Shared Authentication Secret (exercise) and Data Integrity Aims of If a hash function did not have the Preimage Resistant Authentication property, then demonstrate an attack on the scheme in The Authentication with Symmetric figure on slide 15. Key Encryption Authentication with Hash Functions Authentication with MACs Digital Signatures 16/27
Cryptography Contents Authentication and Data Integrity Aims of Aims of Authentication Authentication Authentication with Symmetric Key Encryption Authentication with Symmetric Key Encryption Authentication with Hash Functions Authentication with MACs Authentication with Hash Functions Digital Signatures Authentication with MACs Digital Signatures 17/27
Cryptography Authentication with only MACs Authentication and Data Integrity Aims of Authentication Authentication with Symmetric Key Encryption Authentication with Hash Functions Credit: Figure in Stallings, Cryptography and Network Security , 5th Ed., Pearson 2011 Authentication with MACs Digital Signatures 18/27
Cryptography Authentication using Encryption and a MAC Authentication and Data Integrity ◮ Common to what both confidentiality and Aims of authentication (data integrity) Authentication ◮ MACs have advantage over hashes in that if encryption Authentication with Symmetric Key Encryption is defeated, then MAC still provides integrity Authentication ◮ But two keys must be managed: encryption key and with Hash Functions MAC key Authentication ◮ Recommended algorithms used for encryption and MAC with MACs Digital Signatures are independent ◮ Three general approaches (following definitions), referred to as authenticated encryption 19/27
Cryptography Encrypt-then-MAC (definition) Authentication and Data Integrity The sender encrypts the message M with symmetric key encryption, then applies a MAC function on the ciphertext. Aims of Authentication The ciphertext and the tag are sent, as follows: Authentication with Symmetric Key Encryption E ( K 1 , M ) || MAC ( K 2 , E ( K 1 , M )) Authentication with Hash Functions Two independent keys, K 1 and K 2 , are used. Authentication with MACs Digital Signatures 20/27
Cryptography MAC-then-Encrypt (definition) Authentication and Data Integrity The sender applies a MAC function on the plaintext, appends the result to the plaintext, and then encrypt both. Aims of Authentication The ciphertext is sent, as follows: Authentication with Symmetric Key Encryption E ( K 1 , M || MAC ( K 2 , M )) Authentication with Hash Functions Authentication with MACs Digital Signatures 21/27
Recommend
More recommend