HASH FUNCTION, MAC, and HMAC Lecture 5
Transcript of HASH FUNCTION, MAC, and HMAC Lecture 5
![Page 1: HASH FUNCTION, MAC, and HMAC Lecture 5](https://reader030.fdocuments.us/reader030/viewer/2022021010/62042695e3080f5b197f1ee9/html5/thumbnails/1.jpg)
Slide title
In CAPITALS
50 pt
Slide subtitle
32 pt
Muhammad Rizwan Asghar
July 28, 2021
HASH FUNCTION, MAC, and HMAC
Lecture 5
COMPSCI 726
Network Defence and Countermeasures
Source of some slides: Stanford University
![Page 2: HASH FUNCTION, MAC, and HMAC Lecture 5](https://reader030.fdocuments.us/reader030/viewer/2022021010/62042695e3080f5b197f1ee9/html5/thumbnails/2.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
2
HASH FUNCTION
▪ Length-reducing function h
– Maps an arbitrary string to a fixed-length string
▪ Publicly known
▪ Also known as cryptographic checksum or message digest
h
![Page 3: HASH FUNCTION, MAC, and HMAC Lecture 5](https://reader030.fdocuments.us/reader030/viewer/2022021010/62042695e3080f5b197f1ee9/html5/thumbnails/3.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
3
HASH PROPERTIES
x
h(x)
Ease of
computation
?
h(.)
Pre-image
resistance
h(x)
Collision
x x’
2nd pre-image
resistance
h(x)
x ?
h(.)
Collision
resistance
? ?
Phone
Directory
▪ Collision resistance implies 2nd pre-image resistance
![Page 4: HASH FUNCTION, MAC, and HMAC Lecture 5](https://reader030.fdocuments.us/reader030/viewer/2022021010/62042695e3080f5b197f1ee9/html5/thumbnails/4.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
4
COMMONLY USED HASH FUNCTIONS
▪ MD (Message Digest)
– MD5
▪ Max message < 264
▪ Output: 128-bit
▪ SHA (Secure Hash Algorithm)
– SHA-1
▪ Max message < 264
▪ Output: 160-bit
– SHA-2
▪ Max message < 2128
▪ Max output: 512-bit
– SHA-3
▪ Max message: Unlimited
▪ Max output: 512-bit
![Page 5: HASH FUNCTION, MAC, and HMAC Lecture 5](https://reader030.fdocuments.us/reader030/viewer/2022021010/62042695e3080f5b197f1ee9/html5/thumbnails/5.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
5
SHA-512: MERKLE-DAMGARD SCHEME
▪ Augmented message: multiple of 1024-bit blocks
▪ h(., Bi) is a compression function
▪ Theorem: If h is collision resistant then so is H
B1 B2 … Bn
hIV
h hH(m)
…
Original message m Padding/length
![Page 6: HASH FUNCTION, MAC, and HMAC Lecture 5](https://reader030.fdocuments.us/reader030/viewer/2022021010/62042695e3080f5b197f1ee9/html5/thumbnails/6.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
6
HASH APPLICATIONS
▪ Detect changes to messages/files (integrity)
▪ Digital signatures
– Sign hash of message instead of entire message
▪ Psudorandom function (PRF)
– Generate session key, nonce (Number Only Once)
– Produce key from password
– Derive keys from master key
▪ Create one-way password file
– Store hash of password
▪ Salt to harden pre-computed dictionary attacks
▪ Viruses and intrusion detection
▪ Auctions: To bid B, send h(B) and reveal B later
![Page 7: HASH FUNCTION, MAC, and HMAC Lecture 5](https://reader030.fdocuments.us/reader030/viewer/2022021010/62042695e3080f5b197f1ee9/html5/thumbnails/7.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
7
HASH VS. ENCRYPTION
▪ Hashing is a one-way
– No unhashing
▪ Publicly known and there
is no key used
▪ Efficient
▪ Deterministic (compared)
– H(m) == H(m’)
– Of course, hashes with
salts are not!
▪ H(m || s1) and
H(m || s2)
▪ Encryption is not one-way
– Decryption renders the
original message
▪ Publicly known algorithms
but the key is kept secret
▪ Slower
▪ May or may not be
deterministic (compared)
– Randomised encryption
▪ Enc(k, t1 || m) and
Enc(k, t2 || m)
![Page 8: HASH FUNCTION, MAC, and HMAC Lecture 5](https://reader030.fdocuments.us/reader030/viewer/2022021010/62042695e3080f5b197f1ee9/html5/thumbnails/8.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
8
MESSAGE AUTHENTICATION CODE
(MAC)
▪ Like a hash function, but it uses a key!
▪ Appended to the original message
▪ Receiver performs same computation on the message
and checks if it matches the MAC
▪ It provides assurance that the message is unaltered
and comes from the sender
Alice Bob
k kMessage m tag
Generate tag:
tag MAC(k, m)
Verify tag:
V(k, m, tag) = ‘yes’?
![Page 9: HASH FUNCTION, MAC, and HMAC Lecture 5](https://reader030.fdocuments.us/reader030/viewer/2022021010/62042695e3080f5b197f1ee9/html5/thumbnails/9.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
9
MAC CONSTRUCTION: MERKLE-
DAMGARD SCHEME
▪ MAC(k, m) = H(k || m)
▪ Issue: Length extension attack!
B1 B2 … Bn
hIV
h h…
H(k||m)
Original message m Padding/lengthk x
Bn+1
h
H(k||m||x)
![Page 10: HASH FUNCTION, MAC, and HMAC Lecture 5](https://reader030.fdocuments.us/reader030/viewer/2022021010/62042695e3080f5b197f1ee9/html5/thumbnails/10.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
10
MAC CONSTRUCTION: RAW CBC
E(k,) E(k,) E(k,)
B1 B2 … Bn
E(k,)
E(k1,)
tag
key = (k, k1)
Original message m Padding/length
![Page 11: HASH FUNCTION, MAC, and HMAC Lecture 5](https://reader030.fdocuments.us/reader030/viewer/2022021010/62042695e3080f5b197f1ee9/html5/thumbnails/11.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
11
MAC APPLICATIONS
▪ Integrity of a message or file
▪ Validating identity of a message sender
(authentication)
![Page 12: HASH FUNCTION, MAC, and HMAC Lecture 5](https://reader030.fdocuments.us/reader030/viewer/2022021010/62042695e3080f5b197f1ee9/html5/thumbnails/12.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
12
HASH VS. MAC
▪ Publicly known and no
key
▪ A hash value
▪ Efficient
▪ Message integrity
▪ Anyone can generate it
▪ Publicly known, but the
key is kept secret
▪ A keyed hash value
▪ Slower
▪ Message integrity and
authentication
▪ Only an authorised user
can generate it
![Page 13: HASH FUNCTION, MAC, and HMAC Lecture 5](https://reader030.fdocuments.us/reader030/viewer/2022021010/62042695e3080f5b197f1ee9/html5/thumbnails/13.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
13
HASH-BASED MAC (HMAC)
▪ Evolved from weakness in MAC
▪ A specific construction of calculating a MAC involving a
secret key
▪ Uses and handles the key in a simple way
▪ Less effected by collision than underlying hash
algorithm
▪ More secure
![Page 14: HASH FUNCTION, MAC, and HMAC Lecture 5](https://reader030.fdocuments.us/reader030/viewer/2022021010/62042695e3080f5b197f1ee9/html5/thumbnails/14.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
14
HMAC CONSTRUCTION: MERKLE-
DAMGARD SCHEME
▪ HMAC(k, m) = H(k ⊕ opad || H(k ⊕ ipad || m))
▪ Theorem: If h is a PRF then HMAC is a PRF
B1 B2 … Bn
hIV
h h…
mk ⊕ ipad
hh
tag
IV
k ⊕ opad
![Page 15: HASH FUNCTION, MAC, and HMAC Lecture 5](https://reader030.fdocuments.us/reader030/viewer/2022021010/62042695e3080f5b197f1ee9/html5/thumbnails/15.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
15
AUTHENTICATED ENCRYPTION
Option 1: MAC-then-Encrypt (SSL)
Option 2: Encrypt-then-MAC (IPsec)
Option 3: Encrypt-and-MAC (SSH)
Msg M Msg M MAC
Enc KEMAC(M,KI)
Msg M
C = Enc KE
MAC
MAC(C, KI)
Msg M
Enc KE
MAC
MAC(M, KI)
Encryption key KE MAC key = KI
![Page 16: HASH FUNCTION, MAC, and HMAC Lecture 5](https://reader030.fdocuments.us/reader030/viewer/2022021010/62042695e3080f5b197f1ee9/html5/thumbnails/16.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
16
SUMMARY
▪ Hash is a one-way function, which is easy to compute
but difficult to invert
▪ MAC offers both data integrity and authentication
▪ Authenticated encryption combines both encryption
and MAC
![Page 17: HASH FUNCTION, MAC, and HMAC Lecture 5](https://reader030.fdocuments.us/reader030/viewer/2022021010/62042695e3080f5b197f1ee9/html5/thumbnails/17.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
17
RESOURCES
▪ Read Chapter 3 of
Network Security Essentials – Applications and
Standards
Fourth Edition
William Stallings
Prentice Hall
ISBN 0-13-706792-5
![Page 18: HASH FUNCTION, MAC, and HMAC Lecture 5](https://reader030.fdocuments.us/reader030/viewer/2022021010/62042695e3080f5b197f1ee9/html5/thumbnails/18.jpg)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
18
Questions?
Thanks for your attention!