cryptography and security hash function md 5, Study notes of Cryptography and System Security

Download cryptography and security hash function md 5 and more Study notes Cryptography and System Security in PDF only on Docsity!

Cryptography and Network Security

CS549: Cryptography and Network Security

© by Xiang-Yang Li

Department of Computer Science,

IIT

Cryptography and Network Security

Notice©^ This lecture note (Cryptography and Network Security) is prepared byXiang-Yang Li. This lecture note has benefited from numeroustextbooks and online materials. Especially the “Cryptography andNetwork Security” 2

nd^ edition by William Stallings and the

“Cryptography: Theory and Practice” by Douglas Stinson. You may not modify, publish, or sell, reproduce, create derivativeworks from, distribute, perform, display, or in any way exploit anyof the content, in whole or in part, except as otherwise expresslypermitted by the author. The author has used his best efforts in preparing this lecture note.The author makes no warranty of any kind, expressed or implied,with regard to the programs, protocols contained in this lecturenote. The author shall not be liable in any event for incidental orconsequential damages in connection with, or arising out of, thefurnishing, performance, or use of these.

Cryptography and Network Security

Hash Function^ ¾^ Map a message to a smaller value^ ¾^ Requirements

^ Be applied to a block of data of any size ^ Produced a fixed length output ^ H(x) is easy to compute (by hardware, software) ^ One-way

: given code h, it is computationally infeasible to find x: H(x)=h  Weak collision resistance

: given x, computationally

infeasible to find y so H(x)=H(y)  Strong collision resistance

: Computationally

infeasible to find x, y so H(x)=H(y)

Cryptography and Network Security

Hash Algorithms ¾^ see similarities in the evolution of hashfunctions & block ciphers^ 

increasing power of brute-force attacks  leading to evolution in algorithms  from DES to AES in block ciphers  from MD4 & MD5 to SHA-1 & RIPEMD-160 in hashalgorithms

¾^ likewise tend to use common iterativestructure as do block ciphers

Cryptography and Network Security

Birthday Attacks^ ¾^ If 64-bits hash code is used

^ On average, how many messages need to try to find onematch the intercepted hash code? ¾ Birthday paradox ^ A will sign a message appended with m-bits hash code ^ Attacker generates some variations of fraud message,also variations of good message ^ Find pair of message each from the two sets messages^ ƒ^

Such that they have the same hash code ^ Give good message to A to get signature ^ Replace good message with fraud message

Cryptography and Network Security

Analysis ¾^ Using birthday attack, given 64-bits hashcode^ 

How many message variations needed so the successprobability is large, say 90%?

Cryptography and Network Security

Cont.^ ¾^ Based on DES, block chaining technique

^ Rabin, 1978 ^ Divide message M into fix-sized blocks M

i

ƒ^ Assume total n data blocks  H=initial value^0  H=Emi

[Hii-

]

^ Hn

is the hash value

¾^ Birthday attack still applies^ 

If still 64-bits code used

Cryptography and Network Security

More Attacks^ ¾^ Birthday attack applied if chosen plaintext^ ¾^ Meet in the middle attack if knownplaintext

^ Known signed hash code G ^ Construct n-2 desired message block Q

i

^ Compute H

=EQ[Hii

]i-

^ Generate 2

m/2^ random blocks X ƒ^ For each X, Compute H

=EXn- [H]n-

^ Generate 2

m/2^ random blocks Y ƒ^ For each Y, Compute H’

=Dn-1Y [G]

^ Find X, Y such that H

= H’n- n-

^ Then Q

, Q,…Q 12

, X,Y is a fraud messagen-

Cryptography and Network Security

More Hash Algorithms ¾^ Algorithms^ 

Message Digest:MD5 (was mostly widely used)  Secure Hash Algorithm: SHA-1 (from MD4)  RIPEMD-160  HMAC

Cryptography and Network Security

MD5 ¾^ designed by Ronald Rivest (the R in RSA) ¾^ latest in a series of MD2, MD4 ¾^ produces a 128-bit hash value ¾^ until recently was the most widely usedhash algorithm^ 

in recent times have both brute-force & cryptanalyticconcerns

¾^ specified as Internet standard RFC

Cryptography and Network Security

MD5 Overview

Cryptography and Network Security

MD5 Compression Function ¾^ each round has 16 steps of the form:^ a = b+((a+g(b,c,d)+X[k]+T[i])<<<s) ¾^ a,b,c,d refer to the 4 words of the buffer,but used in varying permutations^ 

note this updates 1 word only of the buffer  after 16 steps each word is updated 4 times

¾^ where g(b,c,d) is a different nonlinearfunction in each round (F,G,H,I) ¾^ T[i] is a constant value derived from sin

Cryptography and Network Security

MD4 ¾^ precursor to MD5 ¾^ also produces a 128-bit hash of message ¾^ has 3 rounds of 16 steps vs 4 in MD5 ¾^ design goals:^ 

collision resistant (hard to find collisions)  direct security (no dependence on "hard" problems)  fast, simple, compact  favours little-endian systems (eg PCs)

Cryptography and Network Security

Strength of MD5 ¾^ MD5 hash is dependent on all message bits ¾^ Rivest claims security is good as can be ¾^ known attacks are:^ 

Berson 92 attacked any 1 round using differentialcryptanalysis (but can’t extend)  Boer & Bosselaers 93 found a pseudo collision (againunable to extend)  Dobbertin 96 created collisions on MD compressionfunction (but initial constants prevent exploit)

¾^ conclusion is that MD5 looks vulnerablesoon