Chapter 3: Message Authentication and Public-Key Cryptography Flashcards
Message authentication and public-key cryptograhpy
What is message authentication?
Protects against active attacks.
A procedure that allows communicating parties to verify that the received messages are authentic (genuine and comes from its alleged source).
Two important aspects are to verify that the content have not been altered and that the source is authentic.
Typically provided as a separate function from message encryption.
What is MAC?
Message authentication code.
An authentication technique that involves the use of a secret key to generate a small block of data that is appended to the message.
What is a one-way hash function?
An alternative to MAC.
Accepts a variable-size message M as input and produces a fixed-size message digest as output. Does not use a secret key as input.
The message digest is sent with the message.
How can the message digest be authenticated?
- Conventional encryption
- Public-key encryption
- Secret value: A and B share a common secret value. When A has a message to B, it calculates the hash function over the concatenation of the secret value and the message. It then sends it to B and B can re-compute it using the secret value. The secret value is never sent and as long as it remains secret it is not possible to intercept the message or generate a false one.
What are the requirements of a secure hash function (one-way hash function)?
- Can be applied to a block of data of any size.
- Produces a fixed length output
- H(x) is relatively easy to compute for any given x.
- For any given code h, it is computationally infeasible to find x such that H(x) = H. (The one-way property, or pre-image resistant).
- Second pre-image resistant. Guarantees that is is impossible to find an alternative message with the same hash value.
- Collision resistant. Protects against the birthday attack. If satisfied then called strong hash function, else weak hash function.
How can you attack a a hash function and how secure is it?
With cryptanalysis and brute-force.
The strength depends on the length of the hash code that is produced by the algorithm.
What is SHA?
Secure Hash Algorithm. One of the most widely used.
Based on the hash function MD4.
What is HMAC?
A hashed message authentication code.
It incorporates the use of secret keys into the hash algorithm.
It is used in IP security and other Internet protocols (TLS)Wh
What is CCM?
Counter with Cipher Block Chaining-Message Authentication Code.
Referred to as an authenticated encryption mode
The key algorithmic ingredients are:
1. AES
2. Counter mode
3. CMAC authentication
What is authenticated encryption?
A term used to describe encryption systems that protects both the confidentiality and authenticity (integrity) of messages.
What is RSA?
It is a public-key encryption algorithm. It is a block cipher where the plaintext and ciphertext are integers between 0 and n-1 for some n.
It can do:
1. encryption and decryption
2. Digital signatures
3. key exchange
What are three possible attack approaches for attacking RSA?
Mathematical attack: Factors the product of two primes.
Defend by using large key sizes.
Timing attack: Depends on the running time of the decryption.
Defend by masking the time required to run the encryption/decryption
Chosen ciphertext attack: Exploits properties of the algorithm by selecting blocks of data that, when processed using the target’s private key, yield information needed for cryptanalysis.
Defend by padding the plaintext.
What is Diffie-Hellman?
The first published public-key algorithm. It enables two users to securely exchange a secret key. The algorithm can only exchange keys.
Its effectiveness lies in the difficulty of computing discrete logarithms.
What are the vulnerabilites of Diffie-Hellman?
The simple protocol for the algorithm is vulnerable to a man-in-the-middle attack, because it does not authenticate the participants.
What is DSS?
The digital signature standard.
It makes use of SHA-1
Can only be used for digital signatures.
