Cryptography - Message Integrity Flashcards

1
Q

Define message integrity

A

Ensures a message has not been altered

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

3 ways of performing message integrity

A

parity bits
- adds extra bit to the data that indicates if the number of 1 bits is odd or even

cyclical redundancy checks (CRC’s)
- Uses polynomial division to determine CRC value, usually 16 or 32 bits long. CRC value will not match up if a single bit is incorrect

checksum
- Adds up the bytes of data being sent and transmits that number to be checked later using the same method. Source and receiving checksums are determined and compared

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Hash Functions

A

One way hash - to be effective, creating two messages with the same hash value must be mathematically impossible (collision free)

hashing algorithm is publicly known

function always performed in one direction

Using it in reverse is unnecessary

Attacker could alter original message if captured to create a second invalid message with a new hash value. Invalid message looks valid because it was appended with attacker’s new hash value, not original message’s hash value

Use Message Authentication Code (MAC)
- encrypting the hash function with a symmetric key algorithm creates a keyed MAC

-Symmetric key doesn’t encrypt original message. Only used to protect the hash value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Types of hash functions

A

MD (Message Digest algorithms)

MD2 Produces 128 bit hash value, performs 18 rounds of computations

MD4 Produces 128 bit hash value, performs 3 rounds of computations. Faster than MD2 but was successfully attacked

MD5 Produces 128 bit hash value, performs 4 rounds of computations.
More complex than MD4
Not collision free, shouldn’t be used for SSL certificates or digital signatures
US Govt requires SHA-2 instead of MD5

MD6 Produces variable hash value, performs variable rounds of computations
Introduced as candidate for SHA-3 but withdrawn because of early issues with differential attacks
Re-Released with the issue fixed but too late to be accepted for NIST SHA-3 standard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Secure Hash Algorithm (SHA)

A

Family of four algorithms published by US NIST

SHA-0 produces 160 bit hash value after performing 80 rounds of computations on 512 bit blocks

SHA-1 produces 160 bit hash value after performing 80 rounds of computations on 512 bit blocks. Corrected flaw in SHA-0 that made it susceptible to attacks

SHA-2 is a family of hash functions each of which provides different functional limits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

SHA-2 Family

A
Each number is the bits of hash value
SHA-224
SHA-256
SHA-384
SHA-512
SHA-512/224
SHA-512/256
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

SHA-3 Family

A

Like SHA-2, will be a family of hash functions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

HAVAL

A

produces variable length hash values. Collisions were discovered

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

RIPEMD-160

A

Produces 160 bit hash value after performing 160 rounds of computations on 512 bit blocks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Tiger

A

Produces 128, 160 or 192 bit hash values after performing 24 rounds of computations on 512 bit blocks.

Unlike MD5, RIPEMD, SHA-0 or SHA-1, Tiger is not built on the MD4 architecture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Message Authentication Code (MAC)

Hash MAC (HMAC)

A

Hash MAC is a keyed-hash MAC using hash function with symmetric key

Provides data integrity and authentication

Any hash functions can be used with HMAC with the HMAC name being appended with the hash function name, ie. HMAC-SHA-1

Strength depends on strength of hash function include hash value size and the key size

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Message Authentication Code (MAC)

Cipher block chaining MAC (CBC-MAC)

A

CBC-MAC is a block cipher MAC that operates in CBC mode

Provides data integrity and authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Message Authentication Code (MAC)

Cipher-based MAC (CMAC

A

CMAC operates same as CBC-MAC but with much better mathematical functions

Addresses some security issues with CBC-MAC

Approved to work with AES, 3DES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Digital Signatures

A

Hash value encrypted with sender’s private key

Provides authentication, nonrepudiation, integrity

PKI used to create digital signatures

Users register their public keys with a CA, which distributes a certificate containing user’s public key and the CA’s digital signature

Digital Signature is computed by user’s public key and validity period combined with certificate issuer and digital signature algorithm identifier

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Blind Signature

A

form of digital signature where contents of message are masked before it’s signed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Digital Signature Standard (DSS)

A

Federal digital security standard that governs the Digital Security Algorithm (DSA) which generates a message digest of 160 bits

US Govt requires use of DSA, RSA or Elliptic Curve DSA (ECDSA) and SHA for digital signatures

DSA is slower than RSA and only provides digital signatures

RSA provides digital signatures, encryption and secure symmetric key distribution