UNIT-IV

Data Integrity, Digital Signature Schemes & Key Management: Message Integrity and Message
Authentication, Cryptographic Hash Functions, Digital Signature, Key Management.

MESSAGE INTEGRITY:
 The cryptography systems that we have studied so far provide secrecy, or confidentiality, but
not integrity.
 However, there are occasions where we may not even need secrecy but instead must have
Integrity (Data will not changed).
Document and Fingerprint:
One way to preserve the integrity of a document is through the use of a fingerprint.
If Alice needs to be sure that the contents of her document will not be changed, she can put her
fingerprint at the bottom of the document.
Message and Message Digest:
The electronic equivalent of the document and fingerprint pair is the message and digests pair.
To preserve the integrity of a message, the message is passed through an algorithm called a
cryptographic hash function.

Difference:
 The two pairs (document / fingerprint) and (message / message digest) are similar, with some
differences.
 The document and fingerprint are physically linked together. The messa ge and message
digest can be unlinked separately, and, most importantly, the message digest needs to be safe
from change.
Note: The message digests needs to be safe from change.

P.SOLMON CSE DEPT, NIT. Page 1

 MESSAGE AUTHENTICATION:
 A message digest guarantees the integrity of a message. It guarantees that the message has not
been changed.
 A message digest does not authenticate the sender of the message.
 When Alice sends a message to Bob, Bob needs to know if the message is coming from Alice.
 To provide message authentication, Alice needs to provide proof that it is Alice sending the
message and not a fraud.
 The digest created by a cryptographic hash function is normally called a Modification
Detection Code (MDC). This code can detect any modifications in the message.
 What we need for message authentication is a Message Authentication Code (MAC).

Modification Detection Code (MDC):

 A modification detection code (MDC) is a message digest that can prove the integrity of the
message: that message has not been changed.
 If Alice needs to send a message to Bob and be sure that the message will not change during
transmission,
 Alice can create a message digest, MDC, and send both the message and the MDC to Bob.
Bob can create a new MDC from the message and compare the received MDC and the new
MDC. If they are the same, the message has not been changed.

P.SOLMON CSE DEPT, NIT. Page 2

 MESSAGE AUTHENTICATION

Message authentication is a mechanism or service used to verify the integrity of a message. Message
authentication assures that data received are exactly as sent by (i.e., contain no modification,
insertion, deletion, or replay) and that the purported identity of the sender is valid.

MESSAGE AUTHENTICATION REQUIREMENTS

In the context of communications across a network, the following attacks can be identified
Disclosure: Release of message contents to any person or process not possessing the appropriate
cryptographic key.
Traffic analysis: Discovery of the pattern of traffic between parties. In a connection oriented
application, the frequency and duration of connections could be determined.
Masquerade: Insertion of messages into the network from a fraudulent source.
Content modification: Changes to the contents of a message, including insertion, deletion,
transposition, and modification.

Sequence modification: Any modification to a sequence of messages between parties, including

insertion, deletion, and reordering.
Timing modification: Delay or replay of messages. In a connection-oriented application, an entire
session or sequence of messages could be a replay of some previous valid session, or individual
messages in the sequence could be delayed or replayed.
Source repudiation: Denial of transmission of message by source. Destination repudiation: Denial
of receipt of message by destination.

MESSAGE AUTHENTICATION FUNCTIONS

Any message authentication or digital signature mechanism has two levels of functionality. At the
lower level, there must be some sort of function that produces an authenticator: a value to be used to
authenticate a message. This lower-level function is then used as a primitive in a higher-level
authentication protocol that enables a receiver to verify the authenticity of a message.
There are 3 types of functions that may be used to produce an authenticator.
Message encryption: The cipher text of the entire message serves as its authenticator
Message authentication code (MAC): A function of the message and a secret key that produces a
fixed-length value that serves as the authenticator
Hash function: A function that maps a message of any length into a fixed length hash value,
which serves as the authenticator
P.SOLMON CSE DEPT, NIT. Page 3
 Message Encryption
Message encryption by itself can provide a measure of authentication. The analysisdiffers for
symmetric and public-key encryption schemes.

MESSAGE AUTHENTICATION CODE (MAC)

This authentication technique involves the use of a secret key to generate a small fixed-size block of
data, known as a cryptographic checksum or MAC, that is appended to the message. This technique
assumes that two communicating parties, say A and B, share a common secret key

When A has a message to send to B, it calculates the MAC as a function of the message and the
key

P.SOLMON CSE DEPT, NIT. Page 4

 The message plus MAC are transmitted to the intended recipient. The recipient performs the same
calculation on the received message, using the same secret key, to generate a new MAC. The
received MAC is compared to the calculated MAC(Figure 12.4a). If we assume that only the receiver
and the sender know the identity of the secret key, and if the received MAC matches the calculated
MAC, then
The receiver is assured that the message has not been altered. If an attacker alters the message but
does not alter the MAC, then the receiver’s calculation of the MAC will differ from the received
MAC.
The receiver is assured that the message is from the alleged sender. Because noone else knows the
secret key.

SECURITY OF MACS:

Just as with symmetric and public-key encryption, we can group attacks on hash functions and MACs
into two categories: brute-force attacks and cryptanalysis.
Brute-force attacks
A brute-force attack on a MAC is a more difficult undertaking than a brute-force attack on a hash
function because it requires known message-tag pairs. The strength of a hash function against brute-
force attacks depends solely on the length of the hash code produced by the algorithm, with cost
(2m/2). A brute-force attack on a MAC has cost related to min(2k, 2n), similar to symmetric
encryption algorithms. It would appear reasonable to require that the key length and MAC length
P.SOLMON CSE DEPT, NIT. Page 5
 satisfy a relationship such as min(k, n) >= N, where N is perhaps in the range of 128 bits.
cryptanalysis.
As with encryption algorithms, cryptanalytic attacks on hash functions and MAC algorithms seek to
exploit some property of the algorithm to perform some attack other than an exhaustive search. The
way to measure the resistance of a hash or MAC algorithm to cryptanalysis is to compare its strength
to the effort required for a brute force attack. That is, an ideal hash or MAC algorithm will require a
cryptanalytic effort greater than or equal to the brute-force effort.

HMAC:
In recent years, there has been increased interest in developing a MAC derived from a cryptographic
hash function, because they generally execute faster than symmetric block ciphers, and because code
for cryptographic hash functions is widely available.
A hash function such as SHA was not designed for use as a MAC and cannot be used directly for that
purpose because it does not rely on a secret key. There have been a number of proposals for the
incorporation of a secret key into an existing hash algorithm, originally by just pre-pending a key to
the message. Problems were found with these earlier, simpler proposals, but they resulted inthe
development of HMAC.
HMAC Design Objectives:
 To use, without modifications, available hash functions. In particular, to use hash functions
that perform well in software and for which code is freely and widely available.
 To allow for easy replace ability of the embedded hash function in case faster or more secure
hash functions are found or required.
 To preserve the original performance of the hash function without incurring a
significant degradation.
 To use and handle keys in a simple way.
 To have a well understood cryptographic analysis of the strength of the authentication
mechanism based on reasonable assumptions about the embedded hash function.

P.SOLMON CSE DEPT, NIT. Page 6

 HMAC Algorithm:

Cipher-Based Message Authentication Code (CMAC)

P.SOLMON CSE DEPT, NIT. Page 7

P.SOLMON CSE DEPT, NIT. Page 8
 HASH FUNCTION:
It is a one of the authentication function; it accepts a variable size message M as input and
produces a fixed size output.
A hash value „h‟ is generated by a function H of the form

h=H (M)

 M is variable length message, H(M) is fixed length hash value.

 The hash code is also referred as Message Digest (MD) or hash value.
 The main difference between Hash Function and MAC is a hash code does not use a key but
is a function only of the input message.
 The hash value is appended to the message at the source at a time when the message is assumed or
known to be correct.
 The receiver authenticates that message by re-computing the hash value. Hash functions are often
used to determine whether or not data has changed. Figure 11.1 depicts the general operation of a
cryptographic hash function

P.SOLMON CSE DEPT, NIT. Page 9

 APPLICATIONS OF CRYPTOGRAPHIC HASH FUNCTIONS

It is used in a wide variety of security applications and Internet protocols Message Authentication
Message authentication is a mechanism or service used to verify the integrity of a message. Message
authentication assures that data received are exactly as sent (i.e., contain no modification, insertion,
deletion, or replay)
When a hash function is used to provide message authentication, the hash function value is often
referred to as a message digest.
Figure 11.2 illustrates a variety of ways in which a hash code can be used to provide message
authentication, as follows.

P.SOLMON CSE DEPT, NIT. Page 10

  The message plus concatenated hash code is encrypted using symmetric encryption. Because only
A and B share the secret key, the message must have come from A and has not been altered.
 The hash code provides the structure or redundancy required to achieve authentication. Because
encryption is applied to the entire message plus hash code, confidentiality is also provided.
 Only the hash code is encrypted, using symmetric encryption. This reduces the processing burden
for those applications that do not require confidentiality
 It is possible to use a hash function but no encryption for message authentication. The technique
assumes that the two communicating parties share a common secret value S.A computes the hash
value over the concatenation of M and S and appends the resulting hash value to M. Because B
possesses, it can recomputed the hash value to verify. Because the secret value itself is not sent, an
opponent cannot modify an intercepted message and cannot generate a false message.

Confidentiality can be added to the approach of method (c) by encrypting the entire message plus the
hash code.

DIGITAL SIGNATURES

 A digital signature is an authentication mechanism that enables the creator of a message to attach a
code that acts as a signature. Typically the signature is formed by taking the hash of the message
and encrypting the message with the creator’s private key. The signature guarantees the source
and integrity of the message.
 The digital signature standard (DSS) is an NIST standard that uses the secure hash algorithm
(SHA). Digital signature process Properties
 Message authentication protects two parties who exchange messages from any third-party.
However, it does not protect the two parties against each other. Several forms of dispute between
the two are possible.

P.SOLMON CSE DEPT, NIT. Page 11

  In the RSA approach, the message to be signed is input to a hash function that produces a secure
hash code of fixed length. This hash code is then encrypted using the sender's private key to form
the signature. Both the message and the signature are then transmitted. The recipient takes the
message and produces a hash code.
 The recipient also decrypts the signature using the sender's public key. If the calculated hash code
matches the decrypted signature, the signature is accepted as valid. Because only the sender
knows the private key, only the sender could have produced a valid signature.

REQUIREMENTS& SECURITY FOR A HASH FUNCTION

The purpose of a hash function is to produce a “fingerprint” of a file, message or other block of data.
To be useful for message authentication, a hash function H must have the following properties:
H can be applied to a block of data of any size H produces a fixed length output.
H(x) is relatively easy to compute for any given x, making both hardware and software
implementations practical.
One-Way Property: - For any given value h, it is computationally infeasible to find x such that
H(x)=h. this sometimes referred to in the literature as the one way property.
Weak Collision Resistance:- For any given block x. it is computationally infeasible to find y≠x with
H(y)=H(x). This is referred as weak collision resistance.
Strong Collision Resistance:- It is computationally infeasible to find any pair (X,Y) such that
H(x)=H(y). This is referred as strong collision resistance.

P.SOLMON CSE DEPT, NIT. Page 12

 A hash function that satisfies the first five properties in Table 11.1 is referred to as a weak hash
function. If the sixth property, collision resistant, is also satisfied, then it is referred to as a strong
hash function.
As with encryption algorithms, there are two categories of attacks on hash functions: brute-force
attacks and cryptanalysis
Brute-Force Attacks
A brute-force attack does not depend on the specific algorithm but depends only on bit length. In
the case of a hash function, a brute-force attack depends only on the bit length of the hash value. A
cryptanalysis, in contrast, is an attack based on weaknesses in a particular cryptographic algorithm.
Cryptanalysis
As with encryption algorithms, cryptanalytic attacks on hash functions seek to exploit some
property of the algorithm to perform some attack other than an exhaustive search. The way to
measure the resistance of a hash algorithm to cryptanalysis is to compare its strength to the effort
required for a brute-force attack.
That is, an ideal hash algorithm will require a cryptanalytic effort greater than or equal to the brute-
force effort.

P.SOLMON CSE DEPT, NIT. Page 13

 WHAT IS KEY MANAGEMENT
Key management refers to the processes and procedures involved in generating, storing,
distributing, and managing cryptographic keys used in cryptographic algorithms to protect sensitive
data.
Types of Key Management
There are two aspects of Key Management:
 Distribution of public keys.
 Use of public-key encryption to distribute secrets.
Distribution of Public Key
The public key can be distributed in four ways:
 Public announcement
 Publicly available directory
 Public-key authority
 Public-key certificates.
These are explained as following below:
Public Announcement: Here the public key is broadcast to everyone. The major weakness of this
method is a forgery. Anyone can create a key claiming to be someone else and broadcast it. Until
forgery is discovered can masquerade as claimed user.
.

Publicly Available Directory: In this type, the public key is stored in a public directory.
Directories are trusted here, with properties like Participant Registration, access and allow to
modify values at any time, contains entries like {name, public-key}. Directories can be accessed
electronically still vulnerable to forgery or tampering.

P.SOLMON CSE DEPT, NIT. Page 14

 Public Key Authority: It is similar to the directory but, improves security by tightening control
over the distribution of keys from the directory. It requires users to know the public key for the
directory. Whenever the keys are needed, real-time access to the directory is made by the user to
obtain any desired public key securely.

Public Certification: This time authority provides a certificate (which binds an identity to the
public key) to allow key exchange without real-time access to the public authority each time. The
certificate is accompanied by some other info such as period of validity, rights of use, etc. All of
this content is signed by the private key of the certificate authority and it can be verified by anyone
possessing the authority’s public key.
First sender and receiver both request CA for a certificate which contains public key and other
information and then they can exchange these certificates and can start communication.

P.SOLMON CSE DEPT, NIT. Page 15

P.SOLMON CSE DEPT, NIT. Page 16