Computer Security CS477Lecture 7Ching-Hua ChuanSeptember 24th 2008AdministrationToday’s Outline The SHA Secure Hash Function (Chap 3.2) HMAC Secure Hash Algorithm (SHA) SHA The first version was developed by the National Institute of Standards and Technology (NIST) and published as a federal information processing standard in 1993. Several versions were developed: SHA-1, SHA-256, SHA-384, SHA-512Comparisons of SHA ParametersSecurity: against birthday attackSHA-512 Input: < 2128bits, output: 512- bit message digest.Step 1: padding the message so that its length is 896 mod 1024.SHA-512Step 2: append a 128-bit block to the message.Total length = N x 1024SHA-512Step 3: initialize hash buffer.64-bit registerTotal: 512 bits5BE0CD…abcdefghSHA-512Step 4: process message in 1024-bit (128-word) blocks.SHA-512Step 4: process message in 1024-bit (128-word) blocks.SHA-512 The function: 80 rounds For each round, Wt: 64-bit from Mi Kt: an additive constant Kt: Provides a randomized set of 64-bit patterns, eliminating any regularities in the input dataHi-1SHA-512Step 5: output is the 512-bit message digest (HN)SHA-512 Characteristics of SHA-512 Every bit of the hash code is a function of every bit of the input. The complex repetition of function F produces well-mixed results Security Strength Coming up two messages with the same hash code needs 2256operations. Finding a message with a given digest needs 2512operations.HMAC Motivations for developing a MAC from a cryptographic hash code: Hash function is faster in software than encryption Library code for has is widely available A hash function such as SHA was not designed for use as a MAC because it does not rely on a secrete keyRecall: Message Authentication Code MAC: a small block of data generated by using a shared secrete key on the messageHMAC Objectives To use, without modifications, available hash functions. To allow easy replacement of the embedded hash function. To preserve the original performance of the hash. To use and handle keys in a simple way. To have a well-understood cryptographic analysis of the strength of the MAC based on reasonable assumptions on the embedded hash.HMAC Algorithmopad: 01011100 repeated b/8 timesK+: secrete key K padded with zero (b bits)b bitsipad: 00110110 repeated b/8 timesb bitsYi: ith block of M, 0<= i <= (L-1)b(L+1) bitsOutput: n-bit HMAC(K, M)= H[ (K+opad) || H[ (K+ipad)||M ] ]Characteristics of HMAC XOR with ipad/opad Flipping different halves of bits of K. (Randomization) So, Si Pseudorandomly generates two keys from K. Performance HMAC should execute in approximately the same time as the embedded hash.Today’s Summary The SHA Secure Hash Function (Chap 3.2) Versions, parameters, algorithm Characteristics and security strength HMAC Motivations, objectives Algorithm
View Full Document