Terms
Authenicator |
Additional information appended to a message to enable the receiver to verify that the message should be accepted as authentic. The authenticator may be functionally independent of the content of the message itself (e.g., a nounce or a source identifier) or it may be a function of the message contents (e.g., a hash value or a cryptographic checksum). |
|
Birthday Attack |
When short hash codes are used it is not difficult to find two messages that produce the same hash code, but have slightly different meanings - p332-333. |
|
Birthday Paradox |
Let $$P(n,k)$$ be the probability that at least one duplicate in k items exists when each item can take on one of n different values. So $$P(365,10)$$ is the probability that we have a duplicate in 10 peoples birthdays. It is easier to calculate the number of ways we can not have a duplicate $$N=365 \times 364 \times ... \times (365-k+1) = \frac{365!}{(365-k)!}$$. The number of ways with duplicates is $$N_D = (365)^k$$. Then the probability of at least one duplicate is $$1-\frac{365!}{(365-k)!(365)^k}$$ |
|
Compression Function |
In the context of hash functions takes two inputs: (1) an n-bit input from the previous step called a chaining variable and a b-bit block (block of the message), and outputs a n-bit output. |
|
Cryptographic Checksum |
An authenticator that is a cryptographic function of both the data to be auth4enticated and a secret key. Also referred to as a message authentication code (MAC) |
|
Hash Function |
A function that maps a variable-length data block or message into a fixed-length value called a hash code (also referred to as a message digest). |
|
Message Authentication |
Measures to deal with (1) Masquerade Attack (2) Content Modification Attack (3) Sequence Modification Attack (4) Timing Modification Attack |
|
Message Digest |
see 339 |
|
One-way hash function |
see 339 |
|
Strong/Weak collision resistance |
see 339| |
Review Questions
11.1 What types of attacs are addressed by message authentication?
See Message Authentication above or p 313 3-6.
11.2 What two levels of functionality comprise a message authentication ro digital signature mechanism?
- The lower level: some sort of function that produces an authenticator (see authenticator above).
- A higher level: Protocol that enables a receiver to verify the authenticity of a messege using the lower level function.
11.3 What are some approaches to producing message authentication?
- Message encryption
- Message authentication code (see above)
- Hash Function
11.4 When a combination of symmetric encryption and an error control code is used for message authentication, in what order must the two functions be performed?
Append the error control code to the message and then encrypt it. (P. 316)
11.5 What is a message authentication code
See Cryptographic Checksum above
11.6 What is the difference between a message authentication code and a one-way hash function?
The MAC requires a key.
11.7 In what ways can a hash value be secured so as to provide message authentication?
Encrypt it (most likely with a private key).
11.8 Is it necessary to recover the secret key in order to attack a MAC algorithm?
No, but it is similarly difficult to attacking the key and must be done online with chosen text-MAC pairs. See p 336.3.
11.9 What characteristics are needed in a secure hash function?
- H can be applied to a block of data of any size.
- H produces a fixed-length output.
H(x) is relatively easy to compute for any given x, making both hardware and software implementations practical.
For any given value h, it is computationally infeasible to find x such that H(x) = h. This is sometimes referred to as the one-way property.
For any given block x, it is computationally infeasible to find y != x with H(y)=H(x). This is sometimes referred to as weak collision resistance.
It is computationally infeasible to find any pair (x,y) such that H(x)=H(y). This is sometimes referred to as strong collisi9on resistance.
11.10 What is the difference between strong and weak collision resistance?
See above!
What is the role of a compression function in a hash function
See "Compression function" above.