UNIT-5

Message Authentication and Hash

Functions
Outline

 Authentication
 Requirement
 Functions
 Message Authentication code
 Hash Functions
 Security of Hash Functions and Macs
 MD5 Message Digest Algorithm
 Secure Hash Algorithm
Message Authentication
 The process of identifying an individual, usually based on a username and password.
 In security systems, authentication is distinct from authorization , which is the process of
giving individuals access to system objects based on their identity.
 Authentication merely ensures that the individual is who he or she claims to be, but says
nothing about the access rights of the individual.
 Message Authentication is a mechanism to verify the integrity of message

 It is a service used to assures that data received are exactly as sent

 It checks message modification, insertion, deletion or replay and sender identity

Message Authentication Requirements
Message authentication is required to protect message from different kind of
attacks:
1. Disclosure: Release of message contents.
2. Traffic analysis: Analyses the traffic and observe the pattern of traffic between parties.
3. Masquerade: Insertion of messages into the network from a fraudulent source.
4. Content modification: Changes to the contents of a message.
5. Sequence modification: Any modification to a sequence of messages between parties.
6. Timing modification: Delay or replay of messages.
7. Source repudiation: Denial of transmission of message by source.
8. Destination repudiation: Denial of receipt of message by destination.
Message Authentication Requirements
1. Disclosure Requires Message
2. Traffic analysis Confidentiality
(Encryption)
3. Masquerade
4. Content modification Requires Message
5. Sequence modification Authentication

6. Timing modification
7. Source repudiation Requires Digital
8. Destination repudiation Signature
Authentication Functions
 Two level of Functionality with Digital signature and Message Authentication

o Produce an Authenticator
o Authenticator is a value to be used to authenticate a message
o Authentication Protocol at Receiver
Types of Functions
 To produce authenticator three Classes are used
• Message Encryption
• Cipher text act as an authenticator

• Message Authentication Code (MAC)

• Function of message and secret key used as MAC

• Hash Function
• It maps a message of any length into fixed length hash value which will be used as
authenticator
Message Encryption
 The cipher text of entire message is to be used to authenticate a message

 Message encryption itself provide a measure of authentication

 The Analysis differs in two way

• Symmetric Encryption
• Asymmetric Encryption
Symmetric Key Encryption
 Confidentiality and authentication provided by this technique

Source Destination

CT
M E D M

E(K,M)
K K
Public Key Encryption
 Provide Confidentiality not Authentication

Source Destination

CT
M E D M
E(PUb,M)

PUb PRb
Public Key Encryption
 With Authentication and Confidentiality

C C C
M E E T D D M
T T

E(PRa,M) E(PUb,E(PRa,M))
E(PRa,M)

PRa PUb PRb PUa

Public Key Encryption
Ways of Providing Structure
 Append an error-detecting code (frame check sequence (FCS)) to each message
MAC (Message Authentication Code)
 More commonly, message authentication is achieved using a MAC also known as keyed
hash function.
 MACs are used between two parties that share a secret key to authenticate information
exchanged between those parties.
 A MAC function takes as input a secret key and a data block and produces a hash value,
referred to as the MAC.
 The combination of hashing and encryption results in an overall function that is a MAC
(Method -2 in previous slide).

MAC = C ( K , M )
 In cryptography, a message authentication code (MAC), sometimes known as a tag, is a
short piece of information used to authenticate a message—in other words, to confirm
that the message came from the stated sender (its authenticity) and has not been
changed.
 The MAC value protects both a message's data integrity as well as its authenticity, by
allowing verifiers (who also possess the secret key) to detect any changes to the message
content. Essentially, a MAC is an encrypted checksum generated on the underlying
message that is sent along with a message to ensure message authentication.
Let us now try to understand the entire process in detail −

 The sender uses some publicly known MAC algorithm, inputs the message and the secret
key K and produces a MAC value.

 Similar to hash, MAC function also compresses an arbitrary long input into a fixed length
output. The major difference between hash and MAC is that MAC uses secret key during
the compression.

 The sender forwards the message along with the MAC. Here, we assume that the message
is sent in the clear, as we are concerned of providing message origin authentication, not
confidentiality. If confidentiality is required then the message needs encryption.
 On receipt of the message and the MAC, the receiver feeds the received message and the
shared secret key K into the MAC algorithm and re-computes the MAC value.

 The receiver now checks equality of freshly computed MAC with the MAC received from
the sender. If they match, then the receiver accepts the message and assures himself that
the message has been sent by the intended sender.

 If the computed MAC does not match the MAC sent by the sender, the receiver cannot
determine whether it is the message that has been altered or it is the origin that has been
falsified. As a bottom-line, a receiver safely assumes that the message is not the genuine.
Hash Function
 A hash function H accepts a variable-length
block of data M as input and produces a fixed-
size hash value h = H(M).
 A “good” hash function has the property that
the results of applying a change to any bit or
bits in M results, with high probability, in a
change to the hash code.
 A hash function is any function that can be
used to map data of arbitrary size to fixed-size
values.
 The values returned by a hash function are
called hash values, hash codes, digests, or
simply hashes.
 A hash function takes as input a key, which is associated with a record and used to identify it to
the data storage and retrieval application. The keys may be fixed length, like an integer, or variable
length, like a name.
 A cryptographic hash function (CHF) is a hash function that is suitable for use in cryptography.
 It is a mathematical algorithm that maps data of arbitrary size (often called the "message") to a bit
string of a fixed size (the "hash value", "hash", or "message digest") and is a one-way function, that
is, a function which is practically infeasible to invert.
 Ideally, the only way to find a message that produces a given hash is to attempt a brute-force
search of possible inputs to see if they produce a match
 h = H(M)
 M is a variable-length message, h is a fixed-length hash value, H is a hash function
 The hash value is appended at the source
 The receiver authenticates the message by recomposing the hash value
 Because the hash function itself is not considered to be secret, some means is required to
protect the hash value
 The ideal cryptographic hash function has the following main properties:
• it is deterministic, meaning that the same message always results in the same hash
• it is quick to compute the hash value for any given message
• it is infeasible to generate a message that yields a given hash value
• it is infeasible to find two different messages with the same hash value
• a small change to a message should change the hash value so extensively that the new
hash value appears uncorrelated with the old hash value (avalanche effect)
Input-Output behaviour of hash functions
Message Message
digest
Alice was beginning to get very tired of
sitting by her sister on the bank, and have H DFDC349A
nothing to do.

I am not a crook H FB93E283

I am not a cook H A3F4439B

Applications of Cryptographic Hash Functions
1. Message authentication
2. Digital Signature
3. One-way password file
1. Message Authentication
 Message authentication is a mechanism or service used to verify the integrity of a
message.
 Message authentication assures that data received are exactly as sent (i.e., contain no
modification, insertion, deletion, or replay).
 When a hash function is used to provide message authentication, the hash function value
is often referred to as a message digest.
Message authentication method - 1
Source A Destination B
H
M ll E D M
Compare
H K K
H(M)
E (K, [ M || H(M)])
 Only A and B share the secret key, the message must have come
from A and has not been altered.
 The hash code provides the structure required to achieve
authentication.
 Because encryption is applied to the entire message plus hash
code, confidentiality is also provided.
Message authentication method - 2
Source A Destination B
H
M ll M Compare
K K

H E D
E(K, H(M))

 Only the hash code is encrypted, using symmetric encryption.

 This reduces the processing burden for those applications that do
not require confidentiality.
Message authentication method - 3
Source A Destination B
ll H
M ll M S
Compare

S ll H
H(M || S)
 It is possible to use a hash function but no encryption for message
authentication.
 A and B share a common secret value S.
 A computes the hash value over the concatenation of M and S
and appends the resulting hash value to M. Because B possesses S,
it can recompute the hash value to verify the message.
 An opponent cannot modify an intercepted message.
Message authentication method - 4
Source A Destination B
ll H
E D M S
M ll
Compare

ll H K K
S
H(M || S)
E (K, [ M || H(M || S)])

 Confidentiality can be added to the approach of method (3) by

encrypting the entire message plus the hash code.
Requirements for hash functions
1. Can be applied to any length of message M.
2. Produces fixed-length output h.
3. It is easy to compute h=H(M) for any message M.
4. Given hash value h is infeasible to find y such that (H(y) = h)
• One-way property (In other words, given a fingerprint, we cannot derive a matching
message).
5. For given block x, it is computationally infeasible to find
y ≠ x with H(y) = H(x)
• Weak collision resistance
6. It is computationally infeasible to find messages m1 and m2 with H(m1) = H(m2)
• Strong collision resistance
Simple Hash Function
 The input (message, file, etc.) is viewed as a sequence of n-bit blocks.
 The input is processed one block at a time in an iterative fashion to produce an n-bit hash
function.
 One of the simplest hash functions is the bit-by-bit exclusive-OR (XOR) of every block.

Where,
= ith bit of the hash code 1 ≤ i ≤ n
m = number of n-bit blocks in the input
= ith bit in jth block
Security of Hash functions
 Brute-force attacks
• Strength of hash function against brute force attacks is 2n/2
 Cryptanalysis
• It forces on the internal structure of F
• Base on attempts to find efficient techniques for producing collisions for single
execution of
Message Digests(Hash)

● A message digest is a fingerprint or the summary of a message. (Same as LRC and CRC)

● It is used to verify integrity of the data (To ensure that message has not been tampered).

Idea of a Message Digest

● Ex: Calculate the message digest of number 7391743

● Multiply each digit in the number with the next digit (excluding if it is 0) and disregarding the first

digit of the multiplication operation, it the result is two-digit number.

Calculate MD for 7391743

● Multiply 7 by 3 - 2
● Discard first digit - 1
● Multiply 1 by 9 - 1
● Multiply 9 by 1 - 9
● Multiply 9 by 7 - 9
● Discard first digit - 6
3
● Multiply 3 by 4 -
3
● Discard first digit -
1
● Multiply 2 by 3 -
2
● Message digest is
2
6
6
MD5 (Message Digest 5)
● MD5 is a message digest algorithm developed by Ron Rivest.
● MD5 algorithm can be used as a digital signature mechanism.
● The MD5 hashing algorithm is a one-way cryptographic function that accepts a message of
any length as input and returns as output a fixed-length digest value to be used for
authenticating the original message.
 Description of the MD5 Algorithm
● Takes as input a message of arbitrary length and produces as output a 128 bit “fingerprint” or “message

digest” of the input.

● It it is computationally infeasible to produce two messages having the same message digest.

● Intended where a large file must be “compressed” in a secure manner before being encrypted with a

private key under a public-key cryptosystem such as PGP.

 MD5 Algorithm
● Suppose a b-bit message as input, and that we need to find its message digest.

Step-1 Padding

Step-2 Append length

Step-3 Divide the input into 512-bit blocks. Step-4 Initialize chaining variables (4 variables)
Step-5 Process blocks
Step-1
● MD5 is to add padding bits to the original message.

● The aim of this step is make length of the original message equal to a value, which is 64 bits less than

an exact multiple of 512.

● Ex: 1000 bits of message (1000+472+64)

● The padding consists of a single “1” bit is appended to the message, and then “0” bits.
Step 2 – append length:
● A 64 bit representation of b is appended to the result of the previous step.
● The resulting message has a length that is an exact multiple of 512 bits
Step-3 Divide the input into 512-bit blocks

Data to be hashed (Digested) 1536

bits

512 bits 512 bits 512

bits
Step-4 Initialize chaining variables
● A four-word buffer (A,B,C,D) is used to compute the message digest.
● Here each of A,B,C,D, is a 32 bit register.
 Step-5 Process blocks
1. – Copy the four variables (32*4 = 128)
2. – Divide the 512- bit block into 16 sub-
blocks.

512
bits

32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32
bits 5.3 – Process each block with A, B, C,
bits bits bits bits bits bits bits bits bits bits bits bits bits bits bits

D.
5.3 - Process each block with A, B, C, D.
SHA - Secure Hash Algorithm
SHA - 1 SHA - 224 SHA - 256 SHA - 384 SHA - 512
Message
Digest Size 160 224 256 384 512

Message Size < 264 < 264 < 264 < 2128 < 2128
Block Size 512 512 512 1024 1024
Word Size 32 32 32 64 64
Number of
Steps 80 64 64 80 80
SHA - 512
 The algorithm takes input as a message with a maximum length of less than 2128 bits and
produces output as a 512-bit message digest.
 The input is processed in 1024-bit blocks.
Message Digest Generation using SHA - 512

Message (L bit) 10000…0 L

M1 (1024 bits) M2 (1024 bits) MN (1024 bits)

F F F

+ + +

IV=H0 H1 (512 H2 (512 HN (512

bits) bits) bits)
Step - 1 Append Padding Bits
 The message is padded so that its length is congruent to 896 modulo 1024 [length ≡
896(mod 1024)].
 Padding is always added, even if the message is already of the desired length.
 Thus, the number of padding bits is in the range of 1 to 1024.
 The padding consists of a single 1 bit followed by the necessary number of 0 bits.
Step - 2 Append Length
 A block of 128 bits is appended to the message.
 This block is treated as an unsigned 128-bit integer (most significant byte first) and
contains the length of the original message (before the padding).
Step-1 and Step-2 Example
Example:
 Given is the message “abc” consisting of three 8-bit ASCII characters with a total length of l
=24 bits.
A B C
01100001 01100010 01100011

 We append a “1” followed by k = 871 zero bits, where k is determined by

k≡ 896−(l+1)=896−25=871 mod 1024.
 Finally, we append the 128-bit value which contains the binary representation of the length l
=2410 =110002.
 The padded message is then given by
A B C Append Length

01100001 01100010 01100011 10000..0 00..011000

Step - 3 Initialize hash buffer
 The outcome of the first two steps produces a message that is an integer multiple of 1024
bits in length.
 The expanded message is represented as the sequence of 1024-bit blocks M1 , M2, … , MN,
so that the total length of expanded message is N X 1024 bits.
 A 512-bit buffer is used to hold intermediate and final results of the hash function. The
buffer can be represented as eight 64-bit registers (a, b, c, d, e, f, g, h).
Step - 4 Process message in 1024-bit (128-word) blocks
 The heart of the algorithm is a module that consists of 80 rounds and this module is
labelled as F function.
SHA - 512 Processing of a Single 1024-Bit Block
Mi Hi-1

Message
schedule
a b c d e f g e 64
W0 K0
Round 0

a b c d e f g e 64
W79 K79
Round 79

+ + + + + + + +

Hi
SHA - 512 Processing of a Single 1024-Bit Block
 Each round takes as input the 512-bit buffer value, abcdefgh, and updates the contents of
the buffer.
 At input to the first round, the buffer has the value of the intermediate hash value, Hi-1.
 Each round t makes use of a 64-bit value Wt, derived from the current 1024-bit block
being processed.
 The output of the eightieth round is added to the input to the first round (Hi-1) to produce
Hi.
Step – 5 Output
 After all Nth block of 1024-bit have been processed, the output from the Nth stage is the
512-bit message digest.
SHA - 512 Round Function
SHA - 512 Round Function – Cont…

a b c d e f g h

Ch +
Ʃ Maj

+ Ʃ +

+ +
+ Wt

+ Kt

a b c d e f g h
 (∑ )
512
𝑇 1=h+ Ch ( 𝑒 , 𝑓 , 𝑔 ) + 𝑒 + 𝑊 𝑡+ 𝐾𝑡
1

(∑ )
512
𝑇 2= 𝑎 + Maj ( 𝑎 , 𝑏 ,𝑐 )
0
SHA - 512 Round Function Elements
 Maj(a,b,c) = (a AND b) XOR (b AND c) XOR (a AND c) Majority of arguments are true.
 Conditional function = (e AND f) XOR (NOT e and g)
 ∑(a) = ROTR(a,28) XOR ROTR(a,34) XOR ROTR(a,39)
 ∑(e) = ROTR(e,14) XOR ROTR(e,18) XOR ROTR(e,41)
 + = addition modulo 264
 Kt = a 64-bit additive constant.
 Wt = a 64-bit word derived from plaintext.
 ROTR = Circular right shift rotataion