[PPT] - Mes Messa sage ge Aut uthe hent ntica ication tion Cod Codes PowerPoint Presentation

SLIDE 1

Introduction to Modern Cryptography Sharif University Spring 2015

Data and Network Security Lab Sharif University of Technology Department of Computer Engineering

Mes Messa sage ge Aut uthe hent ntica ication tion Cod Codes es Instructor: Ahmad Boorghany

1 / 80

Most of the slides are obtained from Bellare and Rogaway’s “Introduction to Modern Cryptography” course.

SLIDE 2

Introduction to Modern Cryptography Sharif University Spring 2015

 Message Authentication  Message Authentication Code (MAC)  PRFs as good MACs  Constructing MACs  Birthday Attack and Security Bounds  HMAC  Universal Hashing and Message Authentication

Outline

2 / 80

SLIDE 3

Introduction to Modern Cryptography Sharif University Spring 2015

Message Authentication

3 / 80

SLIDE 4

Introduction to Modern Cryptography Sharif University Spring 2015

Integrity and authenticity

4 / 80

SLIDE 5

Introduction to Modern Cryptography Sharif University Spring 2015

Integrity and authenticity example

5 / 80

SLIDE 6

Introduction to Modern Cryptography Sharif University Spring 2015

Medical databases

6 / 80

SLIDE 7

Introduction to Modern Cryptography Sharif University Spring 2015

Does privacy provide authenticity?

7 / 80

SLIDE 8

Introduction to Modern Cryptography Sharif University Spring 2015

Counterexample: OTP

8 / 80

SLIDE 9

Introduction to Modern Cryptography Sharif University Spring 2015

Adding redundacy

9 / 80

SLIDE 10

Introduction to Modern Cryptography Sharif University Spring 2015

What went wrong?

10 / 80

SLIDE 11

Introduction to Modern Cryptography Sharif University Spring 2015

Message Authentication Code (MAC)

11 / 80

SLIDE 12

Introduction to Modern Cryptography Sharif University Spring 2015

Message authentication codes

12 / 80

SLIDE 13

Introduction to Modern Cryptography Sharif University Spring 2015

Example

13 / 80

SLIDE 14

Introduction to Modern Cryptography Sharif University Spring 2015

Security: What the adversary gets

14 / 80

SLIDE 15

Introduction to Modern Cryptography Sharif University Spring 2015

Security: Key-recovery

15 / 80

SLIDE 16

Introduction to Modern Cryptography Sharif University Spring 2015

Security: Forgery

16 / 80

SLIDE 17

Introduction to Modern Cryptography Sharif University Spring 2015

uf-cma adversaries

17 / 80

SLIDE 18

Introduction to Modern Cryptography Sharif University Spring 2015

uf-cma adversaries

18 / 80

SLIDE 19

Introduction to Modern Cryptography Sharif University Spring 2015

UF-CMA

19 / 80

SLIDE 20

Introduction to Modern Cryptography Sharif University Spring 2015

Definition: UF-CMA

20 / 80

SLIDE 21

Introduction to Modern Cryptography Sharif University Spring 2015

The measure of success

21 / 80

SLIDE 22

Introduction to Modern Cryptography Sharif University Spring 2015

MAC security

22 / 80

SLIDE 23

Introduction to Modern Cryptography Sharif University Spring 2015

Tag lengths

23 / 80

SLIDE 24

Introduction to Modern Cryptography Sharif University Spring 2015

Example 1

24 / 80

SLIDE 25

Introduction to Modern Cryptography Sharif University Spring 2015

Example 1

25 / 80

SLIDE 26

Introduction to Modern Cryptography Sharif University Spring 2015

Example 1

26 / 80

SLIDE 27

Introduction to Modern Cryptography Sharif University Spring 2015

Example 1

27 / 80

SLIDE 28

Introduction to Modern Cryptography Sharif University Spring 2015

Example 1

28 / 80

SLIDE 29

Introduction to Modern Cryptography Sharif University Spring 2015

Example 1

29 / 80

SLIDE 30

Introduction to Modern Cryptography Sharif University Spring 2015

Example 2

30 / 80

SLIDE 31

Introduction to Modern Cryptography Sharif University Spring 2015

Example 2

31 / 80

SLIDE 32

Introduction to Modern Cryptography Sharif University Spring 2015

Example 2

32 / 80

SLIDE 33

Introduction to Modern Cryptography Sharif University Spring 2015

Attack on Example 2

33 / 80

SLIDE 34

Introduction to Modern Cryptography Sharif University Spring 2015

PRFs as good MACs

34 / 80

SLIDE 35

Introduction to Modern Cryptography Sharif University Spring 2015

Any PRF is a MAC

35 / 80

SLIDE 36

Introduction to Modern Cryptography Sharif University Spring 2015

Intuition for why PRFs are good MACs

36 / 80

SLIDE 37

Introduction to Modern Cryptography Sharif University Spring 2015

Random functions are good MACs

37 / 80

SLIDE 38

Introduction to Modern Cryptography Sharif University Spring 2015

Random functions are good MACs

38 / 80

SLIDE 39

Introduction to Modern Cryptography Sharif University Spring 2015

PRFs are nearly as good MACs as random functions

39 / 80

SLIDE 40

Introduction to Modern Cryptography Sharif University Spring 2015

PRFs are good MACs

40 / 80

SLIDE 41

Introduction to Modern Cryptography Sharif University Spring 2015

Games for proof

41 / 80

SLIDE 42

Introduction to Modern Cryptography Sharif University Spring 2015

Adversary B

42 / 80

SLIDE 43

Introduction to Modern Cryptography Sharif University Spring 2015

Analysis

43 / 80

SLIDE 44

Introduction to Modern Cryptography Sharif University Spring 2015

Proof of Claim

44 / 80

SLIDE 45

Introduction to Modern Cryptography Sharif University Spring 2015

Proof of Claim

45 / 80

SLIDE 46

Introduction to Modern Cryptography Sharif University Spring 2015

Proof of Claim

46 / 80

SLIDE 47

Introduction to Modern Cryptography Sharif University Spring 2015

Constructing MACs

47 / 80

SLIDE 48

Introduction to Modern Cryptography Sharif University Spring 2015

Basic CBC MAC

48 / 80

SLIDE 49

Introduction to Modern Cryptography Sharif University Spring 2015

Splicing attack on basic CBC MAC

49 / 80

SLIDE 50

Introduction to Modern Cryptography Sharif University Spring 2015

Preventing the splicing attack

50 / 80

SLIDE 51

Introduction to Modern Cryptography Sharif University Spring 2015

ECBC MAC

51 / 80

SLIDE 52

Introduction to Modern Cryptography Sharif University Spring 2015

Birthday Attack and Security Bounds

52 / 80

SLIDE 53

Introduction to Modern Cryptography Sharif University Spring 2015

Birthday attacks on MACs

53 / 80

SLIDE 54

Introduction to Modern Cryptography Sharif University Spring 2015

The birthday attack

54 / 80

SLIDE 55

Introduction to Modern Cryptography Sharif University Spring 2015

Internal collisions

55 / 80

SLIDE 56

Introduction to Modern Cryptography Sharif University Spring 2015

Exploiting internal collisions to forge

56 / 80

SLIDE 57

Introduction to Modern Cryptography Sharif University Spring 2015

Exploiting internal collisions to forge

57 / 80

SLIDE 58

Introduction to Modern Cryptography Sharif University Spring 2015

Finding internal collisions

58 / 80

SLIDE 59

Introduction to Modern Cryptography Sharif University Spring 2015

Birthday attack on 3-restricted basic CBC MAC T

59 / 80

SLIDE 60

Introduction to Modern Cryptography Sharif University Spring 2015

Truncation

60 / 80

SLIDE 61

Introduction to Modern Cryptography Sharif University Spring 2015

Security of basic CBC MAC

61 / 80

SLIDE 62

Introduction to Modern Cryptography Sharif University Spring 2015

Security of basic CBC MAC

62 / 80

SLIDE 63

Introduction to Modern Cryptography Sharif University Spring 2015

Security of ECBC

63 / 80

SLIDE 64

Introduction to Modern Cryptography Sharif University Spring 2015

Security of ECBC

64 / 80

SLIDE 65

Introduction to Modern Cryptography Sharif University Spring 2015

Non-full messages

65 / 80

SLIDE 66

Introduction to Modern Cryptography Sharif University Spring 2015

Non-full messages

66 / 80

SLIDE 67

Introduction to Modern Cryptography Sharif University Spring 2015

HMAC

67 / 80

SLIDE 68

Introduction to Modern Cryptography Sharif University Spring 2015

MACing with hash functions

68 / 80

SLIDE 69

Introduction to Modern Cryptography Sharif University Spring 2015

Extension attack

69 / 80

SLIDE 70

Introduction to Modern Cryptography Sharif University Spring 2015

Extension attack

70 / 80

SLIDE 71

Introduction to Modern Cryptography Sharif University Spring 2015

HMAC [BCK96]

71 / 80

SLIDE 72

Introduction to Modern Cryptography Sharif University Spring 2015

HMAC

72 / 80

SLIDE 73

Introduction to Modern Cryptography Sharif University Spring 2015

HMAC Security

73 / 80

SLIDE 74

Introduction to Modern Cryptography Sharif University Spring 2015

Universal Hashing and Message Authentication

74 / 80

SLIDE 75

Introduction to Modern Cryptography Sharif University Spring 2015

Paradigms for MACing

75 / 80

SLIDE 76

Introduction to Modern Cryptography Sharif University Spring 2015

AU Families

76 / 80

SLIDE 77

Introduction to Modern Cryptography Sharif University Spring 2015

NH [BHKKR]

77 / 80

SLIDE 78

Introduction to Modern Cryptography Sharif University Spring 2015

From AU to MAC

78 / 80

SLIDE 79

Introduction to Modern Cryptography Sharif University Spring 2015

Performance

79 / 80

SLIDE 80

Introduction to Modern Cryptography Sharif University Spring 2015

Questions?

80 / 80