MAC / Message Authentication Code
Asymmetric & Symmetric
Disadvantage for Asymmetric :
·
Slower
·
Output
cipher text is generally longer than input plain text
Disadvantage for symmetric :
·
Same
key for encryption & decryption
Digital envelope specified that key is secure and output =
plain text
A---------------------------B
Sender
Receiver
Step 1 : A is sender encrypts data using symmetric key
cryptographic algorithms
E g: AES, RC-5…
Suppose the output is CT . Key used is k1 (symmetric key)
Step 2 : Sender encrypts the k1 (symmetric key) using B’s public
key (k2)
Step 3 : A takes the CT (cipher text) & encrypted k1
& puts inside digital envelope.
Step 4: A transmit this digital envelopes to B
Step 5 : B receive the digital envelopes and CT &
encrypted key
Step 6 : B decrypts the encrypted key using B’s Private key.
B will get
k1.
Step 7 : B decrypts the encrypted data using k1 à PT
MAC / Message Authentication Code
Fingerprint
of the message
No encryption
algorithm involved (only for maintaining integrity)
A-------------------------B
Sender Receiver
Step 1 : A & B agree upon a symmetric key that is not
know to third person
Message is à M
Key is à K
Step 2 : A calculates MAC using symmetric K
M ---------------àH1 (MAC)
+key
(k)
Step 3 : A sends M1+ h1 to B
Step 4 : B receives M + H1
B also checks that whether the
message is altered, so B calculates again MAC over message M.
Step 5 : B now compares H1 & H2 if H1=H2.
No modification of the message
otherwise H1 ≠ H2 then same
modification of the message.
HMAC / Hash based Message Authentication Code
1.
Chosen
as mandatory security implementation for internet protocol.
2.
Also
used for SLL / secure socket layer in internet
3.
It
was message digest algorithm like MDS or SHA-1
|
Original
message
|
 |
Using MD5
or SHA-1
|
||||
  HMAC |
||||||
|
MD
|
||||||
Disadvantages :
1.
Key
exchange
2.
If
multiply receivers & one sender
Digital Signature
Introduction ;
1.
Ro
resolve problem related ro HMAC, DSS (digital signature standard) was
introduced
2.
NIST
published this DSS as federal information processing standard (FIPS) PUB 186 in
1991 and was further revised in 1993 & 1996
3.
DSS
was either DSA à Digital Signature Algorithm or RSA.
Working of DS
A---------------B
Sender Receiver
Step 1 : Sender A uses SHA-1
algorithm to find out hash value over original message (M)
|
Original Message
|
SHA-1|
MDI
|
Step 2 : Sender A encrypts the
message digest generated in step 1 by A’s private key
MDI---------encrypted using private
key-----------------à Digital Signature
Step 3: A sends message and digital
signature to B
Step 4 : B receives message and DS
Step 5 : B calculates message digest
on the message received from.
A or B decrypts the
digital signatures using A’s private public key.
Digital Certificates
Digital certificare was introduced to solve problem man –in the
middle attecks.
Passport à issued government authority
DC à Issued by trusted organization known as certification authority (CA)
Public key infrastructure :
1.
Certification
authority (CA)
2.
Registration
authority (RA)
3.
Self
signature digital certification
4.
Cross-certification
5.
Certificate
Revocation list (CRL)
1.Certification authority (CA)
·
Trusted
agency that can issue digital certificates
·
CA
can be financial institutions or s/w company or government organization like
post office
·
It
provide standard for digital certificates X.509 is popularly used for DC
Structure of Digital Certificates
·
Version
·
Certificate
serial number
·
Signature
algorithm identifier
·
Issuer
name
·
Validity
(not before |no after)
·
Subject
name
·
Subject
public key information
·
Issuer
unique identifier
·
Extention
·
Certificates
authority DS
2.Registration Authority
RA provide following services :
ü Accepting & verifying the request
for issue of digital certificates
ü Generating keys on behalf of end
users
ü Accepting & authorizing request
for key back up & recovery
ü Accepting & authorizing request
for certificate revocation
