# Security

Only available on StudyMode
• Topic: Cryptography, Cryptographic hash function, RSA
• Pages : 23 (3919 words )
• Published : April 17, 2013

Text Preview
ePayment Security ECOM 6016 Electronic Payment Systems
• Keep financial data secret from unauthorized parties (privacy) – CRYPTOGRAPHY

Lecture 3 ePayment Security

• Verify that messages have not been altered in transit (integrity) – HASH FUNCTIONS

• Prove that a party engaged in a transaction ( (nonrepudiation) ) – DIGITAL SIGNATURES

• Verify identity of users (authentication)

THE UNIVERSITY OF HONG KONG

FEB/MAR 2012

THE UNIVERSITY OF HONG KONG

FEB/MAR 2012

Cryptography and Hash Functions yp g p y
• Message digest (hash) algorithms
– Secure Hash Algorithm: SHA-1, SHA-2, SHA-3 competition – Securing passwords

Hash Functions
• A “hash” is a short function of a message, f ti f sometimes called a “message digest” g g • BUT: a hash is not uniquely reversible • Many messages have the same hash Hash function H produces a fixed size hash of a message M, usually 128‐512 bits h = H(M)

• S Symmetric encryption ti ti
– DES and variations – AES: Rijndael

• Public-key algorithms
– RSA

• Defending against attacks
– Salting, nonces g

• Digital signatures

THE UNIVERSITY OF HONG KONG

FEB/MAR 2012

THE UNIVERSITY OF HONG KONG

FEB/MAR 2012

One-Way Hash Functions
• For any string s, H(s), the hash of s, is of fixed length (shorter than ) ( h t th s) • Hashes should be easy to compute • A “one-way” has is computationally difficult to invert: can’t find any message corresponding to a given hash This is a message M  This is a message M that we want to make  unalterable so it  cannot be forged or  modified.

One-Way Hash Functions
• There are plenty of hash functions but no obvious one-way h h f hash functions ti • Good one-way hashes have the diffusion property: Altering any bit of the message changes many bits of the hash • This prevents trying similar messages to see if they hash to the same thing We ll non reversibility • We’ll see how non-reversibility provides security

h = H(M) H
52f21cf7c7034a20 17a21e17e061a863
This is the hash of message M

M:

THE UNIVERSITY OF HONG KONG

FEB/MAR 2012

THE UNIVERSITY OF HONG KONG

FEB/MAR 2012

Uses of One Way Hash Functions One-Way
• • • • Password verification Message authentication (message digests) Prevention of replay attack Digital signatures

Key-Hashed Message Authentication Codes (HMACs)
Shared Key Original Plaintext

Hashing with MD5, SHA, etc. HMAC Key-Hashed Message Authentication Code (HMAC)

Appended to Plaintext Before Transmission HMAC Original Plaintext Note: No encryption; only hashing

THE UNIVERSITY OF HONG KONG

FEB/MAR 2012

THE UNIVERSITY OF HONG KONG

FEB/MAR 2012

Key-Hashed Message Authentication Codes (HMACs)

Nonce to Prevent Replay Attack p y
• Replay attack: repeating the messages in a challenge-response protocol (lik username/ h ll t l (like / password) to gain access to a system • Defense: make the messages different EVERY TIME the protocol is used. • But how? The username and password don’t change don t • Answer: use a random number, called a “nonce” each time. Require the user to include the nonce in his response • NOTE: Nonce is an obsolete word: “for the nonce” means “for the time being,” “just for now” THE UNIVERSITY OF HONG KONG FEB/MAR 2012 © 2012 MICHAEL I. SHAMOS

Hashing with same algorithm ith Computed HMAC

COMPARE