Internet Security - Dang Thanh Binh's Page

More documents

Recommendations

Info

HASH FUNCTION, MESSAGE DIGEST AND HMAC 155 Register output t A B C D E 77 8243ecda 6240e72c 67bb0c15 21095e62 c76126c5 78 a8342af0 8243ecda 189039cb 67bb0c15 21095e62 79 e1426096 a8342af0 a090fb36 189039cb 67bb0c15 After all 512-bit blocks have been processed, the output represented by the five words, H0, H1, H2, H3 and H4 is the 160-bit message digest as shown below: H0: 48878397 H1: 9801d679 H2: 394bd834 H3: 28c28e41 H4: 2b8dee05 The 160-bit message digest is then the data concatenation of {Hi}: H0||H1||H2||H3||H4 = 488783979801d679394bd83428c28e412b8dee05 As discussed previously, the digitised document or message of any length can create a 160-bit message digest which is produced using the SHA-1 algorithm. Any change to a digitised message in transit results in a different message digest. In fact, changing a single bit of the data modifies at least half of the resulting digest bits. Furthermore, it is computationally impossible to find two meaningful messages that have the same 160-bit digest. On the other hand, given a 160-bit message digest, it is also impossible to find a meaningful message with that digest. 4.5 Hashed Message Authentication Codes (HMAC) The keyed-hashing Message Authentication Code (HMAC) is a key-dependent one-way hash function which provides both data integrity and data origin authentication for files sent between two users. HMACs have the same properties as the one-way hash functions discussed earlier in this chapter, but they also include a secret key. HMACs can be used to authenticate data or files between two users (data authentication). They can also be used by a single user to determine whether or not his files have been altered (data integrity). To evaluate HMAC over the message or file, the following expression is required to compute: HMAC = H [(K ⊕ opad)||H [(K ⊕ ipad)||M]] where ipad = inner padding = 0 x 36 (repeated b times)
156 INTERNET SECURITY = 00110110 (0 x 36) repeated 64 times (512 bits) opad = outer padding = 0 x 5c (repeated b times) = 01011100 (0 x 5c) repeated 64 times (512 bits) b: Block length of 64 bytes = 512 bits h: Length of hash values, i.e. h = 16 bytes = 128 bits for MD5 and h = 20 bytes = 160 bits for SHA-1. K: Secret key of any length up to b = 512 bits. H : Hash function where message is hashed by iterating a basic key K. The HMAC equation is explained as follows: 1. Append zeros to the end of K to create a b-byte string (i.e. if K = 160 bits in length and b = 512 bits, then K should be appended with 352 zero bits or 44 zero bytes 0x00, resulting in K ′ = (K||0x00) 2. XOR (bitwise exclusive-OR) K ′ with ipad to produce the b-bit block computed in step 1. 3. Append M to the b-byte string resulting from step 2. 4. Apply H to the stream generated in step 3. 5. XOR (bitwise exclusive-OR) K ′ with opad to produce the b-byte string computed in step 1. 6. Append the hash result H fromstep4totheb-byte string resulting from step 5. 7. Apply H to the stream generated in step 6 and output the result. Figure 4.14 illustrates the overall operation of HMAC, explaining the steps, listed above. Example 4.8 Consider HMAC computation by using a hash function SHA-1. Assume that the message (M), the key (K) and the initialisation vector (IV) are given as follows: M: 0x1a7fd53b4c K: 0x31fa7062c45113e32679fd1353b71264 IV: A = 0x67452301, B = 0xefcdab89, C = 0x98badcfe, D = 0x10325476, E = 0xc3d2e1f0 Referring to Figure 4.14, the HMAC–SHA-1 calculation proceeds with the steps shown below: K ′ = K||(0x00 ...00)(512 bits) = 31fa7062 c45113e3 2679fd13 53b71264 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
Page 1 and 2:
TEAMFLY
Page 4:
Internet Security
Page 7 and 8:
Copyright © 2003 John Wiley & Sons
Page 9 and 10:
vi CONTENTS 2.3 World Wide Web 47 2
Page 11 and 12:
viii CONTENTS 5.6 The Elliptic Curv
Page 13 and 14:
x CONTENTS 10.2.5 De-militarised Zo
Page 16 and 17:
Preface The Internet is global in s
Page 18 and 19:
PREFACE xv Policy Approval Authorit
Page 20 and 21:
PREFACE xvii classified into three
Page 22 and 23:
1 Internetworking and Layered Model
Page 24 and 25:
INTERNETWORKING AND LAYERED MODELS
Page 26 and 27:
Page 28 and 29:
Page 30 and 31:
Layer No. 7 6 5 4 3 2 1 OSI Layer A
Page 32 and 33:
Page 34 and 35:
Page 36 and 37:
2 TCP/IP Suite and Internet Stack P
Page 38 and 39:
TCP/IP SUITE AND INTERNET STACK PRO
Page 40 and 41:
Page 42 and 43:
Page 44 and 45:
Page 46 and 47:
Class A Class B Class C Class D Cla
Page 48 and 49:
Page 50 and 51:
H Host H TCP/IP SUITE AND INTERNET
Page 52 and 53:
Page 54 and 55:
Page 56 and 57:
Page 58 and 59:
Page 60 and 61:
Page 62 and 63:
Page 64 and 65:
Bits IP header TCP/IP SUITE AND INT
Page 66 and 67:
Page 68 and 69:
Page 70 and 71:
Page 72 and 73:
Page 74 and 75:
Page 76 and 77:
Page 78 and 79:
3 Symmetric Block Ciphers This chap
Page 80 and 81:
S-boxes L i−1 S 1 L i SYMMETRIC B
Page 82 and 83:
K 1 48 bits K 2 48 bits K 16 48 bit
Page 84 and 85:
Table 3.4 Initial permutation (IP)
Page 86 and 87:
SYMMETRIC BLOCK CIPHERS 65 Table 3.
Page 88 and 89:
SYMMETRIC BLOCK CIPHERS 67 This 48-
Page 90 and 91:
SYMMETRIC BLOCK CIPHERS 69 The 48-b
Page 92 and 93:
SYMMETRIC BLOCK CIPHERS 71 Thus, th
Page 94 and 95:
SYMMETRIC BLOCK CIPHERS 73 Round K1
Page 96 and 97:
SYMMETRIC BLOCK CIPHERS 75 Example
Page 98 and 99:
64-bit plaintext X 1 X 2 X 3 X 4 Ro
Page 100 and 101:
Page 102 and 103:
SYMMETRIC BLOCK CIPHERS 81 The outp
Page 104 and 105:
SYMMETRIC BLOCK CIPHERS 83 the corr
Page 106 and 107:
Page 108 and 109:
SYMMETRIC BLOCK CIPHERS 87 of S and
Page 110 and 111:
Step 3 i = j = 0; A = B = 0; SYMMET
Page 112 and 113:
3.3.3 Encryption SYMMETRIC BLOCK CI
Page 114 and 115:
A SYMMETRIC BLOCK CIPHERS 93 A B
Page 116 and 117:
3.4 RC6 Algorithm SYMMETRIC BLOCK C
Page 118 and 119:
Mixing in the secret key S A = B =
Page 120 and 121:
Magic constants: Pw = b7e15163 Qw =
Page 122 and 123:
A = ((A − S[2i]) >>> u) ⊕ t } D
Page 124 and 125:
Converting the secret key from byte
Page 126 and 127: The final decrypted plaintext is: b
Page 128 and 129: Thus, the final decrypted plaintext
Page 130 and 131: Multiplication SYMMETRIC BLOCK CIPH
Page 132 and 133: where c0 = a0b0 c1 = a1b0 ⊕ a0b1
Page 134 and 135: Rcon[2] = [x 1 , {00}, {00}, {00}]
Page 136 and 137: Table 3.16 AES key expansion i Temp
Page 138 and 139: SYMMETRIC BLOCK CIPHERS 117 ShiftRo
Page 140 and 141: Start of round After SubByte SYMMET
Page 142 and 143: SYMMETRIC BLOCK CIPHERS 121 Figure
Page 144 and 145: 4 Hash Function, Message Digest and
Page 146 and 147: M = 64 bits C 0 = 28 bits D 0 = 28
Page 148 and 149: HASH FUNCTION, MESSAGE DIGEST AND H
Page 150 and 151: ⊕ : Bit-by-bit XORing of 16-bit s
Page 152 and 153: P(Ω 1 )
Page 156 and 157: K r : Concatenation IP : Initial pe
Page 162 and 163: a b c d HASH FUNCTION, MESSAGE DIGE
Page 174 and 175: H2 = 98badcfe H3 = 10325476 H4 = c3
Page 178 and 179: opad 160 bits (SHA-1) 128 bits (MD5
Page 182 and 183: 5 Asymmetric Public-key Cryptosyste
Page 184 and 185: User A Generate secret random integ
Page 186 and 187: ASYMMETRIC PUBLIC-KEY CRYPTOSYSTEMS
Page 188 and 189: Message m −1 E p q ASYMMETRIC PUB
Page 192 and 193: Message m −1 User A A′ private
Page 196 and 197: To decipher the message m, first co
Page 202 and 203: a q ≡ 1(modp) a ASYMMETRIC PUBLIC
Page 208 and 209: Receiver: (verifying) Compute: w
Page 210 and 211: � y2 − y1 x3 = ASYMMETRIC PUBLI
Page 212 and 213: The square of the integers in Z ∗
Page 216 and 217: and y3 = x2 1 + � x1 + y1 = α 12
Page 222 and 223: 6 Public-key Infrastructure This ch
Page 224 and 225: PUBLIC-KEY INFRASTRUCTURE 203 LDAP
Page 226 and 227:
Session key DES Plaintext m One-way
Page 228 and 229:
PUBLIC-KEY INFRASTRUCTURE 207 Let u
Page 230 and 231:
PUBLIC-KEY INFRASTRUCTURE 209 sent
Page 232 and 233:
Publication of PAA’s public key G
Page 234 and 235:
PUBLIC-KEY INFRASTRUCTURE 213 • P
Page 236 and 237:
Carry out identification and authen
Page 238 and 239:
PUBLIC-KEY INFRASTRUCTURE 217 With
Page 240 and 241:
PUBLIC-KEY INFRASTRUCTURE 219 The s
Page 242 and 243:
6.4.4 X.500 Distinguished Naming PU
Page 244 and 245:
PUBLIC-KEY INFRASTRUCTURE 223 certi
Page 246 and 247:
PUBLIC-KEY INFRASTRUCTURE 225 • I
Page 248 and 249:
Certificate fields v1 = v2 = v3 (fo
Page 250 and 251:
PUBLIC-KEY INFRASTRUCTURE 229 CRL s
Page 252 and 253:
Subject directory attributes extens
Page 254 and 255:
PUBLIC-KEY INFRASTRUCTURE 233 the s
Page 256 and 257:
PUBLIC-KEY INFRASTRUCTURE 235 • S
Page 258 and 259:
PUBLIC-KEY INFRASTRUCTURE 237 not h
Page 260 and 261:
6.7.1 Basic Path Validation PUBLIC-
Page 262:
PUBLIC-KEY INFRASTRUCTURE 241 It is
Page 265 and 266:
244 INTERNET SECURITY The set of se
Page 267 and 268:
246 INTERNET SECURITY • Key manag
Page 269 and 270:
248 INTERNET SECURITY 7.1.3 Hashed
Page 271 and 272:
250 INTERNET SECURITY A B C D IV 67
Page 273 and 274:
252 INTERNET SECURITY Next header (
Page 275 and 276:
254 INTERNET SECURITY IPv4 IPv4 IPv
Page 277 and 278:
256 INTERNET SECURITY within a 32-b
Page 279 and 280:
258 INTERNET SECURITY addresses, wh
Page 281 and 282:
260 INTERNET SECURITY If authentica
Page 283 and 284:
262 INTERNET SECURITY 1 bit Next pa
Page 285 and 286:
264 INTERNET SECURITY The Situation
Page 287 and 288:
266 INTERNET SECURITY The Identific
Page 289 and 290:
268 INTERNET SECURITY The Hash Data
Page 291 and 292:
270 INTERNET SECURITY The Domain of
Page 293 and 294:
272 INTERNET SECURITY to the exchan
Page 295 and 296:
274 INTERNET SECURITY When a Key Ex
Page 297 and 298:
276 INTERNET SECURITY When a Notifi
Page 299 and 300:
278 INTERNET SECURITY SSL Handshake
Page 301 and 302:
280 INTERNET SECURITY SSL record he
Page 303 and 304:
282 INTERNET SECURITY SSLCompressed
Page 305 and 306:
284 INTERNET SECURITY • bad-certi
Page 307 and 308:
286 INTERNET SECURITY - Random: Thi
Page 309 and 310:
288 INTERNET SECURITY Note that Dis
Page 311 and 312:
290 INTERNET SECURITY The finished
Page 313 and 314:
292 INTERNET SECURITY key_block = M
Page 315 and 316:
294 INTERNET SECURITY opad 160 bits
Page 317 and 318:
296 INTERNET SECURITY - A B C D IV
Page 319 and 320:
298 INTERNET SECURITY The PRF is th
Page 321 and 322:
300 INTERNET SECURITY HMAC SHA1(S2,
Page 323 and 324:
302 INTERNET SECURITY 8.3.4 Certifi
Page 326 and 327:
9 Electronic Mail Security: PGP, S/
Page 328 and 329:
ELECTRONIC MAIL SECURITY: PGP, S/MI
Page 330 and 331:
Page 332 and 333:
Page 334 and 335:
Page 336 and 337:
Page 338 and 339:
Page 340 and 341:
Message packet M T FN H(M) ELECTRON
Page 342 and 343:
Page 344 and 345:
Page 346 and 347:
Page 348 and 349:
Definition of multipart/encrypted:
Page 350 and 351:
From: myrhee@tsp.snu.ac.kr To: kiis
Page 352 and 353:
Page 354 and 355:
SignatureAlgorithmIdentifier ELECTR
Page 356 and 357:
Page 358:
Page 361 and 362:
340 INTERNET SECURITY conform to a
Page 363 and 364:
342 INTERNET SECURITY existing on a
Page 365 and 366:
344 INTERNET SECURITY 10.2.7 VPN So
Page 367 and 368:
346 INTERNET SECURITY Table 10.1 Te
Page 369 and 370:
348 INTERNET SECURITY Table 10.3 SM
Page 371 and 372:
350 INTERNET SECURITY Outside host
Page 373 and 374:
352 INTERNET SECURITY Internet Pack
Page 376 and 377:
11 SET for E-commerce Transactions
Page 378 and 379:
11.2 SET System Participants SET FO
Page 380 and 381:
SET FOR E-COMMERCE TRANSACTIONS 359
Page 382 and 383:
Page 384 and 385:
Page 386 and 387:
Example 11.2 Message Integrity Chec
Page 388 and 389:
User A 0x135af247c613e815 Message d
Page 390 and 391:
Page 392 and 393:
E KSC (CAC) + E KSC (MD) D CAC MD V
Page 394 and 395:
Page 396 and 397:
Page 398:
H MD D CRs K pg M’s cert E K#5 (C
Page 401 and 402:
380 INTERNET SECURITY DS Dual Signa
Page 403 and 404:
382 INTERNET SECURITY SA Security A
Page 405 and 406:
384 INTERNET SECURITY 17. Borman, D
Page 407 and 408:
386 INTERNET SECURITY 60. Harkins,
Page 409 and 410:
388 INTERNET SECURITY 106. Metzger,
Page 411 and 412:
390 INTERNET SECURITY 163. Wijnen,
Page 413 and 414:
392 INDEX Authentication Header 243
Page 415 and 416:
394 INDEX delete payload 269, 275,
Page 417 and 418:
396 INDEX HTML tag 49 ending tag 49
Page 419 and 420:
398 INDEX Java 48, 49 Joint Photogr
Page 421 and 422:
400 INDEX packet filter 339, 341, 3
Page 423 and 424:
402 INDEX secure payment processing
Page 425 and 426:
404 INDEX transform # field 264, 27
show all

Internet Security - Dang Thanh Binh's Page

Create successful ePaper yourself

Delete template?

Save as template?