Question 1: SHA algorithm

The Secure Hash Algorithm is one of a number of cryptographic hash functions published by the National Institute of Standards and Technology (NIST) as a U.S.

The SHA1 encryption algorithm specifies a Secure Hash Algorithm (SHA1), which can be used to generate a condensed representation of a message called a message digest. The SHA1 is required for use with the Digital Signature Algorithm (DSA) as specified in the Digital Signature Standard (DSS) and whenever a secure hash algorithm is required. Both the transmitter and intended receiver of a message in computing and verifying a digital signature use the SHA1.

Internal Max Algorithm Output Block Word state message Collisions and size size size Rounds Operations size size found? variant (bits) (bits) (bits) (bits) (bits)

SHA-1

160

160

512

2 1

64

32

80

add, and, Theoretical or, xor, attack 51 [5] rotate, mod (2 )

SHA characteristics: 1. The SHA1 is used to compute a message digest for a message or data file that is provided as input. 2. The message or data file should be considered to be a bit string. 3. The length of the message is the number of bits in the message (the empty message has length 0). 4. If the number of bits in a message is a multiple of 8, for compactness we can represent the message in hex. 5. The purpose of message padding is to make the total length of a padded message a multiple of 512. 6. The SHA1 sequentially processes blocks of 512 bits when computing the message digest. 7. As a summary, a "1" followed by m "0"s followed by a 64-bit integer are appended to the end of the message to produce a padded message of length 512 * n. 8. The 64-bit integer is l, the length of the original message. 9. The padded message is then processed by the SHA1 as n 512-bit blocks

One iteration within the SHA-1 compression function: A, B, C, D and E are 32-bit words of the state; F is a nonlinear function that varies; n denotes a left bit rotation by n places; n varies for each operation; Wt is the expanded message word of round t; Kt is the round constant of round t; denotes addition modulo 232.

Example
SHA1 ("The quick brown fox jumps over the lazy dog") = 2fd4e1c6 7a2d28fc ed849ee1 bb76e739 1b93eb12

Question 2: MAC (Message authentication code)

In cryptography, a message authentication code (often MAC) is a short piece of information used to authenticate a message. A MAC algorithm, sometimes called a keyed (cryptographic) hash function, accepts as input a secret key and an arbitrary-length message to be authenticated, and outputs a MAC (sometimes known as a tag). The MAC value protects both a message's data integrity as well as its authenticity, by allowing verifiers (who also possess the secret key) to detect any changes to the message content. a MAC function must resist existential forgery under chosen-plaintext attacks. This means that even if an attacker has access to an oracle which possesses the secret key and generates MACs for messages of the attacker's choosing, the attacker cannot guess the MAC for other messages without performing infeasible amounts of computation. MACs differ from digital signatures as MAC values are both generated and verified using the same secret key. This implies that the sender and receiver of a message must agree on the same key before initiating communications, as is the case with symmetric encryption. For the same reason, MACs do not provide the property of non-repudiation offered by signatures specifically in the case of a network-wide shared secret key: any user who can verify a MAC is also capable of generating MACs for other messages.

Message integrity codes

The term message integrity code (MIC) is frequently substituted for the term MAC, especially in communications, where the acronym MAC traditionally stands for Media Access Control. However, some authors use MIC as a distinctly different term from a MAC; in their usage of the term the MIC operation does not use secret keys. This lack of security means that any MIC intended for use gauging message integrity should be encrypted or otherwise be protected against tampering.

In this example, the sender of a message runs it through a MAC algorithm to produce a MAC data tag. The message and the MAC tag are then sent to the receiver. The receiver in turn runs the message portion of the transmission through the same MAC algorithm using the same key, producing a second MAC data tag. The receiver then compares the first MAC tag received in the transmission to the second generated MAC tag. If they are identical, the receiver can safely assume that the integrity of the message was not compromised, and the message was not altered or tampered with during transmission.

Question 3: Cryptographic hash function

A cryptographic hash function is a hash function that can be defined as a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the (cryptographic) hash value, such that an accidental or intentional change to the data will change the hash value. The data to be encoded is often called the "message," and the hash value is sometimes called the message digest or simply digests. The ideal cryptographic hash function has four main or significant properties: it is easy to compute the hash value for any given message it is infeasible to generate a message that has a given hash it is infeasible to modify a message without changing the hash it is infeasible to find two different messages with the same hash

Cryptographic hash functions have many security applications, notably in digital signatures, message authentication codes (MACs), and other forms of authentication. They can also be used as ordinary hash functions, to index data in hash tables, for fingerprinting, to detect duplicate data or uniquely identify files, and as checksums to detect accidental data corruption. Indeed, in information security contexts, cryptographic hash values are sometimes called (digital) fingerprints, checksums, or just hash values, even though all these terms stand for functions with rather different properties and purposes.

Properties
Most cryptographic hash functions are designed to take a string of any length as input and produce a fixed-length hash value. A cryptographic hash function must be able to withstand all known types of cryptanalytic attack. As a minimum, it must have the following properties: Most cryptographic hash functions are designed to take a string of any length as input and produce a fixed-length hash value. A cryptographic hash function must be able to withstand all known types of cryptanalytic attack. As a minimum, it must have the following properties:

Preimage resistance it should be difficult to find any message such that .

Given a hash

Second-preimage resistance it should be difficult to find another input . where such that

Given an input

 It

Collision resistance be difficult to find two different messages and such that

should

. Such a pair is called a cryptographic hash collision. Requirements for Hash Functions: 1. can be applied to any size message M 2. produces a fixed-length output h 3. is easy to compute h=H(M) for any message M 4. given h is infeasible to find x s.t. H(x)=h one-way property weak collision resistance strong collision resistance 5. given x is infeasible to find y s.t. H(y)=H(x) 6. is infeasible to find any x,y s.t. H(y)=H(x)

Simple Hash Functions: are several proposals for simple functions based on XOR of message blocks -divide the message into equal size blocks -perform XOR operation block by block -final output is the hash not very secure need a stronger cryptographic function (next chapter)

Question 4: What are the problems in exchanging public keys?

The key exchange problem is how to exchange whatever keys or other information are needed so that no one else can obtain a copy. Traditionally, this required trusted couriers, diplomatic bags, or some other secure channel. With the advent of public key / private key cipher algorithms, the encrypting key (aka public key) could be made public, since (at least for high quality algorithms) no one without the decrypting key (aka, the private key) could decrypt the message.

The primary threat to the security of a fingerprint is a preimage attack, where an attacker constructs a key pair whose public key hashes to a fingerprint which matches the victim's fingerprint. The attacker could then present his public key in place of the victim's public key to masquerade as the victim. A secondary threat to some systems is a collision attack, where an attacker constructs multiple key pairs which hash to his own fingerprint. This may allow an attacker to repudiate signatures he has created, or cause other confusion.

Note: In practice, most fingerprints commonly used today are based on non-truncated MD5 or SHA-1
hashes.

Question 5: Secure Electronic Transaction

Secure payment systems are critical to the success of E-commerce. There are four essential security requirements for safe electronic payments (Authentication, Encryption, Integrity and Non-repudiation). Encryption is the key security schemes adopted for electronic payment systems, which is used in protocols like SSL and SET. Secure Electronic Transaction (SET) was a standard protocol for securing credit card transactions over insecure networks, specifically, the Internet. SET was not itself a payment system, but rather a set of security protocols and formats that enable users to employ the existing credit card payment infrastructure on an open network in a secure fashion. However, it failed to gain traction. VISA now promotes the 3-D secure scheme. Purpose The purpose of the SET protocol is to establish payment transactions that provide confidentiality of information; ensure the integrity of payment instructions for goods and services order data; Authenticate both the cardholder and the merchant.

Main Entities There are four main entities in SET: Cardholder (customer) Merchant (web server) Merchants Bank (payment gateway, acquirer): payment gateway is a device operated by an acquirer. Sometime, separate these two entities. Issuer (cardholders bank)

The SET protocol relies on two different encryption mechanisms, as well as an authentication mechanism. SET uses symmetric encryption, in the form of the aging Data Encryption Standard (DES), as well as asymmetric, or public-key, encryption to transmit session keys for DES transactions. Rather than offer the security and protection afforded by public-key cryptography, SET simply uses session keys (56 bits) which are transmitted asymmetrically the remainder of the transaction uses symmetric encryption in the form of DES. This has disturbing connotations for a "secure" electronic transaction protocol because public key cryptography is only used only to encrypt DES keys and for authentication, and not for the main body of the transaction. The computational cost of asymmetric encryption is cited as reason for using weak 56 bit DES, however other reasons such as export/import restrictions, and the perceived need by law enforcement and government agencies to access the plain-text of encrypted SET messages may also play a role.

Symmetric and asymmetric cryptography:

Symmetric encryption works by using a single key, which must be known by all parties wishing to unlock the message. If we apply a specific key to a message, using a good encryption algorithm, then it will be unreadable by unauthorized parties. If we then apply the same key to the encrypted message, then the message will be restored to its original form. However, this presents a problem, because we must find a secure means of transmitting the key to all parties. Asymmetric encryption, also known as public-key encryption, frees us from this limitation. Asymmetric algorithms use two keys a public and a private key. These keys are completely independent a private key cannot be easily deduced from a public one. When we sign a message using someones public key, only the holder of the private key can read it. We can place our public key out in the open, and rest assured that only the private key holder can read messages encrypted for him or her. Symmetric and Asymmetric encryption in SET In the SET protocol, two different encryption algorithms are used DES and RSA.In the SET protocol, a DES 56-bit key is used to encrypt transactions. This level of encryption, using DES, can be easily cracked using modern hardware.

Transaction Authenticity Authentication is an important issue for users of electronic commerce. Consumers must have faith in the authenticity of the merchant, and merchants must have faith in the authenticity of the consumer. Without authentication, any individual could pose as a merchant, and besmirch a merchants good name by failing to deliver goods and billing up credit card bills. Without authentication, any individual could pose as a consumer, ordering costly goods to an abandoned house or apartment, and defrauding the merchant. Without authentication, an individual could pose as a willing buyer, accept the goods, and then repudiate the transaction. Authentication is critical to achieving trust in electronic commerce. Authentication is achieved through the use of digital signatures. Using a hashing algorithm, SET can sign a transaction using the senders private key. This produces a small message digest, which is a series of values that "sign" a message. By comparing the transaction message and the message digest, along with the senders public key, the authenticity of the transaction can be verified. Digital signatures are aimed at achieving the same level of trust as a written signature has in real life. This helps achieve non-repudiation, as the consumer cannot later establish that the message wasn't sent using his private key.

Importance of secure transactions Secure electronic transactions will be an important part of electronic commerce in the future. Without such security, the interests of the merchant, the consumer, and the credit or economic institution cannot be served. Privacy of transactions, and authentication of all parties, is important for achieving the level of trust that will allow such transactions to flourish. However, it is important that the encryption algorithms and key-sizes used will be robust enough to prevent observation by hostile entities (either criminal or foreign powers). The ideal of the secure electronic transactions protocol (SET) is important for the success of electronic commerce. However, it remains to be seen whether the protocol will be widely used because of the weakness of the encryption that it uses.