crypto-11课件.pptVIP

现代密码学理论与实践-11 Cryptography and Network SecurityChapter 11 Message Authentication and Hash Functions Fourth Edition by William Stallings 本章要点 消息认证是用来验证消息完整性的一种机制或服务。消息认证确保收到的数据确实就与发送时的一样(即没有修改、插入、删除或重放)，且发送方声称的身份是真实有效的。 对称密码在那些相互共享密钥的用户间提供认证。用消息发送方的私钥加密消息也可提供一种形式的认证。 用于消息认证的最常见的密码技术是消息认证码（MAC）和安全散列(hash)函数。 MAC是一种需要使用秘密密钥的算法，以可变长的消息和秘密密钥作为输入，产生一个认证码。拥有秘密密钥的接收方产生一个认证码来验证消息的完整性。 散列函数将可变长度的消息映射为固定长度的散列值，或叫消息摘要。对于消息认证码，安全散列函数必须以某种方式和秘密密钥捆绑起来。 报文鉴别 Message Authentication Message authentication is concerned with: protecting the integrity of a message validating identity of originator non-repudiation of origin (dispute resolution) Will consider the security requirements Then three alternative functions used: message encryption message authentication code (MAC) hash function 11.1 Authentication Requirements Disclosure 泄露 Traffic analysis 通信量分析 Masquerade 伪装 Content modification 内容篡改 Sequence modification 序号篡改 Timing modification 计时篡改 Source repudiation 信源抵赖 Destination repudiation 信宿抵赖 11.2 Authentication Functions 11.2.1 Message Encryption message encryption by itself also provides a measure of authentication if symmetric encryption is used then: receiver know sender must have created it since only sender and receiver have key used know content cannot be altered ， message has suitable structure, redundancy or a checksum to detect any changes If public-key encryption is used Encryption provides no confidence of sender since anyone potentially knows public-key However if sender signs message using their private-key, then encrypts with recipients public key have both secrecy and authentication Again need to recognize corrupted messages But at cost of two public-key uses on message Solve ciphertext decrypts to intelligible plaintext problem Force plaintext to have some structure —error-detecting code as FCS FCS and encryption order is critical 11.2.2 消息认证码MAC Message Authentication Codes 使用密钥产生短小的定长数据分组，即所谓的密码检验MAC，将它附加在报文中。通信双方A和B共享密钥K，报文从A发往B，A计算MAC=CK(M), 附在报文后发给B。B对