The Secure Hash Standard specifies five SHAs: SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512. Leighton Johnson, in Security Controls Evaluation, Testing, and Assessment Handbook, 2016 Secure Hash Standard Then when the receiver receives K i, it first authenticates K i, and then authenticates stored packets authenticated with a key K j, where j ≤ i. If this check is successful, the receiver buffers the packet and waits for the sender to publish K i. Otherwise, the sender may have already published K i and an attacker may have forged the packet contents the receiver thus discards the packet. For example, if the local packet arrival time is t r, and the receiver knows that the earliest time at which the sender will disclose the key K i is t 0 + i × t (where t 0 is the time the sender published K 0), the receiver needs to verify that t r ≤ ( t 0 + i × t − Δ), which implies that K i has not yet been published. When a receiver receives a packet authenticated with TESLA, it first verifies the TESLA security condition that the key K i used to authenticate the packet cannot yet have been published. Let Δ be the maximum time synchronization error between any two nodes and this value must be known by all nodes. TESLA relies on a receiver's ability to determine which keys a sender may have already published, based on loose time synchronization between nodes. For example, a simple key disclosure schedule would be to publish key K i at a time T 0 + i × t, where T 0 is the time at which K 0 is published, and t is the key publication interval. A node authenticates any received value on the one-way chain by applying this equation to the received value to determine if the computed value matches a previous known authentic key on the chain.Įach sender predetermines a schedule at which it publishes each key of its one-way key chain, in the reverse order from generation that is, a sender publishes its keys in the order K 0, K 1, …, K N. To compute any previous key K j from a key K i, j < i, a node uses the equation K j = H i − j. To use TESLA for authentication, each sender chooses a random initial key K N and generates a one-way key chain by repeatedly computing a one-way hash function H on this starting value: K N − 1 = H, K N − 2 = H, …. Raja Datta, Ningrinla Marchang, in Handbook on Securing Cyber-Physical Critical Infrastructure, 2012 The two types of hash functions are unkeyed (MD5, SHA-1) and keyed (MAC). The signature will show if the hash value has been tampered with and the hash will show if the message has been modified. With digital signatures, a message is hashed and then the hash itself is signed. With a good hash function, even a 1-bit change in a message will produce a different hash (on average, half of the bits change). Hash functions are used for data integrity and often in combination with digital signatures. The main characteristics of a cryptographic hash function are that given a message, it is easy to compute the hash given the hash, it is difficult to compute the message and that given a message, it is difficult to find a different message that would produce the same hash (this is known as a collision) Basic PrinciplesĪ hash function, otherwise known as a one-way hash function, takes an arbitrary message of arbitrary length and creates an output (a hash) of a fixed length. Jeff Gilchrist, in Encyclopedia of Information Systems, 2003 III.A.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |