1
'
()& %
. ) 1
./ 0
',
(MAC)
(Hash)
2
!"# $
,- + *
: 3
/
0( : 91
+- "( 8
7)3
; HMAC
3
= ><
: @* ?
:
C 1)
B'
+'#
+*. A
DE ," @
DF @
GH @
C
4
;
C
I C *' # J) K
Adversary
EVE
Bob
1 ..
.
01
10
1
+7) ,
Shared
Network
Alice
5
&?O
! P )Q
.
6
B* D+B)
1* LMN D
', B* +/
)
(
R
>
*
*
>
) 9
'I
C
+- "( 8
7)3
C '
7
'B) S
:(
!"# $ V W
8)
7)3
(Integrity)
:+
I 8
;'U
(Non-Repudiation) B)
8
7)3
T
I
9
10
11
12
/
0( : 91
8
7)3
HMAC
13
+
C
. ) H7 X '
+9
+.
J>< S C
:
8 S $# ?
D
;
@ '
:
.
14
$B
) J>< $
. * % LM
/
8 $'>) @
J>< D
%
8
?
8
$'
7)3
. *B 3
B' C
C *' #
+ 1Y 3
7*
3 $' Y
.
(
)
) EW
Q
*B S< + 1Y 3
. DC ) Y
=)
15
7)3 &MB1
: >)@ QC
. **B
U'>K
Z')
', @
+
+)
'(
+7) 3# +I ) +8 /
( ...D+> 87) D+ #) @
I P+
.... @ S< * Q #
(
;
.O +- ( +)
'(
+*. D *
Z) +# " (
$B ) L O
', +
0( : 91
F
S
'
.
+
) Y
D
) #W
C
Y
D * *)
C ' :! C
')
CRC ;
16
7*
S :; N
.
'
S
0( : 91
0( : 91
DFCS (Frame Check Seq) D” J/ P +
.
F]
C
O , “ J/ P +
+ CRC
/ O) “ Q
S F
/ O) “ @ ) # W
F
]
DF
;N S
*B S< + 1Y 3
=)
0
. DC ) Y
J><
17
1- 0( : 91
3 )
!-
0( : 91
@
CRC *) 0( : 91
. ) C + ?+ 9
I `
) *
I
C '
0( : 91
$ )
+
.
) *
'
:3 )
%
:$
& %
`&
7/ + # &M
'# H & - D ) B
802.11 !B
18
:; N
802.11 !B
& 9
CRC : 91
RC4 +
/ O)
7)3
P EW $'
CC
Checksum
F(M)
+
M
RC4(iv,k)
RC4(iv,k)
3 $'
=
*
'
7/
=
C C 3 $'
P EW $'
M
+
19
Y U ')
+8
. *
20
/
) ' ) 0( : 91
Y 8K
'>
B'
:! C
Checksum
c(M)
:
d ; ? J>< S
/
'>
( 7)3
GM( ) > ) H 1Y L 3/
$# ?$ + 9 8 S X ' * )
”Cryptographic Checksum“ 7 ) . * * MAC "'(
)Q
. *B
>
+/
**B # W
J>< $
J><
C ) O ,
J><
(C ) Y
. 1 !- @ * ? C *' #
21
A1
Nonce
MAC
J><
Nonce
22
Slide 22
A1
Nonce
Administrator, 4/11/2005
+7) ,
C
MAC
Nonce
Kenc
3 $'
J><
Kmac
Nonce
23
FAQ-MAC!
= *B C '
...
... *
) 3 + 1Y
1
)
...
+
*'>
24
'.
7)3
'
7)3
K
MAC
<
) +7) ,
)
+T.
) 9 e O C K $ ) P D ' .P +T.
@ ) (
D
)C '
7) 3
Y
'( MAC +
+ O'I @ S< * #
)
7)3
7/
I % C B< /
'
7/
FAQ-MAC!
=
B) ! P ` T
MAC Q
*)
(
MAC 8 +/
1 +
C
Od +
I 8 S T
+ 9 +- "(
P G ? Df T GM(
. * O MAC U
25
MAC
. 7) +
d; ?S
*
MAC
C
>)S
. *
@ >B J><
'
@ >B MAC
#
S
$B & '
3 '
8
. *
'
: "
@ >B MAC
26
MAC
Yg
: J * MAC S
h ,/
@ >B J><
+# "
+
'
B* ; '
MAC
n
Yg
$'# D@Q J><
S $'>)
.
$B ) + O ,
( *B
MAC +K (
.
* D *
' @ >B MAC
!
U'>K 8
R *3
k
min(2 , 2 )
*) .
d MAC
*
*)
( /
: 'B)
8
27
DAA
DAA (Data Authentication Algorithm)
ANSI X9.17 NIST
)'
CBC
DES + .0P 3 i
$ (Q * C j
DCBC
7) 3 *)
. *B C ' J>< @ *I
.0P
28
DAA
(& .0P
K
C
> ) EW $'
P1
P2
P3
+
+
+
DES
K
DES
K
PN
+
…
DES
K
…
DES
MAC
29
DAA +
>)
! P& 8 I
: 7
PMAC
UMAC
C
J><
AES
30
8 ; ?
C '
/
0( : 91
+- "( 8
7)3
HMAC
31
D # ?S
T#
'Y 3
T#
7))
! >)
7)3
32
%'
; ?
d +K ( ; ?
( 'B<
8 D+8 /
MAC GM(
+8 C : +
)
) Y
*
C
'
' 7) @ >B '
S
(Message Digest)
+)R ?
+
7)
'
$'#
.
C B< C "I ' $
. 7
33
*
. *
h ,/
h = H(x)
(One-Way)
+
) Y
x $'#
DC
.
C hS
$B ) + O ,
(Weak Collision)l .W # $%
h ,/
H(y) = H(x)
+
) Y
y $'#
DC
.
(Strong Collision)
$B ) + O , h ,/
34
H(y) = H(x)
C xS
$B ) + O ,
P # $%
+
) Y
y x $'#
l .W
P
" >
?H
:
"
l .W
" e
@
W
R
,
. @ '
P " ). **
C C xS
+/
(l .W " ) H(x)
S
*
$B
(
y S @ ') C
0
.
)
# y x
) Y
H(y) = B
'(
P
" e
@
W
O
**
P
"
+.
35
A4
8
+Y m :
+K ( ; ? n
8
D
O
S
O
/
O
D+
36
? l.W ! /
2n
$B
.
2n
2.5*n
*
. *
(
K@
Q) !
U'>K +Y m
.
(l .W) # $%
(
K@
Q) !
(
(
H @B 3)
K@
U'>K +Y m
P) # $%
Q) !
$B
*
d &M
N
U'>K +Y m
7)
K@
Q *
P
Slide 36
A4
!"# $% &'(# ) *(+!
Administrator, 4/11/2005
A5
:@ '
7) 3
:@ '
7) 3
37
+7) ,
38
Slide 37
A5
&(- ./0
12!3 !4 ' 56 17 83 9 :& &;<= ) *(+
Administrator, 4/11/2005
:@ ' )
7) 3
fT
39
7
. ) ' HY X '
40
) 9
7)3
s $# ?
C ' @
+8 I
7
.
+7) , + !OP j
+7) ,
L# 7)3
41
>
7)3
>
:+
3
'.
;
'
'1
U
C
(Export Control) +
42
.0P
3
3# )
C
. ) 1 K + .0P
3# 9 * 3
M
' +
,
+
C
d '
D
:
S
"
+)
C 1#
'(
S B ; I
C 1#
Y
( ) Y$ 3)
*) +# .
.
MD5: Message Digest 5
SHA-1: Secure Hash Algorithm -1
. **B C ' C $
43
2-
+)
.
'(
C
.
> Yi & .0P
•
O
d ' S IV •
CV0=IV
CVi= f(CVi-1,Yi-1)
Hash = CVL
44
/
0( : 91
+- "( 8
7)3
HMAC
45
K
.K
'(
& 3K ./ 0
.
MD5
SHA-1
RIPMED
46
#
MD5 :
o ?
.
C
MD5: Message Digest 5
+B D”
@ “ ] 1992 + ?
RSA
' @Q
D ' HY C '>Y C '
: Yg
1
> +' 512 & .0P
+' 128 +K (
47
274 273
48
A6
264 :
K@
MD5
*
Q 8
P)
, (
"
. 1 ) s >, $ C
: ) C
'
7/
#
S +8W
C 1#
'
7/ $
Y
&M
8 :1992 ; Berson
" :96 ; Dobbertin
49
SHA-1 :
SHA-1: Secure Hash Algorithm – 1
1995 DNIST
)'
64
2 >
; ?
160 +K ( ; ?
T
)'
C C '
DSS ; ' U
:
280
:
K@
Q 8
+R
50
, (
P)
C
"
1 s >, $
'( * &M
*
Slide 49
A6
1- @=;A# @;B C&;D+
2 - 2<'(EF '%&
Administrator, 4/11/2005
SHA-1
: ) C
) Y
9>) AES
)' 3)
Y
SHA - 384 SHA-256 DSHA-512
algorithm
SHA-1
SHA-256
SHA-384
SHA-512
bit length
160
256
384
512
block size max message
512
2^64
512
2^64
1024
2^128
1024
2^128
security
80 bits
128 bits
192 bits
256 bits
51
RIPEMD :
I
52
1997 ;
SHA-1 *)
* h ,/ SHA-1
MD5 l") L O
+ ?
& "91
> ! P
I
DSHA-1DMD5 >
RIPEMD-1
53
/
0( : 91
+- "( 8
7)3
HMAC
54
HMAC-1
'
'
7/
+9
C
8 @
7/ S HMAC
+
L
HMAC
. O +8.#
J
C '
D % C B< /
.0P
3
C ' !
+8 I
3 !/
55
HMAC-2
.
O IP
(SSL LMN )
56
*
C
& 38 3K HMAC
1 C ' C '>Y
?
HMAC
+
?G
)Q
C
:HMAC
% @
V *'
C '
+) O '1
'# Y
I
+
8 C C '
@
$
+ ?
57
'
7/ :HMAC
C
C
# W @Q
HMACK = H[(K+
58
'# Y
:H
:M
+ 9 8 :K
- / O) S + 9 8 :K+
00110110 '
B : ipad
01011010 '
B :opad
opad) || H[(K+ ipad)
|| M ]]
H[(K+
H[(K+
59
60
opad) || H[(K+
ipad) || M ]
ipad) || M ]]
HMAC
& Od HMAC
*
*
/
* $ vP eO
.
C
HMAC
'1 DC
'# Y
8
.
.
U '1
I
) 7*
MD5
C '
61
Search Exhaustive
K@
Tag
J><
Q
Cipher Block
Packet
'>
Compression
Decryption
C 1#
Function way One
1*
Collision
Free Collision
"
U
Modification
"
E ,"
Function Hash
Differential Attack
Attack Birthday
/
J/ P +
/ O)
B)
I
U
`
Confidentiality
+7) ,
Mode Operation
Infeasible
F
I
EW $'
8
Insert
"
text Plain
Valid
+0(
7)3
Unauthorized
8
Linear
Check Frame
Sequence
62
GH
+8W
+ 1Y 3
repudiation-Non
Integrity
Delete
+ .0P 3
Conventional
Encryption
# ?S
Transaction
Collision Pseudo
Round
O'.
$B )
MAC
Code Detection Error
0( : 91
"'( & OI
CRC
Cyclic Redundancy Check
CBC
Cipher Block Chaining
DES
Data Encryption Standard
SHA-1
Secure Hash Algorithm
MD5
Message Digest 5
NIST
National Institute of Science and
Technology
63
64
/
C
/ '
S
w
)
$'# ; ' D ) 23 @
= ) 7< . O %50 y
253 = (22 × 23)
: W
2
1
# F
:; '
)
.
365
65
/
w
+W
H (+' m +K () 7 Z)
$B
. Y + Z) X I U +K (
*
'Y 3 k Y
.
+ ! B1
2m / 2
½ y Y X I U
TI $
"
66
+K ( 2
H
; I +# "
k
Y I U J $
S !P ; ' D
+
m
*O
/
w
67
/
...
8
$ +' 64 Hash MAC S
:
$
+K ( ; ? m . *B
*
*
"
/
$B
8
'() # & 2 m'2 K
.
Hash
+7'(
*. ) . *B /
( *
& . $
K
( )
. *
' @ >B Hash
# +K
) 1 >
'
$
C 9/
w{ D ) T F O'.
9
. *B $ 37 K
68
/
*'> *.
L
( O'. ) )) 8
+/ N
Dear Dean Smith,
This [ letter | message ] is to give my [ honest
| frank ] opinion of Prof Tom Wilson, who is
[ a candidate | up ] for tenure [ now | this
year ]. I have [ known | worked with ] Prof
Wilson for [ about | almost ] six years. He
is an [ outstanding | excellent ] researcher
of great [talent | ability ] known [
worldwide | internationally ] for his [
brilliant | creative ] insights into [ many | a
wide variety of ] [difficult | challenging ]
problems.
69
($
) 8
+/ N
Dear Dean Smith,
This [ letter | message ] is to give my [ honest
| frank ] opinion of Prof Tom Wilson, who is
[ a candidate | up ] for tenure [ now | this
year ]. I have [ known | worked with ] Prof
Wilson for [ about | almost ] six years. He
is an [ poor | weak ] researcher not well
known in his [ field | area ]. His research [
hardly ever | rarely ] shows [ insight in |
understanding of ] the [ key | major ]
problems of [the | our ] day.
70
+8(
'(
71
MD5 +8
)
Message Block
A
B
C
D
Round
1
Round
2
Round
3
Round
4
(Each message block is 512 bits, and output from each iteration is input to next iteration.
Hash output is 128 bits)
72
A
B
C
D
MD5
73
MD5 Logic
Step 1.Appending padding bits
Congruent to 448 modulo 512
Step 2.Appending length
Length modulo 64
L * 512-bit, N * 32 bit
M[i] : ith word
Step 3.Initialize MD buffer
Four 32-bit register (A B C D), little endian
A = 67482301
B = EFCDAB89
C = 98BADCFE
D = 10325476
74
MD5 Logic
Step 4.Process
message in 512-bit
blocks
Four rounds
Each round has a
different primitive
function, F, G, H
and I
Use one-fourth of
T[i]
T[i] = 232 *
abs(sin(i))
75
MD5
Round
1
2
3
4
76
g +/
Primitive function g
F(b,c,d)
G(b,c,d)
H(b,c,d)
I(b,c,d)
g(b,c,d)
(b
c)
(¬b
(b
d)
(c
b
c
d
c
(b
¬d)
d)
¬d)
MD5 Logic
Step 5. Output
77
MD5 Compression Function
X[i] is used once,
during one step
2(i)
= (1 + 5i)
mod 16
3(i) = (5 + 3i)
mod 16
4(i) = 7i mod 16
Each step, only 4
bytes is updated
78
SHA-1
79
SHA-1 Logic
Step 1. Appending padding bits
Step 2. Append length
Step 3. Initialize MD buffer
Five 32-bit registers, E = C3D2E1F0
Big-endian
80
SHA-1 Logic
Step 4. Process
message in 512-bit
blocks
Four rounds of 20
steps
Step 5. Output
81
SHA-1 Compression Function
Kt is a additive constant
varying across rounds
82
SHA-1 Compression Function
Wt = S1(Wt-16 + Wt-14 + Wt-8 + Wt-3)
83
RIPEMD
84
RIPEMD-160
MD4,
1997 1996
MD5
RIPE( European RACE Integrity ! "#
Primitives Evaluation)
:$% &
-23 512 ( )
* + ,-. / "0 (
73 160 :-4 "5
MD5 "3:; : *8"9
85
RIPEMD-160 Logic
Step 1. Appending padding bits
Step 2. Insert length
Step 3. Initialize the MD initial buffer
Same value as used in SHA-1
Little-endian
86
RIPEMD-160 Logic
Step4. Processing message
10 rounds of 16 steps
Five primitive functions
f1, f2, f3, f4, f5
Nine additive constant
Addition involves a rotation of the input
words
Step5 .Output
87
88
RIPEMD
Compression
function
89
RIPEMD Design decision
Two parallel lines are used
Increase complexity of finding collisions between
rounds
Two lines use same logic
Simplicity
Difference
Additive constants
Order of primitive functions
Order of processing of message block
Use five words, and rotation of the C word
90
RIPEMD Design decision
Permutations
Effect that two word that are close in one
round are relatively far apart in the next
Circular left
Range from 5 to 15
Different amounts for the five rounds
Not have special pattern (not be divisible
by 32)
Not too many shift should be divisible by
4
91
HMAC
92
93
© Copyright 2026 Paperzz