### IoT Security

Course
Time
5 hours 49 minutes
Difficulty
Intermediate
CEU/CPE
6

### Video Transcription

00:00
Hello, everybody. And welcome to the I T Security episode number to any three petro graphic cash is my name is 100 Gina. And now begin instructor for today's session.
00:13
Uh, learning operatives is to understand and be able to identify the man concepts off cryptographic *** cash functions.
00:22
Well, we have here, and Bob and Alice,
00:31
and they're trying to exchange message. You know, again, Well, strident. Say hello
00:39
to always.
00:42
But this time he doesn't care if the message is confidential or not. We're not dealing with confidentiality in this scenario. What, Bubs, what boat is most most concerned with is that hey wants to make sure that the message he send was the message. All this received
01:00
it, Meaning that if he says hello to to to Ali's,
01:06
it doesn't get modified in the way and if somehow say, uh,
01:11
I don't know
01:12
goodbye
01:15
or something like that.
01:18
Uh, so, uh,
01:19
for that hashes comes into play. Hushes, you know, are just algorithms used to calculate a value
01:30
in order to send value along with the original message to the receiver. So the receiver king go through the same process and calculate calculate the exact same value, bypassing the message he or she received through the same algorithm,
01:49
son, hashes algorithm will do a lot. But you know, the most used When are the shot shot shot? Finally, which will be
02:00
so on
02:01
two,
02:04
you know, she atresia five and also the MD five family
02:09
MD five
02:12
and, you know, and before empty six which all of them are already. You know something? Most of the empty five family or the empty family is replicated already. We're going to shut too, And above
02:25
No, shut you the most. Use one right now, Taiwan is still being used. But, you know, we're making my rating to shut Shut you and above.
02:37
So let's just shot 2 56 for this example. So, uh, Bob here came and passed the hello message to raise that. These right here,
02:50
uh, both came here and pass the hello message to, um
02:54
ah, a shot to algorithm.
02:59
Shots to 56
03:00
and result waas. You know, hash function, which included, you know, um
03:07
a B C 12 tree that that
03:14
from this house function is sent to always
03:16
along with the really original message.
03:21
So, as you can see, we're not dealing. If the bad guy again comes into play right here again, his mind
03:29
no and intercepts this message right here, he will be able to see the below a message. It doesn't matter if it intercepts the hash right here, but if it intercepts the original message, you know he will be able to see the message itself.
03:46
So we're not dealing with confidentiality when we talk about hashes.
03:51
Also, as you can see, well, let's not get ahead of ourselves and finally know finalized explanation. So Ali's right here receives both messages. You know, the hello message
04:05
right here. And he also received the hash. You know, a
04:10
BC once you treat that
04:13
and
04:14
what she does next is to pass this message through the same algorithm, remember shar
04:25
2 56
04:27
And it has to calculate the exact same message, which at the same time, the exact same hash. I'm sorry, which is ABC Want to treat that that if it doesn't calculate and for some reason, Ali's. After passing hello through the same algorithm which in this case is shot to 56
04:46
calculates a B C 12 tree dot Hi, uh slash
04:55
Uh, this is not the same message. Us, Um
05:00
that's it was intended by above.
05:02
Maybe she received instead of hello, Shoots it goodbye. And that's why she's calculating a different Molly, which is right here. So this means that the message somewhere along the communication are, you know, the Internet or the path of communication. The message changed,
05:20
meaning that the integrity of the message is compromised. S o the receiver can no longer trust in the message itself. Maybe was corrupt because park it was lost in during the transit. Or maybe because some someone is this guy right here modified the message intently
05:40
or, you know, because he wanted to
05:42
actually confused the receiver. But, you know, things were using hash is where
05:47
weren't guaranteed it, the integrity of the messages. So if anything changes were about now the problem with with hash is the main problem is is collision,
05:58
uh, meaning that maybe the hello world
06:01
and also that goodbye
06:04
or
06:06
generate the same the same hush volume. So what will happen if
06:15
for some reason, but wants to say hello are Chu Tu Tu Alice and Sense You know the world right here. Since the world and said it passes through the algorithm. Just trap shaft to 56. And it generates this this hash message So it sends this both of this information,
06:33
but somewhere along the way, this guy right here
06:36
changes the message into goodbye instead of hello. But it happens that the algorithm, which is in this case a shock to 56 generates the exact same hash from a different message. In this case, it generates ABC want to treat that that from me, but and also from hello.
06:56
This is called a collision in terms of hashes.
07:00
So when we have a collision, there is a problem because
07:03
at the end were generated through the same hash from two different, uh, sources are two different clear text. So, as you can imagine, ah, good practices to use
07:18
in data basis when we were safe, for example, in access control. When I'm trying to authenticate as in user to a database, I put my clear text spas work,
07:30
uh, maybe in the in the weapons. But, you know, the white *** Southwark hash is the buzzword and incense, the possible over the wire. So what it travels the Internet is actually hush, not the power itself
07:46
salted but their own. Although it is safe here in the Dallas
07:50
are the hash. Is this in case you know, either that the hash is compromised? You know the body's compromise off the transit or when the data is in Brest arrest, meaning that it's someone compromises the database, it will take only the hash is not that clear Decks, passwords.
08:07
But what will happen if my past work in a different buzz word, which is easiest or, you know, you miss your password to guests.
08:15
They both generate the same the same hush. I will be a problem because someone with a different buzz word or a different body will be able to actually authenticate with with my user. You know, that's a problem. This is This is actually, uh, well, now, Belin ability in the hash is which is the further than that,
08:35
uh, this is basically that a group of 23 individuals are joining to 23 users.
08:41
Is required rich the probability off 50% that you know, two people Within this tuning, three users will share share the same birthday. So we put together 23 people. There's a 50% chance. Is that two of them? Sure. Same birthday
08:58
on the probability richest 100%
09:01
when the number of people eyes a 367.
09:05
So this is a from a problem that you know, bird. The attack
09:11
meaning that to have to hash is can be generated. I mean, I'm sorry. One cash could be generated from two different till you're next.
09:20
How many keys are used in a hash function? Well, none. As we said before, this is an algorithm, nor a key. We're not looking for encryption. We're looking for integrity. And we can do that only by using on our
09:33
If you calculate a different hash Baalu value. What does it is, man? It means that the charity was compromised and the message was changed.
09:43
What is the birthday attack? Well, it means this'll is, Ah, statistical attack. You know where it attacks the probability off to different to your text messages generate. The same hash function has value, which is a collision.
10:01
In today's brief lecture, we talk about the main concept off cryptographic hash functions
10:09
again, the fix publication, nothing you hear.
10:13
And in the next video, we'll cover digital signatures. Well, that's it for today, folks. Thank you for watching and talk to you soon.

### IoT Security

The IoT Security training course is designed to help IT professionals strengthen their knowledge about the Internet of Things (IoT) and the security platforms related to it. You’ll also be able to identify the security, privacy and safety concerns related to the implementation of an IoT infrastructure.

### Instructed By

Alejandro Guinea
CERT Regional Director
Instructor