Integrity and Non-Repudiation

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
15 hours 43 minutes
Difficulty
Advanced
CEU/CPE
16
Video Transcription
00:00
>> Now if we continue on,
00:00
let's talk about integrity and non-repudiation,
00:00
>> our next stages.
00:00
>> We've already said that,
00:00
in an asymmetric environment,
00:00
if you want to get privacy,
00:00
you're going to be using the receiver's
00:00
public key to encrypt.
00:00
That way, only the receiver's private key can decrypt,
00:00
which only that receivers should have.
00:00
Then we looked at authenticity,
00:00
and we said, hey, if you want authenticity,
00:00
then the sender needs
00:00
>> to encrypt something off the message,
00:00
>> but some add on,
00:00
if you will, with the sender's private key.
00:00
That way when the receiver gets the message,
00:00
they can try to decrypt that add on,
00:00
with the receivers public key.
00:00
If that works, proves it was encrypted
00:00
with the sender's private key,
00:00
>> which only they have.
00:00
>> It's getting a little tricky here.
00:00
But now we're going to move on
00:00
to talking about integrity.
00:00
Now, integrity really is neither here nor there.
00:00
By that I mean,
00:00
it's neither symmetric nor asymmetric.
00:00
Integrity is where we're going to get a guarantee that
00:00
a message has not been changed or hasn't been modified.
00:00
But then, we're going to use asymmetric cryptography,
00:00
to add authentication to integrity
00:00
>> and give us true non-repudiation,
00:00
>> we'll see that in just a moment.
00:00
But let's start out by looking at integrity.
00:00
We get integrity through a process called hashing.
00:00
Hashing produces checksums,
00:00
which can also be referred to as message digests.
00:00
Can also produce hashes.
00:00
So, hashes, checksums,
00:00
message digests, all the same.
00:00
What we're trying to do,
00:00
is we're trying to guarantee
00:00
that a message has not been modified.
00:00
Let's say you and I are communicating
00:00
across a really unreliable link,
00:00
there's lot of interference, packets get dropped.
00:00
I want you to have an assurance that what I sent,
00:00
is what you received.
00:00
I have this message, I'm going to send you, hello.
00:00
What we've agreed to do ahead of time,
00:00
is so that you'll be able to make sure
00:00
>> the message hasn't changed.
00:00
>> What I'm going to do before I send you my message,
00:00
is I'm going to take the numeric equivalent
00:00
for each letter in my message.
00:00
So H is the 8th letter of the alphabet,
00:00
E is the 5th, L is the 12th.
00:00
L is the 12th, O is the 15th.
00:00
I'm going to figure out with a numeric value
00:00
for each letter of the alphabet is,
00:00
not each letter of the alphabet,
00:00
that each letter of my message is going to be.
00:00
Then I'm going to add all those numbers together.
00:00
I came up with the number 52.
00:00
8 plus 5 is 13, plus 12 is 25, 37, 52.
00:00
Before I send you this message,
00:00
I'm going to tuck the number 52
00:00
>> onto the bottom of the message.
00:00
>> I'm going to send the message to you.
00:00
When you receive it,
00:00
your application's going to figure out
00:00
>> the numeric value for each of the letters.
00:00
>> Add them all together.
00:00
If you come up with the value 52,
00:00
and that's what I came up with,
00:00
then we have a reasonable assumption
00:00
there's been no modification.
00:00
Now let me pause here and say,
00:00
that's a really simplistic method
00:00
and there are problems with it.
00:00
One letter could change one direction,
00:00
another letter could change the other.
00:00
There are ways that we could have
00:00
different messages produce the same hash value.
00:00
That's because this is just
00:00
>> a little basic hashing algorithm
00:00
>> we just made up for this example.
00:00
Real hashing algorithms are
00:00
much more sophisticated and complex,
00:00
but you get the idea here.
00:00
If the message changes, the hash changes.
00:00
When you get the message,
00:00
if your hash values 53,
00:00
you say, wait, Kelly thought the hash was 52.
00:00
I came up with 53,
00:00
that means the message has been
00:00
corrupted, let's discard it.
00:00
If you've ever downloaded a file
00:00
from the Internet and you go to open it up
00:00
>> and you get a message that says
00:00
>> this file has been damaged or corrupted,
00:00
that's what's going on,
00:00
>> the hash values aren't working
00:00
>> or ain't matching, so to speak.
00:00
>> With real hashing algorithms,
00:00
every message should produce its own unique hash.
00:00
There should be no two messages
00:00
that produce the same hash value.
00:00
That's really important.
00:00
As matter of fact, the hashes sometimes referred
00:00
to as a fingerprint or a thumbprint,
00:00
because every message should have its own unique value.
00:00
If the hash changes,
00:00
then I know the message has changed.
00:00
Now that being said,
00:00
it is technically possible
00:00
to have two different messages,
00:00
create the same hash value,
00:00
and that's called a collision.
00:00
I can't say it's impossible for two hashes.
00:00
There are two different documents
00:00
>> to produce the same hash.
00:00
>> It's possible,
00:00
>> but it should be mathematically infeasible.
00:00
>> By that it means,
00:00
it should take so many resources,
00:00
so much time, so much processing,
00:00
that it is incredibly mathematically infeasible,
00:00
the two different messages would produce the same hash.
00:00
Now, if you're using a hashing algorithm
00:00
>> where collisions happen,
00:00
>> that's a really lousy hash algorithm,
00:00
because the strength of hashing
00:00
is to be able to compare the file hash,
00:00
with the received file hash,
00:00
and say, hey, these two match.
00:00
Therefore, I know that I know,
00:00
that I know it hasn't been modified.
00:00
If you do get collisions
00:00
with the hashing algorithm, that's bad news.
00:00
You got to get new hashing algorithm.
00:00
Now, we've used some hashing algorithms
00:00
throughout the years, MD-5,
00:00
which used for a long time,
00:00
and it produced 128-bit hash.
00:00
>> That was broken.
00:00
>> SHA-1 came around
00:00
>> and that produced 160-bit hash,
00:00
>> that was broken.
00:00
>> So we went to SHA-2,
00:00
which can produce 256-bit hash
00:00
>> or 384, 512, 1024, can have much longer size.
00:00
>> So most of the time for this exam,
00:00
you do not need to memorize bit lengths.
00:00
When we were talking about asymmetric algorithms,
00:00
you don't need to know that
00:00
>> there has an effective key length of 56-bits.
00:00
>> You don't need to memorize block sizes.
00:00
The only time I would make an exception for that is,
00:00
I would know MD5,
00:00
SHA-1 and SHA-2,
00:00
and the bit lengths associated with those algorithms.
00:00
Algorithms, the hashing algorithms
00:00
produced a fixed length hash.
00:00
Sometimes you'll hear the phrase,
00:00
variable length message, fixed length hash.
00:00
So whether my message is one character, or a 1,000,
00:00
the hash will always be the same size.
00:00
With SHA-1, whether I have one character or 1,000,
00:00
the hash will always be 160-bits. That's important.
00:00
You don't want the size of the hash to change,
00:00
based on the size of the message.
00:00
You want that hash to be consistent.
00:00
Every file should produce a unique hash.
00:00
No two different files should produce the same hash.
00:00
If that happens, it's collision.
00:00
There's also an attack,
00:00
that's job it is to cause collisions.
00:00
It's basically saying look,
00:00
you might just dumb luck into creating a collision
00:00
>> if you try enough variations.
00:00
>> That's called the birthday attack.
00:00
But the idea is,
00:00
collision should be mathematically infeasible.
00:00
The longer my hashes,
00:00
the more mathematically in feasible it is
00:00
>> that a hash would be created.
00:00
>> Or that a collision would be forced.
00:00
Now, one other thing I want to stress is that
00:00
>> a hash doesn't use a key,
00:00
>> it's not symmetric, it's not asymmetric.
00:00
The magic of the hash,
00:00
is that it uses what's referred to as one-way math.
00:00
You might hear that associated with
00:00
the idea of a trapdoor,
00:00
because it's very easy to fall through a trapdoor.
00:00
It's hard to get back through one door.
00:00
It always makes me think, I don't know if any of
00:00
you guys out there watch, The Simpsons.
00:00
But if you do,
00:00
Mr. Burns has an office and his desk,
00:00
and in front of his desk.
00:00
If somebody comes in,
00:00
stands in front of his desks and asks him for a raise,
00:00
he has this button under his desk that he pushes
00:00
>> and it drops the trapdoor
00:00
>> and the employees are dropped down to the basement
00:00
>> where the dogs are apparently.
00:00
That idea, it's easy to fall through a trapdoor,
00:00
it's hard to get back.
00:00
With one-way math, for instance,
00:00
even my little basic hashing algorithm
00:00
>> uses one-way math.
00:00
>> For instance, I told you with the math was.
00:00
Figure out the numeric value
00:00
for each letter of the alphabet,
00:00
and then add those values together.
00:00
Well, came up with a value 52,
00:00
and that was easy to do one direction.
00:00
But if you'd look at the number 52,
00:00
let's say the message was encrypted,
00:00
and you didn't know what the message
00:00
was that was encrypted
00:00
and all you saw was the hash 52.
00:00
You wouldn't be able to figure out what the message is.
00:00
That's a really important rule of hashing,
00:00
is you should never be able to look at a hash,
00:00
and reverse it and say,
00:00
oh, I know what your message was.
00:00
Even with my ridiculously basic hashing algorithm,
00:00
if you saw the number 52,
00:00
>> you would know the message is hello.
00:00
>> When you take these real hashing algorithms
00:00
like SHA-1 and SHA-256,
00:00
was a much more sophisticated process,
00:00
it just makes it that much harder.
00:00
Those are some important rules, with hashing.
00:00
You shouldn't get the two different documents
00:00
that produce the same hash.
00:00
You shouldn't be able to look at a hash
00:00
>> and reverse it and figure out what the text is.
00:00
>> If you take that into consideration,
00:00
I shouldn't have to protect
00:00
the confidentiality of a hash,
00:00
because an attacker can see the hash,
00:00
but they can't do anything with it.
00:00
If you see the hash,
00:00
1B3F269438F2, you should be able to say,
00:00
oh, that message said, "Hi Kelly, how are you today?"
00:00
The one way nature of the math is what makes that work.
00:00
Let's build on this.
00:00
What if I take a hash,
00:00
and that hash gives me integrity?
00:00
The hash proves a message hasn't been changed.
00:00
What if I were to encrypt the hash?
00:00
I'm the sender, with my private key.
00:00
The hash gives integrity
00:00
by encrypt it with my private key,
00:00
yes, send it to you.
00:00
Your email application says,
00:00
oh this looks like it comes from Kelly.
00:00
Let's try Kelly's public key to decrypt the hash.
00:00
If Kelly's public key can decrypt the hash,
00:00
you know the message came from Kelly.
00:00
Then your application hashes the document.
00:00
The two hashes match,
00:00
you know it hasn't been modified.
00:00
So I've given you authenticity and integrity.
00:00
The two together are non-repudiation.
00:00
That's what a digital signature does.
00:00
Takes the hash of the document,
00:00
encrypts the hash with the sender's private key.
00:00
The hash is integrity.
00:00
Using the sender's private key gives authenticity.
00:00
That is non-repudiation,
00:00
through a digital signature.
00:00
On your end,
00:00
your system uses the sender's public key
00:00
to decrypt the hash.
00:00
Then they hash the document,
00:00
compare the two hash values.
00:00
If they're the same, then we know
00:00
the document has not been modified.
00:00
We take pieces for integrity,
00:00
we combine them with the pieces for authenticity,
00:00
and now we have digital signature
00:00
which gives us non-repudiation.
00:00
Ultimately, throughout these last couple of videos,
00:00
we've described privacy,
00:00
authenticity, integrity, and non-repudiation.
00:00
Just a good cheat sheet for you right here.
00:00
The receiver's public key is used for privacy.
00:00
Authenticity is achieved through
00:00
the sender's private key.
00:00
With integrity, we use a hash
00:00
>> which could also be called the checksum.
00:00
>> CRC's are old school,
00:00
so a hash, a checksum, message digest.
00:00
Then for non-repudiation,
00:00
>> we use digital signatures
00:00
>> which are the hash encrypted
00:00
>> by the sender's private key.
00:00
>> So that wraps up this section
00:00
>> on asymmetric cryptography.
00:00
>> Make sure before you move to the next set of videos,
00:00
that you can get privacy,
00:00
authenticity, integrity, non-repudiation.
00:00
You can describe that
00:00
>> by using the asymmetric tools
00:00
>> that we've talked about.
Up Next