Download presentation

Presentation is loading. Please wait.

Published byAraceli Lockwood Modified over 2 years ago

1
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication Protocols Digital Signature Standard

2
AUTHENTICATION vs SIGNATURE Authentication auth A B protects against {C} Signature sign A B protects against {A,C}

3
SIGNATURE CHARACTERISTICS Author Verifiable Date Authenticate by Time Contents Third Party

4
SIGNATURE TYPES Direct X Y weakness: security of private key Arbitrated + date X A Y

5
ARBITRATED DIGITAL SIGNATURE TECHNIQUES

6
Table 13.1: Scheme (a) Arbiter Sees Message Conventional Encryption: After X A Y Dispute between X and Y Y A: E K ay [ID x ||M||E K ax [ID x ||H(M)]]

7
Table 13.1: Scheme (b) Arbiter Does Not See Message Conventional Encryption: Arbiter : neither can read message Eavesdropper

8
Table 13.1: Scheme (c) Arbiter Does Not See Message Public-Key (double) Encryption: advantages: 1. No information shared before communication 2. if KRx compromised date is still correct 3. message secret from Arbiter and Eavesdropper

9
REPLAY ATTACKS Simple Replay: X m E m Logged Replay: X m||T 0 t E m||T 0 (< T 0 later) i m Undetected Replay:X m e E m Backward Replay: X m X m E

10
TIMESTAMP m||T X Y synchronized clocks

11
CHALLENGE/RESPONSE Use NONCE: N X Y m||N X Y handshake required

12
ATTACK ON Fig 7.9 Eavesdropper gets Old K s : Replay Step 3 Intercept Step 4 Impersonate Step 5 Bogus Messages Y

13
SOLUTION: TIMESTAMP 1.A ID A ||ID B KDC 2. KDC E K A [ K S ||ID B ||T||E K B [K S ||ID A ||T] ] A 3. A E K B [K S ||ID A ||T] B 4. B E K S [N 1 ] A 5. A E K S [f(N 1 )] B

14
CLOCK ATTACKS To counteract: Suppress – Replay attacks: 1. Check clocks regularly use KDC clock 2. Handshaking via Nonce

15
AN IMPROVED PROTOCOL over Fig 7.9 To counteract suppress-replay attacks: A ID A || N A B B ID B ||N B ||E KB [ID A ||N A ||T B ] KDC KDC E K A [ID B ||N A ||K S ||T B ]||E K B [ID A ||K S ||T B ]||N B A 4. A E K B [ID A ||K S ||T B ]||E K S [N B ] B No clock synch. T B only checked by B

16
AUTHENTICATION SERVER - no secret key distribution (public key) A ID A ||ID B AS AS E KR AS [ID A ||KU A ||T]||E KR AS [ID B ||KU B ||T] A 3. A E KR AS [ID A ||KU A ||T]||E KR AS [ID B ||KU B ||T]||E KU B [E KR A [K S ||T]] B Problem: Clock Synch.

17
ALTERNATIVE NONCE PROTOCOL 1. A ID A ||ID B KDC 2. KDC E KR auth [ID B ||KU B ] A 3. A E KU B [N A ||ID A ] B 4. B ID B ||ID A ||E KUauth [N A ] KDC 5. KDC E KR auth [ID A ||KU A ]||E KU B [E KR auth [N A ||K S ||ID A ||ID B ]] B 6. B E KU A [E KR auth [N A ||K S ||ID A ||ID B ]||N B ] A 7. A E K S [N B ] B

18
ONE-WAY AUTHENTICATION (e.g. ) Encrypt Message Authenticate Sender

19
SYMMETRIC-KEY (one-way auth.) 1. A ID A ||ID B ||N 1 KDC 2. KDC E K A [K S ||ID B ||N 1 ||E K B [K S ||ID A ]] A 3. A E K B [K S,ID A ]||E K S [M] B

20
PUBLIC-KEY (one-way auth.) Use Figs 11.1b,c, and d or A E KU B [K S ]||E K S [M] B or A M||E KR A [H(M)] B

21
PUBLIC-KEY (one-way auth.) Send A’s public key to B A M||E KR A [H(M)]||E KR AS [T||ID A ||KU A ] B

22
DSS : USES SHA-1 Signature YES Encryption NO Key-Exchange NO

23
DSS : USES SHA-1

24
DISCRETE LOG p,q,g – global public keys x - user private key y - user public key k - user per-message secret number r = (g k mod p) mod q s = [k -1 (H(M) + xr)] mod q Signature = (r,s) precompute g k mod p, k -1 mod q

25
VERIFY w = (s’) -1 mod q u 1 = [H(M’)w] mod q u 2 = (r’)w mod q v = [(g u 1.y u 2 ) mod p] mod q where y = g x mod p v = r’ ? y = g x is one-way: x y YES y x NO

26
DIGITAL SIGNATURE ALGORITHM

27
DSS SIGNING AND VERIFYING

Similar presentations

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google