Presentation is loading. Please wait.

Presentation is loading. Please wait.

DIGITAL SIGNATURES Fred Piper & Mert Özarar Codes & Ciphers Ltd 12 Duncan Road Richmond Surrey TW9 2JD Information Security Group Royal Holloway, University.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "DIGITAL SIGNATURES Fred Piper & Mert Özarar Codes & Ciphers Ltd 12 Duncan Road Richmond Surrey TW9 2JD Information Security Group Royal Holloway, University."— Presentation transcript:

1 DIGITAL SIGNATURES Fred Piper & Mert Özarar Codes & Ciphers Ltd 12 Duncan Road Richmond Surrey TW9 2JD Information Security Group Royal Holloway, University of London Egham, Surrey TW20 0EX

2 Digital Signatures2 Outline 1.Brief Introduction to Cryptography 2.Public Key Systems 3.Basic Principles of Digital Signatures 4.Public Key Algorithms 5.Signing Processes 6.Arbitrated Signatures 7.Odds and Ends NOTE: We will not cover all the sections

3 Digital Signatures3 The Essence of Security –Recognition of those you know –Introduction to those you don’t know –Written signature –Private conversation

4 Digital Signatures4 The Challenge Transplant these basic social mechanisms to the telecommunications and/or business environment.

5 Digital Signatures5 Sender –Am I happy that the whole world sees this ? –Am I prepared to pay to stop them ? –Am I allowed to stop them ? Recipient –Do I have confidence in : –the originator –the message contents and message stream –no future repudiation. Network Manager –Do I allow this user on to the network ? –How do I control their privileges ? The Security Issues

6 Digital Signatures6 Cryptography is used to provide: 1. Secrecy 2. Data Integrity 3. User Verification 4. Non-Repudiation

7 Digital Signatures7 Cipher System cryptogram c Enciphering Algorithm Deciphering Algorithm Key k(E)Key k(D) message m message m Interceptor

8 Digital Signatures8 The Attacker’s Perspective Deciphering Algorithm Unknown Key k(D) Known c Wants m Note: k(E) is not needed unless it helps determine k(D)

9 Digital Signatures9 Two Types of Cipher System Conventional or Symmetric –k(D) easily obtained from k(E) Public or Asymmetric –Computationally infeasible to determine k(D) from k(E)

10 Digital Signatures10 THE SECURITY OF THE SYSTEM IS DEPENDENT ON THE SECURITY OF THE KEYS

11 Digital Signatures11 Public Key Systems Original Concept For a public key system an enciphering algorithm is agreed and each would-be receiver publishes the key which anyone may use to send a message to him. Thus for a public key system to be secure it must not be possible to deduce the message from a knowledge of the cryptogram and the enciphering key. Once such a system is set up, a directory of all receivers plus their enciphering keys is published. However, the only person to know any given receiver’s deciphering key is the receiver himself.

12 Digital Signatures12 Public Key Systems For a public key system, encipherment must be a ‘one-way function’ which has a ‘trapdoor’. The trapdoor must be a secret known only to the receiver. A ‘one-way function’ is one which is easy to perform but very difficult to reverse. A ‘trapdoor’ is a trick or another function which makes it easy to reverse the function

13 Digital Signatures13 Some Mathematical One-Way Functions 1. Multiplication of two large primes. 2. Exponentiation modulo n ( n = pq ). 3. x  a x in GF(2 n ) or GF(p). 4. k  E k (m) for fixed m where E k is encryption in a symmetric key system which is secure against known plaintext attacks. 5. x  a.x where x is an n-bit binary vector and a is a fixed n-tuple of integers. Thus a.x is an integer.

14 Digital Signatures14 Public Key Cryptosystems –Enable secure communications without exchanging secret keys –Enable 3rd party authentication ( digital signature ) –Use number theoretic techniques –Introduce a whole new set of problems –Are extremely ingenious.

15 Digital Signatures15 Digital Signatures According to ISO, the term Digital Signature is used: ‘to indicate a particular authentication technique used to establish the origin of a message in order to settle disputes of what message (if any) was sent’.

16 Digital Signatures16 Digital Signatures A signature on a message is some data that validates a message and verifies its origin a receiver can keep as evidence a third party can use to resolve disputes. It depends on the message a secret parameter only available to the sender It should be u easy to compute (by one person only) u easy to verify u difficult to forge

17 Digital Signatures17 Digital Signature Cryptographic checksum Identifies sender Provides integrity check for data Can be checked by third party

18 Digital Signatures18 Hand-Written Signatures Intrinsic to signer Same on all documents Physically attached to message Beware plastic cards. Digital Signatures Use of secret parameter Message dependent.

19 Digital Signatures19 Principle of Digital Signatures There is a (secret) number which: Only one person can use Is used to identify that person ‘Anyone’ can verify that it has been used NB:Anyone who knows the value of a number can use that number.

20 Digital Signatures20 Attacks on Digital Signature Schemes To impersonate A, I must either obtain A’s private key substitute my public key for A’s NB: Similar attacks if A is receiving secret data encrypted with A’s public key

21 Digital Signatures21 Obtaining a Private Key  Mathematical attacks  Physical attacks NB: It may be sufficient to obtain a device which contains the key. Knowledge of actual value is not needed.

22 Digital Signatures22 Certification Authority AIM : To guarantee the authenticity of public keys. METHOD : The Certification Authority guarantees the authenticity by signing a certificate containing user’s identity and public key with its secret key. REQUIREMENT : All users must have an authentic copy of the Certification Authority’s public key.

23 Digital Signatures23 Certification Process Verifies credentials Creates Certificate Receives (and checks) Certificate Presents Public Key and credentials Generates Key Set Distribution Centre Owner

24 Digital Signatures24 How Does it Work? The Certificate can accompany all Fred’s messages The recipient must directly or indirectly: Trust the CA Validate the certificate The CA certifies that Fred Piper’s public key is……….. Electronically signed by the CA

25 Digital Signatures25 User Authentication Certificates Ownership of certificate does not establish identity Need protocols establishing use of corresponding secret keys

26 Digital Signatures26 WARNING Identity Theft You ‘are’ your private key You ‘are’ the private key corresponding to the public key in your certificiate

27 Digital Signatures27 Certification Authorities Problems/Questions Who generates users’ keys? How is identity established? How can certificates be cancelled? Any others?

28 Digital Signatures28 Fundamental Requirement Internal infrastructure to support secure technological implementation

29 Digital Signatures29 Is everything OK? Announcement in Microsoft Security Bulletin MS01-017 “ VeriSign Inc recently advised Microsoft that on January 29-30 2001 it issued two VeriSign Class 3 code- signing digital certificates to an individual who fraudulently claimed to be a Microsoft employee.”

30 Digital Signatures30 How to Create a Digital Signature Using RSA MESSAGE HASHING FUNCTION HASH OF MESSAGE Sign using Private Key SIGNATURE - SIGNED HASH OF MESSAGE

31 Digital Signatures31 How to Verify a Digital Signature Using RSA HASH OF MESSAGE Verify the Received Signature Re-hash the Received Message Verify using Public Key Message Hashing Function HASH OF MESSAGE Message Signature Message with Appended Signature If hashes are equal, signature is authentic

32 Digital Signatures32 Requirements for Hash Function h (H1)condenses message M of arbitrary length into a fixed length ‘digest’ h(M) (H2)is one-way (H3)is collision free - it is computationally infeasible to construct messages M, M ' with h(M) = h(M ' ) H3 implies a restriction on the size of h(M).

33 Digital Signatures33 Diffie Hellman Key Establishment Protocol General Idea: Use Public System A and B exchange public keys: P A and P B There is a publicly known function f which has 2 numbers as input and one number as output. A computes f (S A, P B ) where S A is A’s private key B computes f (S B, P A ) where S B is B’s private key f is chosen so that f (S A, P B ) = f (S B, P A ) So A and B now share a (secret) number

34 Digital Signatures34 D-H Man in the Middle Attack A B Fraudster F The Fraudster has agreed keys with both A and B A and B believe they have agreed a common key

Download ppt "DIGITAL SIGNATURES Fred Piper & Mert Özarar Codes & Ciphers Ltd 12 Duncan Road Richmond Surrey TW9 2JD Information Security Group Royal Holloway, University."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.

Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.

Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Digital Signatures and applications Math 7290CryptographySu07.

Digital Signatures and applications Math 7290CryptographySu07.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC513-01 Instructor:Professor Anvari Student ID:106845 Name:Xin Wen Date:11/25/00.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
DIGITAL SIGNATURES Fred Piper Codes & Ciphers Ltd 12 Duncan Road

DIGITAL SIGNATURES Fred Piper Codes & Ciphers Ltd 12 Duncan Road
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Cryptographic Technologies

Cryptographic Technologies
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Chapter3 Public-Key Cryptography and Message Authentication.

Chapter3 Public-Key Cryptography and Message Authentication.

Similar presentations

Ads by Google