CS480 Cryptography and Information Security Huiping Guo Department of Computer Science California State University, Los Angeles 14. Digital signature.

Slides:



Advertisements
Similar presentations
1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.
Advertisements

Public Key Cryptography & Message Authentication By Tahaei Fall 2012.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.
ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Digital Signature Algorithm (DSA) Kenan Gençol presented in the course BIL617 Cryptology instructed by Asst.Prof.Dr. Nuray AT Department of Computer Engineering,
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
Public Key Model 8. Cryptography part 2.
13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.
13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.
Chapter 13 Digital Signature
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall
Rachana Y. Patil 1 1.
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.
Pretty Good Privacy by Philip Zimmerman presented by: Chris Ward.
1 Lect. 15 : Digital Signatures RSA, ElGamal, DSA, KCDSA, Schnorr.
Behzad Akbari Spring In the Name of the Most High.
10/1/2015 9:38:06 AM1AIIS. OUTLINE Introduction Goals In Cryptography Secrete Key Cryptography Public Key Cryptograpgy Digital Signatures 2 10/1/2015.
Public-Key Cryptography CS110 Fall Conventional Encryption.
Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.
CSCD 218 : DATA COMMUNICATIONS AND NETWORKING 1
Chapter 31 Cryptography And Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.
Signcryption Parshuram Budhathoki Department of Mathematical Sciences Florida Atlantic University April 18, 2013
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
PUBLIC KEY CRYPTOGRAPHY ALGORITHM Concept and Example 1IT352 | Network Security |Najwa AlGhamdi.
Prepared by Dr. Lamiaa Elshenawy
Digital Signature Standard (DSS) US Govt approved signature scheme designed by NIST & NSA in early 90's published as FIPS-186 in 1991 revised in 1993,
1 Introduction to Computer Security Topic 2. Basic Cryptography (Part II)
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems1.
@Yuan Xue 285: Network Security CS 285 Network Security Digital Signature Yuan Xue Fall 2012.
CS480 Cryptography and Information Security
Asymmetric-Key Cryptography
Asymmetric-Key Cryptography
Key Exchange References: Applied Cryptography, Bruce Schneier
Public-Key Cryptography and Message Authentication
Computer Communication & Networks
Information Security message M one-way hash fingerprint f = H(M)
Network Security Unit-III
Cryptographic Hash Function
CS480 Cryptography and Information Security
Information Security message M one-way hash fingerprint f = H(M)
NET 311 Information Security
ICS 454 Principles of Cryptography
Symmetric-Key Cryptography
Information Security message M one-way hash fingerprint f = H(M)
ICS 454 Principles of Cryptography
Network Security Security Techniques: Encryption & decryption :
Digital Signatures…!.
Bishop: Chapter 10 Key Management: Digital Signature
NET 311 Information Security
El Gamal and Diffie Hellman
Chapter -7 CRYPTOGRAPHIC HASH FUNCTIONS
Chapter 13 Digital Signature
Chapter 3 - Public-Key Cryptography & Authentication
Chapter 29 Cryptography and Network Security
Symmetric-Key Cryptography
Presentation transcript:

CS480 Cryptography and Information Security Huiping Guo Department of Computer Science California State University, Los Angeles 14. Digital signature

14. Digital Signature CS480_W Outline r Conventional signatures and digital signatures r Services provided by signature r Some digital signature schemes r Diffie-Hellman Key exchange algorithm

14. Digital Signature CS480_W Conventional signatures and digital signatures r Conventional signature m Signature on a document m Signature on a check, … m A signature, when verified, is a sign of authentication The document is authentic It’s originated from the right person What else? r Digital signature m Electronic signature used to prove the authenticity of a digital message and its sender

14. Digital Signature CS480_W Differences between conventional signatures and digital signatures r Inclusion r Verification method r Relationship r duplicity

14. Digital Signature CS480_W Inclusion r A conventional signature is included in the document r It is part of the document r But when we sign a document digitally, we send the signature as a separate document

14. Digital Signature CS480_W Verification method r For a conventional signature, when the recipient receives a document, she compares the signature on the document with the signature on file m The recipient needs to have a copy of this signature on file r For a digital signature, the recipient receives the message and the signature. The recipient needs to apply a verification technique to the combination of the message and the signature to verify the authenticity m A copy of signature is not stored anywhere

14. Digital Signature CS480_W Relationship r For a conventional signature, there is normally a one-to-many relationship between a signature and documents m The same signature can be used in many documents r For a digital signature, there is a one-to-one relationship between a signature and a message. m The signature of one message cannot be used in another message

14. Digital Signature CS480_W Duplicity r In conventional signature, a copy of the signed document can be distinguished from the original one on file r In digital signature, there is no such distinction unless there is a factor of time on the document m Digital signature is subject to replay attack

14. Digital Signature CS480_W Digital signature process r The sender uses a signing algorithm to sign the message r The message and the signature are sent to the receiver r The receiver receives the message and the signature and applies the verifying algorithm to the combination r If the result is true, the message is accepted; otherwise, it is rejected.

14. Digital Signature CS480_W Need for Keys r A digital signature needs a public-key system r The signer signs with her private key; the verifier verifies with the signer’s public key.

14. Digital Signature CS480_W Signing the Digest r A cryptosystem uses the private and public keys of the receiver: a digital signature uses the private and public keys of the sender

14. Digital Signature CS480_W Services provided by signature r Authentication r Message integrity m The integrity of the message is preserved even if we sign the whole message because we cannot get the same signature if the message is changed r Nonrepudiation m The digital signature is created using the sender’s private key m Only the sender knows his private key m He cannot deny the fact that he signed the message

14. Digital Signature CS480_W Adding confidentiality to a digital signature scheme r A digital signature does not provide privacy. r If there is a need for privacy, another layer of encryption/decryption must be applied.

14. Digital Signature CS480_W The differences between MAC and digital signature r They are based on different kinds of key schemes m MAC is symmetric key based m Digital signature is asymmetric key based r MAC can provide authentication and integrity r Digital signature can provide authentication, integrity and nonrepudiation

14. Digital Signature CS480_W Digital signature schemes r RSA Digital Signature Scheme r ElGamal Digital Signature Scheme r Digital Signature Standard (DSS)

14. Digital Signature CS480_W RSA Digital Signature Scheme d e

14. Digital Signature CS480_W Key Generation r Key generation in the RSA digital signature scheme is exactly the same as key generation in the RSA r In the RSA digital signature scheme m d is private m e and n are public.

14. Digital Signature CS480_W Signing and Verifying

14. Digital Signature CS480_W Example r suppose that Alice chooses p = 823 and q = 953, and calculates n = r The value of ø(n) is r Now she chooses e = 313 and calculates d = r At this point key generation is complete r Now imagine that Alice wants to send a message with the value of M = to Bob r She uses her private exponent, , to sign the message

14. Digital Signature CS480_W Example r Alice sends the message and the signature to Bob. Bob receives the message and the signature. He calculates Bob accepts the message because he has verified Alice’s signature.

14. Digital Signature CS480_W RSA Signature on the Message Digest r When the digest is signed instead of the message itself, the susceptibility of the RSA digital signature scheme depends on the strength of the hash algorithm.

14. Digital Signature CS480_W ElGamal Digital Signature Scheme Figure 13.9 General idea behind the ElGamal digital signature scheme

14. Digital Signature CS480_W Key Generation r The key generation procedure here is exactly the same as the one used in the cryptosystem r In ElGamal digital signature scheme, (e1, e2, p) is Alice’s public key; d is her private key.

14. Digital Signature CS480_W ElGamal Digital Signature Scheme: key generation

14. Digital Signature CS480_W Verifying and Signing r should be relative prime to p-1

14. Digital Signature CS480_W Example Here is a trivial example. Alice chooses p = 3119, e 1 = 2, d = 127 and calculates e 2 = mod 3119 = She also chooses r to be 307. She announces e1, e2, and p publicly; she keeps d secret. The following shows how Alice can sign a message.

14. Digital Signature CS480_W Example Alice sends M, S 1, and S 2 to Bob. Bob uses the public key to calculate V 1 and V 2. e 2 S1

14. Digital Signature CS480_W Example Now imagine that Alice wants to send another message, M = 3000, to Ted. She chooses a new r, 107. Alice sends M, S 1, and S 2 to Ted. Ted uses the public keys to calculate V 1 and V 2. e 2 S1 2

14. Digital Signature CS480_W Digital Signature Standard (DSS)

14. Digital Signature CS480_W Key Generation r Alice chooses a primes p, between 512 and 1024 bits in length. The number of bits in p must be a multiple of 64 r Alice chooses a 160-bit prime q in such way that q divides (p-1). r Alice uses and. m is a subgroup of r Alice creates e 1 to be the qth root of 1 mod p (e 1 q = 1 mod p). m To do so, Alice chooses a primitive element e 0 in Zp, m Calculates e 1 = e 0 (p-1)/q mod p r Alice chooses d as the private key and calculates e 2 = e 1 d mod p. r Alice’s public key is (e 1, e 2, p, q) r Her private key is (d).

14. Digital Signature CS480_W Signing r Alice chooses a random number r(1<=r<=q) r Alice calculates the first signature m S 1 = (e 1 r mod p) mod q m Note: S 1 does not depend on M, the message r Alice creates a digest of M, h(M) r Alice calculates the second signature m S2 = ( h(M) + dS 1 )r -1 mod q r Alice sends M, S 1 and S 2 to Bob

14. Digital Signature CS480_W Verifying r Bob checks to see if 0 < S1 < q r Bob checks to see if 0 < s2 <q r Bob calculates a digest of M, h(M) r Bob calculates V = [(e 1 h(M)S2^-1 e 2 S1S2^-1 ) mod p] mod q r If S1 = V, M is accepted

14. Digital Signature CS480_W Verifying and Signing

14. Digital Signature CS480_W Example Alice chooses q = 101 and p = Alice selects e 0 = 3 and calculates e 1 = e 0 (p−1)/q mod p = Alice chooses d = 61 as the private key and calculates e 2 = e 1 d mod p = Now Alice can send a message to Bob. Assume that h(M) = 5000 and Alice chooses r = 71: 71

14. Digital Signature CS480_W Example Alice sends M, S 1, and S 2 to Bob. Bob uses the public keys to calculate V.

14. Digital Signature CS480_W Comparison r DSS Versus RSA m Computation of DSS signatures is faster than computation of RSA signatures when using the same p. r DSS Versus ElGamal m DSS signatures are smaller than ElGamal signatures because q is smaller than p.

14. Digital Signature CS480_W Symmetric key agreement r Alice and Bob can create a session key between themselves r This method of session-key creation is referred to as the symmetric-key agreement m Diffie-Hellman Key Agreement

14. Digital Signature CS480_W Diffie-Hellman Key Agreement r Alice and Bob agree on global parameters:  Large prime integer p m g: a primitive root r Alice generates a key pair  chooses a private key (number): x < p  Compute her public key: R1 = g x mod p m A sends R1 to Bob r Bob generates a key pair  chooses a private key (number): y < p  Compute his public key: R2 = g y mod p m Bob sends R2 to Alice

14. Digital Signature CS480_W Diffie-Hellman Key Agreement r The Shared session key for Alice and Bob is K AB : m Alice computes K AB = R2 x mod p m Bob Computes K AB = R1 y mod p r If Alice and Bob subsequently communicate, they will have the same key as before, unless they choose new public-keys

14. Digital Signature CS480_W Example r Alice & Bob wish to set up a session key:  They Agree on prime p=353 and g=3 r Alice  Chooses: x = 97  Computes : R1= g x = 3 97 mod 353 = 40  Publishes : R1 = 40 r Bob  chooses y = 233  Computes : R2 = g y = mod 353 = 248  Publishes : R2 = 248 r Compute the shared session key  Alice : K AB = R2 x mod 353 = mod 353 = 160  Bob : K AB = R1 y mod 353 = mod 353= 160

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.