Digital Signatures and applications Math 7290CryptographySu07.

Slides:

Advertisements

Similar presentations

Diffie-Hellman Diffie-Hellman is a public key distribution scheme First public-key type scheme, proposed in 1976.

Advertisements

Public Key Cryptography Nick Feamster CS 6262 Spring 2009.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.

Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA Secret sharing Secret sharing DTTF/NB479: DszquphsbqizDay 29.

Public Key Algorithms …….. RAIT M. Chatterjee.

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

Key Distribution CS 470 Introduction to Applied Cryptography

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA DTTF/NB479: DszquphsbqizDay 29.

Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Diffie-Hellman Key Exchange

CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.

C HAPTER 13 Asymmetric Key Cryptography Slides adapted from "Foundations of Security: What Every Programmer Needs To Know" by Neil Daswani, Christoph Kern,

Computer Science Public Key Management Lecture 5.

Introduction to Public Key Cryptography

Public Key Model 8. Cryptography part 2.

13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.

Csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature.

Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall

Rachana Y. Patil 1 1.

Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Pretty Good Privacy by Philip Zimmerman presented by: Chris Ward.

Bob can sign a message using a digital signature generation algorithm

Key Management and Diffie- Hellman Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 12/3/2009 INCS 741: Cryptography 12/3/20091Dr. Monther.

Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.

RSA By: Abhishek Naik Viswanath Chennuru CPSC 624.

Encryption Coursepak little bit in chap 10 of reed.

1 Lecture 9 Public Key Cryptography Public Key Algorithms CIS CIS 5357 Network Security.

Public-Key Cryptography CS110 Fall Conventional Encryption.

Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.

Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.

Cryptography and Network Security (CS435) Part Eight (Key Management)

PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.

Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.

Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

PUBLIC KEY CRYPTOGRAPHY ALGORITHM Concept and Example 1IT352 | Network Security |Najwa AlGhamdi.

1 Needham-Schroeder A --> S: A,B, N A S --> A: {N A,B,K AB,{K AB,A} KBS } KAS A --> B:{K AB,A} KBS B --> A:{N B } KAB A --> B:{N B -1} KAB.

1 Normal executable Infected executable Sequence of program instructions Entry Original program Entry Jump Replication and payload Viruses.

A A E E D D C C B B # Symmetric Keys = n*(n-1)/2 F F

1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,

Chapter 4: Public Key Cryptography

CS 4803 Fall 04 Public Key Algorithms. Modular Arithmetic n Public key algorithms are based on modular arithmetic. n Modular addition. n Modular multiplication.

Key Management Network Systems Security Mort Anvari.

1 Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang 9 February 2007.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

1 Chapter 3-3 Key Distribution. 2 Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution.

Diffie-Hellman Key Exchange first public-key type scheme proposed by Diffie & Hellman in 1976 along with the exposition of public key concepts – note:

1 Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang 9 February 2007.

Key Management public-key encryption helps address key distribution problems have two aspects of this: – distribution of public keys – use of public-key.

CPIS 312 Chapter Four: PUBLIC KEY CRYPTO. Index 2 A.Introduction A.1 Asymmetric Key Cryptography- Introduction A.2 General ideas about the Public Key.

CS480 Cryptography and Information Security Huiping Guo Department of Computer Science California State University, Los Angeles 14. Digital signature.

Basics of Cryptography

Public Key Infrastructure

Diffie-Hellman Secure Key Exchange 1976.

Key Management Network Systems Security

Chapter 13 Digital Signature

Chapter 29 Cryptography and Network Security

Presentation transcript:

Digital Signatures and applications Math 7290CryptographySu07

 Digital Signature Schemes  Digital vs Conventional Signatures  RSA Signature Scheme  El Gamal Signature Scheme  Security Protocols  Session Keys -- Diffie Hellman theme and variations  Centralized key management (certificates)  Decentralized key management (PGP)

Conventional vs Digital advantages and disadvantages  Conventional  Part of a physical document  compared to known authentic signature  Identical copy easily distinguished and does not substitute for the original  Digital  Not physically part of the document  Verification is done with an authentication algorithm  Identical copies are easy to make and (ab)use

Digital Signature Scheme  Must bind to the signer and to the message being signed  An encryption like process  Must be verifiable by recipient  A decryption like process  Scheme consists of  Messagesx  Signaturesy  Keysk  Signing algorithmy=e(x,k)  Verification algorithmx=d(y,k’)

RSA encryption scheme n=pq, where p and q are large primes e, encryption exponent (no factor in common with (p-1)(q-1)) d, decryption exponent (multiplicative inverse of e mod (p-1)(q-1)) PUBLIC KEY (e, n) private key d encryption of message x: y=x e modulo n decryption of message y: x=y d modulo n

RSA Digital Signatures Alice has public key (e A,n A ) and private key d A. Bob has public key (e B,n B ) and private key d B. Alice has prepared a message x to send to Bob But before sending it she signs it using her private key: Then she sends z to Bob. Bob decrypts and verifies using his private key and Alice’s public key! Bob knows the message, and it had to be from Alice. Noone else could have her private key!

El Gamal Encryption Scheme  p a large prime, integer a, 0<a<p-1  , a primitive element mod p,  =  a mod p  public key (p, ,  ) private key a  Encryption of message x: (y 1,y 2 ) where  y 1 =  k mod p, y 2 =x  k mod p (k? any k is ok)  Decryption of message (y 1,y 2 ):  y 2 (y 1 a ) -1 mod p = x

El Gamal Signature Scheme Alice has her private key a, and her random k, (here chosen relatively prime to p-1) and her public key (p, ,  ) Bob Alice signs message m (encrypted or not with Bob’s public key) by computing and sending (m,r,s) to Bob(m,r,s)

Bob verifies that the message is from Alice, using Alice’s public key (p, ,  ). He computes: Bob receives (m,r,s) and the signature of Alice is verified if v 1 =v 2 because Bob can then decrypt m, if necessary,

caveat encryptor inadvertent trapdoors with El Gamal signatures don’t use the same k twice! the private key a becomes accessible be careful if r is relatively prime to p-1 again, the secrecy of a is compromised

Diffie Hellman Key Exchange whereby Alice & Bob agree on a session key Alice (or Bob) selects a large prime p and a primitive element  mod p. Both can be made public. Alice selects secret x, 0<x<p-1 and Bob selects secret y, 0<y<p-1. Alice sends A=  x mod p to Bob. Bob sends B=  y mod p to Alice. Alice computes K=B x =(  y ) x while Bob computes K=A y = (  x ) y. They have a common key to use in a symmetric key setting!

But what if … Alice (or Bob) selects a large prime p and a primitive element  mod p. Both can be made public. Alice selects secret x, 0<x<p-1 and Bob selects secret y, 0<y<p-1. Alice sends A=x mod p to Bob. Bob sends B=y mod p to Alice. but Eve intercepts both A and B; she selects her own z and sends instead E=z mod p and sends it to both Alice and Bob (who think they are receiving B and A). Eve computes KA=Az= (x )z, KB=Bz= (y )z Alice computes K=Ex=(z)x =KA while Bob computes K=Ey= (z )y =EB. Alice and Bob think they have safe communication, but Eve is …. supervising perhaps?

authenticated key agreement a protocol than incorporates digital signatures Alice (or Bob) selects a large prime p and a primitive element  mod p. Both can be made public. Alice selects secret x, 0<x<p-1 and Bob selects secret y, 0<y<p-1. Alice sends A=  x mod p to Bob. Bob sends B=  y mod p to Alice. Alice computes K=B x =(  y ) x while Bob computes K=A y = (  x ) y. Bob computes B=  y mod p.

authenticated key agreement a protocol than incorporates digital signatures Alice (or Bob) selects a large prime p and a primitive element  mod p. Both can be made public. Alice selects secret x, 0<x<p-1 and Bob selects secret y, 0<y<p-1. Alice sends A=  x mod p to Bob. Bob computes B=  y mod p. Bob uses his digital signature for the message (B,A) to produce sig B (B,A). Bob also computes K=A y = (  x ) y. Bob then encrypts sig B (B,A) using the key K: E K (sig B (B,A))=S B. Bob sends B, S B.

authenticated key agreement a protocol than incorporates digital signatures (continued) Alice uses B to compute K=Bx= (y)x Alice decrypts SB using K to get sigB(B,A). Alice then verifies Bob’s signature. Alice reciprocates; she computes sigA(A,B) and encrypts it using K: EK(sigA(A,B))=SA. Alice sends SA to Bob who can then verify her signature.

Public Key Infrastructures X.509 Certificate (centralized authority) VeriSign, AT&T,etc Certificates having different levels of trust/validity are issued by the CA PGP (decentralized system) each user has a keyring with trust levels for others (implicit/complete/partial/none) validation for any other based on connections in the web of trust associated with the user’s keyring