1 Digital Signatures CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 12, 2004.

Slides:



Advertisements
Similar presentations
The Diffie-Hellman Algorithm
Advertisements

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Certificates.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #9-1 Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Chapter 9: Key Management
1 Key Management CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 1, 2004.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Slide #9-1 Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures.
E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.
Csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature.
Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.
Bob can sign a message using a digital signature generation algorithm
Cryptology Digital Signatures and Digital Certificates Prof. David Singer Dept. of Mathematics Case Western Reserve University.
Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Storage & Revoking.
COEN 351 E-Commerce Security Essentials of Cryptography.
Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.
1 Chapter 9: Key Management All algorithms we have introduced are based on one assumption: keys have been distributed. But how to do that? Key generation,
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Assistant Professor, SIS Lecture 10 Nov 8, 2007 Hash Functions Key Management.
Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.
Chapter 2 Advanced Cryptography (Part C)
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Courtesy of Professors Chris Clifton & Matt Bishop INFSCI 2935: Introduction of Computer Security1 Nov 4, 2003 Introduction to Computer Security Lecture.
Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
Digital Signatures and Digital Certificates Monil Adhikari.
Private key
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Csci5233 Computer Security1 Bishop: Chapter 10 Key Management.
Chapt. 10 – Key Management Dr. Wayne Summers Department of Computer Science Columbus State University
Slide #9-1 Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
April 20023CSG11 Electronic Commerce Authentication John Wordsworth Department of Computer Science The University of Reading Room.
Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems1.
1IS2150/TEL2810: Introduction to Computer Security Nov 1, 2005 Introduction to Computer Security Lecture 8 Key Management.
Key management issues in PGP
Contents Introduction. 9.1 Session and Interchange Keys.
Chapter 9. Key management
Basics of Cryptography
Security Outline Encryption Algorithms Authentication Protocols
Information Security message M one-way hash fingerprint f = H(M)
Keys Campbell R. Harvey Duke University, NBER and
Campbell R. Harvey Duke University and NBER
Message Digest Cryptographic checksum One-way function Relevance
Chapt. 10 – Key Management Dr. Wayne Summers
Key Escrow Key escrow system allows authorized third party to recover key Useful when keys belong to roles, such as system operator, rather than individuals.
Campbell R. Harvey Duke University and NBER
CSC 482/582: Computer Security
Bishop: Chapter 10 Key Management: Digital Signature
Chapter 13 Digital Signature
Chapter 9: Key Management
Chapter 10: Key Management
Digital Signatures Network Security.
Presentation transcript:

1 Digital Signatures CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 12, 2004

2 Digital Signature  Construct that authenticated origin, contents of message in a manner provable to a disinterested third party (“judge”)  Sender cannot deny having sent message (service is “nonrepudiation”) Limited to technical proofs  Inability to deny one’s cryptographic key was used to sign One could claim the cryptographic key was stolen or compromised  Legal proofs, etc., probably required; not dealt with here

3 Shared Key  Alice, Bob share key k Alice sends m || { m } k to Bob  Is this a digital signature?

4 Classical Digital Signatures  Require trusted third party Alice, Bob each share keys with trusted party Cathy  To resolve dispute, judge gets { m }k Alice, { m }k Bob, and has Cathy decipher them; if messages matched, contract was signed Alice Bob Cathy Bob Cathy { m }k Alice { m }k Bob

5 Public Key Digital Signatures  Alice’s keys are d Alice, e Alice  Alice sends Bob m || { m }d Alice  In case of dispute, judge computes { { m }d Alice }e Alice  and if it is m, Alice signed message She’s the only one who knows d Alice !

6 RSA Digital Signatures  Use private key to encipher message Protocol for use is critical  Key points: Never sign random documents, and when signing, always sign hash and never document  Mathematical properties can be turned against signer Sign message first, then encipher  Changing public keys causes forgery

7 Properties of modulo arithmetic 1/3 P1: ((a mod p) (b mod p)) mod p = (a b) mod p Proof: a = j p+x, b = k p+y for x,y < p a b = (j p+x) (k p+y) = (...) p + x y (a b) mod p = (x y) mod p

8 Properties of modulo arithmetic 2/3 P2: a mod p = b mod p  a Z mod p = b Z mod p Proof: a = j p+x, b = k p+x for x < p a Z = (j p+x) Z = (...) p+x z b Z = (k p+x) Z = (...) p+x z

9 Properties of modulo arithmetic 3/3 P3: f z g z = (f g) z Therefore: ((a mod p) z (b mod p) z ) mod p = ((a mod p) (b mod p)) z mod p = (a b) z mod p

10 Attack #1  Want to claim agreement on m  Find m 1, m 2 such that: m 1 m 2 mod n B = m mod n B  Obtain signed versions of m 1, m 2 a 1 = m 1 dB mod n B a 2 = m 2 dB mod n B  Produce a 1 a 2 mod n B = m dB mod n B

11 Attack #2  Suppose Alice sends a signed message by enciphering first, then signing: c = (m eB mod n B ) dA mod n A  Bob finds another public key r eB, such that M r = m c = (M r eB mod n B ) dA mod n A

12 Storing Keys  Multi-user or networked systems: attackers may defeat access control mechanisms Encipher file containing key  Attacker can monitor keystrokes to decipher files  Key will be resident in memory that attacker may be able to read Use physical devices like “smart card”  Key never enters system  Card can be stolen, so have 2 devices combine bits to make single key

13 Key Escrow  Key escrow system allows authorized third party to recover key Useful when keys belong to roles, such as system operator, rather than individuals Business: recovery of backup keys Law enforcement: recovery of keys that authorized parties require access to  Goal: provide this without weakening cryptosystem  Very controversial

14 Components  User security component Does the encipherment, decipherment Supports the key escrow component  Key escrow component Manages storage, use of data recovery keys  Data recovery component Does key recovery

15 Key Revocation  Certificates invalidated before expiration Usually due to compromised key May be due to change in circumstance (e.g., someone leaving company)  Problems Entity revoking certificate authorized to do so Revocation information circulates to everyone fast enough  Network delays, infrastructure problems may delay information

16 CRLs  Certificate revocation list lists certificates that are revoked  PGP: signers can revoke signatures; owners can revoke certificates, or allow others to do so

17 Key Points  Key management critical to effective use of cryptosystems Different levels of keys (session vs. interchange)  Keys need infrastructure to identify holders, allow revoking Key escrowing complicates infrastructure  Digital signatures provide integrity of origin and content Much easier with public key cryptosystems than with classical cryptosystems

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.