Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Slides:

Advertisements

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Advertisements

Public Key Infrastructure and Applications

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Digital Signatures and Hash Functions. Digital Signatures.

Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Cryptography Basic (cont)

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

Cryptographic Technologies

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Network Security Essentials Fifth Edition by William Stallings Fifth Edition by William Stallings.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

Chapter 31 Network Security

CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.

1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.

1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden

MT311 Java Application Development and Programming Languages Li Tak Sing ( 李德成 )

1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.

.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

Public-key Cryptography Strengths and Weaknesses Matt Blumenthal.

Cryptography, Authentication and Digital Signatures

©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.

Secure Systems Research Group - FAU Web Services Cryptographic Patterns Presented by Keiko Hashizume Advisor: Prof. Eduardo Fernandez.

CSCD 218 : DATA COMMUNICATIONS AND NETWORKING 1

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.

Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 50 Cryptography, Privacy, and Digital Certificates.

Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.

Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.

Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.

1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.

11-Basic Cryptography Dr. John P. Abraham Professor UTPA.

Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

Upper OSI Layers Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

DIGITAL SIGNATURE.

1 CMPT 471 Networking II Authentication and Encryption © Janice Regan,

Secure Systems Research Group - FAU A Pattern for XML Signature Presented by Keiko Hashizume.

1 Session 4 Module 6: Digital signatures. Digital Signatures / Session4 / 2 of 18 Module 4, 5 - Review (1)  Java 2 security model provides a consistent.

Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Network Security Celia Li Computer Science and Engineering York University.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.

Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems1.

Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.

Unit 3 Section 6.4: Internet Security

e-Health Platform End 2 End encryption

NET 311 Information Security

Presentation transcript:

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume

Secure Systems Research Group - FAU Introduction A digital signature is a type of public key cryptography. PKC uses a key pair, a private and a public key, for encryption and decryption operations. When a message is encrypted using a key, it only can be decoded with the other key (matching key).

Secure Systems Research Group - FAU Pattern for Digital Signature with hashing Intent Digital Signature allows a principal to prove that a message was originated from it. It also provides message integrity by indicating whether a message was altered during transmission.

Secure Systems Research Group - FAU Context Participants of electronic transactions that need to exchange documents or messages through insecure networks. We assume that a principal possesses a key pair: a private key that is secretly kept by the principal and a public key that is in an accessible repository. The generation of these key pairs and the distribution of public keys are out of scope of this pattern.

Secure Systems Research Group - FAU Problem In many applications we need to verify the origin of a message (message authentication). How do we verify that a message came from a particular principal? Messages that travel through insecure channels can be captured and intentionally modified by attackers.

Secure Systems Research Group - FAU Problem The solution for this problem is affected by the following forces: – For legal or business reasons we need to be able to verify who sent a particular message. Otherwise, the sender may deny having sent it. – Messages may be altered during transmission, so we need to verify that the data is in its original form when it reaches its destination. – The length of the signed message should not be significantly larger than the original message; otherwise we would waste time and bandwidth.

Secure Systems Research Group - FAU Solution Apply properties of public key cryptographic algorithms to messages in order to create a signature that will be unique for each message. The message first is compressed (hashed) to a smaller size (digest), and then it is encrypted using the sender’s private key. When the signed message arrives at its target, the receiver verifies the signature using the sender’s public key and uses the hashed digest to verify that the message has not been altered.

Secure Systems Research Group - FAU Structure Solution

Secure Systems Research Group - FAU Solution Dynamics Sequence Diagram for Use Case: Sign a message

Secure Systems Research Group - FAU Solution Dynamics Sequence Diagram for Use Case: Verify a signature Signed Message Message Signature

Secure Systems Research Group - FAU Consequences This pattern presents the following advantages: – A key pair is bound to a principal whose private key is used to sign the message. If the signature is validated using its public key, then we know that the sender created and sent the message. We assume that he keeps his private key secure, and it has not been compromised. – Also, when a signature is validated using a principal’s public key, the sender cannot deny that he created and sent the message. If a message is signed using another private key that does not belong to the sender, the validity of the signature fails. – Any change in the original message will produce another digest value that will be different from the value obtained after decrypting the signature using the sender’s public key. – A message is compressed to a fixed length string using the digest algorithm before it is signed. As a result, the process of signing is faster, and the signature is shorter in length.

Secure Systems Research Group - FAU Consequences The pattern also has some (possible) liabilities: – This pattern assumes that the owner of the public key is who he says he is. In other words, both participants trust in the identity of each other. Thus, certificates issued by some certification authority are needed. – Both the sender and the receiver have to previously agree what cryptographic algorithm they support.

Secure Systems Research Group - FAU Implementation Use Strategy Pattern [Gam94] to select different hashing and signature algorithm. The most widely used hashing algorithms are MD5 and SHA1. The two popular digital signature algorithms are RSA and Digital Signature Algorithm (DSA). Digital signatures can be implemented in different applications such as in communication, distribution of documents over the Internet, or web services. For example, one can sign ’s contents or any other document’s content such as PDF. In both cases, the signature is appended to the or document. When digital signatures are applied in web services, they are also embedded within XML messages. However, these signatures are treated as XML elements, and they have additional features such as signing parts of a message or external resources which can be XML or any other data type.

Secure Systems Research Group - FAU Known Uses Digital Signatures have been widely used in different products. – Adobe Reader and Acrobat [Ado05] have an extended security feature that allows users to digitally sing PDF documents. – CoSign [Arx] digitally signs different types of documents, files, forms, and other electronic transactions. – GNuPG [Gnu] digitally signs messages. – Java Cryptographic Architecture [Sun] includes APIs for digital signature. – Microsoft.Net [Mic07] includes APIs for asymmetric cryptography such as digital signature. – XML Signature [W3C08] is one of the foundation web services security standards that defines the structure and process of digital signatures in XML messages.

Secure Systems Research Group - FAU Related Patterns Encryption/Decryption using public key cryptography [Bra98] Generation and Distribution of public keys [Leh02] Certificates [Mor06] contain information about its owner such as public key, name, validity period, and so forth. Certificates are issued by Certificate Authority that confirms that the public key contained in the certificate belongs to the owner of the certificate. Strategy Pattern [Gam94] defines how to separate the implementation of related algorithms from the selection of one of them.

Secure Systems Research Group - FAU Comments