Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall 2011 1.

Slides:



Advertisements
Similar presentations
1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.
Advertisements

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Cryptography and Network Security
Digital Signatures and Hash Functions. Digital Signatures.
Computer Science&Technology School of Shandong University Instructor: Hou Mengbo houmb AT sdu.edu.cn Office: Information Security Research Group.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Digital Signature Algorithm (DSA) Kenan Gençol presented in the course BIL617 Cryptology instructed by Asst.Prof.Dr. Nuray AT Department of Computer Engineering,
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)
Chapter3 Public-Key Cryptography and Message Authentication.
The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Topic 5 Essential Public Key Crypto Methods.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
Cryptography and Network Security Chapter 13
Introduction to Public Key Cryptography
13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.
Applied Cryptography Spring 2015 Digital signatures.
Lecture 8 Digital Signatures. This lecture considers techniques designed to provide the digital counterpart to a handwritten signature. A digital signature.
Chapter 5 Digital Signatures MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Bob can sign a message using a digital signature generation algorithm
1 Lect. 15 : Digital Signatures RSA, ElGamal, DSA, KCDSA, Schnorr.
Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st Semester ITGD 2202 University of Palestine.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Key Management and Diffie- Hellman Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 12/3/2009 INCS 741: Cryptography 12/3/20091Dr. Monther.
IT 221: Introduction to Information Security Principles Lecture 6:Digital Signatures and Authentication Protocols For Educational Purposes Only Revised:
Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.
Chapter 21 Public-Key Cryptography and Message Authentication.
Cryptography and Network Security (CS435) Part Eight (Key Management)
Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Signcryption Parshuram Budhathoki Department of Mathematical Sciences Florida Atlantic University April 18, 2013
Data Security and Encryption (CSE348) 1. Lecture # 20 2.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings.
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
1 Number Theory and Advanced Cryptography 6. Digital Signature Chih-Hung Wang Sept Part I: Introduction to Number Theory Part II: Advanced Cryptography.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown & Süleyman KONDAKCI.
Chapter 3 – Public Key Cryptography and RSA (A). Private-Key Cryptography traditional private/secret/single-key cryptography uses one key shared by both.
1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,
Prepared by Dr. Lamiaa Elshenawy
DIGITAL SIGNATURE. A digital signature is an authentication mechanism that enables the creator of a message to attach a code that acts as a signature.
Computer Science and Engineering Computer System Security CSE 5339/7339 Lecture 11 September 23, 2004.
Key Management Network Systems Security Mort Anvari.
Digital Signature Standard (DSS) US Govt approved signature scheme designed by NIST & NSA in early 90's published as FIPS-186 in 1991 revised in 1993,
Cryptographic Hash Functions Cryptographic Hash Functions 1. Applications of Cryptographic Hash Functions 2. Secure Hash Algorithm 3. Message Authentication.
X. Digital Signatures and Authentication Protocols We begin this chapter with an overview of digital signatures, authentication protocol and Digital Signature.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Diffie-Hellman Key Exchange first public-key type scheme proposed by Diffie & Hellman in 1976 along with the exposition of public key concepts – note:
Information Security and Management 10. Other Public-key Cryptosystems Chih-Hung Wang Fall
Cryptography and Network Security Chapter 13
Fourth Edition by William Stallings Lecture slides by Lawrie Brown
B. R. Chandavarkar CSE Dept., NITK Surathkal
Cryptography and Network Security Chapter 13
Cryptography and Network Security Chapter 13
Chapter -8 Digital Signatures
Cryptography and Network Security Chapter 13
Digital Signature Standard (DSS)
Digital Signatures Network Security.
Presentation transcript:

Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall

Dispute of message authentication ▫Message authentication protects two parties who exchange messages from any third party. However, it does not protect the two parties against each other. ▫Several forms of dispute between the two are possible 2 Digital Signature

▫The following disputes could arise  Receiver may forge a different message and claim that it came from sender.  Sender can deny sending the message 3 Problem of Authentication

Generic Model of Digital Signature Process 4

Mary may forge a different message and claim that it came from John. Mary would simply have to create a message and append an authentication code using the key that John and Mary share. John can deny sending the message. Because it is possible for Mary to forge a message, there is no way to prove that John did in fact send the message. Possible Disputes Using MACs 5

Simplified Depiction of Essential Elements of Digital Signature Process 6

The digital signature is analogous to the handwritten signature. It must have the following properties: ▫It must be able to verify the author and the date and time of the signature ▫It must be able to authenticate the contents at the time of the signature ▫The signature must be verifiable by third parties, to resolve dispute 7 Properties

The signature must be a bit pattern that depends on the message being signed The signature must use some information unique to the sender, to prevent both forgery and denial It must be relatively easy to produce the digital signature It must be relatively easy to recognize and verify the digital signature 8 Requirements (1/2)

It must be computationally infeasible to forge a digital signature, either by constructing a new message for an existing digital signature or by constructing a fraudulent digital signature for a given message It must be practical to retain a copy of the digital signature in storage 9 Requirements (2/2)

10 Digital Signature Concept SignerReceiver Signer’s Private Key Signed Document Signer’s Public Key Verify the signature

11 Dispute Concept SenderReceiver Dispute Signer ’ s Digital Signature Third Party Verify & Judge

12 RSA Digital Signature Signer Receiver Signer’s private key: d Signed Document Signer’s public key : (e,n) Verify h(M) ?= Sig e mod n =( h(M) d ) e mod n Sig=h(M) d mod n

The National Institute of Standards and Technology (NIST) has published Federal Information Processing Standard FIPS PUB 186, known as the Digital Signature Standard (DSS). The DSS makes use of the Secure Hash Algorithm (SHA) The DSS was originally proposed in 1991 and revised in 1993 in response to public feedback concerning the security of the scheme 13 Digital Signature Standard (DSS)

The DSS uses an algorithm that is designed to provide only the digital signature function Unlike RSA, it cannot be used for encryption or key exchange 14 DSS Concept (1/2)

15 DSS Concept (2/2)

Discrete Logarithms (page ) ▫Consider the equation  y = g x mod p  Given g,x,and p, it is straightforward matter to calculate y  Given y, g, and p, it is, in general, very difficult to calculate x  Computational complexity  e ((ln p) 1/3 ln(ln p)) 2/3 16 DSS Algorithm

Setup ▫p large prime: bit length of between 512 and 1024 bits in increments of 64 bits 2 L-1 < p < 2 L and 512 <= L <= 1024 ▫q prime divisor of (p-1) and < q < , i.e., the length is 160 bits ▫g = h (p-1)/q mod p, where 1<h < p-1 , h is an integer ( I.e., g q = 1 mod p ) 17 DSS Algorithm

Sign ▫User A’s private key:  x: random  0 < x <q ▫User A’s public key:  y = g x mod p ▫Signing  Randomly select k, 0<k<q  calculate r = (g k mod p) mod q  calculate s = [k -1 (H(M) + xr)] mod q  Signature = (r,s) 18 DSS Algorithm

Sign 19 DSS Algorithm

Verify ▫Verifying (r’, s’) & (M’)  Calculate w = (s’) -1 mod q  Calculate u 1 = [H(M’)w] mod q  Calculate u 2 = (r’)w mod q  Calculate v = [(g u 1 y u 2 ) mod p] mod q  Verify v = r’ (?). If yes, (r’, s’) is a valid signature on the message M’ 20 DSS Algorithm

Verify 21 DSS Algorithm

DSS cannot be used for encryption or key distribution DSS was developed by the NSA, and there may be a trapdoor in the algorithm DSS is slower than RSA RSA is the ISO 9796, the international digital signature standard 22 Criticisms of DSS (1/2)

The DSS selection process was not public; sufficient time for analysis has not been provided DSS may infringe on other pattern The key size is too small 23 Criticisms of DSS (2/2)

ElGamal Digital Signatures In 1984, T. Elgamal announced a public-key scheme based on discrete logarithms, closely related to the Diffie-Hellman technique. ▫Use private key for encryption (signing) ▫Uses public key for decryption (verification) The security of ElGamal is based on the difficulty of computing discrete logarithms Each user (eg. A) generates their key ▫chooses a secret key (number): 1 < x A < q-1 ▫compute their public key: y A = a x A mod q

ElGamal Digital Signature Alice signs a message M to Bob by computing ▫hash m = H(M), 0 <= m <= (q-1) ▫Chose random integer K with 1 <= K <= (q-1) and gcd(K,q-1)=1 ▫Compute temporary key: S 1 = a k mod q ▫Compute K -1 the inverse of K mod (q-1) ▫Compute the value: S 2 = K -1 (m-x A S 1 ) mod (q-1) ▫Signature is: (S 1,S 2 ) Any user B can verify the signature by computing ▫ V 1 = a m mod q ▫ V 2 = y A S 1 S 1 S 2 mod q ▫ signature is valid if V 1 = V 2

ElGamal Signature Example Use field GF(19) q=19 and a=10 Alice computes her key: ▫A chooses x A =16 & computes y A =10 16 mod 19 = 4 Alice signs message with hash m=14 as (3,4) : ▫Choosing random K=5 which has gcd(18,5)=1 ▫Computing S 1 = 10 5 mod 19 = 3 ▫Finding K -1 mod (q-1) = 5 -1 mod 18 = 11 ▫Computing S 2 = 11( ) mod 18 = 4 any user B can verify the signature by computing ▫ V 1 = mod 19 = 16 ▫ V 2 = = 5184 = 16 mod 19 ▫ since 16 = 16 signature is valid

Schnorr Digital Signatures Also uses exponentiation in a finite (Galois) ▫Security based on discrete logarithms, as in D-H Minimizes message dependent computation ▫Multiplying a 2n-bit integer with an n-bit integer Main work can be done in idle time Have using a prime modulus p ▫ p–1 has a prime factor q of appropriate size ▫Typically p 1024-bit and q 160-bit numbers

Schnorr Key Setup Choose suitable primes p, q Choose a such that a q = 1 mod p (a,p,q) are global parameters for all Each user (eg. A) generates a key ▫Chooses a secret key (number): 0 < s A < q ▫Compute their public key: v A = a -s A mod q

Schnorr Signature User signs message by ▫Choosing random r with 0<r<q and computing x = a r mod p ▫Concatenate message with x and hash result to Computing: e = H(M || x) ▫Computing: y = (r + se) mod q ▫Signature is pair (e, y) Any other user can verify the signature as follows: ▫Computing: x' = a y v e mod p ▫Verifying that: e = H(M || x’)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.