1 Optimal Mail Certificates in Mail Payment Applications Leon Pintsov Pitney Bowes 2nd CACR Information Security Workshop 31 March 1999.

Slides:



Advertisements
Similar presentations
Chapter 3 Public Key Cryptography and Message authentication.
Advertisements

Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.
Cryptography and Network Security
Principles of Information Security, 2nd edition1 Cryptography.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Introduction to Signcryption November 22, /11/2004 Signcryption Public Key (PK) Cryptography Discovering Public Key (PK) cryptography has made.
WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Chapter 3 Encryption Algorithms & Systems (Part C)
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
ASYMMETRIC CIPHERS.
Cryptography and Network Security Chapter 13
Computer Science Public Key Management Lecture 5.
Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication.
Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall
Lecture 8 Digital Signatures. This lecture considers techniques designed to provide the digital counterpart to a handwritten signature. A digital signature.
Chapter 5 Digital Signatures MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Bob can sign a message using a digital signature generation algorithm
By Abhijith Chandrashekar and Dushyant Maheshwary.
Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st Semester ITGD 2202 University of Palestine.
Elliptic Curve Cryptography
An Efficient Identity-based Cryptosystem for
Understanding Cryptography – A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl Chapter 10 – Digital Signatures.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
10/1/2015 9:38:06 AM1AIIS. OUTLINE Introduction Goals In Cryptography Secrete Key Cryptography Public Key Cryptograpgy Digital Signatures 2 10/1/2015.
CS 627 Elliptic Curves and Cryptography Paper by: Aleksandar Jurisic, Alfred J. Menezes Published: January 1998 Presented by: Sagar Chivate.
Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.
James Higdon, Sameer Sherwani
Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
Cryptography and Network Security (CS435) Part Eight (Key Management)
Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Some Perspectives on Smart Card Cryptography
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
Encryption. What is Encryption? Encryption is the process of converting plain text into cipher text, with the goal of making the text unreadable.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Public Key Encryption.
Csci5233 computer security & integrity 1 Cryptography: an overview.
Prepared by Dr. Lamiaa Elshenawy
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption.
Lecture 9 Elliptic Curves. In 1984, Hendrik Lenstra described an ingenious algorithm for factoring integers that relies on properties of elliptic curves.
Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy
DIGITAL SIGNATURE IMPLEMENTATION
1 An Ordered Multi-Proxy Multi-Signature Scheme Authors: Min-Shiang Hwang, Shiang-Feng Tzeng, Shu-Fen Chiou Speaker: Shu-Fen Chiou.
Network Security Celia Li Computer Science and Engineering York University.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
1 Cryptanalysis Lab Elliptic Curves. Cryptanalysis Lab Elliptic Curves 2 Outline [1] Elliptic Curves over R [2] Elliptic Curves over GF(p) [3] Properties.
Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems1.
1 Introduction to Information Security , Spring 2016 Lecture 4: Applied cryptography: asymmetric Zvi Ostfeld Slides credit: Eran Tromer.
Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.
Cryptography services Lecturer: Dr. Peter Soreanu Students: Raed Awad Ahmad Abdalhalim
Mar 18, 2003Mårten Trolin1 Agenda Parts that need to be secured Card authentication Key management.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Cryptography and Network Security Chapter 13
Network Security Unit-III
The Application of Elliptic Curves Cryptography in Embedded Systems
Chapter -7 CRYPTOGRAPHIC HASH FUNCTIONS
Presentation transcript:

1 Optimal Mail Certificates in Mail Payment Applications Leon Pintsov Pitney Bowes 2nd CACR Information Security Workshop 31 March 1999

Pitney Bowes LAP 2 Talk outline n Mail pre-payment application and Digital Postage Marks n DPM requirements /optimality criteria n Choices n Elliptic Curves n Signatures and Certificates n Optimal Mail Certificates n DPM generation and Verification n Comparisons and conclusion

Pitney Bowes LAP 3 Mail Communication System Postal sorting and delivery system Sender Receiver

Pitney Bowes LAP 4 Mail Item - Information-Based Payment Evidence-Digital Postage Mark (DPM) MasterCard International 2000 Purchase Street Purchase, NY Pitney Bowes 35 Waterview Dr Shelton CT 06484

Pitney Bowes LAP 5 Mail Item - DPM Generation MasterCard International 2000 Purchase Street Purchase, NY Pitney Bowes 35 Waterview Dr Shelton CT ComputerPrinter to network

Pitney Bowes LAP 6 Mail Item - DPM Verification MasterCard International Pitney Bowes 35 Waterview Dr Shelton CT Scanner MasterCard International Pitney Bowes 35 Waterview Dr Shelton CT 06484

Pitney Bowes LAP 7 DPM Content and Data Representation n Plaintext –Protected Data –Other Data n Ciphertext (Cryptographic Integrity Validation Code or CIVC) n Error Correction Code n Data Representation –Machine Readable –Human readable

Pitney Bowes LAP 8 DPM Security Cryptographic Integrity Validation Code (signature with appendix) Plain Text Data CIVC

Pitney Bowes LAP 9 DPM generation n Obtain Protected Data (PD) –Postage Amount –Mail Item ID –Date –Other n Compute M = h(PD) [hash of Protected Data] n Obtain mailer’s Private Key K n Compute CIVC = Cryptotransformation K (M) n Format and print PD and CIVC

Pitney Bowes LAP 10 DPM verification n Scan and interpret DPM n Obtain plain text Protected Data PD 1 n Compute M 1 = h(PD 1 ) n Obtain mailer’s Public Key PK n Compute M = Cryptotransformation PK (CIVC) n Accept DPM if M = M 1

Pitney Bowes LAP 11 Requirements /optimization criteria n CIVC cryptanalytic strength (e.g. > 2 80 ) n Size (CIVC) should be minimal n CIVC generation and verification algorithms performance should match performance of fastest mail generation and processing equipment –generation at least 10 CIVC per second –verification at least 20 CIVC per second n DPM should contain all information required for verification including verification key

Pitney Bowes LAP 12 Requirements /optimization criteria (2) n Verifier should be able to verify several possible restrictions based on DPM information (e.g. restricted privilege to print value above certain threshold) n CIVC size inflation due to improvements in computing power should be minimal (i.e. cryptanalytic strength per bit of CIVC should be maximal) n Combined cost of generating and processing mail should be minimal (including the cost of maintaining required infrastructure)

Pitney Bowes LAP 13 Design Choices n Asymmetric key schemes for CIVC –with or without certificate in the DPM –signatures schemes with appendix with message recovery n Symmetric key schemes for CIVC –MAC –Truncation n Data representation –2-D Barcode (DataMatrix, PDF417) n Verification and key management infrastructure

Pitney Bowes LAP 14 Elliptic Curve Cryptographic Scheme Elliptic curves can be defined over any finite field F q where q is a prime number or a power of a prime number. n When elliptic curves are applied to cryptography, standards bodies (e.g. IEEE, ANSI, ISO) have restricted q to a prime or a power of 2.

Pitney Bowes LAP 15 Point Addition (x2,y2)(x2,y2) (x 3, y 3 ) (x 1, y 1 )

Pitney Bowes LAP 16 Point Doubling (x 1, y 1 ) (x 3,y 3 ) = 2 (x 1, y 1 )

Pitney Bowes LAP 17 Point Multiplication n Point multiplication is a fundamental operation performed on an elliptic curve during execution of a cryptographic protocol kP = P +P + …+ P k summands

Pitney Bowes LAP 18 Elliptic Logarithm Problem Given E( F q ), a point P and a point Q=kP, determine k n Systemwide Parameters: –E( F q ) is an elliptic curve with total number of points N –P is a point on E of order n (n divides N) –n > 2 160

Pitney Bowes LAP 19 Optimal Mail Certificates Set Up n Postal CA has a private key c, c is a positive integer such that c < n and a public key b = cP n Mailer A with identity I A (I A generated by Postal CA) computes its private and public key: –A generates random integer k A, computes k A P and sends point k A P to Postal CA n Postal CA does the following: –generates a random integer c A, 0 < c A < n, and computes  A = k A P + c A P. –computes f = H (  A || I A ), where H is a hash function such as SHA-1 –computes m A = cf + c A mod n. –sends  A, m A, and I A to mailer A

Pitney Bowes LAP 20 Optimal Mail Certificates Set Up n Mailer A computes his private key a: a = m A + k A mod n = cf + k A + c A mod n and his public key Q A : Q A =aP = cfP +  A Note: 1. a is a function of I A,  A, c, k A and c A 2. Q A is a function of public parameters only

Pitney Bowes LAP 21 Optimal Mail Certificate n Quantity  A is called Optimal Mail Certificate (or OMC) and is a function of two random numbers independently generated by mailer (mailing system) and Postal certification authority. n  A is imprinted within DPM and serves as an input to computation of the CIVC verification key Q A (together with the public key b of Postal CA, mailer’s identity I A and hash value H (  A || I A )).

Pitney Bowes LAP 22 EC ElGamal signature with message recovery Generation n Mailer A wants to generate DPM with CIVC and send it to Post P: –Format Protected Data into message m –Generate random positive integer k < n and compute K = kP –Format K into key L suitable to be a key for a good symmetric encryption algorithm SKE –Compute e = SKE L (m) –Compute d = H(e || I A ) –Compute s = ad +k (mod n), –(s, e) is the signature. (s, e) = CIVC

Pitney Bowes LAP 23 EC ElGamal signature with message recovery Verification n Postal DPM verification operations: –Scan DPM and obtain I A, (s, e),  A –Compute verification key Q A –Compute d = H (e || I A ) –Compute R = sP - d Q A and format R into symmetric key X –Compute M = SKE -1 X (e) –Check redundancy of M and accept DPM if M has required redundancy

Pitney Bowes LAP 24 Comments on OMC n OMC public key authentication can be integrated with ECC ElGamal or ECDSA signature generation to achieve computational efficiencies n Size of OMC is the size of the point on the curve that is [OMC] = 20 bytes

Pitney Bowes LAP 25 Comparison (DPM size)

Pitney Bowes LAP 26 IBIP DPM with certificate IBIP DPM without certificate Symmetric key OCR DPM

Pitney Bowes LAP 27 Comparison (Computational Efficiency) t is time to generate ECDSA, u is time to verify ECDSA, T is time to retrieve and verify traditional certificate

Pitney Bowes LAP 28 Conclusion n Optimal Mail Certificates deliver very significant advantages for verification process and infrastructure compared to other known methods n Optimal Mail Certificates can be particularly effective in combination with ECC ElGamal signature with message recovery n OMC in combination with ECC ElGamal with message recovery deliver the best known combination of critical system parameters

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.