Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Published byCharlotte Parrish Modified over 8 years ago

Similar presentations

Presentation on theme: "Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume."— Presentation transcript:

1 Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume

2 Secure Systems Research Group - FAU Introduction A digital signature is a type of public key cryptography. PKC uses a key pair, a private and a public key, for encryption and decryption operations. When a message is encrypted using a key, it only can be decoded with the other key (matching key).

3 Secure Systems Research Group - FAU Pattern for Digital Signature with hashing Intent Digital Signature allows a principal to prove that a message was originated from it. It also provides message integrity by indicating whether a message was altered during transmission.

4 Secure Systems Research Group - FAU Context Participants of electronic transactions that need to exchange documents or messages through insecure networks. We assume that a principal possesses a key pair: a private key that is secretly kept by the principal and a public key that is in an accessible repository. The generation of these key pairs and the distribution of public keys are out of scope of this pattern.

5 Secure Systems Research Group - FAU Problem In many applications we need to verify the origin of a message (message authentication). How do we verify that a message came from a particular principal? Messages that travel through insecure channels can be captured and intentionally modified by attackers.

6 Secure Systems Research Group - FAU Problem The solution for this problem is affected by the following forces: – For legal or business reasons we need to be able to verify who sent a particular message. Otherwise, the sender may deny having sent it. – Messages may be altered during transmission, so we need to verify that the data is in its original form when it reaches its destination. – The length of the signed message should not be significantly larger than the original message; otherwise we would waste time and bandwidth.

7 Secure Systems Research Group - FAU Solution Apply properties of public key cryptographic algorithms to messages in order to create a signature that will be unique for each message. The message first is compressed (hashed) to a smaller size (digest), and then it is encrypted using the sender’s private key. When the signed message arrives at its target, the receiver verifies the signature using the sender’s public key and uses the hashed digest to verify that the message has not been altered.

8 Secure Systems Research Group - FAU Structure Solution

9 Secure Systems Research Group - FAU Solution Dynamics Sequence Diagram for Use Case: Sign a message

10 Secure Systems Research Group - FAU Solution Dynamics Sequence Diagram for Use Case: Verify a signature Signed Message Message Signature

11 Secure Systems Research Group - FAU Consequences This pattern presents the following advantages: – A key pair is bound to a principal whose private key is used to sign the message. If the signature is validated using its public key, then we know that the sender created and sent the message. We assume that he keeps his private key secure, and it has not been compromised. – Also, when a signature is validated using a principal’s public key, the sender cannot deny that he created and sent the message. If a message is signed using another private key that does not belong to the sender, the validity of the signature fails. – Any change in the original message will produce another digest value that will be different from the value obtained after decrypting the signature using the sender’s public key. – A message is compressed to a fixed length string using the digest algorithm before it is signed. As a result, the process of signing is faster, and the signature is shorter in length.

12 Secure Systems Research Group - FAU Consequences The pattern also has some (possible) liabilities: – This pattern assumes that the owner of the public key is who he says he is. In other words, both participants trust in the identity of each other. Thus, certificates issued by some certification authority are needed. – Both the sender and the receiver have to previously agree what cryptographic algorithm they support.

13 Secure Systems Research Group - FAU Implementation Use Strategy Pattern [Gam94] to select different hashing and signature algorithm. The most widely used hashing algorithms are MD5 and SHA1. The two popular digital signature algorithms are RSA and Digital Signature Algorithm (DSA). Digital signatures can be implemented in different applications such as in email communication, distribution of documents over the Internet, or web services. For example, one can sign email’s contents or any other document’s content such as PDF. In both cases, the signature is appended to the email or document. When digital signatures are applied in web services, they are also embedded within XML messages. However, these signatures are treated as XML elements, and they have additional features such as signing parts of a message or external resources which can be XML or any other data type.

14 Secure Systems Research Group - FAU Known Uses Digital Signatures have been widely used in different products. – Adobe Reader and Acrobat [Ado05] have an extended security feature that allows users to digitally sing PDF documents. – CoSign [Arx] digitally signs different types of documents, files, forms, and other electronic transactions. – GNuPG [Gnu] digitally signs e-mail messages. – Java Cryptographic Architecture [Sun] includes APIs for digital signature. – Microsoft.Net [Mic07] includes APIs for asymmetric cryptography such as digital signature. – XML Signature [W3C08] is one of the foundation web services security standards that defines the structure and process of digital signatures in XML messages.

15 Secure Systems Research Group - FAU Related Patterns Encryption/Decryption using public key cryptography [Bra98] Generation and Distribution of public keys [Leh02] Certificates [Mor06] contain information about its owner such as public key, name, validity period, and so forth. Certificates are issued by Certificate Authority that confirms that the public key contained in the certificate belongs to the owner of the certificate. Strategy Pattern [Gam94] defines how to separate the implementation of related algorithms from the selection of one of them.

16 Secure Systems Research Group - FAU Comments

Download ppt "Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.

Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography Basic (cont)

Cryptography Basic (cont)
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,

Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Cryptographic Technologies

Cryptographic Technologies
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.

E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.

Similar presentations

Ads by Google