Presentation is loading. Please wait.

Presentation is loading. Please wait.

Csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature.

Published byKerry Doyle Modified over 8 years ago

Similar presentations

Presentation on theme: "Csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature."— Presentation transcript:

1 csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature

2 csci5233 Computer Security2 Topics

3 csci5233 Computer Security3 Digital Signature Construct that authenticated origin and contents of message in a manner provable to a disinterested third party (“judge”) Sender cannot deny having sent message (service is “nonrepudiation”) –Limited to technical proofs Inability to deny one’s cryptographic key was used to sign –One could claim the cryptographic key was stolen or compromised Legal proofs, etc., probably required; not dealt with here

4 csci5233 Computer Security4 Common Error Classical: Alice, Bob share key k –Alice sends m || { m }k to Bob This is a digital signature. (?)WRONG!! This is not a digital signature. –Why? Third party cannot determine whether Alice or Bob generated the message.

5 csci5233 Computer Security5 Classical Digital Signatures Require trusted third party –Alice, Bob each share keys with trusted party Cathy To resolve dispute, judge gets { m }k Alice, { m }k Bob, and has Cathy decipher them; if messages matched, contract was signed. Question: Otherwise, who had cheated? Alice Bob Cathy Bob { m }k Alice { m }k Bob

6 csci5233 Computer Security6 Public Key Digital Signatures Alice’s keys are d Alice, e Alice Alice sends Bob m || { m }d Alice In case of dispute, judge computes { { m }d Alice }e Alice and if it is m, Alice signed message –She’s the only one who knows d Alice !

7 csci5233 Computer Security7 RSA Digital Signatures Use private key to encipher message –Protocol for use is critical Key points: –Never sign random documents, and when signing, always sign hash and never document Mathematical properties can be turned against signer –Sign message first, then encipher Changing public keys causes forgery

8 csci5233 Computer Security8 Attack #1 Example: Alice, Bob communicating –n A = 95, e A = 59, d A = 11 –n B = 77, e B = 53, d B = 17 26 contracts, numbered 00 to 25 –Alice has Bob sign 05 and 17: c = m d B mod n B = 05 17 mod 77 = 3 c = m d B mod n B = 17 17 mod 77 = 19 –Alice computes 05  17 mod 77 = 08; corresponding signature is 03  19 mod 77 = 57; claims Bob signed 08 –Judge computes c e B mod n B = 57 53 mod 77 = 08 Signature validated; Bob is toast

9 csci5233 Computer Security9 Attack #2: Bob’s Revenge Bob, Alice agree to sign contract 06 Alice enciphers, then signs: (m e B mod 77) d A mod n A = (06 53 mod 77) 11 mod 95 = 63 Bob now changes his public key –Computes r such that 13 r mod 77 = 6; say, r = 59 –Computes r e B mod  (n B ) = 59  53 mod 60 = 7 –Replace public key e B with 7, private key d B = 43 Bob claims contract was 13. Judge computes: –(63 59 mod 95) 43 mod 77 = 13 –Verified; now Alice is toast

10 csci5233 Computer Security10 El Gamal Digital Signature Relies on discrete log problem Choose p prime, g, d < p; compute y = g d mod p Public key: (y, g, p); private key: d To sign contract m: –Choose k relatively prime to p–1, and not yet used (Note: 0 < k < p-1) –Compute a = g k mod p –Find b such that m = (da + kb) mod p–1 –Signature is (a, b) To validate, check that –y a a b mod p = g m mod p

11 csci5233 Computer Security11 Example Alice chooses p = 29, g = 3, d = 6 y = 3 6 mod 29 = 4 Alice wants to send Bob signed contract 23 –Chooses k = 5 (relatively prime to 28 and 0<k<28) –This gives a = g k mod p = 3 5 mod 29 = 11 –Then solving 23 = (6  11 + 5b) mod 28 gives b = 25 –Alice sends message 23 and signature (11, 25) Bob verifies signature: g m mod p = 3 23 mod 29 = 8 and y a a b mod p = 4 11 11 25 mod 29 = 8 –They match, so Alice signed

12 csci5233 Computer Security12 Attack Eve learns k, corresponding message m, and signature (a, b) –Extended Euclidean Algorithm gives d, the private key Example from above: Eve learned Alice signed last message with k = 5 m = (da + kb) mod p–1 = (11d + 5  25) mod 28 so Alice’s private key is d = 6

13 csci5233 Computer Security13 Key Points of Ch. 10 (Bishop) Key management critical to effective use of cryptosystems –Different levels of keys (session vs. interchange) Keys need infrastructure to identify holders, allow revoking –Digital certificates –Key escrowing complicates infrastructure Digital signatures provide integrity of origin and content Much easier with public key cryptosystems than with classical cryptosystems

14 csci5233 Computer Security14 Next  Bishop, Chapter 11: Cipher techniques

Download ppt "Csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature."

Similar presentations

The Diffie-Hellman Algorithm

The Diffie-Hellman Algorithm
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Public Key Cryptosystem

Public Key Cryptosystem
Courtesy of Professors Chris Clifton & Matt Bishop INFSCI 2935: Introduction of Computer Security1 October 9, 2003 Introduction to Computer Security Lecture.

Courtesy of Professors Chris Clifton & Matt Bishop INFSCI 2935: Introduction of Computer Security1 October 9, 2003 Introduction to Computer Security Lecture.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Certificates.

Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Certificates.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Attacks on Digital Signature Algorithm: RSA

Attacks on Digital Signature Algorithm: RSA
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #9-1 Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #9-1 Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.

CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
1 Digital Signatures CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 12, 2004.

1 Digital Signatures CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 12, 2004.
Chapter 9: Key Management

Chapter 9: Key Management
1 Key Management CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 1, 2004.

1 Key Management CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 1, 2004.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)

Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)
RSA Exponentiation cipher

RSA Exponentiation cipher

Similar presentations

Ads by Google