Presentation is loading. Please wait.

Presentation is loading. Please wait.

Digital Signatures Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 7, 2013.

Published byGodfrey Nash Modified over 8 years ago

Similar presentations

Presentation on theme: "Digital Signatures Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 7, 2013."— Presentation transcript:

1 Digital Signatures Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 7, 2013

2 Digital Signatures Diagram illustrating how to sign a message Why do we use a one-way hash? How does a collision or second pre-image attack relate to this?

3 Digital Signatures What assurances do we get? o Authentication? o Confidentiality? o Integrity? o Non-repudiation? MAC vs. Digital Signature o What are the differences? What do we sign?

4 Digital Signatures When do we sign? o Sign-then-Encrypt (common) Surreptitious forwarding attack o Encrypt-then-Sign Authorship claim attack

5 Order of Authentication/Encryption Encrypt then Authenticate (Sign/MAC) o More secure (in theory) o More efficient to discard bogus messages Authenticate (Sign/MAC) then Encrypt o Harder to attack the MAC, not visible o Disclosing data is less severe than accepting modified data o Horton Principle – authenticate what you mean, not what you say Encrypt and Authenticate o Process in parallel o MAC protect authenticity, not privacy All choices can be used securely and insecurely

6 Message Authentication Three approaches o Benefits of each? o Drawbacks? o Third option broken, use HMAC

7 Digital Certificates Who has a digital certificate? What is the most common use for certificates?

8 Performance Test Goal: figure out the relative computing time for algorithms (one block) o SHA-1 o AES o RSA Encrypt o RSA Signature Order the above, fastest to slowest

9 Performance Test Average of 10, 000 iterations SHA-1 – 0.0017 ms AES – 0.0142 ms RSA encrypt – 0.3647 ms 3515x slower than a hash RSA signature – 5.9751 ms 8x slower than a hash 215x slower than a hash 26x slower than AES 421x slower than AES 16x slower than RSA enc.

10 RSA Padding Or: “How RSA should really be used” (See PKCS #1)

11 RSA Primitives RSA Encryption o m e = c (mod n) RSA Decryption o c d = m (mod n) Pitfalls of using RSA o What if m is very small? Take the e’th root of c Use RSA padding o Implementation flaws – timing attacks Insert constant delays or binding RSA Labs publishes the standards for using RSA o Public Key Cryptography Standard #1 (PKCS #1)

12 Overview of PKCS #1 Good cryptographic practice o Employ a key pair in only one scheme One pair for signatures, one for encryption Provides 2 approaches for using the RSA primitives o Legacy PKCS1-v1_5 o Recommended OAEP, PSS

13 PKCS1-v1_5 Encryption Encryption o Message m becomes EM EM = 0x00 || 0x02 || PS || 0x00 || M o EM is then used with the encryption primitive Decryption o Ensure that the decrypted message conforms to the expected structure above, remove padding, etc How does this scheme affect the size of the message to be encrypted? When does this approach produce identical ciphertexts? PS is randomly generated, non-zero, bytes PS must be at least 8 bytes Why must PS have a minimum length?

14 PKCS1-v1_5 Signatures Signature o Hash message m, pre-pend the digestID to create T EM = 0x00 || 0x01 || PS || 0x00 || T o EM is then used with the signature primitive Verification o Use public key to obtain EM o Ensure that EM conforms to the expected structure above, remove padding, etc How does this scheme affect the size of the message digests that can be used? When does this approach produce identical signatures? PS is the byte 0xff repeated over and over

15 PKCS1-v1_5 Encryption o EM = 0x00 || 0x02 || PS || 0x00 || M Signature o EM = 0x00 || 0x01 || PS || 0x00 || T Why do both start with 0x00?

16 RSA Encryption with OAEP OAEP o Optimal Asymmetric Encryption Padding o In addition to being more secure adds the ability to associate a label with the message Encrypt(M, L (optional), n, e)

17 RSA Encryption with OAEP PS is the byte 0x00 repeated over and over seed is a random series of bytes How does this scheme affect the size of the message to be encrypted? When does this approach produce identical ciphertexts?

18 RSA Signatures with PSS PSS o Probabilistic Signature Scheme Padding 1 and Padding 2 are bytes of 0x00 Salt is random bc is 0xbc When does this approach produce identical signatures? Set leftmost x bits to 0

Download ppt "Digital Signatures Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 7, 2013."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.

Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Cryptographic Security Presented by: Josh Baker October 9 th, 2012 1CS5204 – Operating Systems.

Cryptographic Security Presented by: Josh Baker October 9 th, CS5204 – Operating Systems.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Rennes, 23/10/2014 Cristina Onete Putting it all together: using multiple primitives together.

Rennes, 23/10/2014 Cristina Onete Putting it all together: using multiple primitives together.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Cryptography Basic (cont)

Cryptography Basic (cont)
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Technologies

Cryptographic Technologies
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Introduction to Signcryption November 22, 2004. 22/11/2004 Signcryption Public Key (PK) Cryptography Discovering Public Key (PK) cryptography has made.

Introduction to Signcryption November 22, /11/2004 Signcryption Public Key (PK) Cryptography Discovering Public Key (PK) cryptography has made.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

Similar presentations

Ads by Google