Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Optimal Mail Certificates in Mail Payment Applications Leon Pintsov Pitney Bowes 2nd CACR Information Security Workshop 31 March 1999.

Published byAlexandrina Hall Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Optimal Mail Certificates in Mail Payment Applications Leon Pintsov Pitney Bowes 2nd CACR Information Security Workshop 31 March 1999."— Presentation transcript:

1

2 1 Optimal Mail Certificates in Mail Payment Applications Leon Pintsov Pitney Bowes 2nd CACR Information Security Workshop 31 March 1999

3 Pitney Bowes LAP 2 Talk outline n Mail pre-payment application and Digital Postage Marks n DPM requirements /optimality criteria n Choices n Elliptic Curves n Signatures and Certificates n Optimal Mail Certificates n DPM generation and Verification n Comparisons and conclusion

4 Pitney Bowes LAP 3 Mail Communication System Postal sorting and delivery system Sender Receiver

5 Pitney Bowes LAP 4 Mail Item - Information-Based Payment Evidence-Digital Postage Mark (DPM) MasterCard International 2000 Purchase Street Purchase, NY 10577-2509 Pitney Bowes 35 Waterview Dr Shelton CT 06484

6 Pitney Bowes LAP 5 Mail Item - DPM Generation MasterCard International 2000 Purchase Street Purchase, NY 10577-2509 Pitney Bowes 35 Waterview Dr Shelton CT 06484 ComputerPrinter to network

7 Pitney Bowes LAP 6 Mail Item - DPM Verification MasterCard International Pitney Bowes 35 Waterview Dr Shelton CT 06484 Scanner MasterCard International Pitney Bowes 35 Waterview Dr Shelton CT 06484

8 Pitney Bowes LAP 7 DPM Content and Data Representation n Plaintext –Protected Data –Other Data n Ciphertext (Cryptographic Integrity Validation Code or CIVC) n Error Correction Code n Data Representation –Machine Readable –Human readable

9 Pitney Bowes LAP 8 DPM Security Cryptographic Integrity Validation Code (signature with appendix) Plain Text Data CIVC

10 Pitney Bowes LAP 9 DPM generation n Obtain Protected Data (PD) –Postage Amount –Mail Item ID –Date –Other n Compute M = h(PD) [hash of Protected Data] n Obtain mailer’s Private Key K n Compute CIVC = Cryptotransformation K (M) n Format and print PD and CIVC

11 Pitney Bowes LAP 10 DPM verification n Scan and interpret DPM n Obtain plain text Protected Data PD 1 n Compute M 1 = h(PD 1 ) n Obtain mailer’s Public Key PK n Compute M = Cryptotransformation PK (CIVC) n Accept DPM if M = M 1

12 Pitney Bowes LAP 11 Requirements /optimization criteria n CIVC cryptanalytic strength (e.g. > 2 80 ) n Size (CIVC) should be minimal n CIVC generation and verification algorithms performance should match performance of fastest mail generation and processing equipment –generation at least 10 CIVC per second –verification at least 20 CIVC per second n DPM should contain all information required for verification including verification key

13 Pitney Bowes LAP 12 Requirements /optimization criteria (2) n Verifier should be able to verify several possible restrictions based on DPM information (e.g. restricted privilege to print value above certain threshold) n CIVC size inflation due to improvements in computing power should be minimal (i.e. cryptanalytic strength per bit of CIVC should be maximal) n Combined cost of generating and processing mail should be minimal (including the cost of maintaining required infrastructure)

14 Pitney Bowes LAP 13 Design Choices n Asymmetric key schemes for CIVC –with or without certificate in the DPM –signatures schemes with appendix with message recovery n Symmetric key schemes for CIVC –MAC –Truncation n Data representation –2-D Barcode (DataMatrix, PDF417) n Verification and key management infrastructure

15 Pitney Bowes LAP 14 Elliptic Curve Cryptographic Scheme Elliptic curves can be defined over any finite field F q where q is a prime number or a power of a prime number. n When elliptic curves are applied to cryptography, standards bodies (e.g. IEEE, ANSI, ISO) have restricted q to a prime or a power of 2.

16 Pitney Bowes LAP 15 Point Addition (x2,y2)(x2,y2) (x 3, y 3 ) (x 1, y 1 )

17 Pitney Bowes LAP 16 Point Doubling (x 1, y 1 ) (x 3,y 3 ) = 2 (x 1, y 1 )

18 Pitney Bowes LAP 17 Point Multiplication n Point multiplication is a fundamental operation performed on an elliptic curve during execution of a cryptographic protocol kP = P +P + …+ P k summands

19 Pitney Bowes LAP 18 Elliptic Logarithm Problem Given E( F q ), a point P and a point Q=kP, determine k n Systemwide Parameters: –E( F q ) is an elliptic curve with total number of points N –P is a point on E of order n (n divides N) –n > 2 160

20 Pitney Bowes LAP 19 Optimal Mail Certificates Set Up n Postal CA has a private key c, c is a positive integer such that c < n and a public key b = cP n Mailer A with identity I A (I A generated by Postal CA) computes its private and public key: –A generates random integer k A, computes k A P and sends point k A P to Postal CA n Postal CA does the following: –generates a random integer c A, 0 < c A < n, and computes  A = k A P + c A P. –computes f = H (  A || I A ), where H is a hash function such as SHA-1 –computes m A = cf + c A mod n. –sends  A, m A, and I A to mailer A

21 Pitney Bowes LAP 20 Optimal Mail Certificates Set Up n Mailer A computes his private key a: a = m A + k A mod n = cf + k A + c A mod n and his public key Q A : Q A =aP = cfP +  A Note: 1. a is a function of I A,  A, c, k A and c A 2. Q A is a function of public parameters only

22 Pitney Bowes LAP 21 Optimal Mail Certificate n Quantity  A is called Optimal Mail Certificate (or OMC) and is a function of two random numbers independently generated by mailer (mailing system) and Postal certification authority. n  A is imprinted within DPM and serves as an input to computation of the CIVC verification key Q A (together with the public key b of Postal CA, mailer’s identity I A and hash value H (  A || I A )).

23 Pitney Bowes LAP 22 EC ElGamal signature with message recovery Generation n Mailer A wants to generate DPM with CIVC and send it to Post P: –Format Protected Data into message m –Generate random positive integer k < n and compute K = kP –Format K into key L suitable to be a key for a good symmetric encryption algorithm SKE –Compute e = SKE L (m) –Compute d = H(e || I A ) –Compute s = ad +k (mod n), –(s, e) is the signature. (s, e) = CIVC

24 Pitney Bowes LAP 23 EC ElGamal signature with message recovery Verification n Postal DPM verification operations: –Scan DPM and obtain I A, (s, e),  A –Compute verification key Q A –Compute d = H (e || I A ) –Compute R = sP - d Q A and format R into symmetric key X –Compute M = SKE -1 X (e) –Check redundancy of M and accept DPM if M has required redundancy

25 Pitney Bowes LAP 24 Comments on OMC n OMC public key authentication can be integrated with ECC ElGamal or ECDSA signature generation to achieve computational efficiencies n Size of OMC is the size of the point on the curve that is [OMC] = 20 bytes

26 Pitney Bowes LAP 25 Comparison (DPM size)

27 Pitney Bowes LAP 26 IBIP DPM with certificate IBIP DPM without certificate Symmetric key OCR DPM

28 Pitney Bowes LAP 27 Comparison (Computational Efficiency) t is time to generate ECDSA, u is time to verify ECDSA, T is time to retrieve and verify traditional certificate

29 Pitney Bowes LAP 28 Conclusion n Optimal Mail Certificates deliver very significant advantages for verification process and infrastructure compared to other known methods n Optimal Mail Certificates can be particularly effective in combination with ECC ElGamal signature with message recovery n OMC in combination with ECC ElGamal with message recovery deliver the best known combination of critical system parameters

Download ppt "1 Optimal Mail Certificates in Mail Payment Applications Leon Pintsov Pitney Bowes 2nd CACR Information Security Workshop 31 March 1999."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.

Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.
Cryptography and Network Security

Cryptography and Network Security
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Introduction to Signcryption November 22, 2004. 22/11/2004 Signcryption Public Key (PK) Cryptography Discovering Public Key (PK) cryptography has made.

Introduction to Signcryption November 22, /11/2004 Signcryption Public Key (PK) Cryptography Discovering Public Key (PK) cryptography has made.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Chapter 3 Encryption Algorithms & Systems (Part C)

Chapter 3 Encryption Algorithms & Systems (Part C)
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Similar presentations

Ads by Google