1 / 28

Lecture 11 Overview

Lecture 11 Overview. Digital Signature Properties. Unforgeable : Only the signer can produce his/her signature Authentic : A signature is produced only by the signer deliberately signing the document. Digital Signature Properties.

denver
Télécharger la présentation

Lecture 11 Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 11 Overview

  2. Digital Signature Properties • Unforgeable: Only the signer can produce his/her signature • Authentic: A signature is produced only by the signer deliberately signing the document CS 450/650 Lecture 11: Digital Signatures

  3. Digital Signature Properties • Non-Alterable: A signed document cannot be altered without invalidating the signature • Non-Reusable: A signature from one document cannot be moved to another document • Signatures can be validated by other users • the signer cannot reasonably claim that he/she did not sign a document bearing his/her signature CS 450/650 Lecture 11: Digital Signatures

  4. Digital Signature Using RSA • The RSA public-key cryptosystem can be used to create a digital signature for a message m • Asymmetric Cryptographic techniques are well suited for creating digital signatures • The signer must have an RSA public/private key pair • c = Me mod n • M = cd mod n CS 450/650 Lecture 11: Digital Signatures

  5. Signature Generation (Signer) Message Redundancy Function Formatted Message Encrypt Private Key Signature CS 450/650 Lecture 11: Digital Signatures

  6. Signature Verification Signature Public Key Decrypt Formatted Message Verify Message CS 450/650 Lecture 11: Digital Signatures

  7. Redundancy Function • The choice of a poor redundancy function can make RSA vulnerable to forgery • A good redundancy function should make forging signatures much harder CS 450/650 Lecture 11: Digital Signatures

  8. Example • generate signature S • d = 53 • e = 413 • n = 629 • m = 7 • Assume that R(X) = XX • S = R(m)e mod n • S = 7753 mod 629 = 25 CS 450/650 Lecture 11: Digital Signatures

  9. Example • verify signature with message recovery • Public key (e) = 413 • n = 629 • S = 25 • R(m) = Se mod n • R(m) = 25413 mod 629 = 77 • The verifier then checks that R(m) is of the form XX for some message X • m = R-1(m) = 7 CS 450/650 Lecture 11: Digital Signatures

  10. Forging signature (revisited) • Choose a random number between 0 and n-1 for S • S = 323 • Use the signer’s public key to decrypt S • R(m) = 323413 mod 629 = 85 • However, 85 is not a legal value for R(m) • so S = 323 is not a valid signature CS 450/650 Lecture 11: Digital Signatures

  11. Privacy • Signature provides only authenticity. • How can we provide privacy in addition? CS 450/650 Lecture 11: Digital Signatures

  12. Getting a Message Digest from a document Hash Message Digest CS 450/650 Lecture 11: Digital Signatures

  13. Generating Signature Message Digest Signature Encrypt using private key CS 450/650 Lecture 11: Digital Signatures

  14. Appending Signature to document Append Signature CS 450/650 Lecture 11: Digital Signatures

  15. Verifying Signature Hash Message Digest Message Digest Decrypt using public key CS 450/650 Lecture 11: Digital Signatures

  16. Lecture 12Key Exchange CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Lawrie Brown (Cryptography and Network Security)

  17. Key Management • public-key encryption helps address key distribution problems • have two aspects of this: • distribution of public keys • use of public-key encryption to distribute secret keys CS 450/650 Lecture 12: Key Exchange

  18. Distribution of Public Keys • can be considered as using one of: • public announcement • publicly available directory • public-key authority • public-key certificates CS 450/650 Lecture 12: Key Exchange

  19. Public Announcement • users distribute public keys to recipients or broadcast to community at large • append PGP keys to email messages or post to news groups or email list • major weakness is forgery • anyone can create a key claiming to be someone else and broadcast it • until forgery is discovered attacker can masquerade as claimed user CS 450/650 Lecture 12: Key Exchange

  20. Publicly Available Directory • can obtain greater security by registering keys with a public directory • directory must be trusted with properties: • contains {name, public-key} entries • participants register securely with directory • participants can replace key at any time • directory is periodically published • directory can be accessed electronically • still vulnerable to tampering or forgery CS 450/650 Lecture 12: Key Exchange

  21. Public-Key Authority • improve security by tightening control over distribution of keys from directory • has properties of directory • requires users to know public key for the directory • users interact with directory to obtain any desired public key securely • requires real-time access to directory when keys are needed CS 450/650 Lecture 12: Key Exchange

  22. Public-Key Authority CS 450/650 Lecture 12: Key Exchange

  23. Public-Key Certificates • certificates allow key exchange without real-time access to public-key authority • a certificate binds identity to public key • usually with other info such as period of validity, rights of use • all contents signed by a trusted Public-Key or Certificate Authority (CA) • can be verified by anyone who knows the public-key authority’s public-key CS 450/650 Lecture 12: Key Exchange

  24. Public-Key Certificates CS 450/650 Lecture 12: Key Exchange

  25. Distribution of Secret Keys • use previous methods to obtain public-key • can use for secrecy or authentication • public-key algorithms are slow • usually prefer to use private-key encryption to protect message contents • hence need a session key • have several alternatives for negotiating a suitable session CS 450/650 Lecture 12: Key Exchange

  26. Simple Secret Key Distribution • proposed by Merkle in 1979 • A generates a new temporary public key pair • A sends B the public key and the identity • B generates a session key K sends it to A encrypted using the supplied public key • A decrypts the session key and both use • Man in the middle attack • an opponent can intercept and impersonate both halves of protocol CS 450/650 Lecture 12: Key Exchange

  27. Public-Key Distribution of Secret Keys • if have securely exchanged public-keys: CS 450/650 Lecture 12: Key Exchange

  28. Hybrid Key Distribution (IBM) • retain use of private-key with a KeyDistribution Center • shares secret master key with each user • distributes session key using master key • public-key used to distribute master keys • especially useful with widely distributed users • rationale • performance • backward compatibility

More Related