1 / 14

PIS : Unit III Digital Signature & Authentication

PIS : Unit III Digital Signature & Authentication. Sanjay Rawat Sanjay_r@vnrvjiet.in. Based on the slides of Lawrie Brown together with the book “Cryptography and Network Security” by William Stalling. Digital Signature.

duy
Télécharger la présentation

PIS : Unit III Digital Signature & Authentication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PIS: Unit IIIDigital Signature & Authentication Sanjay Rawat Sanjay_r@vnrvjiet.in Based on the slides of Lawrie Brown together with the book “Cryptography and Network Security” by William Stalling. PIS Unit 3 Digital Sign Auth Sanjay Rawat

  2. Digital Signature • is an authentication mechanism that enables the creator of a message to attach a code that acts as a signature. • The signature is formed by taking the hash of the message and encrypting the message with the creator's private key. • The signature guarantees the source and integrity of the message. PIS Unit 3 Digital Sign Auth Sanjay Rawat

  3. DS requirements • The signature must be a bit pattern that depends on the message being signed. • The signature must use some information unique to the sender, to prevent both forgery and denial. • It must be relatively easy to produce the digital signature. • It must be relatively easy to recognize and verify the digital signature. • It must be computationally infeasible to forge a digital signature, either by constructing a new message for an existing digital signature or by constructing a fraudulent digital signature for a given message. • It must be practical to retain a copy of the digital signature in storage PIS Unit 3 Digital Sign Auth Sanjay Rawat

  4. DS types • Direct DS • Using shared key, but non-repudiation? • Arbitrated DS • Involves a trusted third party that checks for all requirements and validity PIS Unit 3 Digital Sign Auth Sanjay Rawat

  5. Arbitrated DS PIS Unit 3 Digital Sign Auth Sanjay Rawat

  6. X.509 Authentication Service • part of CCITT X.500 directory service standards • distributed servers maintaining user info database • defines framework for authentication services • directory may store public-key certificates • with public key of user signed by certification authority • also defines authentication protocols • uses public-key crypto & digital signatures • algorithms not standardised, but RSA recommended • X.509 certificates are widely used

  7. X.509 Certificates • issued by a Certification Authority (CA), containing: • version (1, 2, or 3) • serial number (unique within CA) identifying certificate • signature algorithm identifier • issuer X.500 name (CA) • period of validity (from - to dates) • subject X.500 name (name of owner) • subject public-key info (algorithm, parameters, key) • issuer unique identifier (v2+) • subject unique identifier (v2+) • extension fields (v3) • signature (of hash of all fields in certificate) • notation CA<<A>> denotes certificate for A signed by CA

  8. X.509 Certificates

  9. Example from wiki PIS Unit 3 Digital Sign Auth Sanjay Rawat

  10. Kerberos • trusted key server system from MIT • provides centralised private-key third-party authentication in a distributed network • allows users access to services distributed through network • without needing to trust all workstations • rather all trust a central authentication server • two versions in use: 4 & 5

  11. Kerberos Requirements • its first report identified requirements as: • secure • reliable • transparent • scalable • implemented using an authentication protocol based on Needham-Schroeder

  12. Kerberos v4 Overview • a basic third-party authentication scheme • have an Authentication Server (AS) • users initially negotiate with AS to identify self • AS provides a non-corruptible authentication credential (ticket granting ticket TGT) • have a Ticket Granting server (TGS) • users subsequently request access to other services from TGS on basis of users TGT

  13. Kerberos v4 Dialogue • obtain ticket granting ticket from AS • once per session • obtain service granting ticket from TGT • for each distinct service required • client/server exchange to obtain service • on every service request

  14. Kerberos 4 Overview

More Related