DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS Chapter 13 Digital
- Slides: 27
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 • Digital Signatures • Authentication Protocols • Digital Signature Standard
AUTHENTICATION vs SIGNATURE Authentication auth protects against{C} A B Signature sign protects against{A, C} A B
SIGNATURE CHARACTERISTICS Author Verifiable Date Authenticate by Time Contents Third Party
SIGNATURE TYPES • Direct X Y weakness: security of private key • Arbitrated + date X A Y
ARBITRATED DIGITAL SIGNATURE TECHNIQUES
Table 13. 1: Scheme (a) Arbiter Sees Message Conventional Encryption: After X A Y Dispute between X and Y Y A: EKay[IDx||M||EKax[IDx||H(M)]]
Table 13. 1: Scheme (b) Arbiter Does Not See Message Conventional Encryption: Arbiter : neither can read message Eavesdropper
Table 13. 1: Scheme (c) Arbiter Does Not See Message Public-Key (double) Encryption: advantages: 1. No information shared before communication 2. if KRx compromised date is still correct 3. message secret from Arbiter and Eavesdropper
REPLAY ATTACKS Simple Replay: X m E m Logged Replay: X m||T 0 E m||T 0 (< T 0 later) Undetected Replay: X m E m Backward Replay: X m E t i m e
TIMESTAMP X m||T Y synchronized clocks
CHALLENGE/RESPONSE Use NONCE: X X N m||N Y Y handshake required
ATTACK ON Fig 7. 9 Eavesdropper gets Old Ks: • Replay Step 3 • Intercept Step 4 • Impersonate Step 5 • Bogus Messages Y
SOLUTION: TIMESTAMP 1. 2. 3. 4. 5. A IDA||IDB KDC 2. KDC EKA[ KS||IDB||T||EKB[KS||IDA||T] ] A 3. A EKB[KS||IDA||T] B 4. B EKS[N 1] A 5. A EKS[f(N 1)] B
CLOCK ATTACKS To counteract: Suppress – Replay attacks: 1. Check clocks regularly use KDC clock 2. Handshaking via Nonce
AN IMPROVED PROTOCOL over Fig 7. 9 To counteract suppress-replay attacks: • A IDA|| NA B • B IDB||NB||EKB[IDA||NA||TB] KDC • KDC EKA[IDB||NA||KS||TB]||EKB[IDA||KS||TB]||NB 4. A 5. 6. EKB[IDA||KS||TB]||EKS[NB] No clock synch. TB only checked by B A B
AUTHENTICATION SERVER - no secret key distribution (public key) • AS 3. A IDA||IDB EKRAS[IDA||KUA||T]||EKRAS[IDB||KUB||T] AS A EKRAS[IDA||KUA||T]||EKRAS[IDB||KUB||T]||EKUB[EKRA[KS||T]] B Problem: Clock Synch.
ALTERNATIVE NONCE PROTOCOL 1. A 2. KDC 3. A 4. B 5. KDC B 6. B 7. A IDA||IDB EKRauth[IDB||KUB] EKUB[NA||IDA] IDB||IDA||EKUauth[NA] KDC A B KDC EKRauth[IDA||KUA]||EKUB[EKRauth[NA||KS||IDA||IDB]] EKUA[EKRauth[NA||KS||IDA||IDB]||NB] EKS[NB] A B
ONE-WAY AUTHENTICATION (e. g. email) • Encrypt Message • Authenticate Sender
SYMMETRIC-KEY (one-way auth. ) 1. A IDA||IDB||N 1 2. KDC EKA[KS||IDB||N 1||EKB[KS||IDA]] 3. 3. A EKB[KS, IDA]||EKS[M] KDC A B
PUBLIC-KEY (one-way auth. ) Use Figs 11. 1 b, c, and d or A EKUB[KS]||EKS[M] B M||EKRA[H(M)] B or A
PUBLIC-KEY (one-way auth. ) Send A’s public key to B A M||EKRA[H(M)]||EKRAS[T||IDA||KUA] B
DSS : USES SHA-1 Signature YES Encryption NO Key-Exchange NO
DSS : USES SHA-1
DISCRETE LOG p, q, g – global public keys x - user private key y - user public key k - user per-message secret number k (g r= mod p) mod q -1 s = [k (H(M) + xr)] mod q Signature = (r, s) k -1 precompute g mod p, k mod q
VERIFY -1 (s’) w= mod q u 1 = [H(M’)w] mod q u 2 = (r’)w mod q v = [(gu 1. yu 2) mod p] mod q where y = gx mod p v = r’ ? y = gx is one-way: x y YES y x NO
DIGITAL SIGNATURE ALGORITHM
DSS SIGNING AND VERIFYING
- Peer entity authentication and data origin authentication
- Iff
- Dsa vs rsa digital signature
- Beadgcf flats
- Spectral signatures
- Compact multi-signatures for smaller blockchains
- Exchange 2007 signatures
- Uncitral model law on electronic signatures
- Intruders use virus signatures fabricate
- Order of sharos
- Uncitral model law on international commercial arbitration
- Ocaml signatures
- Molecular signatures of natural selection
- Define message authentication code
- Chapter 3 network protocols and communications
- Digital signature authentication protocol
- Digital signature authentication protocol
- Digital signature authentication protocol
- Chapter 9: ethics of documentation and authentication
- Proofs of work and bread pudding protocols
- Wan link options
- Cryptography standards and protocols
- Tcp and sctp are both layer protocols
- What are the 5 network topologies?
- Snmp uses two other protocols and
- Lan standards and protocols
- Lab 4-1: routing concepts and protocols
- Data link layer protocols for noisy and noiseless channels