Digital Signatures Cryptographic technique analogous to handwritten signatures
- Slides: 32
Digital Signatures Cryptographic technique analogous to handwritten signatures. r sender (Bob) digitally signs document, establishing he is document owner/creator. r verifiable, nonforgeable: recipient (Alice) can prove to someone that Bob, and no one else (including Alice), must have signed document Network Security 7 -1
Digital Signatures Simple digital signature for message m: r Bob signs m by encrypting with his private key - KB, creating “signed” message, KB(m) Bob’s message, m Dear Alice Oh, how I have missed you. I think of you all the time! …(blah) Bob K B Bob’s private key Public key encryption algorithm K B(m) Bob’s message, m, signed (encrypted) with his private key Network Security 7 -2
Digital Signatures (more) - r Suppose Alice receives msg m, digital signature K B(m) r Alice verifies m signed by Bob by applying Bob’s + - public key KB to KB(m) then checks KB(KB(m) ) = m. + - r If KB(KB(m) ) = m, whoever signed m must have used Bob’s private key. Alice thus verifies that: ü Bob signed m. ü No one else signed m. ü Bob signed m and not m’. Non-repudiation: ü Alice can take m, and signature KB(m) to court and prove that Bob signed m. Network Security 7 -3
Message Digests Computationally expensive to public-key-encrypt long messages Goal: fixed-length, easyto-compute digital “fingerprint” r apply hash function H to m, get fixed size message digest, H(m). large message m H: Hash Function H(m) Hash function properties: r many-to-1 r produces fixed-size msg digest (fingerprint) r given message digest x, computationally infeasible to find m such that x = H(m) Network Security 7 -4
Internet checksum: poor crypto hash function Internet checksum has some properties of hash function: ü produces fixed length digest (16 -bit sum) of message ü is many-to-one But given message with given hash value, it is easy to find another message with same hash value: message I O U 1 0 0. 9 9 B O B ASCII format 49 4 F 55 31 30 30 2 E 39 39 42 D 2 42 B 2 C 1 D 2 AC message I O U 9 0 0. 1 9 B O B ASCII format 49 4 F 55 39 30 30 2 E 31 39 42 D 2 42 B 2 C 1 D 2 AC different messages but identical checksums! Network Security 7 -5
Hash Function Algorithms r MD 5 hash function widely used (RFC 1321) m computes 128 -bit message digest in 4 -step process. m arbitrary 128 -bit string x, appears difficult to construct msg m whose MD 5 hash is equal to x. r SHA-1 is also used. m US standard [NIST, FIPS PUB 180 -1] m 160 -bit message digest Network Security 7 -6
Digital signature = signed message digest Alice verifies signature and integrity of digitally signed message: Bob sends digitally signed message: large message m H: Hash function Bob’s private key + - KB encrypted msg digest H(m) digital signature (encrypt) encrypted msg digest KB(H(m)) large message m H: Hash function No confidentiality ! KB(H(m)) Bob’s public key + KB digital signature (decrypt) H(m) equal ? Network Security 7 -7
Trusted Intermediaries Symmetric key problem: Public key problem: r How do two entities r When Alice obtains establish shared secret key over network? Solution: r trusted key distribution center (KDC) acting as intermediary between entities Bob’s public key (from web site, e-mail, diskette), how does she know it is Bob’s public key, not Trudy’s? Solution: r trusted certification authority (CA) Network Security 7 -8
Key Distribution Center (KDC) r Alice, Bob need shared symmetric key. r KDC: server shares different secret key with each registered user (many users) r Alice, Bob know own symmetric keys, KA-KDC KB-KDC , for communicating with KDC KA-KDC KP-KDC KB-KDC KA-KDC KX-KDC KY-KDC KB-KDC KZ-KDC Network Security 7 -9
Key Distribution Center (KDC) Q: How does KDC allow Bob, Alice to determine shared symmetric secret key to communicate with each other? KDC generates R 1 KA-KDC(A, B) Alice knows R 1 KA-KDC(R 1, KB-KDC(A, R 1) ) KB-KDC(A, R 1) Bob knows to use R 1 to communicate with Alice and Bob communicate: using R 1 as session key for shared symmetric encryption Why not R 1=KB-KDC? Network Security 7 -10
Certification Authorities r Certification authority (CA): binds public key to particular entity, E. r E (person, router) registers its public key with CA. m m m E provides “proof of identity” to CA. CA creates certificate binding E to its public key. certificate containing E’s public key digitally signed by CA – CA says “this is E’s public key” - + K CA(KB ) Bob’s public key Bob’s identifying information + KB digital signature (encrypt) CA private key K- CA + KB certificate for Bob’s public key, signed by CA Network Security 7 -11
Certification Authorities r When Alice wants Bob’s public key: m gets Bob’s certificate (Bob or elsewhere). m apply CA’s public key to Bob’s certificate, get Bob’s public key + KB - + K CA(KB ) digital signature (decrypt) CA public key Bob’s public + key KB + K CA Network Security 7 -12
A certificate contains: r Serial number (unique to issuer) r info about certificate owner, including algorithm and key value itself (not shown) r info about certificate issuer r valid dates r digital signature by issuer Network Security 7 -13
Internet Web Security Architecture CA Web Server B K+ B K-CA(K+B) Client A Cert Request K-CA(K+B) K+B(KAB, R) KAB(m) Network Security 7 -14
Internet Web Security Conditions r Clients’ web browsers have built-in CAs. r CAs are trustable r Web servers have certificates in CAs. r Q: What if a server has no certificate? m Example: SSH servers Network Security 7 -15
SSH Example Web Server B Client A K+B(KAB, R) KAB(m) r Initial setup: m Trust the first-time connection m Save the server’s public key Network Security 7 -16
Secure e-mail q. Assumption: Public keys are pre-distributed securely q. E. g: through CA, or pre-established like SSH q. Alice wants to send confidential e-mail, m, to Bob. KS m KS Alice: q q . K S( ) + . K B( ) K+ B KS(m ) + Internet + KB(KS ) generates random symmetric private key, KS. encrypts message with KS (for efficiency) also encrypts KS with Bob’s public key. sends both KS(m) and K+B(KS) to Bob. Network Security 7 -17
Secure e-mail q Alice wants to send confidential e-mail, m, to Bob. KS m KS K (. ) S + . K B( ) K+ B KS(m ) + + KB(KS ) . K S( ) - Internet + KB(KS ) m KS - . K B( ) KB Bob: q uses his private key to decrypt and recover K S q uses KS to decrypt KS(m) to recover m Network Security 7 -18
Secure e-mail (continued) • Alice wants to provide sender authentication message integrity. m H(. ) KA - . K A( ) - - KA(H(m)) + + KA Internet m m + . K A( ) H(m ) compare . H( ) H(m ) • Alice digitally signs message. • sends both message (in the clear) and digital signature. Network Security 7 -19
Secure e-mail (continued) • Alice wants to provide secrecy, sender authentication, message integrity. m . H( ) KA - . K A( ) - KA(H(m)) + . K S( ) m KS KS + . K B( ) K+ B + Internet + KB(KS ) Alice uses three keys: her private key, Bob’s public key, newly created symmetric key Network Security 7 -20
Authentication Goal: Bob wants Alice to “prove” her identity to him Protocol ap 1. 0: Alice says “I am Alice” Failure scenario? ? Network Security 7 -21
Authentication Goal: Bob wants Alice to “prove” her identity to him Protocol ap 1. 0: Alice says “I am Alice” in a network, Bob can not “see” Alice, so Trudy simply declares herself to be Alice Network Security 7 -22
Authentication: another try Protocol ap 2. 0: Alice says “I am Alice” in an IP packet containing her source IP address Alice’s “I am Alice” IP address Failure scenario? ? Network Security 7 -23
Authentication: another try Protocol ap 2. 0: Alice says “I am Alice” in an IP packet containing her source IP address Alice’s IP address Trudy can create a packet “spoofing” “I am Alice” Alice’s address Network Security 7 -24
Authentication: another try Protocol ap 3. 0: Alice says “I am Alice” and sends her secret password to “prove” it. Alice’s “I’m Alice” IP addr password Alice’s IP addr OK Failure scenario? ? Network Security 7 -25
Authentication: another try Protocol ap 3. 0: Alice says “I am Alice” and sends her secret password to “prove” it. Alice’s “I’m Alice” IP addr password Alice’s IP addr OK playback attack: Trudy records Alice’s packet and later plays it back to Bob Alice’s “I’m Alice” IP addr password Network Security 7 -26
Authentication: yet another try Protocol ap 3. 1: Alice says “I am Alice” and sends her encrypted secret password to “prove” it. Alice’s encrypted “I’m Alice” IP addr password Alice’s IP addr OK Failure scenario? ? Network Security 7 -27
Authentication: another try Protocol ap 3. 1: Alice says “I am Alice” and sends her encrypted secret password to “prove” it. Alice’s encrypted “I’m Alice” IP addr password Alice’s IP addr OK record and playback still works! Alice’s encrypted “I’m Alice” IP addr password Network Security 7 -28
Authentication: yet another try Goal: avoid playback attack Nonce: number (R) used only once –in-a-lifetime ap 4. 0: to prove Alice “live”, Bob sends Alice nonce, R. Alice must return R, encrypted with shared secret key “I am Alice” R KA-B(R) Failures, drawbacks? Alice is live, and only Alice knows key to encrypt nonce, so it must be Alice! Network Security 7 -29
Authentication: ap 5. 0 ap 4. 0 requires shared symmetric key r can we authenticate using public key techniques? ap 5. 0: use nonce, public key cryptography “I am Alice” R Bob computes + - - K A (R) “send me your public key” + KA Failures? KA(KA (R)) = R and knows only Alice could have the private key, that encrypted R such that + K (K (R)) = R A A Network Security 7 -30
ap 5. 0: security hole Man (woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice) I am Alice R K (R) T K (R) A Send me your public key + K T Send me your public key + K A - + m = K (K (m)) A A + K (m) A Trudy gets - + m = K (K (m)) T Alice sends T m to + K (m) T ennrypted with Alice’s public key Network Security 7 -31
ap 5. 0: security hole Man (woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice) Difficult to detect: q Bob receives everything that Alice sends, and vice versa. (e. g. , so Bob, Alice can meet one week later and recall conversation) q problem is that Trudy receives all messages as well! q. Causing: q. No reliable authority to distribute public keys q. We will discuss how to solve it in web security Network Security 7 -32
Digital signature using rsa
Handwritten alphabet recognition
Mla format handwritten
Lecture notes on project management
Naskah tulisan tangan
Cryptographic transformation
Cryptographic attacks
Hash function in cryptography
Cryptographic tools
Kgx-93
Owasp top ten most critical web application vulnerabilities
Insecure cryptographic storage challenge 2
Collision resistant hash function
The mit cryptographic 'time-lock' puzzle - lcs35
Simple key loader
Cryptographic concepts
Network security essentials 5th edition
Cryptographic
Key distribution center
Insecure cryptographic storage challenge 3
Exchange 2007 signatures
Giovanna kwong
Parallel key signatures
Uncitral model law on electronic transferable records
Ocaml signatures
Minimum distance classifier
Intruders use virus signatures fabricate
Natural selection
Compact multi-signatures for smaller blockchains
Key signature rules
Color wheel
Analogous structures
Analogous colors are ____ each other on the color wheel.
