2. Cryptography 2.4 Digital Signatures


 Christal Knight
 3 years ago
 Views:
Transcription
1 DIFCTUNL Computer and Network Systems Security Segurança de Sistemas e Redes de Computadores Cryptography 2.4 Digital Signatures 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 1
2 Outline Digital Signatures, Authentication and KeyEstablishment Protocols Digital Signatures General Requirements and properties Authentication vs. NonRepudiation Message Authentication with Fast (LightWeight) Signatures Digital signatures with Public Key Methods Direct and Arbitrated Digital Signatures PublicKey Digital Signatures Digital signature methods RSA ElGammal DSS (or DSA) ECC based signatures 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 2
3 Outline Digital Signatures, Authentication and KeyEstablishment Protocols Digital Signatures General Requirements and properties Authentication vs. NonRepudiation Message Authentication with Fast (LightWeight) Signatures Digital signatures with Public Key Methods Direct and Arbitrated Digital Signatures PublicKey Digital Signatures Digital signature methods RSA ElGammal DSS (or DSA) ECC based signatures 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 3
4 Required properties of digital signatures Digital signature properties Dependence of message (content) signed Unforgeable Must use controlled unique information by the signer Undeniable No new message for existent digital signature No fraudulent signature for a given message The signer can control the <message,signature> association Verifiable by principals or third parties to resolve disputes Direct or arbitrated signatures covering all the data relevance: author, data&time, content, disclaimers, usage policies, etc) Must be relatively easy to produce Must be relatively easy to recognize and verify Practical to store (with or without the signed content) 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 4
5 Other possible requirements Sometimes (useful for specific protocols): Unique (onetime signatures) Anonymous use (blind signatures) Signature vs. Content unlinkability Content disguised before it is signed Publicly verifiable against the original (unblinded) Signer and message author are different principals Election systems, Digital Cash Schemes, 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 5
6 Generic requirements Requirements for digital signatures Message authentication (proof of origin) Originality of contents (ownership proofs) Authentication of principals in authentication protocols (unilateral vs. mutual authentication) Authenticity proofs for nonrepudiation protocols Practical issues: MACs as Lightweight (or inexpensive ) signatures Message flows in sessionoriented protocols MACs in protocols for constrained devices Datagram protocols and large amounts (load) of message processing PublicKey signatures as more robust and expensive authentication proofs Authentication of principals in handshake protocolos and sessionestablishment 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 6
7 Approaches to Message Authentication Authentication Using Conventional Encryption sender and receiver should share a secret key Message Authentication without Message Encryption Authentication tag (shared secret computation and verification, based on a shared secret key value) generated and appended to each message Message Authentication Code MAC computation as a function of the message and the key. MAC = F(K, M) 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 7
8 Secure hash functions are appropriate for MAC Algorithms Henric Johnson , Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 8
9 MAC with a secure HASH function Secret value is added before the hash and removed before transmission. 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 9
10 Remembering secure HASH Functions Purpose of the HASH: production of secure fingerprints. Properties : 1. H can be applied to a block of data at any size 2. H produces a fixed length output 3. H(x) is easy to compute for any given x. 4. For any given block x, it is computationally infeasible to find x such that H(x) = h  Irreversibility, OneWay 5. For any given block x, it is computationally infeasible to find with H(y) = H(x).  Weak collision resistance 1. It is computationally infeasible to find any pair (x, y) such that H(x) = H(y)  Strong collision resistance 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 10
11 HMACs (flexible combination of secure hash functions) MAC derived from a cryptographic hash code, such as SHA1, SHA2 and SHA3 in the future Motivations: Cryptographic hash functions executes faster in software than encryptoin algorithms such as DES Library code for cryptographic hash functions is widely available No export restrictions Different hash functions easily combined for security, maintaining good efficiency HMAC structure 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 11
12 Henric Johnson , Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 12
13 Outline Digital Signatures, Authentication and KeyEstablishment Protocols Digital Signatures General Requirements and properties Authentication vs. NonRepudiation Message Authentication with Fast (LightWeight) Signatures Digital signatures with Public Key Methods Direct and Arbitrated Digital Signatures PublicKey Digital Signatures Digital signature methods RSA ElGammal DSS (or DSA) ECC based signatures 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 13
14 Direct Digital Signatures Only sender & receiver involved With publickey signatures: assumed receiver has sender s publickey digital signature made by sender signing entire message or hash with privatekey can encrypt using receivers publickey important that sign first then encrypt message & signature security depends on sender s privatekey 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 14
15 Arbitrated Digital Signatures Involve sender, receiver and one or more third parties With publickey signatures: assumed third parties have all sender s publickeys digital signature made by sender signing entire message or hash with privatekey, verified (and possibly logged) by the third parties, and resigned by the third parties Notarization The receivers recognize the sender signature by verifying the third party signature encryption using thirdparty publickey important that sign first then encrypt message & signature security depends on sender s privatekey 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 15
16 Outline Digital Signatures, Authentication and KeyEstablishment Protocols Digital Signatures General Requirements and properties Authentication vs. NonRepudiation Message Authentication with Fast (LightWeight) Signatures Digital signatures with Public Key Methods Direct and Arbitrated Digital Signatures PublicKey Digital Signatures Digital signature methods RSA ElGammal DSS (or DSA) ECC based signatures 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 16
17 RSA Signatures (from the algorithm RSA) Correct (undeniable) Key pair (Kpriv, Kpub) Principal P Private Key: Kpriv, N Principal P Public Key: Kpub, N Signature(M) = S M = H(M) Kpriv mod N Verification: Given M and computing H(M) S M Kpub mod N 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 17
18 Relevant issues from RSA (1) Remembering the RSA keypair generation process and encryption/decryption algorithm Messages hashed before signing (not the original message) Security issue when preserving confidentiality Controlled size, comparing with the key size Size of modulus and public and private exponents:» The N value (modulus) determines the key sizes M < N Any value M greater than N will be reduced to M mod N Key pair generation: Value for public exponent so that the encryption step will be computationally cheap to perform and then generate the private exponent accordingly  Encryption cheap, decryption expensive  Signature expensive, Verification cheap 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 18
19 Relevant issues from RSA (2) KeyGeneration process Public exponents, fixed (standardized) by security specifications for RSA implementation use Ex., X509v3: public exponents 0x10001 (F4) Default in the Bouncy Castle Implementation Problem: how to speedup the decryption and the signature process in current implementations CRT theorem (and ex., Garner s Algorithm) Keep the original P and Q primes used to generate the Keys Precompute and keep other values in the CRT computation (dp, dq, qinv), once only Store (dp, dq, P, Q, qinv) 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 19
20 Implementation in JAVAJCE Optimizations are included (differently) in each crypto provider (subjacent implementation of RSA) Ex. BC uses a multiprime remainder theorem approach To generate keys with 2048 bits, rather than having to primes P and Q of 1024 bits, it can be used 4 primes of 512 bits Note: observe the behavior of time consuming (processing) in the examples provided. 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 20
21 RSA Padding mechanisms Operations in RSA are ober big integers What if the representation begins with 0 bits (MSBits)? See practical examples What happens if you change the value of the public exponent to a low value? See practical examples Is it secure for encryption? You need Padding! 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 21
22 Padding in RSA PKCS#1 Implementation (ex., BC) See also the practical examples Type 1: Mp= 0x00 0x01 F 0x00 M with F = string of 0xFF bytes, at least 8 bytes Then: M <= Keysize in bytes 11  This is used when using the private key (signatures) Type 2: Mp= 0x00 0x02 R 0x00 M with R = Random bytes, at least 8 bytes Then: M <= Keysize in bytes 11  This is used when using the public key (encryption) 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 22
23 Strongest padding for RSA Ex., OAEP Padding Used with parameters: P, and random seed S OAEP Optimal Asymmetric Encryption Padding M1 = Mask [ ( H(P) PZ 0x01 M), S ] M2 = Mask (S, M1) Mp=0x00 M2 M1 Note: MaxLen for the message will be klen 2hLen 2 Note: for a certain message length usable in PKCS#1, you may need a more long key if you use OAEP, but this is not an issue why? See practical examples: Suite: RSA/None/OAEPWithSHA1and MGF1Padding 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 23
24 RSA Signatures in the JAVAJCE See practical examples Practical class examples and verifications Signature class Steps:  Initialization of the signature object for signing  signature.update() is then used to feed data into the signature object  When all the data has been fed in, signature.sign() is called  Signature can be:  Returned as a byte array  Or load it into a passed in bytearray 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 24
25 Use of RSA in the Java JCE Example (see practical examples) After the keypair generation process initialization byte[] message = new byte[] {..}; KeyPair KeyPair = KeyGen.generateKeyPair(); Signature signature = Signature.getInstance ( RSA, BC ); // to generate a signature signature.initsign(keypair.getprivate(), random); signature.update (message); byte[] sigbytes= signature.sign(); //verification signature.initverify(keypair.getpublic()); signature.update(message); if (signature.verify(sigbytes)) { ok } else { not ok } 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 25
26 ElGammal public key scheme (asymetric) A variant of DiffieHellman Same math. principles Widely used (ex., OpenPGP implementations, standardized in RFC 2440) How does it works? Bob has a public key g y mod P (well known by Alice) Alice creates a temporary public key K puba = g x mod P Encryption: C = {M} KpubB = M g xy mod P Alice sends to Bob: C, K puba Note: makes the cipher text twice the key size 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 26
27 ElGamal Digital Signatures Signature variant of ElGamal, related to DH Uses exponentiation in a finite (Galois) Security based difficulty of computing discrete logarithms, as in DH Private key for encryption (signing) Public key for decryption (verification) each user (eg. A) generates their key chooses a secret key (number): 1 < x A < q1 compute their public key: y A = a x A mod q 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 27
28 ElGamal Digital Signature Alice signs a message M to Bob by computing the hash m = H(M), 0 <= m <= (q1) chose random integer K with 1 <= K <= (q1) and gcd(k,q1)=1 compute temporary key: S 1 = a k mod q compute K 1 the inverse of K mod (q1) compute the value: S 2 = K 1 (mx A S 1 ) mod (q1) The signature is the tuple:(s 1,S 2 ) any user B can verify the signature by computing V 1 = a m mod q V 2 = y A S1 S 1 S2 mod q signature is valid if V 1 = V , Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 28
29 ElGamal Signature Example use field GF(19) q=19 and a=10 Alice computes her key: A chooses x A =16 & computes y A =10 16 mod 19 = 4 Alice signs message with hash m=14 as (3,4): choosing random K=5 which has gcd(18,5)=1 computing S 1 = 10 5 mod 19 = 3 finding K 1 mod (q1) = 51 mod 18 = 11 computing S 2 = 11( ) mod 18 = 4 any user B can verify the signature by computing V 1 = mod 19 = 16 V 2 = mod 19 = 5184 mod 19 = 16 since V1 = V2, the signature is valid 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 29
30 Schnorr Digital Signatures also uses exponentiation in a finite (Galois) security based on discrete logarithms, as in DH minimizes message dependent computation multiplying a 2nbit integer with an nbit integer main work can be done in idle time have using a prime modulus p p 1 has a prime factor q of appropriate size typically p 1024bit and q 160bit numbers 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 30
31 Schnorr Key Setup choose suitable primes p, q choose a such that a q = 1 mod p (a,p,q) are global parameters for all each user (eg. A) generates a key chooses a secret key (number): 0 < s A < q compute their public key: v A = a sa mod q 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 31
32 Schnorr Signature user signs message by choosing random r with 0<r<q and computing x = a r mod p concatenate message with x and hash result to computing: e = H(M x) computing: y = (r + se) mod q signature is pair (e, y) any other user can verify the signature as follows: computing: x' = a y v e mod p verifying that: e = H(M x ) 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 32
33 Digital Signature Standard (DSS) PublicKey digital signature technique Like DH, security from the discrete logarithm problem DSA is digital signature only unlike RSA US Govt approved signature scheme designed by NIST & NSA in early 90's published as FIPS186 in 1991 revised in 1993, 1996 & then 2000 Uses the SHA hash algorithm DSS is the standard, DSA is the algorithm FIPS (2000) includes: Alternative RSA Elliptic curve signature variants 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 33
34 DSS vs RSA Signatures 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 34
35 Use of DSA in the Java JCE Example (see practical examples) After the keypair generation process initialization byte[] message = new byte[] {..}; KeyPair KeyPair = KeyGen.generateKeyPair(); Signature signature = Signature.getInstance ( DSA, BC ); // to generate a signature signature.initsign(keypair.getprivate(), random); signature.update (message); byte[] sigbytes= signature.sign(); //verification signature.initverify(keypair.getpublic()); signature.update(message); if (signature.verify(sigbytes)) { ok } else { not ok } 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 35
36 Digital Signature Algorithm (DSA) creates a 320 bit signature with bit security smaller and faster than RSA a digital signature scheme only security depends on difficulty of computing discrete logarithms A standard based in fact in a variant of ElGamal & Schnorr schemes 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 36
37 DSA Key Generation have shared global public key values (p,q,g): choose 160bit prime number q: < q < choose a large prime p with 2 L1 < p < 2 L where L= 512 to 1024 bits and is a multiple of 64 such that q is a 160 bit prime divisor of (p1) choose g = h (p1)/q where 1<h<p1 and h (p1)/q mod p > 1 users choose private & compute public key: choose random private key: x<q compute public key: y = g x mod p 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 37
38 DSA Signature Creation to sign a message M the sender: generates a random signature key k, k<q nb. k must be random, be destroyed after use, and never be reused then computes signature pair: r = (g k mod p)mod q s = [k 1 (H(M)+ xr)] mod q sends signature (r,s) with message M 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 38
39 DSA Signature Verification having received M & signature (r,s) to verify a signature, recipient computes: w = s 1 mod q u1= [H(M)w ]mod q u2= (rw)mod q v = [(g u1 y u2 )mod p ]mod q if v=r then signature is verified 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 39
40 DSS Overview 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures  Slide 40
Digital Signature. Raj Jain. Washington University in St. Louis
Digital Signature Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse57111/
More informationAuthentication requirement Authentication function MAC Hash function Security of
UNIT 3 AUTHENTICATION Authentication requirement Authentication function MAC Hash function Security of hash function and MAC SHA HMAC CMAC Digital signature and authentication protocols DSS Slides Courtesy
More informationPublic Key (asymmetric) Cryptography
PublicKey Cryptography UNIVERSITA DEGLI STUDI DI PARMA Dipartimento di Ingegneria dell Informazione Public Key (asymmetric) Cryptography Luca Veltri (mail.to: luca.veltri@unipr.it) Course of Network Security,
More informationOutline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures
Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike
More informationTable of Contents. Bibliografische Informationen http://dnb.info/996514864. digitalisiert durch
1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...
More informationCommunications security
University of Roma Sapienza DIET Communications security Lecturer: Andrea Baiocchi DIET  University of Roma La Sapienza Email: andrea.baiocchi@uniroma1.it URL: http://net.infocom.uniroma1.it/corsi/index.htm
More informationPublic Key Cryptography Overview
Ch.20 PublicKey Cryptography and Message Authentication I will talk about it later in this class Final: Wen (5/13) 16301830 HOLM 248» give you a sample exam» Mostly similar to homeworks» no electronic
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; DH key exchange; Hash functions; Application of hash
More informationDigital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem
Digital Signatures Murat Kantarcioglu Based on Prof. Li s Slides Digital Signatures: The Problem Consider the reallife example where a person pays by credit card and signs a bill; the seller verifies
More informationOverview of Cryptographic Tools for Data Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
More informationOverview of PublicKey Cryptography
CS 361S Overview of PublicKey Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.16 slide 2 PublicKey Cryptography public key public key? private key Alice Bob Given: Everybody knows
More informationCRYPTOGRAPHY IN NETWORK SECURITY
ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIENCHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 20 PublicKey Cryptography and Message Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown PublicKey Cryptography
More informationCryptography and Network Security
Cryptography and Network Security Fifth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA PrivateKey Cryptography traditional private/secret/single key cryptography uses one key shared
More informationIntroduction to Cryptography CS 355
Introduction to Cryptography CS 355 Lecture 30 Digital Signatures CS 355 Fall 2005 / Lecture 30 1 Announcements Wednesday s lecture cancelled Friday will be guest lecture by Prof. Cristina Nita Rotaru
More informationCryptography and Network Security Chapter 9
Cryptography and Network Security Chapter 9 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 9 Public Key Cryptography and RSA Every Egyptian received two names,
More informationCryptography Lecture 8. Digital signatures, hash functions
Cryptography Lecture 8 Digital signatures, hash functions A Message Authentication Code is what you get from symmetric cryptography A MAC is used to prevent Eve from creating a new message and inserting
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA DiffieHellman Key Exchange Public key and
More informationSignature Schemes. CSG 252 Fall 2006. Riccardo Pucella
Signature Schemes CSG 252 Fall 2006 Riccardo Pucella Signatures Signatures in real life have a number of properties They specify the person responsible for a document E.g. that it has been produced by
More informationCryptography and Network Security Digital Signature
Cryptography and Network Security Digital Signature XiangYang Li Message Authentication Digital Signature Authentication Authentication requirements Authentication functions Mechanisms MAC: message authentication
More informationHash Functions. Integrity checks
Hash Functions EJ Jung slide 1 Integrity checks Integrity vs. Confidentiality! Integrity: attacker cannot tamper with message! Encryption may not guarantee integrity! Intuition: attacker may able to modify
More informationNetwork Security. Chapter 2 Basics 2.2 Public Key Cryptography. Public Key Cryptography. Public Key Cryptography
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Encryption/Decryption using Public Key Cryptography Network Security Chapter 2 Basics 2.2 Public Key Cryptography
More informationLecture 9: Application of Cryptography
Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that
More informationNetwork Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 035742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室
Network Security 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 035742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室 Security Attacks Normal flow: sender receiver Interruption: Information source Information destination
More informationCS549: Cryptography and Network Security
CS549: Cryptography and Network Security by XiangYang Li Department of Computer Science, IIT Cryptography and Network Security 1 Notice This lecture note (Cryptography and Network Security) is prepared
More informationAuthentication, digital signatures, PRNG
Multimedia Security Authentication, digital signatures, PRNG Mauro Barni University of Siena Beyond confidentiality Up to now, we have been concerned with protecting message content (i.e. confidentiality)
More informationSoftware Implementation of GongHarn Publickey Cryptosystem and Analysis
Software Implementation of GongHarn Publickey Cryptosystem and Analysis by Susana Sin A thesis presented to the University of Waterloo in fulfilment of the thesis requirement for the degree of Master
More informationCryptography and Network Security Chapter 10
Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 10 Other Public Key Cryptosystems Amongst the tribes of Central
More informationFinal Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket
IT 4823 Information Security Administration Public Key Encryption Revisited April 5 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles
More informationDigital Signatures. Meka N.L.Sneha. Indiana State University. nmeka@sycamores.indstate.edu. October 2015
Digital Signatures Meka N.L.Sneha Indiana State University nmeka@sycamores.indstate.edu October 2015 1 Introduction Digital Signatures are the most trusted way to get documents signed online. A digital
More informationMessage authentication and. digital signatures
Message authentication and " Message authentication digital signatures verify that the message is from the right sender, and not modified (incl message sequence) " Digital signatures in addition, non!repudiation
More informationMessage Authentication
Message Authentication message authentication is concerned with: protecting the integrity of a message validating identity of originator nonrepudiation of origin (dispute resolution) will consider the
More informationImplementation and Comparison of Various Digital Signature Algorithms. Nazia Sarang Boise State University
Implementation and Comparison of Various Digital Signature Algorithms Nazia Sarang Boise State University What is a Digital Signature? A digital signature is used as a tool to authenticate the information
More informationAn Introduction to Cryptography as Applied to the Smart Grid
An Introduction to Cryptography as Applied to the Smart Grid Jacques Benoit, Cooper Power Systems Western Power Delivery Automation Conference Spokane, Washington March 2011 Agenda > Introduction > Symmetric
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 81
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 81 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret
More informationOutline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg
Outline CSc 466/566 Computer Security 8 : Cryptography Digital Signatures Version: 2012/02/27 16:07:05 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationCryptographic Hash Functions Message Authentication Digital Signatures
Cryptographic Hash Functions Message Authentication Digital Signatures Abstract We will discuss Cryptographic hash functions Message authentication codes HMAC and CBCMAC Digital signatures 2 Encryption/Decryption
More informationEvaluation of Digital Signature Process
Evaluation of Digital Signature Process Emil SIMION, Ph. D. email: esimion@fmi.unibuc.ro Agenda Evaluation of digital signatures schemes: evaluation criteria; security evaluation; security of hash functions;
More informationDIGITAL SIGNATURES 1/1
DIGITAL SIGNATURES 1/1 Signing by hand COSMO ALICE ALICE Pay Bob $100 Cosmo Alice Alice Bank =? no Don t yes pay Bob 2/1 Signing electronically Bank Internet SIGFILE } {{ } 101 1 ALICE Pay Bob $100 scan
More informationNotes on Network Security Prof. Hemant K. Soni
Chapter 9 Public Key Cryptography and RSA PrivateKey Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications
More informationDigital signatures. Informal properties
Digital signatures Informal properties Definition. A digital signature is a number dependent on some secret known only to the signer and, additionally, on the content of the message being signed Property.
More informationPrinciples of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms
Principles of Public Key Cryptography Chapter : Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter : Security on Network and Transport
More informationCrittografia e sicurezza delle reti. Digital signatures DSA
Crittografia e sicurezza delle reti Digital signatures DSA Signatures vs. MACs Suppose parties A and B share the secret key K. Then M, MAC K (M) convinces A that indeed M originated with B. But in case
More informationNetwork Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering
Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:
More information1720  Forward Secrecy: How to Secure SSL from Attacks by Government Agencies
1720  Forward Secrecy: How to Secure SSL from Attacks by Government Agencies Dave Corbett Technical Product Manager Implementing Forward Secrecy 1 Agenda Part 1: Introduction Why is Forward Secrecy important?
More informationCryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs
Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Enes Pasalic University of Primorska Koper, 2014 Contents 1 Preface 3 2 Problems 4 2 1 Preface This is a
More informationThe Mathematics of the RSA PublicKey Cryptosystem
The Mathematics of the RSA PublicKey Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through
More informationPractice Questions. CS161 Computer Security, Fall 2008
Practice Questions CS161 Computer Security, Fall 2008 Name Email address Score % / 100 % Please do not forget to fill up your name, email in the box in the midterm exam you can skip this here. These practice
More informationDigital Signature Standard (DSS)
FIPS PUB 1864 FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION Digital Signature Standard (DSS) CATEGORY: COMPUTER SECURITY SUBCATEGORY: CRYPTOGRAPHY Information Technology Laboratory National Institute
More informationSECURITY IN NETWORKS
SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,
More informationComputer Science 308547A Cryptography and Data Security. Claude Crépeau
Computer Science 308547A Cryptography and Data Security Claude Crépeau These notes are, largely, transcriptions by Anton Stiglic of class notes from the former course Cryptography and Data Security (308647A)
More informationARCHIVED PUBLICATION
ARCHIVED PUBLICATION The attached publication, FIPS Publication 1863 (dated June 2009), was superseded on July 19, 2013 and is provided here only for historical purposes. For the most current revision
More informationElements of Applied Cryptography Public key encryption
Network Security Elements of Applied Cryptography Public key encryption Public key cryptosystem RSA and the factorization problem RSA in practice Other asymmetric ciphers Asymmetric Encryption Scheme Let
More informationRandomized Hashing for Digital Signatures
NIST Special Publication 800106 Randomized Hashing for Digital Signatures Quynh Dang Computer Security Division Information Technology Laboratory C O M P U T E R S E C U R I T Y February 2009 U.S. Department
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 9: Authentication protocols, digital signatures Ion Petre Department of IT, Åbo Akademi University 1 Overview of
More informationDigital Signatures. (Note that authentication of sender is also achieved by MACs.) Scan your handwritten signature and append it to the document?
Cryptography Digital Signatures Professor: Marius Zimand Digital signatures are meant to realize authentication of the sender nonrepudiation (Note that authentication of sender is also achieved by MACs.)
More informationAC76/AT76 CRYPTOGRAPHY & NETWORK SECURITY DEC 2014
Q.2a. Define Virus. What are the four phases of Viruses? In addition, list out the types of Viruses. A virus is a piece of software that can infect other programs by modifying them; the modification includes
More informationCSC474/574  Information Systems Security: Homework1 Solutions Sketch
CSC474/574  Information Systems Security: Homework1 Solutions Sketch February 20, 2005 1. Consider slide 12 in the handout for topic 2.2. Prove that the decryption process of a oneround Feistel cipher
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an applicationlevel protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationLukasz Pater CMMS Administrator and Developer
Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? Oneway functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign
More informationCryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.
Cryptosystems Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K. C= E(M, K), Bob sends C Alice receives C, M=D(C,K) Use the same key to decrypt. Public
More information159.334 Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology
Network Security 1 Professor Richard Harris School of Engineering and Advanced Technology Presentation Outline Overview of Identification and Authentication The importance of identification and Authentication
More informationCS 348: Computer Networks.  Security; 30 th  31 st Oct 2012. Instructor: Sridhar Iyer IIT Bombay
CS 348: Computer Networks  Security; 30 th  31 st Oct 2012 Instructor: Sridhar Iyer IIT Bombay Network security Security Plan (RFC 2196) Identify assets Determine threats Perform risk analysis Implement
More informationLecture 6  Cryptography
Lecture 6  Cryptography CSE497b  Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497bs07 Question 2 Setup: Assume you and I don t know anything about
More informationPart VII. Digital signatures
Part VII Digital signatures CHAPTER 7: Digital signatures Digital signatures are one of the most important inventions/applications of modern cryptography. The problem is how can a user sign a message such
More informationA New Efficient Digital Signature Scheme Algorithm based on Block cipher
IOSR Journal of Computer Engineering (IOSRJCE) ISSN: 22780661, ISBN: 22788727Volume 7, Issue 1 (Nov.  Dec. 2012), PP 4752 A New Efficient Digital Signature Scheme Algorithm based on Block cipher 1
More informationChapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography
Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:
More informationEXAM questions for the course TTM4135  Information Security May 2013. Part 1
EXAM questions for the course TTM4135  Information Security May 2013 Part 1 This part consists of 5 questions all from one common topic. The number of maximal points for every correctly answered question
More information2. Securing Transactions
INVESTIGATING THE EFFICIENCY OF CRYPTOGRAPHIC ALGORITHMS IN ONLINE TRANSACTIONS C. Lamprecht 1 A. van Moorsel P. Tomlinson N. Thomas School of Computing Science, University of Newcastle upon Tyne, UK Abstract
More informationPublic Key Cryptography and RSA. Review: Number Theory Basics
Public Key Cryptography and RSA Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Review: Number Theory Basics Definition An integer n > 1 is called a prime number if its positive divisors are 1 and
More informationCryptography and Network Security Chapter 15
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 15 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North
More informationA Proposal for Authenticated Key Recovery System 1
A Proposal for Authenticated Key Recovery System 1 Tsuyoshi Nishioka a, Kanta Matsuura a, Yuliang Zheng b,c, and Hideki Imai b a Information & Communication Business Div. ADVANCE Co., Ltd. 57 Nihombashi
More informationPublic Key Cryptography. Performance Comparison and Benchmarking
Public Key Cryptography Performance Comparison and Benchmarking Tanja Lange Department of Mathematics Technical University of Denmark tanja@hyperelliptic.org 28.08.2006 Tanja Lange Benchmarking p. 1 What
More informationIntroduction to Computer Security
Introduction to Computer Security Hash Functions and Digital Signatures Pavel Laskov Wilhelm Schickard Institute for Computer Science Integrity objective in a wide sense Reliability Transmission errors
More informationIT Networks & Security CERT Luncheon Series: Cryptography
IT Networks & Security CERT Luncheon Series: Cryptography Presented by Addam Schroll, IT Security & Privacy Analyst 1 Outline History Terms & Definitions Symmetric and Asymmetric Algorithms Hashing PKI
More information1 Signatures vs. MACs
CS 120/ E177: Introduction to Cryptography Salil Vadhan and Alon Rosen Nov. 22, 2006 Lecture Notes 17: Digital Signatures Recommended Reading. KatzLindell 10 1 Signatures vs. MACs Digital signatures
More informationCS 758: Cryptography / Network Security
CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html
More informationRecommendation for Cryptographic Key Generation
NIST Special Publication 800133 Recommendation for Cryptographic Key Generation Elaine Barker Allen Roginsky http://dx.doi.org/10.6028/nist.sp.800133 C O M P U T E R S E C U R I T Y NIST Special Publication
More informationIntroduction to Cryptography
Introduction to Cryptography Part 3: real world applications JeanSébastien Coron January 2007 Publickey encryption BOB ALICE Insecure M E C C D channel M Alice s publickey Alice s privatekey Authentication
More informationStudy of algorithms for factoring integers and computing discrete logarithms
Study of algorithms for factoring integers and computing discrete logarithms First IndoFrench Workshop on Cryptography and Related Topics (IFW 2007) June 11 13, 2007 Paris, France Dr. Abhijit Das Department
More informationSecure File Transfer Using USB
International Journal of Scientific and Research Publications, Volume 2, Issue 4, April 2012 1 Secure File Transfer Using USB Prof. R. M. Goudar, Tushar Jagdale, Ketan Kakade, Amol Kargal, Darshan Marode
More informationA New Generic Digital Signature Algorithm
Groups Complex. Cryptol.? (????), 1 16 DOI 10.1515/GCC.????.??? de Gruyter???? A New Generic Digital Signature Algorithm Jennifer Seberry, Vinhbuu To and Dongvu Tonien Abstract. In this paper, we study
More informationIntroduction. Digital Signature
Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology
More informationChapter 10. Network Security
Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce
More informationTextbook: Introduction to Cryptography 2nd ed. By J.A. Buchmann Chap 12 Digital Signatures
Textbook: Introduction to Cryptography 2nd ed. By J.A. Buchmann Chap 12 Digital Signatures Department of Computer Science and Information Engineering, Chaoyang University of Technology 朝 陽 科 技 大 學 資 工
More informationRecommendation for PairWise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised)
NIST Special Publication 80056A Recommendation for PairWise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised) Elaine Barker, Don Johnson, and Miles Smid C O M P U T E R S E C
More informationEXAM questions for the course TTM4135  Information Security June 2010. Part 1
EXAM questions for the course TTM4135  Information Security June 2010 Part 1 This part consists of 6 questions all from one common topic. The number of maximal points for every correctly answered question
More informationImplementation of Elliptic Curve Digital Signature Algorithm
Implementation of Elliptic Curve Digital Signature Algorithm Aqeel Khalique Kuldip Singh Sandeep Sood Department of Electronics & Computer Engineering, Indian Institute of Technology Roorkee Roorkee, India
More informationCryptography and Key Management Basics
Cryptography and Key Management Basics Erik Zenner Technical University Denmark (DTU) Institute for Mathematics e.zenner@mat.dtu.dk DTU, Oct. 23, 2007 Erik Zenner (DTUMAT) Cryptography and Key Management
More informationTransitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths
NIST Special Publication 800131A Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths Elaine Barker and Allen Roginsky Computer Security Division Information
More informationRSA Attacks. By Abdulaziz Alrasheed and Fatima
RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.
More informationCryptographic Algorithms and Key Size Issues. Çetin Kaya Koç Oregon State University, Professor http://islab.oregonstate.edu/koc koc@ece.orst.
Cryptographic Algorithms and Key Size Issues Çetin Kaya Koç Oregon State University, Professor http://islab.oregonstate.edu/koc koc@ece.orst.edu Overview Cryptanalysis Challenge Encryption: DES AES Message
More informationACTA UNIVERSITATIS APULENSIS No 13/2007 MATHEMATICAL FOUNDATION OF DIGITAL SIGNATURES. Daniela Bojan and Sidonia Vultur
ACTA UNIVERSITATIS APULENSIS No 13/2007 MATHEMATICAL FOUNDATION OF DIGITAL SIGNATURES Daniela Bojan and Sidonia Vultur Abstract.The new services available on the Internet have born the necessity of a permanent
More informationProgramming with cryptography
Programming with cryptography Chapter 11: Building Secure Software LarsHelge Netland larshn@ii.uib.no 10.10.2005 INF329: Utvikling av sikre applikasjoner Overview Intro: The importance of cryptography
More informationNetwork Security (2) CPSC 441 Department of Computer Science University of Calgary
Network Security (2) CPSC 441 Department of Computer Science University of Calgary 1 Friends and enemies: Alice, Bob, Trudy wellknown in network security world Bob, Alice (lovers!) want to communicate
More informationSecurity. Contents. S72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Maninthemiddle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationCS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure Email
CS 393 Network Security Nasir Memon Polytechnic University Module 11 Secure Email Course Logistics HW 5 due Thursday Graded exams returned and discussed. Read Chapter 5 of text 4/2/02 Module 11  Secure
More informationSecurity and Authentication Primer
Security and Authentication Primer Manfred Jantscher and Peter H. Cole AutoID Labs White Paper WPHARDWARE025 Mr. Manfred Jantscher Visiting Master Student, School of Electrical and Electronics Engineering,
More information