2. Cryptography 2.4 Digital Signatures
|
|
- Christal Knight
- 8 years ago
- Views:
Transcription
1 DI-FCT-UNL Computer and Network Systems Security Segurança de Sistemas e Redes de Computadores Cryptography 2.4 Digital Signatures 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 1
2 Outline Digital Signatures, Authentication and Key-Establishment Protocols Digital Signatures General Requirements and properties Authentication vs. Non-Repudiation Message Authentication with Fast (Light-Weight) Signatures Digital signatures with Public Key Methods Direct and Arbitrated Digital Signatures Public-Key Digital Signatures Digital signature methods RSA ElGammal DSS (or DSA) ECC based signatures 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 2
3 Outline Digital Signatures, Authentication and Key-Establishment Protocols Digital Signatures General Requirements and properties Authentication vs. Non-Repudiation Message Authentication with Fast (Light-Weight) Signatures Digital signatures with Public Key Methods Direct and Arbitrated Digital Signatures Public-Key Digital Signatures Digital signature methods RSA ElGammal DSS (or DSA) ECC based signatures 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 3
4 Required properties of digital signatures Digital signature properties Dependence of message (content) signed Unforgeable Must use controlled unique information by the signer Undeniable No new message for existent digital signature No fraudulent signature for a given message The signer can control the <message,signature> association Verifiable by principals or third parties to resolve disputes Direct or arbitrated signatures covering all the data relevance: author, data&time, content, disclaimers, usage policies, etc) Must be relatively easy to produce Must be relatively easy to recognize and verify Practical to store (with or without the signed content) 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 4
5 Other possible requirements Sometimes (useful for specific protocols): Unique (one-time signatures) Anonymous use (blind signatures) Signature vs. Content unlinkability Content disguised before it is signed Publicly verifiable against the original (unblinded) Signer and message author are different principals Election systems, Digital Cash Schemes, 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 5
6 Generic requirements Requirements for digital signatures Message authentication (proof of origin) Originality of contents (ownership proofs) Authentication of principals in authentication protocols (unilateral vs. mutual authentication) Authenticity proofs for non-repudiation protocols Practical issues: MACs as Light-weight (or inexpensive ) signatures Message flows in session-oriented protocols MACs in protocols for constrained devices Datagram protocols and large amounts (load) of message processing Public-Key signatures as more robust and expensive authentication proofs Authentication of principals in handshake protocolos and session-establishment 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 6
7 Approaches to Message Authentication Authentication Using Conventional Encryption sender and receiver should share a secret key Message Authentication without Message Encryption Authentication tag (shared secret computation and verification, based on a shared secret key value) generated and appended to each message Message Authentication Code MAC computation as a function of the message and the key. MAC = F(K, M) 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 7
8 Secure hash functions are appropriate for MAC Algorithms Henric Johnson , Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 8
9 MAC with a secure HASH function Secret value is added before the hash and removed before transmission. 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 9
10 Remembering secure HASH Functions Purpose of the HASH: production of secure fingerprints. Properties : 1. H can be applied to a block of data at any size 2. H produces a fixed length output 3. H(x) is easy to compute for any given x. 4. For any given block x, it is computationally infeasible to find x such that H(x) = h - Irreversibility, One-Way 5. For any given block x, it is computationally infeasible to find with H(y) = H(x). - Weak collision resistance 1. It is computationally infeasible to find any pair (x, y) such that H(x) = H(y) - Strong collision resistance 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 10
11 HMACs (flexible combination of secure hash functions) MAC derived from a cryptographic hash code, such as SHA-1, SHA-2 and SHA-3 in the future Motivations: Cryptographic hash functions executes faster in software than encryptoin algorithms such as DES Library code for cryptographic hash functions is widely available No export restrictions Different hash functions easily combined for security, maintaining good efficiency HMAC structure 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 11
12 Henric Johnson , Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 12
13 Outline Digital Signatures, Authentication and Key-Establishment Protocols Digital Signatures General Requirements and properties Authentication vs. Non-Repudiation Message Authentication with Fast (Light-Weight) Signatures Digital signatures with Public Key Methods Direct and Arbitrated Digital Signatures Public-Key Digital Signatures Digital signature methods RSA ElGammal DSS (or DSA) ECC based signatures 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 13
14 Direct Digital Signatures Only sender & receiver involved With public-key signatures: assumed receiver has sender s public-key digital signature made by sender signing entire message or hash with private-key can encrypt using receivers public-key important that sign first then encrypt message & signature security depends on sender s private-key 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 14
15 Arbitrated Digital Signatures Involve sender, receiver and one or more third parties With public-key signatures: assumed third parties have all sender s public-keys digital signature made by sender signing entire message or hash with private-key, verified (and possibly logged) by the third parties, and resigned by the third parties Notarization The receivers recognize the sender signature by verifying the third party signature encryption using third-party public-key important that sign first then encrypt message & signature security depends on sender s private-key 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 15
16 Outline Digital Signatures, Authentication and Key-Establishment Protocols Digital Signatures General Requirements and properties Authentication vs. Non-Repudiation Message Authentication with Fast (Light-Weight) Signatures Digital signatures with Public Key Methods Direct and Arbitrated Digital Signatures Public-Key Digital Signatures Digital signature methods RSA ElGammal DSS (or DSA) ECC based signatures 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 16
17 RSA Signatures (from the algorithm RSA) Correct (undeniable) Key pair (Kpriv, Kpub) Principal P Private Key: Kpriv, N Principal P Public Key: Kpub, N Signature(M) = S M = H(M) Kpriv mod N Verification: Given M and computing H(M) S M Kpub mod N 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 17
18 Relevant issues from RSA (1) Remembering the RSA key-pair generation process and encryption/decryption algorithm Messages hashed before signing (not the original message) Security issue when preserving confidentiality Controlled size, comparing with the key size Size of modulus and public and private exponents:» The N value (modulus) determines the key sizes M < N Any value M greater than N will be reduced to M mod N Key pair generation: Value for public exponent so that the encryption step will be computationally cheap to perform and then generate the private exponent accordingly - Encryption cheap, decryption expensive - Signature expensive, Verification cheap 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 18
19 Relevant issues from RSA (2) Key-Generation process Public exponents, fixed (standardized) by security specifications for RSA implementation use Ex., X509v3: public exponents 0x10001 (F4) Default in the Bouncy Castle Implementation Problem: how to speed-up the decryption and the signature process in current implementations CRT theorem (and ex., Garner s Algorithm) Keep the original P and Q primes used to generate the Keys Pre-compute and keep other values in the CRT computation (dp, dq, qinv), once only Store (dp, dq, P, Q, qinv) 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 19
20 Implementation in JAVA-JCE Optimizations are included (differently) in each crypto provider (subjacent implementation of RSA) Ex. BC uses a multi-prime remainder theorem approach To generate keys with 2048 bits, rather than having to primes P and Q of 1024 bits, it can be used 4 primes of 512 bits Note: observe the behavior of time consuming (processing) in the examples provided. 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 20
21 RSA Padding mechanisms Operations in RSA are ober big integers What if the representation begins with 0 bits (MSBits)? See practical examples What happens if you change the value of the public exponent to a low value? See practical examples Is it secure for encryption? You need Padding! 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 21
22 Padding in RSA PKCS#1 Implementation (ex., BC) See also the practical examples Type 1: Mp= 0x00 0x01 F 0x00 M with F = string of 0xFF bytes, at least 8 bytes Then: M <= Keysize in bytes 11 - This is used when using the private key (signatures) Type 2: Mp= 0x00 0x02 R 0x00 M with R = Random bytes, at least 8 bytes Then: M <= Keysize in bytes 11 - This is used when using the public key (encryption) 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 22
23 Strongest padding for RSA Ex., OAEP Padding Used with parameters: P, and random seed S OAEP Optimal Asymmetric Encryption Padding M1 = Mask [ ( H(P) PZ 0x01 M), S ] M2 = Mask (S, M1) Mp=0x00 M2 M1 Note: MaxLen for the message will be klen 2hLen 2 Note: for a certain message length usable in PKCS#1, you may need a more long key if you use OAEP, but this is not an issue why? See practical examples: Suite: RSA/None/OAEPWithSHA1and MGF1Padding 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 23
24 RSA Signatures in the JAVA-JCE See practical examples Practical class examples and verifications Signature class Steps: - Initialization of the signature object for signing - signature.update() is then used to feed data into the signature object - When all the data has been fed in, signature.sign() is called - Signature can be: - Returned as a byte array - Or load it into a passed in byte-array 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 24
25 Use of RSA in the Java JCE Example (see practical examples) After the keypair generation process initialization byte[] message = new byte[] {..}; KeyPair KeyPair = KeyGen.generateKeyPair(); Signature signature = Signature.getInstance ( RSA, BC ); // to generate a signature signature.initsign(keypair.getprivate(), random); signature.update (message); byte[] sigbytes= signature.sign(); //verification signature.initverify(keypair.getpublic()); signature.update(message); if (signature.verify(sigbytes)) { ok } else { not ok } 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 25
26 ElGammal public key scheme (asymetric) A variant of Diffie-Hellman Same math. principles Widely used (ex., OpenPGP implementations, standardized in RFC 2440) How does it works? Bob has a public key g y mod P (well known by Alice) Alice creates a temporary public key K puba = g x mod P Encryption: C = {M} KpubB = M g xy mod P Alice sends to Bob: C, K puba Note: makes the cipher text twice the key size 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 26
27 ElGamal Digital Signatures Signature variant of ElGamal, related to D-H Uses exponentiation in a finite (Galois) Security based difficulty of computing discrete logarithms, as in D-H Private key for encryption (signing) Public key for decryption (verification) each user (eg. A) generates their key chooses a secret key (number): 1 < x A < q-1 compute their public key: y A = a x A mod q 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 27
28 ElGamal Digital Signature Alice signs a message M to Bob by computing the hash m = H(M), 0 <= m <= (q-1) chose random integer K with 1 <= K <= (q-1) and gcd(k,q-1)=1 compute temporary key: S 1 = a k mod q compute K -1 the inverse of K mod (q-1) compute the value: S 2 = K -1 (m-x A S 1 ) mod (q-1) The signature is the tuple:(s 1,S 2 ) any user B can verify the signature by computing V 1 = a m mod q V 2 = y A S1 S 1 S2 mod q signature is valid if V 1 = V , Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 28
29 ElGamal Signature Example use field GF(19) q=19 and a=10 Alice computes her key: A chooses x A =16 & computes y A =10 16 mod 19 = 4 Alice signs message with hash m=14 as (3,4): choosing random K=5 which has gcd(18,5)=1 computing S 1 = 10 5 mod 19 = 3 finding K -1 mod (q-1) = 5-1 mod 18 = 11 computing S 2 = 11( ) mod 18 = 4 any user B can verify the signature by computing V 1 = mod 19 = 16 V 2 = mod 19 = 5184 mod 19 = 16 since V1 = V2, the signature is valid 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 29
30 Schnorr Digital Signatures also uses exponentiation in a finite (Galois) security based on discrete logarithms, as in D-H minimizes message dependent computation multiplying a 2n-bit integer with an n-bit integer main work can be done in idle time have using a prime modulus p p 1 has a prime factor q of appropriate size typically p 1024-bit and q 160-bit numbers 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 30
31 Schnorr Key Setup choose suitable primes p, q choose a such that a q = 1 mod p (a,p,q) are global parameters for all each user (eg. A) generates a key chooses a secret key (number): 0 < s A < q compute their public key: v A = a -sa mod q 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 31
32 Schnorr Signature user signs message by choosing random r with 0<r<q and computing x = a r mod p concatenate message with x and hash result to computing: e = H(M x) computing: y = (r + se) mod q signature is pair (e, y) any other user can verify the signature as follows: computing: x' = a y v e mod p verifying that: e = H(M x ) 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 32
33 Digital Signature Standard (DSS) Public-Key digital signature technique Like D-H, security from the discrete logarithm problem DSA is digital signature only unlike RSA US Govt approved signature scheme designed by NIST & NSA in early 90's published as FIPS-186 in 1991 revised in 1993, 1996 & then 2000 Uses the SHA hash algorithm DSS is the standard, DSA is the algorithm FIPS (2000) includes: Alternative RSA Elliptic curve signature variants 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 33
34 DSS vs RSA Signatures 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 34
35 Use of DSA in the Java JCE Example (see practical examples) After the keypair generation process initialization byte[] message = new byte[] {..}; KeyPair KeyPair = KeyGen.generateKeyPair(); Signature signature = Signature.getInstance ( DSA, BC ); // to generate a signature signature.initsign(keypair.getprivate(), random); signature.update (message); byte[] sigbytes= signature.sign(); //verification signature.initverify(keypair.getpublic()); signature.update(message); if (signature.verify(sigbytes)) { ok } else { not ok } 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 35
36 Digital Signature Algorithm (DSA) creates a 320 bit signature with bit security smaller and faster than RSA a digital signature scheme only security depends on difficulty of computing discrete logarithms A standard based in fact in a variant of ElGamal & Schnorr schemes 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 36
37 DSA Key Generation have shared global public key values (p,q,g): choose 160-bit prime number q: < q < choose a large prime p with 2 L-1 < p < 2 L where L= 512 to 1024 bits and is a multiple of 64 such that q is a 160 bit prime divisor of (p-1) choose g = h (p-1)/q where 1<h<p-1 and h (p-1)/q mod p > 1 users choose private & compute public key: choose random private key: x<q compute public key: y = g x mod p 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 37
38 DSA Signature Creation to sign a message M the sender: generates a random signature key k, k<q nb. k must be random, be destroyed after use, and never be reused then computes signature pair: r = (g k mod p)mod q s = [k -1 (H(M)+ xr)] mod q sends signature (r,s) with message M 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 38
39 DSA Signature Verification having received M & signature (r,s) to verify a signature, recipient computes: w = s -1 mod q u1= [H(M)w ]mod q u2= (rw)mod q v = [(g u1 y u2 )mod p ]mod q if v=r then signature is verified 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 39
40 DSS Overview 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures - Slide 40
Digital Signature. Raj Jain. Washington University in St. Louis
Digital Signature Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationAuthentication requirement Authentication function MAC Hash function Security of
UNIT 3 AUTHENTICATION Authentication requirement Authentication function MAC Hash function Security of hash function and MAC SHA HMAC CMAC Digital signature and authentication protocols DSS Slides Courtesy
More informationPublic Key (asymmetric) Cryptography
Public-Key Cryptography UNIVERSITA DEGLI STUDI DI PARMA Dipartimento di Ingegneria dell Informazione Public Key (asymmetric) Cryptography Luca Veltri (mail.to: luca.veltri@unipr.it) Course of Network Security,
More informationOutline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures
Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike
More informationTable of Contents. Bibliografische Informationen http://d-nb.info/996514864. digitalisiert durch
1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...
More informationCommunications security
University of Roma Sapienza DIET Communications security Lecturer: Andrea Baiocchi DIET - University of Roma La Sapienza E-mail: andrea.baiocchi@uniroma1.it URL: http://net.infocom.uniroma1.it/corsi/index.htm
More informationPublic Key Cryptography Overview
Ch.20 Public-Key Cryptography and Message Authentication I will talk about it later in this class Final: Wen (5/13) 1630-1830 HOLM 248» give you a sample exam» Mostly similar to homeworks» no electronic
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash
More informationDigital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem
Digital Signatures Murat Kantarcioglu Based on Prof. Li s Slides Digital Signatures: The Problem Consider the real-life example where a person pays by credit card and signs a bill; the seller verifies
More informationOverview of Cryptographic Tools for Data Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
More informationOverview of Public-Key Cryptography
CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows
More informationCRYPTOGRAPHY IN NETWORK SECURITY
ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can
More informationIntroduction to Cryptography CS 355
Introduction to Cryptography CS 355 Lecture 30 Digital Signatures CS 355 Fall 2005 / Lecture 30 1 Announcements Wednesday s lecture cancelled Friday will be guest lecture by Prof. Cristina Nita- Rotaru
More informationCryptography and Network Security
Cryptography and Network Security Fifth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 20 Public-Key Cryptography and Message Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Public-Key Cryptography
More informationCryptography Lecture 8. Digital signatures, hash functions
Cryptography Lecture 8 Digital signatures, hash functions A Message Authentication Code is what you get from symmetric cryptography A MAC is used to prevent Eve from creating a new message and inserting
More informationCryptography and Network Security Chapter 9
Cryptography and Network Security Chapter 9 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 9 Public Key Cryptography and RSA Every Egyptian received two names,
More informationSignature Schemes. CSG 252 Fall 2006. Riccardo Pucella
Signature Schemes CSG 252 Fall 2006 Riccardo Pucella Signatures Signatures in real life have a number of properties They specify the person responsible for a document E.g. that it has been produced by
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and
More informationLecture 9: Application of Cryptography
Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that
More informationCryptography and Network Security Digital Signature
Cryptography and Network Security Digital Signature Xiang-Yang Li Message Authentication Digital Signature Authentication Authentication requirements Authentication functions Mechanisms MAC: message authentication
More informationHash Functions. Integrity checks
Hash Functions EJ Jung slide 1 Integrity checks Integrity vs. Confidentiality! Integrity: attacker cannot tamper with message! Encryption may not guarantee integrity! Intuition: attacker may able to modify
More informationNetwork Security. Chapter 2 Basics 2.2 Public Key Cryptography. Public Key Cryptography. Public Key Cryptography
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Encryption/Decryption using Public Key Cryptography Network Security Chapter 2 Basics 2.2 Public Key Cryptography
More informationCS549: Cryptography and Network Security
CS549: Cryptography and Network Security by Xiang-Yang Li Department of Computer Science, IIT Cryptography and Network Security 1 Notice This lecture note (Cryptography and Network Security) is prepared
More informationNetwork Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室
Network Security 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室 Security Attacks Normal flow: sender receiver Interruption: Information source Information destination
More informationFinal Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket
IT 4823 Information Security Administration Public Key Encryption Revisited April 5 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles
More informationCryptography and Network Security Chapter 10
Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 10 Other Public Key Cryptosystems Amongst the tribes of Central
More informationSoftware Implementation of Gong-Harn Public-key Cryptosystem and Analysis
Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis by Susana Sin A thesis presented to the University of Waterloo in fulfilment of the thesis requirement for the degree of Master
More informationAuthentication, digital signatures, PRNG
Multimedia Security Authentication, digital signatures, PRNG Mauro Barni University of Siena Beyond confidentiality Up to now, we have been concerned with protecting message content (i.e. confidentiality)
More informationDigital Signatures. Meka N.L.Sneha. Indiana State University. nmeka@sycamores.indstate.edu. October 2015
Digital Signatures Meka N.L.Sneha Indiana State University nmeka@sycamores.indstate.edu October 2015 1 Introduction Digital Signatures are the most trusted way to get documents signed online. A digital
More informationMessage authentication and. digital signatures
Message authentication and " Message authentication digital signatures verify that the message is from the right sender, and not modified (incl message sequence) " Digital signatures in addition, non!repudiation
More informationMessage Authentication
Message Authentication message authentication is concerned with: protecting the integrity of a message validating identity of originator non-repudiation of origin (dispute resolution) will consider the
More informationImplementation and Comparison of Various Digital Signature Algorithms. -Nazia Sarang Boise State University
Implementation and Comparison of Various Digital Signature Algorithms -Nazia Sarang Boise State University What is a Digital Signature? A digital signature is used as a tool to authenticate the information
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret
More informationNotes on Network Security Prof. Hemant K. Soni
Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications
More informationAn Introduction to Cryptography as Applied to the Smart Grid
An Introduction to Cryptography as Applied to the Smart Grid Jacques Benoit, Cooper Power Systems Western Power Delivery Automation Conference Spokane, Washington March 2011 Agenda > Introduction > Symmetric
More informationOutline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg
Outline CSc 466/566 Computer Security 8 : Cryptography Digital Signatures Version: 2012/02/27 16:07:05 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationEvaluation of Digital Signature Process
Evaluation of Digital Signature Process Emil SIMION, Ph. D. email: esimion@fmi.unibuc.ro Agenda Evaluation of digital signatures schemes: evaluation criteria; security evaluation; security of hash functions;
More informationCryptographic Hash Functions Message Authentication Digital Signatures
Cryptographic Hash Functions Message Authentication Digital Signatures Abstract We will discuss Cryptographic hash functions Message authentication codes HMAC and CBC-MAC Digital signatures 2 Encryption/Decryption
More informationDIGITAL SIGNATURES 1/1
DIGITAL SIGNATURES 1/1 Signing by hand COSMO ALICE ALICE Pay Bob $100 Cosmo Alice Alice Bank =? no Don t yes pay Bob 2/1 Signing electronically Bank Internet SIGFILE } {{ } 101 1 ALICE Pay Bob $100 scan
More informationDigital signatures. Informal properties
Digital signatures Informal properties Definition. A digital signature is a number dependent on some secret known only to the signer and, additionally, on the content of the message being signed Property.
More informationCrittografia e sicurezza delle reti. Digital signatures- DSA
Crittografia e sicurezza delle reti Digital signatures- DSA Signatures vs. MACs Suppose parties A and B share the secret key K. Then M, MAC K (M) convinces A that indeed M originated with B. But in case
More informationPrinciples of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms
Principles of Public Key Cryptography Chapter : Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter : Security on Network and Transport
More informationNetwork Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering
Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:
More information1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies
1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies Dave Corbett Technical Product Manager Implementing Forward Secrecy 1 Agenda Part 1: Introduction Why is Forward Secrecy important?
More informationThe Mathematics of the RSA Public-Key Cryptosystem
The Mathematics of the RSA Public-Key Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through
More informationPractice Questions. CS161 Computer Security, Fall 2008
Practice Questions CS161 Computer Security, Fall 2008 Name Email address Score % / 100 % Please do not forget to fill up your name, email in the box in the midterm exam you can skip this here. These practice
More informationDigital Signature Standard (DSS)
FIPS PUB 186-4 FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION Digital Signature Standard (DSS) CATEGORY: COMPUTER SECURITY SUBCATEGORY: CRYPTOGRAPHY Information Technology Laboratory National Institute
More informationCryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs
Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Enes Pasalic University of Primorska Koper, 2014 Contents 1 Preface 3 2 Problems 4 2 1 Preface This is a
More informationSECURITY IN NETWORKS
SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,
More informationARCHIVED PUBLICATION
ARCHIVED PUBLICATION The attached publication, FIPS Publication 186-3 (dated June 2009), was superseded on July 19, 2013 and is provided here only for historical purposes. For the most current revision
More informationComputer Science 308-547A Cryptography and Data Security. Claude Crépeau
Computer Science 308-547A Cryptography and Data Security Claude Crépeau These notes are, largely, transcriptions by Anton Stiglic of class notes from the former course Cryptography and Data Security (308-647A)
More informationElements of Applied Cryptography Public key encryption
Network Security Elements of Applied Cryptography Public key encryption Public key cryptosystem RSA and the factorization problem RSA in practice Other asymmetric ciphers Asymmetric Encryption Scheme Let
More informationRandomized Hashing for Digital Signatures
NIST Special Publication 800-106 Randomized Hashing for Digital Signatures Quynh Dang Computer Security Division Information Technology Laboratory C O M P U T E R S E C U R I T Y February 2009 U.S. Department
More informationAC76/AT76 CRYPTOGRAPHY & NETWORK SECURITY DEC 2014
Q.2a. Define Virus. What are the four phases of Viruses? In addition, list out the types of Viruses. A virus is a piece of software that can infect other programs by modifying them; the modification includes
More informationDigital Signatures. (Note that authentication of sender is also achieved by MACs.) Scan your handwritten signature and append it to the document?
Cryptography Digital Signatures Professor: Marius Zimand Digital signatures are meant to realize authentication of the sender nonrepudiation (Note that authentication of sender is also achieved by MACs.)
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 9: Authentication protocols, digital signatures Ion Petre Department of IT, Åbo Akademi University 1 Overview of
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationLukasz Pater CMMS Administrator and Developer
Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? One-way functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign
More informationCSC474/574 - Information Systems Security: Homework1 Solutions Sketch
CSC474/574 - Information Systems Security: Homework1 Solutions Sketch February 20, 2005 1. Consider slide 12 in the handout for topic 2.2. Prove that the decryption process of a one-round Feistel cipher
More informationCryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.
Cryptosystems Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K. C= E(M, K), Bob sends C Alice receives C, M=D(C,K) Use the same key to decrypt. Public
More information159.334 Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology
Network Security 1 Professor Richard Harris School of Engineering and Advanced Technology Presentation Outline Overview of Identification and Authentication The importance of identification and Authentication
More informationCS 348: Computer Networks. - Security; 30 th - 31 st Oct 2012. Instructor: Sridhar Iyer IIT Bombay
CS 348: Computer Networks - Security; 30 th - 31 st Oct 2012 Instructor: Sridhar Iyer IIT Bombay Network security Security Plan (RFC 2196) Identify assets Determine threats Perform risk analysis Implement
More informationLecture 6 - Cryptography
Lecture 6 - Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07 Question 2 Setup: Assume you and I don t know anything about
More informationPart VII. Digital signatures
Part VII Digital signatures CHAPTER 7: Digital signatures Digital signatures are one of the most important inventions/applications of modern cryptography. The problem is how can a user sign a message such
More informationA New Efficient Digital Signature Scheme Algorithm based on Block cipher
IOSR Journal of Computer Engineering (IOSRJCE) ISSN: 2278-0661, ISBN: 2278-8727Volume 7, Issue 1 (Nov. - Dec. 2012), PP 47-52 A New Efficient Digital Signature Scheme Algorithm based on Block cipher 1
More informationEXAM questions for the course TTM4135 - Information Security May 2013. Part 1
EXAM questions for the course TTM4135 - Information Security May 2013 Part 1 This part consists of 5 questions all from one common topic. The number of maximal points for every correctly answered question
More informationChapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography
Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:
More information2. Securing Transactions
INVESTIGATING THE EFFICIENCY OF CRYPTOGRAPHIC ALGORITHMS IN ONLINE TRANSACTIONS C. Lamprecht 1 A. van Moorsel P. Tomlinson N. Thomas School of Computing Science, University of Newcastle upon Tyne, UK Abstract
More informationA Proposal for Authenticated Key Recovery System 1
A Proposal for Authenticated Key Recovery System 1 Tsuyoshi Nishioka a, Kanta Matsuura a, Yuliang Zheng b,c, and Hideki Imai b a Information & Communication Business Div. ADVANCE Co., Ltd. 5-7 Nihombashi
More informationCryptography and Network Security Chapter 15
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 15 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North
More informationPublic Key Cryptography and RSA. Review: Number Theory Basics
Public Key Cryptography and RSA Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Review: Number Theory Basics Definition An integer n > 1 is called a prime number if its positive divisors are 1 and
More informationPublic Key Cryptography. Performance Comparison and Benchmarking
Public Key Cryptography Performance Comparison and Benchmarking Tanja Lange Department of Mathematics Technical University of Denmark tanja@hyperelliptic.org 28.08.2006 Tanja Lange Benchmarking p. 1 What
More informationIntroduction to Computer Security
Introduction to Computer Security Hash Functions and Digital Signatures Pavel Laskov Wilhelm Schickard Institute for Computer Science Integrity objective in a wide sense Reliability Transmission errors
More informationCS 758: Cryptography / Network Security
CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html
More information1 Signatures vs. MACs
CS 120/ E-177: Introduction to Cryptography Salil Vadhan and Alon Rosen Nov. 22, 2006 Lecture Notes 17: Digital Signatures Recommended Reading. Katz-Lindell 10 1 Signatures vs. MACs Digital signatures
More informationIT Networks & Security CERT Luncheon Series: Cryptography
IT Networks & Security CERT Luncheon Series: Cryptography Presented by Addam Schroll, IT Security & Privacy Analyst 1 Outline History Terms & Definitions Symmetric and Asymmetric Algorithms Hashing PKI
More informationRecommendation for Cryptographic Key Generation
NIST Special Publication 800-133 Recommendation for Cryptographic Key Generation Elaine Barker Allen Roginsky http://dx.doi.org/10.6028/nist.sp.800-133 C O M P U T E R S E C U R I T Y NIST Special Publication
More informationImplementation of Elliptic Curve Digital Signature Algorithm
Implementation of Elliptic Curve Digital Signature Algorithm Aqeel Khalique Kuldip Singh Sandeep Sood Department of Electronics & Computer Engineering, Indian Institute of Technology Roorkee Roorkee, India
More informationIntroduction to Cryptography
Introduction to Cryptography Part 3: real world applications Jean-Sébastien Coron January 2007 Public-key encryption BOB ALICE Insecure M E C C D channel M Alice s public-key Alice s private-key Authentication
More informationStudy of algorithms for factoring integers and computing discrete logarithms
Study of algorithms for factoring integers and computing discrete logarithms First Indo-French Workshop on Cryptography and Related Topics (IFW 2007) June 11 13, 2007 Paris, France Dr. Abhijit Das Department
More informationRSA Attacks. By Abdulaziz Alrasheed and Fatima
RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.
More informationSecure File Transfer Using USB
International Journal of Scientific and Research Publications, Volume 2, Issue 4, April 2012 1 Secure File Transfer Using USB Prof. R. M. Goudar, Tushar Jagdale, Ketan Kakade, Amol Kargal, Darshan Marode
More informationChapter 10. Network Security
Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce
More informationA New Generic Digital Signature Algorithm
Groups Complex. Cryptol.? (????), 1 16 DOI 10.1515/GCC.????.??? de Gruyter???? A New Generic Digital Signature Algorithm Jennifer Seberry, Vinhbuu To and Dongvu Tonien Abstract. In this paper, we study
More informationTextbook: Introduction to Cryptography 2nd ed. By J.A. Buchmann Chap 12 Digital Signatures
Textbook: Introduction to Cryptography 2nd ed. By J.A. Buchmann Chap 12 Digital Signatures Department of Computer Science and Information Engineering, Chaoyang University of Technology 朝 陽 科 技 大 學 資 工
More informationRecommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised)
NIST Special Publication 800-56A Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised) Elaine Barker, Don Johnson, and Miles Smid C O M P U T E R S E C
More informationIntroduction. Digital Signature
Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology
More informationTransitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths
NIST Special Publication 800-131A Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths Elaine Barker and Allen Roginsky Computer Security Division Information
More informationCryptography and Key Management Basics
Cryptography and Key Management Basics Erik Zenner Technical University Denmark (DTU) Institute for Mathematics e.zenner@mat.dtu.dk DTU, Oct. 23, 2007 Erik Zenner (DTU-MAT) Cryptography and Key Management
More informationCryptographic Algorithms and Key Size Issues. Çetin Kaya Koç Oregon State University, Professor http://islab.oregonstate.edu/koc koc@ece.orst.
Cryptographic Algorithms and Key Size Issues Çetin Kaya Koç Oregon State University, Professor http://islab.oregonstate.edu/koc koc@ece.orst.edu Overview Cryptanalysis Challenge Encryption: DES AES Message
More informationProgramming with cryptography
Programming with cryptography Chapter 11: Building Secure Software Lars-Helge Netland larshn@ii.uib.no 10.10.2005 INF329: Utvikling av sikre applikasjoner Overview Intro: The importance of cryptography
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationNetwork Security (2) CPSC 441 Department of Computer Science University of Calgary
Network Security (2) CPSC 441 Department of Computer Science University of Calgary 1 Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate
More informationPublic Key Cryptography of Digital Signatures
ACTA UNIVERSITATIS APULENSIS No 13/2007 MATHEMATICAL FOUNDATION OF DIGITAL SIGNATURES Daniela Bojan and Sidonia Vultur Abstract.The new services available on the Internet have born the necessity of a permanent
More informationCS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure Email
CS 393 Network Security Nasir Memon Polytechnic University Module 11 Secure Email Course Logistics HW 5 due Thursday Graded exams returned and discussed. Read Chapter 5 of text 4/2/02 Module 11 - Secure
More informationSecure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213
Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 UNCLASSIFIED Example http ://www. greatstuf f. com Wants credit card number ^ Look at lock on browser Use https
More informationCapture Resilient ElGamal Signature Protocols
Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department
More information