Information & Communication Security (SS 15)

Similar documents
An Introduction to Cryptography as Applied to the Smart Grid

Lukasz Pater CMMS Administrator and Developer

Digital Signatures. Meka N.L.Sneha. Indiana State University. October 2015

Legal Framework of Electronic Signatures in the European Union and Germany

Lecture 9: Application of Cryptography

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

Description of the Technical Component:

Computer Security: Principles and Practice

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Implementation and Comparison of Various Digital Signature Algorithms. -Nazia Sarang Boise State University

Digital Signature Standard (DSS)

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

How To Encrypt Data With Encryption

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

Qualified mobile electronic signatures: Possible, but worth a try?

IT Networks & Security CERT Luncheon Series: Cryptography

ARCHIVED PUBLICATION

RESEARCH ON DIGITAL SIGNATURE Aanchal Chanana, Akash Sharma, Amit Yadav

I N F O R M A T I O N S E C U R I T Y

Signature Schemes. CSG 252 Fall Riccardo Pucella

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

Table of Contents. Bibliografische Informationen digitalisiert durch

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Secure Signature Creation Device Protect & Sign Personal Signature, version 4.1

State of Arkansas Policy Statement on the Use of Electronic Signatures by State Agencies June 2008

CRYPTOGRAPHY IN NETWORK SECURITY

Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

SPC5-CRYP-LIB. SPC5 Software Cryptography Library. Description. Features. SHA-512 Random engine based on DRBG-AES-128

7! Cryptographic Techniques! A Brief Introduction

NIST Test Personal Identity Verification (PIV) Cards

DEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE EXTERNAL CERTIFICATION AUTHORITY MASTER TEST PLAN VERSION 1.0

Profitability of Mobile Qualified Electronic Signatures

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

OB10 - Digital Signing and Verification

Using etoken for SSL Web Authentication. SSL V3.0 Overview

In accordance with article 11 of the Law on Electronic Signature (Official Gazette of the Republic of Serbia No. 135/04), REGULATION

Digital Signatures. (Note that authentication of sender is also achieved by MACs.) Scan your handwritten signature and append it to the document?

Authentication requirement Authentication function MAC Hash function Security of

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Message authentication and. digital signatures

Digital Signature For Text File

Digital Signature. Raj Jain. Washington University in St. Louis

I N F O R M A T I O N S E C U R I T Y

Digital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem

Trustis FPS PKI Glossary of Terms

Evaluation of Digital Signature Process

Secure File Transfer Using USB

A Security Flaw in the X.509 Standard Santosh Chokhani CygnaCom Solutions, Inc. Abstract

A New Efficient Digital Signature Scheme Algorithm based on Block cipher

Application of Digital Signature for Securing Communication Using RSA Scheme based on MD5

Public Key (asymmetric) Cryptography

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

Public Key Cryptography Overview

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Biometrics, Tokens, & Public Key Certificates

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST

CERTIFICATE AUTHORITY SCHEMES USING ELLIPTIC CURVE CRYPTOGRAPHY, RSA AND THEIR VARIANTS- SIMULATION USING NS2

Cryptography & Digital Signatures

Archived NIST Technical Series Publication

Controller of Certification Authorities of Mauritius

The Legal Classification of Identity-Based Signatures

Randomized Hashing for Digital Signatures

Public Key Cryptography of Digital Signatures

Paper-based Document Authentication using Digital Signature and QR Code

NISTIR 7676 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards

Overview of Public-Key Cryptography

Authentication, digital signatures, PRNG

An Introduction to digital signatures

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

Efficient construction of vote-tags to allow open objection to the tally in electronic elections

Introduction. Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi

NIST s FIPS 201: Personal Identity Verification (PIV) of Federal Employees and Contractors Masaryk University in Brno Faculty of Informatics

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Digital Signature CHAPTER 13. Review Questions. (Solution to Odd-Numbered Problems)

A New Generic Digital Signature Algorithm

Certification Report. Utimaco Safeware AG. debiszert-dsz-itsec SafeGuard Sign&Crypt, Version 2.0. The Modern Service Provider

Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg

White Paper. Enhancing Website Security with Algorithm Agility

Introduction to Cryptography CS 355

Public Key Encryption and Digital Signature: How do they work?

Implementation of Elliptic Curve Digital Signature Algorithm

SECURITY IN NETWORKS

Public Key Cryptography. c Eli Biham - March 30, Public Key Cryptography

National Security Agency Perspective on Key Management

ELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION

CSCE 465 Computer & Network Security

Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths

Guidelines for the use of electronic signature

Transcription:

Information & Communication Security (SS 15) Electronic Signatures Dr. Jetzabel Serna-Olvera @sernaolverajm Chair of Mobile Business & Multilateral Security Goethe University Frankfurt www.m-chair.de

Agenda Digital Signature Overview Algorithms Hash Functions Electronic Signatures - Legal Framework Recent Initiatives in Europe Use Case Scenario 2

Digital Signatures Definition: A digital signature is a construct that authenticates both origin and contents of a message in a manner that is provable to a third party. [Bishop 1978] Only the entity who creates a digital message must be capable of generating a valid signature 3

Digital Signatures document A sign document + signature B verify accept reject Protect the authenticity and integrity of documents signed by A B has to get an authentic copy of A s public key. 4

Security Properties Message Authentication (data origin authentication): The sender of the message is authentic. Integrity: Messages have not been modified in transit. Non-repudiation: The sender of the message cannot deny the creation of the message. 5

Asymmetric Signature System Public Key Encryption Digital Signatures 6

Asymmetric Signature System Digital Signatures The holder of the secret key (sender) signs the message Anyone can verify that a signature is valid Public Key Encryption Anyone can encrypt a message Only the holder of the secret key (receiver) can decrypt a message 7

Example PGP: Encrypt and Sign a Message Hallo Jan. My exercises for the MC 2 test are enclosed: 8

Example PGP: Decrypt and Check a Message Hallo Jan. My exercises for the MC1 test are enclosed: 9

Agenda Digital Signature Overview Algorithms Hash Functions Electronic Signatures - Legal Framework Recent Initiatives in Europe Use Case Scenario 10

Public Key Algorithms Algorithm RSA Digital Signature Algorithm (DSA) Elliptic Curve Digital Signature Algorithm (ECDSA) Algorithm family Integer factorization Discrete logarithm Elliptic curves 11

Asymmetric Signature Systems: Examples RSA: Rivest, Shamir, Adleman Asymmetric encryption system which also can be used as a signature system via inverted use, Message encrypted with the private key (= signing key) gives the signature, Decoding with the public key (=testing key) has to produce the message. [Rivest et al. 1978] 12

Asymmetric Signature Systems: Examples DSA: Digital Signature Algorithm Determined in the Digital Signature Standard of the NIST (USA), Based on discrete logarithms (Schnorr, ElGamal), Key length is set to 1024 bit. 13

Asymmetric Signature Systems: Examples ECDSA Elliptic Curve Digital Signature Algorithm Shorter keys and shorter signatures, which leads to better performance Standardized in the US by the American National Standards Institute (ANSI) 1998. 14

Asymmetric Signature System (Simplified Example RSA) Sender / Signer Addressee / Verifier Text Text s (Text) decrypt with t encrypt with s Text? = Text s (Text) check for equality Signing key s only with the sender, test key t public 15

Asymmetric Signature System (Example RSA) Sender / Signer Addressee / Verifier Text Text s (H(Text)) hash hash decrypt with t H(Text) H(Text)? = H(Text) encrypt with s check for equality s (H(Text)) Signing key s only with the sender, test key t public 16

Agenda Digital Signature Overview Algorithms Hash Functions Electronic Signatures - Legal Framework Recent Initiatives in Europe Use Case Scenario 17

Hash Functions One way cryptography 18

Data of arbitrary length Message Hash function [e883aa0b24c09f ] General hash functions (H(s)) Transformation of an input string s into an output string h of fixed length which is called hash value. Example: mod 10 in the decimal system Fixed length hash (digest) 19

Hash Functions Cryptographic hash functions Generally require further characteristics - H(s) is easily to compute for each s. - H(s) must be difficult to invert: In terms of figures it is difficult to compute s from h. - Virtual collision freedom: In terms of figures it is difficult to create collisions H(s1) = H(s2). Examples: SHA-1, MD5, MD4 20

Asymmetric Signature System (Example RSA) Sender / Signer Addressee / Verifier Text Text s (H(Text)) hash hash decrypt with t H(Text) H(Text)? = H(Text) encrypt with s check for equality s (H(Text)) Signing key s only with the sender, test key t public 21

Agenda Digital Signature Overview Algorithms Hash Functions Electronic Signatures - Legal Framework Recent Initiatives in Europe Use Case Scenario 22

Directive 1999/93/EC The European Community Directive on electronic signatures refers to the concept of an electronic signature as: data in electronic form which attached to, or logically associated with other electronic data and which serves as a method of authentication [EC-Directive 1999] 23

Directive 1999/93/EC The advanced electronic signature requirements: Uniquely linked to the signatory; Capable of identifying the signatory; Created using means that the signatory can maintain under their sole control; Linked to the data to which it relates in such a manner that any subsequent change in the data is detectable. [EC-Directive 1999] 24

Directive 1999/93/EC The qualified certificate.. the identification of the certification service provider; the name of the signatory; provision for a specific attribute of the signatory to be included if relevant; signature-verification data; period of validity of the certificate; the identity code of the certificate; the advanced electronic signature of the issuing CSP. 25

German Signature Law (SigG) Objective and Area of Application (1) The purpose of this law is to create general conditions for digital signatures under which they may be deemed secure and forgeries of digital signatures or falsifications of signed data may be reliably ascertained. 26

SigG Requirements as to Technical Components Example: display of data ( 17(2)) [SigG01] The signature component must: Clearly notify the signer that a signature is created before the signature is created Make clearly perceptible which data the signature refers to Secure the accordance of displayed data and signed data ( What you see is what you sign. ) 27

Hierarchical Certification of Public Keys (Example: German Signature Law) Regulatory Authority confirms public keys of the CAs Root-CA (Regulatory Authority) Certification Authorities (CA) TeleSec, D-Trust, TC TrustCenter,... persons organizations... The actual checking of the identity of the key owner takes place at so called Registration Authorities (e.g. notaries, bank branches, T-Points,...) Security of the infrastructure depends on the reliability of the CAs. 28

Content of a Key Certificate (according to German Signature Law and Regulation) indication of the algorithms used period of validity key owner, possibly named by pseudonym signature test key version: v3 serial number: 4711 sign alg: RSA/SHA-1 issuer: all-sign-ca validity: 1.1.00-31.12.02 subject: German, Michel key: 0100110001110000... pseudonym: yes limitation: no qualified: no attributes: representative of the chancellor serial number certification provider that issued the certificate signature 29

Tasks of a Certification Authority (according to German Signature Law and Regulation) Reliable identification of persons who apply for a certificate Information on necessary methods for fraud resistant creation of a signature Provision for secure storage of the private key At least Smartcard (protected with PIN) Publication of the certificate (if wanted) Barring of certificates If necessary emission of time stamps For a fraud resistant proof that an electronic document has been at hand at a specific time 30

Requirements to an Accredited CA (according to German Signature Law and related Regulation) Checking of the following items by certain confirmation centers (BSI, TÜVIT,...) Concept of operational security Reliability of the executives and of the employees as well as of their know-how Financial power for continuous operation Exclusive usage of licensed technical components according to SigG and SigV Security requirements as to operating premises and their access controls Possibly license of the regulation authority 31

Agenda Digital Signature Overview Algorithms Hash Functions Electronic Signatures - Legal Framework Recent Initiatives in Europe Use Case Scenario 32

European Initiatives In Germany: Gesundheitskarte Job card Digitaler Personalausweis In Austria: Bürgerkarte A1 Signature In Belgium: Belgium eid Card (BELPIC) In Finland: Universal eid Card Mobile Signatures In Denmark: OCES ( Offentlige Certifikater til Elektronisk Service ) And 12 other European countries. [www.eurosmart.com] 33

European Initiatives All initiatives focus on high penetration rate of signature capable smart cards within the complete population. But high penetration rate of smart cards does not necessarily lead to adoption of electronic signatures E.g., German Geldkarte Specific targeting of early adopters might be more successful. [Fritsch and Roßnagel 2005] 34

Signature Market Legal and technical framework exists for years. So far qualified electronic signatures are not successful in the market. Circa 0.4 million qualified certificates in total have been issued in Germany from 2001 to 2010 [Sommer 2011]. Expectations have not been fulfilled. 35

Agenda Digital Signature Overview Algorithms Hash Functions Electronic Signatures - Legal Framework Recent Initiatives in Europe Use Case Scenario 36

Use Case Scenario Vehicular Ad Hoc Networks (VANETs) A VANET consists of vehicles and roadside base stations that exchange primarily safety messages to give drivers the time to react to life-endangering events 37

VANETs Applications Governmental Bodies Insurance Services Commercial Location Based Services Traffic Management Centers Vehicle Manufacturers Fleet Operators Other vehicles 38

Security in VANETs (I) Despite the wide number of potential applications, VANETs also raise a broad range of critical security challenges. authentication, integrity, confidentiality, authorization and, non-repudiation 39

Security in VANETs (II) VANETs PKI (VPKI) relying on a large set of regional Certification Authorities (CAs) Security IEEE 1609.2 elliptic curves digital signature (ECDSA) 40

Interoperability PKI interoperability among vehicles from different domains 41

Literature EC-Directive 1999/93/EC (1999) Directive 1999/93/EC of the European Parliament and of the Council on a Community framework for electronic signatures. Fritsch, L. and Roßnagel, H. (2005) Die Krise des Signaturmarktes,: Lösungsansätze aus betriebswirtschaftlicher Sicht, in: H. Ferderrath (Eds.): Sicherheit 2005, Bonn, Köllen Druck+Verlag GmbH, pp. 315-327. Isselhorst/Rohde, BSI. Lippmann, S. and Roßnagel, H. (2005) Geschäftsmodelle für signaturgesetzkonforme Trust Center, in: O. K. Ferstl; E. J. Sinz; S. Eckert and T. Isselhorst (Eds.): Wirtschaftsinformatik 2005, Heidelberg, Physica-Verlag, pp. 1167-1187. Rivest, R. L.; Shamir, A. and Adleman, L. (1978) A Method for Obtaining Digital Signatures and Public Key Cryptosystems, Communications of the ACM (21:2), pp. 120-126. Roßnagel, H. (2007) Mobile Qualifizierte Elektronische Signaturen Analyse der Hemmnisfaktoren und Gestaltungsvorschläge zur Einführung der qualifizierten elektronischen Signatur. Antonius, S CEO TUViT GmbH (2011) The recent trend of the personal authentcation environment and eid in Germany, Personal Athentication Environment Seminar 42

Deutsche Telekom Chair of Mobile Business & Multilateral Security Dr. Jetzabel M. Serna-Olvera Goethe University Frankfurt E-Mail: Jetzabel.Serna-Olvera@m-chair.de WWW: www.m-chair.de 16.10.2014 43

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information