Bishop: Chapter 10 Key Management: Digital Signature

Slides:



Advertisements
Similar presentations
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Advertisements

Public Key Cryptosystem
Courtesy of Professors Chris Clifton & Matt Bishop INFSCI 2935: Introduction of Computer Security1 October 9, 2003 Introduction to Computer Security Lecture.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Certificates.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
Attacks on Digital Signature Algorithm: RSA
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #9-1 Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic.
1 Digital Signatures CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 12, 2004.
Chapter 9: Key Management
Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)
RSA Exponentiation cipher
Slide #9-1 Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.
Chapter 13 Digital Signature
Csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature.
Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Storage & Revoking.
COEN 351 E-Commerce Security Essentials of Cryptography.
Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.
1 Chapter 9: Key Management All algorithms we have introduced are based on one assumption: keys have been distributed. But how to do that? Key generation,
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Assistant Professor, SIS Lecture 10 Nov 8, 2007 Hash Functions Key Management.
Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.
Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 2 Advanced Cryptography (Part C)
Courtesy of Professors Chris Clifton & Matt Bishop INFSCI 2935: Introduction of Computer Security1 Nov 4, 2003 Introduction to Computer Security Lecture.
Digital Signatures, Message Digest and Authentication Week-9.
COEN 351 E-Commerce Security
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
Csci5233 Computer Security1 Bishop: Chapter 10 Key Management.
Chapt. 10 – Key Management Dr. Wayne Summers Department of Computer Science Columbus State University
Slide #9-1 Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
1IS2150/TEL2810: Introduction to Computer Security Nov 1, 2005 Introduction to Computer Security Lecture 8 Key Management.
CS480 Cryptography and Information Security Huiping Guo Department of Computer Science California State University, Los Angeles 14. Digital signature.
Contents Introduction. 9.1 Session and Interchange Keys.
Chapter 9. Key management
Basics of Cryptography
Key Management October 26, 2006 Lecture 7
Security Outline Encryption Algorithms Authentication Protocols
Key Management Session and Interchange Key Key Exchange
Protocol Analysis.
Computer Communication & Networks
Information Security message M one-way hash fingerprint f = H(M)
B. R. Chandavarkar CSE Dept., NITK Surathkal
Chapters 14,15 Security.
Chapter 9: Key Management
Information Security message M one-way hash fingerprint f = H(M)
Information Security message M one-way hash fingerprint f = H(M)
IS 2150 / TEL 2810 Introduction to Security
Key Management CS461/ECE422.
Chapter 10: Key Management
Chapt. 10 – Key Management Dr. Wayne Summers
Public Key Infrastructure (PKI)
Public Key Cryptography Diffie-Hellman, Discrete Log, RSA
Key Escrow Key escrow system allows authorized third party to recover key Useful when keys belong to roles, such as system operator, rather than individuals.
Information Security message M one-way hash fingerprint f = H(M)
Cryptography: Basics (2)
The Secure Sockets Layer (SSL) Protocol
Digital Signatures…!.
Chapters 14,15 Security.
Chapter -8 Digital Signatures
Chapter 13 Digital Signature
Chapter 9: Key Management
Basic of Modern Cryptography
Chapter 10: Key Management
Digital Signatures Network Security.
LAB 3: Digital Signature
Presentation transcript:

Bishop: Chapter 10 Key Management: Digital Signature csci5233 Computer Security

csci5233 Computer Security Topics Key exchange Session vs interchange keys Classical vs public key methods Key generation Cryptographic key infrastructure Certificates Key storage Key escrow Key revocation Digital signatures csci5233 Computer Security

csci5233 Computer Security Digital Signature Construct that authenticated origin and contents of message in a manner provable to a disinterested third party (“judge”) Sender cannot deny having sent message (service is “nonrepudiation”) Limited to technical proofs Inability to deny one’s cryptographic key was used to sign One could claim the cryptographic key was stolen or compromised Legal proofs, etc., probably required; not dealt with here csci5233 Computer Security

csci5233 Computer Security Common Error Classical: Alice, Bob share key k Alice sends m || { m }k to Bob This is a digital signature. (?) WRONG!! This is not a digital signature. Why? Third party cannot determine whether Alice or Bob generated the message. csci5233 Computer Security

Classical Digital Signatures Require trusted third party Alice, Bob each share keys with trusted party Cathy To resolve dispute, judge gets { m }kAlice, { m }kBob, and has Cathy decipher them; if messages matched, contract was signed. Question: Otherwise, who had cheated? { m }kAlice Alice Bob { m }kAlice Bob Cathy { m }kBob Cathy Bob csci5233 Computer Security

Public Key Digital Signatures Alice’s keys are dAlice, eAlice Alice sends Bob m || { m }dAlice In case of dispute, judge computes { { m }dAlice }eAlice and if it is m, Alice signed message She’s the only one who knows dAlice! csci5233 Computer Security

RSA Digital Signatures Use private key to encipher message Protocol for use is critical Key points: Never sign random documents, and when signing, always sign hash and never document Mathematical properties can be turned against signer Sign message first, then encipher Changing public keys causes forgery csci5233 Computer Security

csci5233 Computer Security Attack #1 Example: Alice, Bob communicating nA = 95, eA = 59, dA = 11 nB = 77, eB = 53, dB = 17 26 contracts, numbered 00 to 25 Alice has Bob sign 05 and 17: c = mdB mod nB = 0517 mod 77 = 3 c = mdB mod nB = 1717 mod 77 = 19 Alice computes 0517 mod 77 = 08; corresponding signature is 0319 mod 77 = 57; claims Bob signed 08 Judge computes ceB mod nB = 5753 mod 77 = 08 Signature validated; Bob is toast csci5233 Computer Security

Attack #2: Bob’s Revenge Bob, Alice agree to sign contract 06 Alice enciphers, then signs: (meB mod 77)dA mod nA = (0653 mod 77)11 mod 95 = 63 Bob now changes his public key Computes r such that 13r mod 77 = 6; say, r = 59 Computes r eB mod (nB) = 5953 mod 60 = 7 Replace public key eB with 7, private key dB = 43 Bob claims contract was 13. Judge computes: (6359 mod 95)43 mod 77 = 13 Verified; now Alice is toast csci5233 Computer Security

El Gamal Digital Signature Relies on discrete log problem Choose p prime, g, d < p; compute y = gd mod p Public key: (y, g, p); private key: d To sign contract m: Choose k relatively prime to p–1, and not yet used (Note: 0 < k < p-1) Compute a = gk mod p Find b such that m = (da + kb) mod p–1 Signature is (a, b) To validate, check that yaab mod p = gm mod p csci5233 Computer Security

csci5233 Computer Security Example Alice chooses p = 29, g = 3, d = 6 y = 36 mod 29 = 4 Alice wants to send Bob signed contract 23 Chooses k = 5 (relatively prime to 28 and 0<k<28) This gives a = gk mod p = 35 mod 29 = 11 Then solving 23 = (611 + 5b) mod 28 gives b = 25 Alice sends message 23 and signature (11, 25) Bob verifies signature: gm mod p = 323 mod 29 = 8 and yaab mod p = 4111125 mod 29 = 8 They match, so Alice signed csci5233 Computer Security

Attack Eve learns k, corresponding message m, and signature (a, b) Extended Euclidean Algorithm gives d, the private key Example from above: Eve learned Alice signed last message with k = 5 m = (da + kb) mod p–1 = (11d + 525) mod 28 so Alice’s private key is d = 6 csci5233 Computer Security

Key Points of Ch. 10 (Bishop) Key management critical to effective use of cryptosystems Different levels of keys (session vs. interchange) Keys need infrastructure to identify holders, allow revoking Digital certificates Key escrowing complicates infrastructure Digital signatures provide integrity of origin and content Much easier with public key cryptosystems than with classical cryptosystems csci5233 Computer Security

csci5233 Computer Security Next Bishop, Chapter 11: Cipher techniques csci5233 Computer Security