1 Workshop on algorithms and parameters for Electronic Signatures November 25, 2004. Brussels.

Slides:

Advertisements

Similar presentations

Public Key Infrastructure and Applications

Advertisements

FIPS 201 Framework: Special Pubs ,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.

1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

Digital Signatures and Hash Functions. Digital Signatures.

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Cryptography 101 Frank Hecker

Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.

Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall

Chapter 5 Digital Signatures MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.

Bob can sign a message using a digital signature generation algorithm

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.

Elliptic Curve Cryptography

CMS Interoperability Matrix Jim Schaad Soaring Hawk Security.

Digital Signatures: Mathematics Zdeněk Říha. Data authentication Data integrity + data origin Digital signature Asymmetric cryptography public and private.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

General Key Management Guidance. Key Management Policy  Governs the lifecycle for the keying material  Hope to minimize additional required documentation.

Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.

Key Management Workshop November 1-2, Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.

CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.

Chapter 21 Public-Key Cryptography and Message Authentication.

Chapter 15: Electronic Mail Security

Hash and MAC Functions CS427 – Computer Security

Internet-security.ppt-1 ( ) 2000 © Maximilian Riegel Maximilian Riegel Kommunikationsnetz Franken e.V. Internet Security Putting together the.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.

Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings.

Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?

Lecture 8 Overview. Secure Hash Algorithm (SHA) SHA SHA SHA – SHA-224, SHA-256, SHA-384, SHA-512 SHA-1 A message composed of b bits.

1 Number Theory and Advanced Cryptography 6. Digital Signature Chih-Hung Wang Sept Part I: Introduction to Number Theory Part II: Advanced Cryptography.

SSL (TLS) Part 2 Generating the Premaster and Master Secrets + Encryption.

Class 4 Asymmetric Cryptography and Trusting Internal Components CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman

Cryptography and Network Security Chapter 12 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

PGP & IP Security  Pretty Good Privacy – PGP Pretty Good Privacy  IP Security. IP Security.

IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-ECDSA Title: Discussion on introducing ECDSA to d for group management Date Submitted: July.

Computer Science and Engineering Computer System Security CSE 5339/7339 Lecture 11 September 23, 2004.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Network Security Celia Li Computer Science and Engineering York University.

IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.

1 Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang 9 February 2007.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

ECC Design Team: Initial Report Brian Minard, Tolga Acar, Tim Polk November 8, 2006.

PKCS #5 v2.0: Password-Based Cryptography Standard

Biometric Encryption Base RSA Algorithm Supervisor: Ass. Prof. Dr. Dang Tran Khanh Student: Dung Ngo Dinh.

@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.

The Federal Information Processing Standards (FIPS) Encryption Suite Sean Smith COSC

Mar 18, 2003Mårten Trolin1 Agenda Parts that need to be secured Card authentication Key management.

Dan Brown, Certicom Research November 10, 2004

e-Health Platform End 2 End encryption

Public Key Encryption and Digital Signatures

NET 311 Information Security

Campbell R. Harvey Duke University and NBER

Campbell R. Harvey Duke University and NBER

SSL (Secure Socket Layer)

The Secure Sockets Layer (SSL) Protocol

Workshop on algorithms and parameters for Electronic Signatures draft ETSI TS V ( ) November 25, Brussels.

Presentation transcript:

1 Workshop on algorithms and parameters for Electronic Signatures November 25, Brussels

2 Algorithms and parameters for Electronic Signatures Two parts: –Part 1: Hash functions and asymmetric algorithms –Part 2: Symmetric algorithms and protocols for secure channels

3 Part 1: Hash functions and asymmetric algorithms 4.Maintenance of the document 5.Hash functions –5.1. General –5.2. Recommended one way hash functions 6.Signature algorithms –6.1. General –6.2. Recommended signature algorithms 7.Signature suites –7.1.General –7.2. Padding methods –7.3. Recommended signature suites

4 Part 1: Hash functions and asymmetric algorithms 8. Recommended key pair generation methods –8.1. General –8.2. Recommended key pair generation methods 9. Random number generation methods –9.1. General –9.2. Recommended random number generation methods 10. Recommended hash functions and key sizes versus time –10.1. Liberal view –10.2. Conservative view –10.3. Recommended hash functions versus time –10.4. Recommended key sizes versus time

5 Part 1: Hash functions and asymmetric algorithms 11. Practical ways to identify hash functions and algorithms –11.1 Functions and algorithms identified using OIDs –11.2 Functions and algorithms identified using URNs –11.3 Functions and algorithms with no OID –11.4 Functions and algorithms with no URN 12. Algorithms in the context of Advanced Electronic Signatures –12.1 Time period resistance of hash functions and keys Time period resistance for hash functions Time period resistance for signer’s key Time period resistance for root keys Time period resistance for other keys –12.2 Algorithms for the various data structures

6 Part 1: Hash functions and asymmetric algorithms Annex A (normative): Updating algorithms and parameters –A.1 Introduction –A.2 Maintenance Process Annex B (informative): Recommended key sizes (historical) Annex C (informative): Generation of RSA keys for signatures –C.1 Generation of random prime numbers –C.2 Generation of RSA modulus –C.3 Generation of RSA keys Annex D (informative): Generation of elliptic curve domain parameters –D.1 ECDSA and ECGDSA based on a group E(F p ) –D.2 ECDSA and ECGDSA based on a group E(F 2 m )

7 Part 1: Hash functions and asymmetric algorithms Annex E (informative): On the generation of random data –E.1 Classes of random number generators –E.2 On tests for NRNGs Annex F (informative) Algorithms identifiers defined in various documents Annex G (informative): Explanatory text about the “liberal view” and the “conservative view –G.1 Estimates based on past experience –G.2 Estimates based on power of computation –G.3 Recommended key sizes and use dates drawn from past estimates –G.4 Recommended key sizes and use dates drawn from Lenstra and Verheul’s table

8 Part 2: Symmetric algorithms and protocols for secure channels Secure messaging for smart cards –5.1 General –5.2 Channel keys establishment 5.2.1Authentication steps 5.2.2Session Key creation 5.2.3Compute channel key Compute send sequence counter SSC –5.3 Secure Messaging Mode CLA byte TLV coding of command and response message Treatment of SM-Errors Padding for checksum calculation

9 Main points of discussion from SAGE meeting (1/2) The criteria we mention (secure/commonly used/easily referenced) was generally agreed to be OK. There was some concern about the Whirlpool algorithm not being well studied enough. There was a question about why we have not included SHA There were some concerns raised about whether the German elliptic curve variants were well enough studied. They had been “approved” by the BSI on some level. There were several suggestions regarding the key lengths. The most significant is that 640 be changed to 768 for the 3 year predictions in Table 8, and the inclusion of 163 for ecdsa in the bottom two rows of the same table.

10 Main points of discussion from SAGE meeting (2/2) The insertion of a statement as to why we haven’t distinguished between the use of algorithms in various contexts. About Annex G: some editing out of the original text has been done in this annex, taking out some of the argumentation as to why we prefer the Lenstra/Verheul arguments to the extrapolation methods. The point was raised that this original argumentation should either be included in its entirety, completely left out or replaced with a much shorter explanatory text.

11 Question 1 from Helmut Biely The title of chapter 11 of -1 is "Practical ways to identify...". Is this the only purpose of this chapter of the ensuing chapters on OID's ? The real question is whether such OID's are there : –for interoperability purposes only, or/and –to identify the algos, that are considered as sufficiently secure by this TS.

12 Question 2 from Helmut Biely The OID for ECDSA in : –RFC 3278 is used (and not 3279 !) as reference. –However, RFC 3278 (applying to CMS only) sets the parameters part of the ASN.1 SEQUENCE explicitly to NULL, i.e no curve is defined, as is necessary for a complete OID e.g. in an X509 certificate. –Now, does this mean, that all curves defined in X9.62 are covered by the TS, whereas other curves are outside ? –Are there any intentions to differentiate between curves (e.g. for interoperability reasons) or do no such plans exist ?

13 Questions from Franco Ruggieri The questions are addressed in the original document.