Basel Alomair, Krishna Sampigethaya, and Radha Poovendran University of Washington TexPoint fonts used in EMF.

Slides:

Advertisements

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Advertisements

Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.

E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April Seo, Seung-Hyun Dept. of Computer Science and.

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Cryptography and Network Security

Digital Signatures and Hash Functions. Digital Signatures.

Network Security Term Project 2002 Fall Network Security Chul Joon Choi Prof. Kwang jo Kim Network Security Term Project (2002 Fall) 발표자 :

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

Security Chapters 14,15. The Security Environment Threats Security goals and threats.

Security Chapters 14,15. The Security Environment Threats Security goals and threats.

CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Identity Base Threshold Proxy Signature Jing Xu, Zhenfeng Zhang, and Dengguo Feng Form eprint Presented by 魏聲尊.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

BR1 Protection and Security B. Ramamurthy Chapters 18 and 19.

Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.

CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

Cryptography and Network Security Chapter 13

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Introduction to Public Key Cryptography

13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.

Digital Signatures (DSs) The digital signatures cannot be separated from the message and attached to another The signature is not only tied to signer but.

8. Data Integrity Techniques

Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall

Lecture 8 Digital Signatures. This lecture considers techniques designed to provide the digital counterpart to a handwritten signature. A digital signature.

Chapter 5 Digital Signatures MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.

Bob can sign a message using a digital signature generation algorithm

1 Lect. 15 : Digital Signatures RSA, ElGamal, DSA, KCDSA, Schnorr.

Cryptology Digital Signatures and Digital Certificates Prof. David Singer Dept. of Mathematics Case Western Reserve University.

Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st Semester ITGD 2202 University of Palestine.

Chapter 4: Intermediate Protocols

02/22/2005 Joint Seminer Satoshi Koga Information Technology & Security Lab. Kyushu Univ. A Distributed Online Certificate Status Protocol with Low Communication.

Cryptography, Authentication and Digital Signatures

Public-Key Cryptography CS110 Fall Conventional Encryption.

Forward-Secure Signatures (basic + generic schemes)

Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.

4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.

Cryptography Lecture 9 Stefan Dziembowski

Chapter 31 Cryptography And Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Signcryption Parshuram Budhathoki Department of Mathematical Sciences Florida Atlantic University April 18, 2013

Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.

11.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 11 Message Integrity and Message Authentication.

Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

1 一個新的代理簽章法 A New Proxy Signature Scheme 作者 : 洪國寶, 許琪慧, 郭淑娟與邱文怡報告者 : 郭淑娟.

Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme

Chapter 11 Message Authentication and Hash Functions.

The Hierarchy of Key Evolving Signatures and a Characterization of Proxy Signatures Tal Malkin (Columbia Univ.) Satoshi Obana (NEC and Columbia Univ.)

Identity based signature schemes by using pairings Parshuram Budhathoki Department of Mathematical Science FAU 02/21/2013 Cyber Security Seminar, FAU.

Prepared by Dr. Lamiaa Elshenawy

Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.

Key Management Network Systems Security Mort Anvari.

1 An Ordered Multi-Proxy Multi-Signature Scheme Authors: Min-Shiang Hwang, Shiang-Feng Tzeng, Shu-Fen Chiou Speaker: Shu-Fen Chiou.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Introduction to Pubic Key Encryption CSCI 5857: Encoding and Encryption.

Security. Security Needs Computers and data are used by the authorized persons Computers and their accessories, data, and information are available to.

Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.

Cryptography and Network Security Chapter 13

Fourth Edition by William Stallings Lecture slides by Lawrie Brown

Digital Signatures…!.

Presentation transcript:

Basel Alomair, Krishna Sampigethaya, and Radha Poovendran University of Washington TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.:

 The signer has a pair of keys; a private (signing) key x and a public (verifying) key y.  The private key is used to sign messages while the public key is used to verify the signature.

 Unauthorized users with access to the private key can generate signatures that are indistinguishable from those of the authenticated user.  Furthermore, all signature generated with the exposed key become repudiable, even if they have been generated long time before key exposure.

 Forward security, in the context of digital signatures, was first introduced by Ross Anderson in ACM-CCS  In forward-secure signatures, the validity of signatures generated before the exposure of the private key remains intact.

 Time is divided into disjoint intervals.  Secret key is updated at each interval.  Trivial to design if size of registered keys is linear in T.  Size of registered keys must not grow proportionally with number of intervals.

 To achieve forward-security with one pair of registered key.  Challenge: how can a user, with a single pair of keys, update the signing key for each period such that the signature is still verifiable using the same public key.  Forward-secure signatures can be divided into two main categories:  Number theoretic schemes. Based on specific number theoretic assumptions.  Generic approach schemes. Use standard signature scheme as a building block.

 In ACM-CCS 2000, Hugo Krawczyk proposed the first practical generic scheme.  Signer possesses a single pair of registered keys.  Generate T certificates, one per period.  Certificates need not be secret.  Certificate must be available to generate valid signatures.

 In EUROCRYPT 2002, Malkin et al. proposed another generic scheme.  Signer possesses a single pair of registered keys.  Use of subtrees.  Generate secret keys for every tree leaf.  Secret keys must be kept secret.  Secret keys must be available to generate valid signatures.

 How about using more than one key?  Can we improve the performance without violating the required independence of T? YES

 Signer possesses two pairs of registered keys (x 1,y 1 ) and (x 2,y 2 ).  Generate a public forward-security chain R of length T.

 The forward-security chain R is collection of the r’s.  R is signed with x 1.  x 1 is deleted from the system.  The chain need not be secret.  The chain is not needed for signature generation.

 l: a security parameter such that performing an exhaustive search over l-bit sequences is infeasible. We assume the output of the hash function and the size of secret keys are l bits.  k: a security parameter such that the discrete logarithm problem modulo a k-bit prime is believed to be hard. We assume that the size of public key is k bits.  Typical values k=1024 bits and l=160 bits.

 Pre-computation of r’s and k’s.  Given r, one cannot compute k (by the DLP assumption).  Given k (i), one cannot compute k (i-j) (by the use of one-way functions).

 In proxy signature schemes, Alice wants to delegate her signing capability to Bob.  Must satisfy:  Verifiability: from a proxy signature, a verifier can be convinced of the original signer’s agreement on the signed message.  Strong unforgeability: the original signer and third parties who are not designated as proxy signers cannot create a valid proxy signature.  Strong identifiability: anyone can determine the identity of the corresponding proxy signer from a proxy signature.  Strong undeniability: a proxy signer cannot repudiate a proxy signature it created.  Prevention of misuse: a proxy signing key cannot be used for purposes other than generating valid proxy signatures. In case of misuse, the responsibility of the proxy signer should be determined explicitly.

 The use of two pairs of registered keys allow the design of a simple and computationally efficient forward-secure signature scheme.  Extension to proxy signatures is straightforward.