IT 221: Introduction to Information Security Principles Lecture 6:Digital Signatures and Authentication Protocols For Educational Purposes Only Revised:

Slides:



Advertisements
Similar presentations
Chapter 3 Public Key Cryptography and Message authentication.
Advertisements

IT 221: Introduction to Information Security Principles Lecture 8:Authentication Applications For Educational Purposes Only Revised: October 20, 2002.
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Sri Lanka Institute of Information Technology
Cryptography and Network Security
Digital Signatures and Hash Functions. Digital Signatures.
Computer Science&Technology School of Shandong University Instructor: Hou Mengbo houmb AT sdu.edu.cn Office: Information Security Research Group.
Cryptography and Network Security
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
1 Information System Security AABFS-Jordan Summer 2006 Digital Signature and Hashing Functions Prepared by: Maher Abu Hamdeh & Adel Hamdan Supervised by:
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
Network Security Essentials Fifth Edition by William Stallings Fifth Edition by William Stallings.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Chapter 13 Digital Signature
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall
1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden
Bob can sign a message using a digital signature generation algorithm
Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st Semester ITGD 2202 University of Palestine.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Chapter 11: Message Authentication and Hash Functions Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.
Network Security Lecture 23 Presented by: Dr. Munam Ali Shah.
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
11.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 11 Message Integrity and Message Authentication.
Digital Signatures and Authentication Protocols Chapter 13.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
1 Number Theory and Advanced Cryptography 6. Digital Signature Chih-Hung Wang Sept Part I: Introduction to Number Theory Part II: Advanced Cryptography.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown & Süleyman KONDAKCI.
Digital Signatures, Message Digest and Authentication Week-9.
IT 221: Introduction to Information Security Principles Lecture 4: Public-Key Cryptography For Educational Purposes Only Revised: September 15, 2002.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,
Prepared by Dr. Lamiaa Elshenawy
DIGITAL SIGNATURE. A digital signature is an authentication mechanism that enables the creator of a message to attach a code that acts as a signature.
Protocol Analysis. CSCE Farkas 2 Cryptographic Protocols Two or more parties Communication over insecure network Cryptography used to achieve goal.
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
X. Digital Signatures and Authentication Protocols We begin this chapter with an overview of digital signatures, authentication protocol and Digital Signature.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
Fall 2006CS 395: Computer Security1 Key Management.
Dr. Nermin Hamza.  Attacks:  Traffic Analysis : traffic analysis occurs when an eavesdroppers observes message traffic on network. Not understand the.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Cryptography and Network Security Chapter 13
Fourth Edition by William Stallings Lecture slides by Lawrie Brown
Computer Communication & Networks
B. R. Chandavarkar CSE Dept., NITK Surathkal
Authentication Protocols
Chapter 13 – Digital Signatures & Authentication Protocols
Subject Name: NETWORK SECURITY Subject Code: 10EC832
Chapter -8 Digital Signatures
Chapter 8 roadmap 8.1 What is network security?
Digital Signature Standard (DSS)
Digital Signatures Network Security.
Presentation transcript:

IT 221: Introduction to Information Security Principles Lecture 6:Digital Signatures and Authentication Protocols For Educational Purposes Only Revised: September 27, 2002

1 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Chapter 10: Context and Overview Digital Signatures Overview Public-Key Encryption Review Public-Key Authentication Review MAC Disputes Example Digital Signatures -Digital Signatures Properties -Digital Signatures Requirements -Direct Digital Signatures: Properties -Direct Digital Signatures: Weaknesses -Arbitrated Digital Signatures: Properties Authentication Protocols: Overview -Authentication Requirements -Security Concerns -Confidentiality -Timeliness -Replay Attacks -Conventional and Public-Key Encryption Digital Signature Standard -RSA versus DSS (1) -RSA versus DSS (2) Chapter 10 Outline

2 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Context and Questions Context: Conventional symmetric systems guarantee the authenticity of a message. However, they do not prevent against forgery and repudiation. [1] Most important development from the work on public key cryptography is the digital signature. Digital Signatures provide a set of security capabilities that would be difficult to implement in any other way. [2] Question: Using Public-Key Encryption, how are you able to ensure for both Encryption and Authentication? Solution: Encrypt first, followed by the signature. Signature first has the advantage that the signature can be verified by parties other than the Recipient.

3 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Overview [1]: Digital Signatures are, like handwritten signatures, a means of associating a mark unique to an individual with a body of text. The mark should be unforgettable, meaning that only the originator should be able to compute the signature value. But the mark should be verifiable, meaning that others should be able to check that the signature does actually come from the originator. The general way of computing signatures is with public-key encryption, such that the signer computes a signature value using a private key, and others can verify that the signature came from the associated private key. Digital Signatures Overview

4 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Public-Key Encryption Review Encryption Process [2]: (1) Each end system in a network generates a pair of keys to be used for encryption and decryption of messages that it will receive. (2) Each system publishes its encryption key by placing it in a public register or file. This is the Public-key. The companion key is kept private. (3) If Bob(Sender) wishes to send Alice Receiver), he encrypts the message using Alice’s Public-key. (4) When Alice receives the message, she decrypts it using her Private-key. No other receiver can decrypt the message.

5 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Public-Key Authentication Review Authentication Process [2]: (1) Bob (Sender) prepares a message to Alice (Receiver) and encrypts the message using his private key. (2) Alice decrypts Bob’s message by using his Public-key. (3) Since the message was encrypted using the sender’s private key, only the sender could have sent this message.

6 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Context [2]: Message authentication protects two parties who exchange messages from any third party. However, it does not protect the two parties against each other. Example [2]: Suppose Alice sends an authenticated message to Bob using either a MAC or HASH Function. Bob may forge a different message and claim it came from Alice. Bob would simply have to create a message and append an authentication code using the key that Alice and Bob share. Alice could deny sending the message. Because it is possible for Bob to forge a message, there is no way to prove that John did in fact send the message. MAC Disputes Example

7 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Context [2]: When there is not complete trust between sender and receiver, something more than authentication is needed. Properties [2]: Digital Signatures are analogous to handwritten signatures and must have the following properties: Must be able to verify the author and the date/time of the signature. Must be able to authenticate the contents at the time of the signature. Must be verifiable by third parties, to resolve disputes. Digital Signatures Properties

8 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Requirements [2]: On the basis of the three properties, requirements for a digital signature can be stated as follows: Must be a bit pattern that depends on the message being signed. Must use some info unique to the sender. Must be relatively easy to produce the Digital Signature. Must be relatively easy to recognize and verify the signature. Must be computationally infeasible to forge a digital signature. Must be practical to retain a copy of the digital signature in storage. Digital Signature Requirements

9 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Direct DS Properties [2]: Involves only the communicating parties (Source, Destination). Assumes that the destination knows the public-key of the source. May be formed by: -Encrypting the entire message with the sender’s private key. -Encrypting a hash code of the message with the sender’s private key. Direct Digital Signatures: Properties

10 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Direct DS Weaknesses [2]: Validity of the scheme depends on the security of the sender’s private key. - Example: If a sender later wishes to deny sending a particular message, s/he can claim that the private key was lost or stolen and that someone else forged the signature. Some private keys might actually be stolen from X at time T. -Example: An Opponent can then send a message signed with X’s signature and stamped with a time time before or equal to T. Direct Digital Signatures: Weaknesses

11 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Arbitrated DS Properties [2]: Overcomes the weaknesses of Direct Digital Signatures. Variety of arbitrated signature schemes, and Arbitrator plays a sensitive and critical role. Basic Algorithm [2]: Every signed message from Sender Sally to Receiver Robert goes first to Arbitrator Adam. Adam subjects the message and and its signature to a number of tests to check its origins and content. The message is then dated and sent to Robert with an indication that it has been verified to the satisfaction of the arbitrator. Arbitrated Digital Signatures: Properties

12 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Overview [2]: Chapter 5 briefly examined the use of mutual application protocols as a means of establishing identities and exchanging session keys between parties. The topic is revisited here in Chapter 10, as a means of exploring the wider implication of authentication. Authentication Protocols: Overview

13 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Requirements - must be able to verify that [3]: Message came from apparent source or author, Contents have not been altered Sometimes, the message was sent at a certain time or sequence. Protection against active attack (falsification of data and transactions) [3] Authentication Requirements

14 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Security Concerns [2]: Central to the problem of authenticated key exchange are two issues: Confidentiality and Timeliness to provide confidentiality must encrypt identification and session key info. Security Concerns

15 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Confidentiality [2] : To prevent masquerade and to prevent compromise of session keys, essential identification and session key information must be communicated in encrypted form. This requires the prior existence of secret or public keys that can be used for this purpose. Confidentiality

16 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Timeliness [2] : Treat of message replays. At worst, replays could allow an opponent to compromise a session key or successfully impersonate another party. At minimum, a successful replay can disrupt operations by presenting parties with messages that appear genuine but are not. Examples of Replay Messages[2] : Simple Replay Repetition that can be logged Repetition that cannot be detected Backward replay without modification Timeliness

17 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Examples of Replay Messages [2] : Simple Replay Repetition that can be logged Repetition that cannot be detected Backward replay without modification Countermeasures [2] : Timestamps -Party A accepts a message as fresh only if the message contains a timestamp that is close enough to A’s knowledge of current time. -Requires that clocks among the various participants be synchronized. Challenge-Response -Party A, expecting a message from Party B, first sends B a nonce (challenge) and requires that the subsequent message (response) received from B contain the correct nonce value. Replay Attacks

18 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Conventional Encryption Approaches [2] : Two-level hierarchy of conventional encryption keys can be used to provide confidentiality in a distributed environment. Involves a trusted key distribution center (KDC) Example: Needham and Schroeder Public-Key Encryption Approaches [2] : Authentication server AS) provides public-key certificates. Session key is chosen and encrypted by A -Hence, there is no risk of exposure to the AS. -Timestamps protect against replays of compromised keys. Conventional and Public-Key Encryption Approaches

19 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Overview [2] : FIPS PUB 186 published by NIST. Modeled on SHA-1 (Secure Hash Algorithm). Designed to provide only the digital signature function. Cannot be used for encryption of secure key exchange Digital Signature Standard

20 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only RSA [2] : The message to be signed is used as the input into a hash function that produces a secure hash code of fixed length. Hash code is then encrypted using the sender’s private key to form the signature. Both the message and the signature are then transmitted. Recipient produces a hash code, and decrypts the signature using the sender's public-key. If the calculated hash code matches the decrypted signature, the signature is accepted as valid. Because only the sender knows the private key, only the sender could have produced a valid signature. RSA versus DSS (1)

21 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only DSS [2] : Hash code is produced as input to a signature function along with a random number k generated for this particular signature. Result is a signature consisting of two components, label s and r. At the receiving end, the hash code of the incoming message is generated. The hash code, along with the signature, is input to a verification function. The output of the verification program is a value that is equal to the signature component r if the signature is valid. Signature is such that only the sender, with knowledge of the private key, could have produced the valid signature. RSA versus DSS (2)

22 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only [1] Pfleeger, Charles. Security In Computing, Prentice Hall, Chapter 3-4. [2] Stallings, William. Cryptography and Network Security, Prentice Hall, Chapter 10 [3] Johnson, Hedric. Public Key Encryption and Message Authentication, Blekinge Institute of Technology Resources

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.