Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Slides:



Advertisements
Similar presentations
Key Management Nick Feamster CS 6262 Spring 2009.
Advertisements

Cryptography and Network Security Chapter 14
Unit 1: Protection and Security for Grid Computing.
Lecture 12 Overview.
Public Key Algorithms …….. RAIT M. Chatterjee.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.
Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.
Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Chapter3 Public-Key Cryptography and Message Authentication.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
Diffie-Hellman Key Exchange
Cryptography and Network Security Chapter 13
Computer Science Public Key Management Lecture 5.
Introduction to Public Key Cryptography
Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Chapter 5 Digital Signatures MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture 10 Overview. Key Management public-key encryption helps address key distribution problems have two aspects of this: – distribution of public keys.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Key Management and Diffie- Hellman Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 12/3/2009 INCS 741: Cryptography 12/3/20091Dr. Monther.
Applied Cryptography (Public Key) RSA. Public Key Cryptography Every Egyptian received two names, which were known respectively as the true name and the.
Information Security Principles & Applications
Cyrtographic Security Identity-based Encryption 1Dennis Kafura – CS5204 – Operating Systems.
Private-Key Cryptography  traditional private/secret/single key cryptography uses one key  shared by both sender and receiver  if this key is disclosed.
Cryptography and Network Security (CS435) Part Eight (Key Management)
Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Computer and Network Security Rabie A. Ramadan Lecture 6.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Lecture 8 Overview. Secure Hash Algorithm (SHA) SHA SHA SHA – SHA-224, SHA-256, SHA-384, SHA-512 SHA-1 A message composed of b bits.
Cryptography and Network Security Chapter 10
Cryptography and Network Security Key Management and Other Public Key Cryptosystems.
Scott CH Huang COM 5336 Lecture 7 Other Public-Key Cryptosystems Scott CH Huang COM 5336 Cryptography Lecture 7.
ECE509 Cyber Security : Concept, Theory, and Practice Key Management Spring 2014.
Chapter 3 – Public Key Cryptography and RSA (A). Private-Key Cryptography traditional private/secret/single-key cryptography uses one key shared by both.
Computer Science and Engineering Computer System Security CSE 5339/7339 Lecture 14 October 5, 2004.
1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,
Cryptography and Network Security Chapter 14
Protocol Analysis. CSCE Farkas 2 Cryptographic Protocols Two or more parties Communication over insecure network Cryptography used to achieve goal.
Computer Science and Engineering Computer System Security CSE 5339/7339 Lecture 11 September 23, 2004.
Key Management Network Systems Security Mort Anvari.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Fall 2006CS 395: Computer Security1 Key Management.
1 Chapter 3-3 Key Distribution. 2 Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution.
CIM3681: PKI 02 - Key Management1 Key Management Ch 10 of Cryptography and Network Security Third Edition by William Stallings Modified from lecture slides.
Diffie-Hellman Key Exchange first public-key type scheme proposed by Diffie & Hellman in 1976 along with the exposition of public key concepts – note:
Lecture 14 Public Key Cryptography and RSA. Summary principles of public-key cryptography principles of public-key cryptography RSA algorithm, implementation,
Key Management public-key encryption helps address key distribution problems have two aspects of this: – distribution of public keys – use of public-key.
Cryptography and Network Security Chapter 13
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Information Security Lab. Dept. of Computer Engineering 251/ 278 PART II Asymmetric Ciphers Key Management; Other CHAPTER 10 Key Management; Other Public.
CSCE 715: Network Systems Security
Chapter 10 – Key Management; Other Public Key Cryptosystems
Chapter 10: Key Management (Again) and other Public Key Systems
Key Management Network Systems Security
CSCE 715: Network Systems Security
CSCE 715: Network Systems Security
CSCE 715: Network Systems Security
Presentation transcript:

Lecture 9 Overview

Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature Authentic: A signature is produced only by the signer deliberately signing the document

Digital Signature Properties Non-Alterable: A signed document cannot be altered without invalidating the signature Non-Reusable: A signature from one document cannot be moved to another document Signatures can be validated by other users – the signer cannot reasonably claim that he/she did not sign a document bearing his/her signature CS 450/650 Lecture 9: Digital Signatures 3

Digital Signature Using RSA The RSA public-key cryptosystem can be used to create a digital signature for a message m – Asymmetric Cryptographic techniques are well suited for creating digital signatures The signer must have an RSA public/private key pair – c = M e mod n – M = c d mod n CS 450/650 Lecture 9: Digital Signatures 4

Signature Generation (Signer) Message SignaturePrivate Key Redundancy Function Formatted Message Encrypt CS 450/650 Lecture 9: Digital Signatures 5

Signature Verification Message Signature Public Key Verify Formatted Message Decrypt CS 450/650 Lecture 9: Digital Signatures 6

Redundancy Function The choice of a poor redundancy function can make RSA vulnerable to forgery A good redundancy function should make forging signatures much harder CS 450/650 Lecture 9: Digital Signatures 7

Example generate signature S – d = 53 – e = 413 – n = 629 – m = 7 – Assume that R(X) = XX S = R(m) e mod n – S = mod 629 = 25 CS 450/650 Lecture 9: Digital Signatures 8

Example verify signature with message recovery – Public key (e) = 413 – n = 629 – S = 25 R(m) = S e mod n – R(m) = mod 629 = 77 The verifier then checks that R(m) is of the form XX for some message X – m = R -1 (m) = 7 CS 450/650 Lecture 9: Digital Signatures 9

Forging signature (revisited) Choose a random number between 0 and n-1 for S – S = 323 Use the signer’s public key to decrypt S – R(m) = mod 629 = 85 However, 85 is not a legal value for R(m) – so S = 323 is not a valid signature CS 450/650 Lecture 9: Digital Signatures 10

Privacy Signature provides only authenticity. How can we provide privacy in addition? CS 450/650 Lecture 9: Digital Signatures 11

Getting a Message Digest from a document Hash Message Digest CS 450/650 Lecture 9: Digital Signatures 12

Generating Signature Message Digest Signature Encrypt using private key CS 450/650 Lecture 9: Digital Signatures 13

Appending Signature to document Append Signature CS 450/650 Lecture 9: Digital Signatures 14

Verifying Signature Hash Decrypt using public key Message Digest Message Digest CS 450/650 Lecture 9: Digital Signatures 15

Lecture 10 Key Exchange CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Lawrie Brown

Key Management public-key encryption helps address key distribution problems have two aspects of this: – distribution of public keys – use of public-key encryption to distribute secret keys CS 450/650 Lecture 10: Key Exchange 17

Distribution of Public Keys can be considered as using one of: – public announcement – publicly available directory – public-key authority – public-key certificates CS 450/650 Lecture 10: Key Exchange 18

Public Announcement users distribute public keys to recipients or broadcast to community at large – eg. append PGP keys to messages or post to news groups or list major weakness is forgery – anyone can create a key claiming to be someone else and broadcast it – until forgery is discovered attacker can masquerade as claimed user CS 450/650 Lecture 10: Key Exchange 19

Publicly Available Directory can obtain greater security by registering keys with a public directory directory must be trusted with properties: – contains {name, public-key} entries – participants register securely with directory – participants can replace key at any time – directory is periodically published – directory can be accessed electronically still vulnerable to tampering or forgery CS 450/650 Lecture 10: Key Exchange 20

Public-Key Authority improve security by tightening control over distribution of keys from directory has properties of directory requires users to know public key for the directory users interact with directory to obtain any desired public key securely requires real-time access to directory when keys are needed CS 450/650 Lecture 10: Key Exchange 21

Public-Key Authority CS 450/650 Lecture 10: Key Exchange 22

Public-Key Certificates certificates allow key exchange without real- time access to public-key authority a certificate binds identity to public key – usually with other info such as period of validity, rights of use all contents signed by a trusted Public-Key or Certificate Authority (CA) can be verified by anyone who knows the public-key authority’s public-key CS 450/650 Lecture 10: Key Exchange 23

Public-Key Certificates CS 450/650 Lecture 10: Key Exchange 24

Distribution of Secret Keys use previous methods to obtain public-key can use for secrecy or authentication public-key algorithms are slow usually prefer to use private-key encryption to protect message contents hence need a session key have several alternatives for negotiating a suitable session CS 450/650 Lecture 10: Key Exchange 25

Simple Secret Key Distribution proposed by Merkle in 1979 – A generates a new temporary public key pair – A sends B the public key and the identity – B generates a session key K sends it to A encrypted using the supplied public key – A decrypts the session key and both use Man in the middle attack: – an opponent can intercept and impersonate both halves of protocol CS 450/650 Lecture 10: Key Exchange 26

Public-Key Distribution of Secret Keys if have securely exchanged public-keys: CS 450/650 Lecture 10: Key Exchange 27

Diffie-Hellman Key Exchange

public-key type scheme – proposed in 1976 – note: now know that Williamson (UK CESG) secretly proposed the concept in 1970 A practical method for public exchange of a secret key Used in a number of commercial products CS 450/650 Lecture 10: Diffie-Hellman Key Exchange 29

Diffie-Hellman Key Exchange public-key distribution scheme – cannot be used to exchange an arbitrary message – rather it can establish a common key – known only to the two participants based on exponentiation in a finite field – modulo a prime or a polynomial security relies on the difficulty of computing discrete logarithms CS 450/650 Lecture 10: Diffie-Hellman Key Exchange 30

Diffie-Hellman Setup all users agree on global parameters: – large prime integer or polynomial p – g = primitive root mod p for every integer a that has gcd(a, p) = 1, there is an integer k such that g k ≡ a (mod p) each user generates their key – chooses a secret key (number): a < p – compute their public key: A = g a mod p CS 450/650 Lecture 10: Diffie-Hellman Key Exchange 31

Diffie-Hellman Key Exchange shared session key for users is K AB : – K AB = g ab mod p = A b mod p (which B can compute) = B a mod p (which A can compute) g can be small – 2 or 5 is common a, b, p should be large attacker needs a or b to obtain the session key – must solve discrete log CS 450/650 Lecture 10: Diffie-Hellman Key Exchange 32

Diffie-Hellman Example users Alice & Bob who wish to swap keys – agree on prime p=353 and g=3 select random secret keys: – A chooses a=97, B chooses b=233 compute respective public keys: – A=3 97 mod 353 = 40(Alice) – B=3 233 mod 353 = 248(Bob) compute shared session key as: – K AB = B a mod 353 = = 160(Alice) – K AB = A b mod 353 = = 160(Bob) CS 450/650 Lecture 10: Diffie-Hellman Key Exchange 33

Key Exchange Protocols users could create random Diffie-Hellman keys each time they communicate users could create a known Diffie-Hellman key and publish in a directory, then consulted and used to securely communicate with them both of these are vulnerable to a man-in-the- middle attack – authentication of the keys is needed CS 450/650 Lecture 10: Diffie-Hellman Key Exchange 34