Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bishop: Chapter 10 Key Management: Digital Signature

Published byJocelin Holland Modified over 5 years ago

Similar presentations

Presentation on theme: "Bishop: Chapter 10 Key Management: Digital Signature"— Presentation transcript:

1 Bishop: Chapter 10 Key Management: Digital Signature
csci5233 Computer Security

2 csci5233 Computer Security
Topics Key exchange Session vs interchange keys Classical vs public key methods Key generation Cryptographic key infrastructure Certificates Key storage Key escrow Key revocation Digital signatures csci5233 Computer Security

3 csci5233 Computer Security
Digital Signature Construct that authenticated origin and contents of message in a manner provable to a disinterested third party (“judge”) Sender cannot deny having sent message (service is “nonrepudiation”) Limited to technical proofs Inability to deny one’s cryptographic key was used to sign One could claim the cryptographic key was stolen or compromised Legal proofs, etc., probably required; not dealt with here csci5233 Computer Security

4 csci5233 Computer Security
Common Error Classical: Alice, Bob share key k Alice sends m || { m }k to Bob This is a digital signature. (?) WRONG!! This is not a digital signature. Why? Third party cannot determine whether Alice or Bob generated the message. csci5233 Computer Security

5 Classical Digital Signatures
Require trusted third party Alice, Bob each share keys with trusted party Cathy To resolve dispute, judge gets { m }kAlice, { m }kBob, and has Cathy decipher them; if messages matched, contract was signed. Question: Otherwise, who had cheated? { m }kAlice Alice Bob { m }kAlice Bob Cathy { m }kBob Cathy Bob csci5233 Computer Security

6 Public Key Digital Signatures
Alice’s keys are dAlice, eAlice Alice sends Bob m || { m }dAlice In case of dispute, judge computes { { m }dAlice }eAlice and if it is m, Alice signed message She’s the only one who knows dAlice! csci5233 Computer Security

7 RSA Digital Signatures
Use private key to encipher message Protocol for use is critical Key points: Never sign random documents, and when signing, always sign hash and never document Mathematical properties can be turned against signer Sign message first, then encipher Changing public keys causes forgery csci5233 Computer Security

8 csci5233 Computer Security
Attack #1 Example: Alice, Bob communicating nA = 95, eA = 59, dA = 11 nB = 77, eB = 53, dB = 17 26 contracts, numbered 00 to 25 Alice has Bob sign 05 and 17: c = mdB mod nB = 0517 mod 77 = 3 c = mdB mod nB = 1717 mod 77 = 19 Alice computes 0517 mod 77 = 08; corresponding signature is 0319 mod 77 = 57; claims Bob signed 08 Judge computes ceB mod nB = 5753 mod 77 = 08 Signature validated; Bob is toast csci5233 Computer Security

9 Attack #2: Bob’s Revenge
Bob, Alice agree to sign contract 06 Alice enciphers, then signs: (meB mod 77)dA mod nA = (0653 mod 77)11 mod 95 = 63 Bob now changes his public key Computes r such that 13r mod 77 = 6; say, r = 59 Computes r eB mod (nB) = 5953 mod 60 = 7 Replace public key eB with 7, private key dB = 43 Bob claims contract was 13. Judge computes: (6359 mod 95)43 mod 77 = 13 Verified; now Alice is toast csci5233 Computer Security

10 El Gamal Digital Signature
Relies on discrete log problem Choose p prime, g, d < p; compute y = gd mod p Public key: (y, g, p); private key: d To sign contract m: Choose k relatively prime to p–1, and not yet used (Note: 0 < k < p-1) Compute a = gk mod p Find b such that m = (da + kb) mod p–1 Signature is (a, b) To validate, check that yaab mod p = gm mod p csci5233 Computer Security

11 csci5233 Computer Security
Example Alice chooses p = 29, g = 3, d = 6 y = 36 mod 29 = 4 Alice wants to send Bob signed contract 23 Chooses k = 5 (relatively prime to 28 and 0<k<28) This gives a = gk mod p = 35 mod 29 = 11 Then solving 23 = (611 + 5b) mod 28 gives b = 25 Alice sends message 23 and signature (11, 25) Bob verifies signature: gm mod p = 323 mod 29 = 8 and yaab mod p = mod 29 = 8 They match, so Alice signed csci5233 Computer Security

12 Attack Eve learns k, corresponding message m, and signature (a, b)
Extended Euclidean Algorithm gives d, the private key Example from above: Eve learned Alice signed last message with k = 5 m = (da + kb) mod p–1 = (11d + 525) mod 28 so Alice’s private key is d = 6 csci5233 Computer Security

13 Key Points of Ch. 10 (Bishop)
Key management critical to effective use of cryptosystems Different levels of keys (session vs. interchange) Keys need infrastructure to identify holders, allow revoking Digital certificates Key escrowing complicates infrastructure Digital signatures provide integrity of origin and content Much easier with public key cryptosystems than with classical cryptosystems csci5233 Computer Security

14 csci5233 Computer Security
Next Bishop, Chapter 11: Cipher techniques csci5233 Computer Security

Download ppt "Bishop: Chapter 10 Key Management: Digital Signature"

Similar presentations

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Public Key Cryptosystem

Public Key Cryptosystem
Courtesy of Professors Chris Clifton & Matt Bishop INFSCI 2935: Introduction of Computer Security1 October 9, 2003 Introduction to Computer Security Lecture.

Courtesy of Professors Chris Clifton & Matt Bishop INFSCI 2935: Introduction of Computer Security1 October 9, 2003 Introduction to Computer Security Lecture.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Certificates.

Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Certificates.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
Attacks on Digital Signature Algorithm: RSA

Attacks on Digital Signature Algorithm: RSA
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #9-1 Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #9-1 Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic.
1 Digital Signatures CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 12, 2004.

1 Digital Signatures CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 12, 2004.
Chapter 9: Key Management

Chapter 9: Key Management
Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)

Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)
RSA Exponentiation cipher

RSA Exponentiation cipher
Slide #9-1 Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures.

Slide #9-1 Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.

13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.
Chapter 13 Digital Signature

Chapter 13 Digital Signature
Csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature.

Csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature.
Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall 2011 1.

Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Storage & Revoking.

Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Storage & Revoking.

Similar presentations

Ads by Google