Presentation is loading. Please wait.

Presentation is loading. Please wait.

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13

Published byAraceli Lockwood Modified over 10 years ago

Similar presentations

Presentation on theme: "DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13"— Presentation transcript:

1 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13
Digital Signature Standard

2 AUTHENTICATION vs SIGNATURE
A  B protects against{C} Signature sign protects against{A,C}

3 SIGNATURE CHARACTERISTICS
Author Verifiable Date Authenticate by Time Contents Third Party

4 SIGNATURE TYPES Direct X  Y weakness: security of private key
Arbitrated + date X  A  Y

5 ARBITRATED DIGITAL SIGNATURE TECHNIQUES

6 Table 13.1: Scheme (a) Arbiter Sees Message
Conventional Encryption: After X  A  Y Dispute between X and Y Y  A: EKay[IDx||M||EKax[IDx||H(M)]]

7 Table 13.1: Scheme (b) Arbiter Does Not See Message
Conventional Encryption: Arbiter : neither can read message Eavesdropper

8 Table 13.1: Scheme (c) Arbiter Does Not See Message
Public-Key (double) Encryption: advantages: 1. No information shared before communication 2. if KRx compromised date is still correct 3. message secret from Arbiter and Eavesdropper

9 REPLAY ATTACKS E m  Simple Replay: X m E m
Logged Replay: X m||T t E m||T0 (< T0 later) i m Undetected Replay:X m e E m  Backward Replay: X m X m E

10 TIMESTAMP m||T X Y synchronized clocks

11 CHALLENGE/RESPONSE Use NONCE: N X Y m||N handshake required

12 ATTACK ON Fig 7.9 Eavesdropper gets Old Ks: Replay Step 3
Intercept Step 4 Impersonate Step 5 Bogus Messages  Y

13 SOLUTION: TIMESTAMP A IDA||IDB KDC
2. KDC EKA[ KS||IDB||T||EKB[KS||IDA||T] ] A 3. A EKB[KS||IDA||T] B 4. B EKS[N1] A 5. A EKS[f(N1)] B

14 CLOCK ATTACKS To counteract: Suppress – Replay attacks:
1. Check clocks regularly use KDC clock 2. Handshaking via Nonce

15 AN IMPROVED PROTOCOL over Fig 7.9
To counteract suppress-replay attacks: A IDA|| NA B B IDB||NB||EKB[IDA||NA||TB] KDC KDC EKA[IDB||NA||KS||TB]||EKB[IDA||KS||TB]||NB A A EKB[IDA||KS||TB]||EKS[NB] B No clock synch. TB only checked by B

16 AUTHENTICATION SERVER
- no secret key distribution (public key) A IDA||IDB AS AS EKRAS[IDA||KUA||T]||EKRAS[IDB||KUB||T] A 3. A EKRAS[IDA||KUA||T]||EKRAS[IDB||KUB||T]||EKUB[EKRA[KS||T]] B Problem: Clock Synch.

17 ALTERNATIVE NONCE PROTOCOL
1. A IDA||IDB KDC 2. KDC EKRauth[IDB||KUB] A 3. A EKUB[NA||IDA] B 4. B IDB||IDA||EKUauth[NA] KDC 5. KDC EKRauth[IDA||KUA]||EKUB[EKRauth[NA||KS||IDA||IDB]] B 6. B EKUA[EKRauth[NA||KS||IDA||IDB]||NB] A 7. A EKS[NB] B

18 ONE-WAY AUTHENTICATION
(e.g. ) Encrypt Message Authenticate Sender

19 SYMMETRIC-KEY (one-way auth.)
A IDA||IDB||N KDC KDC EKA[KS||IDB||N1||EKB[KS||IDA]] A 3. A EKB[KS,IDA]||EKS[M] B

20 PUBLIC-KEY (one-way auth.)
Use Figs 11.1b,c, and d or A EKUB[KS]||EKS[M] B A M||EKRA[H(M)] B

21 PUBLIC-KEY (one-way auth.)
Send A’s public key to B A M||EKRA[H(M)]||EKRAS[T||IDA||KUA] B

22 DSS : USES SHA-1 Signature YES Encryption NO Key-Exchange NO

23 DSS : USES SHA-1

24 precompute gk mod p, k-1 mod q
DISCRETE LOG p,q,g – global public keys x user private key y user public key k user per-message secret number r = (gk mod p) mod q s = [k-1(H(M) + xr)] mod q Signature = (r,s) precompute gk mod p, k-1 mod q

25 VERIFY w = (s’)-1 mod q u1 = [H(M’)w] mod q u2 = (r’)w mod q v = [(gu1.yu2) mod p] mod q where y = gx mod p v = r’ ? y = gx is one-way: x  y YES y  x NO

26 DIGITAL SIGNATURE ALGORITHM

27 DSS SIGNING AND VERIFYING

Download ppt "DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13"

Similar presentations

The Diffie-Hellman Algorithm

The Diffie-Hellman Algorithm
AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
SCSC 455 Computer Security

SCSC 455 Computer Security
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Computer Science&Technology School of Shandong University Instructor: Hou Mengbo Email: houmb AT sdu.edu.cn Office: Information Security Research Group.

Computer Science&Technology School of Shandong University Instructor: Hou Mengbo houmb AT sdu.edu.cn Office: Information Security Research Group.
Cryptography and Network Security

Cryptography and Network Security
AUTHENTICATION APPLICATIONS - Chapter 14 Kerberos X.509 Directory Authentication (S/MIME)

AUTHENTICATION APPLICATIONS - Chapter 14 Kerberos X.509 Directory Authentication (S/MIME)
Authentication & Kerberos

Authentication & Kerberos
Cryptography and Network Security Chapter 15 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

Similar presentations

Ads by Google