Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Information System Security AABFS-Jordan Summer 2006 Digital Signature and Hashing Functions Prepared by: Maher Abu Hamdeh & Adel Hamdan Supervised by:

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Information System Security AABFS-Jordan Summer 2006 Digital Signature and Hashing Functions Prepared by: Maher Abu Hamdeh & Adel Hamdan Supervised by:"— Presentation transcript:

1 1 Information System Security AABFS-Jordan Summer 2006 Digital Signature and Hashing Functions Prepared by: Maher Abu Hamdeh & Adel Hamdan Supervised by: Dr. Lo’ai Tawallbeh

2 2 Digital signature and Hashing 11.1 Message authentication 11.2 Hash function 11.3 Message Authentication Code MAC 12.1 Secure hash algorithm –SHA-512 13.1 Digital signature –Direct digital signature –Arbitrated digital signature 13.3 Digital signature standard DSS

3 3 Message authentication (ch11) Message authentication is a mechanism or service used to verify the integrity of a message. Message authentication assures that data received exactly as sent. The two most common cryptography techniques for message authentication are a message authentication code (MAC) and a secure hash function. A hash function maps a variable-length message into a fixed hash value, or message digest. For message authentication, a secure hash function must be combined in some fashion with a secret key.

4 4 Hash Functions (ch11) A hash function accepts a variable-size message M as input and produces a fixed- size output, referred to as a hash code. Unlike MAC, a hash code does not use a key but a function only of the input message. The hash code is also referred to as a message digest or hash value.

5 5 Hash Functions & Digital Signatures (ch11) Only the hash code is encrypted, using public key encryption and using the sender’s private key. This provide authentication. It also provides a digital signature, because only the sender could have produced the encrypted hash code. In fact, this is the essence of the digital signature technique turns variable-length message M into fixed-size block H(M) produces “fingerprint” of a file, “message digest” hash function is “one way”, does not use secret key various uses, e.g., integrity, digital signature

6 6 Hash function (ch11) The hash function takes an input message and partitions it into L fixed-sized blocks of b bits each. If necessary, the final block is padded to b bits. The final block also includes the value of the total length of the input to the hash function. The hash algorithm involves repeated use of a compression function, f, that takes two inputs( an n-bit input from the previous step, called the chaining variable, and a b-bit block) and produces an n-bit output. At the start of hashing, the chaining variable has an initial value that is specified as part of the algorithm

7 7 11.3 Message Authentication Code MAC Use of secret key to generate a small fixed size block of data, known as a cryptographic checksum or MAC that is appended to the message. This technique assumes that the two communicating parties, say A and B, share a common secret key K. When A has a message to send to B, it calculates the MAC as a function of the message and the key, where the message plus MAC are transmitted to the intended recipient. The recipient performs the same calculation on the received message, using the same secret key, to generate a new MAC. The received MAC is compared to the calculated MAC.

8 8 Message Authentication Code MAC=C(K,M) M: input message C: MAC Functionn K: shared secret key MAC: Message Authentication Code

9 9 12.1 secure hash algorithm SHA The Secure Hash Algorithm (SHA) was developed by the national institute of standards and technology (NIST) SHA- 512 logic –The algorithm takes as input a message with a maximum length of less than 2 128 bits and produces as output a 512-bit message digest. –The input is processed in 1024-bit blocks

10 10 12.1 secure hash algorithm SHA Table 12.1. Comparison of SHA Parameters SHA-1SHA-256SHA-384SHA-512 Message digest size160256384512 Message size<2 64 <2 128 Block size512 1024 Word size32 64 Number of steps806480

11 11 SHA-512 Overview 1.pad message so its length is 896 mod 1024 2.A block of 128 bits is appended to the message. This block is treated as an unsigned 128-bit integer (most significant byte first) and contain the length of the original message (before the padding) 3.initialize 512-bit buffer (see textbook for values) Intermediate hash value a = 6A09E667F3BCC908 b = BB67AE8584CAA73B c = 3C6EF372FE94F82B c = A54FF53A5F1D36F1 e = 510E527FADE682D1 f = 9B05688C2B3E6C1F g = 1F83D9ABFB41BD6B h = 5BE0CDI9137E2179 These values are stored in big-endian format, which is the most significant byte of a word in the low address byte position.

12 12 SHA-512 Overview 4- process message in 1024-bit blocks (128-word): –The heart of the algorithm is a module that consists of 80 rounds –Each round takes as input the 512-bit buffer value abcefgh, and updates the content of the buffer –At input to the first round, the buffer has the value of the intermediate hash value, H i-1 –expand 1024-bit block into 80 round, 64-bit blocks by mixing & shifting –use 80 rounds of 64-bit operations on message block & buffer –add output to input to form new buffer value 5- output hash value is the final buffer value

13 13 SHA-512 Overview

14 14 SHA-512 Compression Function

15 15 SHA-512 Single Round see textbook for details

16 16

17 17 13.1 Digital Signatures A digital signature is an authentication mechanism that enables the creator of a message to attach a code that acts as a signature. The signature is formed by taking the hash of the message and encrypting the message with the creator’s private key. The signature guarantees the source and integrity of the message

18 18 Direct Digital Signatures The direct digital signature involve only sender & receiver (source & destination) It is assumed that receiver has sender’s public- key digital signature may be formed by encrypting the entire message with the sender’s private key. or by encrypting a hash code of the message with the sender’s private key. security depends on sender’s private-key

19 19 Direct Digital Signatures

20 20 Direct Digital Signatures Weakness –The validity of the scheme depends on the security of the sender’s private key. If a sender later wishes to deny sending a particular message, the sender can claim that the private key lost or stolen. –Another threat is that some private key might actually be stolen from X at time T. the opponent can then send a message signed with X’s signature and stamped with a time before or equal to T.

21 21 Arbitrated Digital Signatures The problem associated with direct digital signature can be addressed by using an arbiter. Every signed message from a sender X to a receiver Y goes first to an arbiter A. who subjects the message and its signature to a number of tests to check its origin and content. The message is then dated and sent to Y with an indication that it has been verified to the satisfaction of the arbiter. The presence of A solves the problem faced by direct signature schemes: that X might disown the message requires suitable level of trust in arbiter can be implemented with either private or public-key algorithms arbiter may or may not see message

22 22 Arbitrated Digital Signatures Conventional encryption (table13.1) X  A : M || E ( K xa,[ ID x || H (M) ] ) A  Y : E( K ay,[ ID x || M || E (K xa,[ ID x ||H(M))] ) || T ]) –It is assumed that the sender X and the arbiter A share a secret key K xa and that A and Y share secret key K ay. X constructs a message M and computes its hash value H(m). Then X transmits the message plus a signature to A. the signature consists of an identifier ID x of X plus the hash value, all encrypted using K xa. –A decrypts the signature and checks the hash value to validate the message. Then A transmits a message to Y, encrypted with K ay. The message includes ID x, the original message from X, the signature, and a timestamp. –Arbiter sees message –Problem : the arbiter could form an alliance with sender to deny a signed message, or with the receiver to forge the sender’s signature.

23 23 Arbitrated Digital Signatures Public Key encryption (table 13.1) X  A : ID x ||E( PR x,[ ID x || E ( PU y, E( PR x, M))]) A  Y : E( PR a, [ ID x ||E (PU y, E (PR x, M))|| T] ) –X double encrypts a message M first with X’s private key,PR x, and then with Y’s public key,PU y. This is a signed, secret version of the message. This signed message, together with X’s identifier, is encrypted again with PR x and, together with ID x, is sent t A. the inner, double encrypted message is secure from the arbiter ( and everyone else except Y) –A can decrypt the outer encryption to assure that the message must have come from X( because only X has PR x ). Then A transmits a message to Y, encrypted with PR a. The message includes ID x, the double encrypted message, and a timestamp. –Arbiter does not see message

24 24 13.3 Digital signature standard DSS The DSS makes use of the secure hash algorithm (SHA). The DSS uses an algorithm that is designed to provide only the digital signature function. –RSA approach –DSS approach

25 25 RSA Approach...

26 26 RSA Approach The message to be signed is input to a hash function that produce a secure hash code of fixed length. This hash code is then encrypted using the sender’s private key to form the signature Both the message and the signature are then transmitted. The recipient takes the message and produces a hash code. If the calculated hash code matches the decrypted signature, the signature is accepted as valid.

27 27 DSS Approach PR a sender’s private key PU G global public key Signing r= (g k mod p) mod q s= [k -1 (H(M) + xr)] mod q Signature = (r, s) See algorithm 3 page 391

28 28 DSS Approach The DSS approach make use of a hash function. The hash code is provided as input to a signature function along with a random number k generated for this particular signature. The signature function also depends on the sender’s private key (PR a ) and a set of parameters known to a group of communicating principals. We can consider this set to constitute a global public key (Pu G ). have shared global public key values (p,q,g): The result is a signature consisting of two components, labeled s and r.

29 29 DSS Approach At the receiving end, the hash code of the incoming message is generated. This plus the signature is input to a verification function. The verification function also depends on the global public key as well the sender’s public key (PU a ), which is paired with sender’s private key. The output of the verification function is a value that is equal to the signature component r if the signature is valid

30 30 DSA Key Generation Global public key component: have shared global public key values (p,q,g): –p prime number where 2 L-1 < P < 2 L where L= 512 to 1024 bits and is a multiple of 64 –q prime divisor of p-1 where 2 159 < q < 2 160 –g = h (p-1) /q mod p where h is any integer with 1 < h < (p-1) Such that h (p-1)/q mod p > 1

31 31 DSA Signature Verification having received M & signature (r,s) to verify a signature, recipient computes: w = s’ -1 (mod q) u1= [H(M’).w]mod q u2= (r’.w)mod q v = [g u1.y u2 (mod p)] mod q if v=r then signature is verified see book web site for details.

Download ppt "1 Information System Security AABFS-Jordan Summer 2006 Digital Signature and Hashing Functions Prepared by: Maher Abu Hamdeh & Adel Hamdan Supervised by:"

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
Cryptography and Network Security

Cryptography and Network Security
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
CSE331: Introduction to Networks and Security Lecture 21 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 21 Fall 2002.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Information Security and Management 11

Information Security and Management 11
Digital Signature Algorithm (DSA) Kenan Gençol presented in the course BIL617 Cryptology instructed by Asst.Prof.Dr. Nuray AT Department of Computer Engineering,

Digital Signature Algorithm (DSA) Kenan Gençol presented in the course BIL617 Cryptology instructed by Asst.Prof.Dr. Nuray AT Department of Computer Engineering,
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)

Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)
Lecture 13 Message Signing

Lecture 13 Message Signing
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

Similar presentations

Ads by Google