Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

Published byGrant Moore Modified over 8 years ago

Similar presentations

Presentation on theme: "Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department."— Presentation transcript:

1 Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department

2 Digital Signature

3 What is a Digital Signature?  A digital signature is an electronic means of authenticating an online identity.  Digital signature can be used in all electronic communications.  It is an electronic stamp or seal that append to the document. A digital signature can:  Authenticate the identity of the sender of a message or signer of a document.  Ensure the document being unchanged during transmission.  Be automatically time-stamped.

4 Properties of Signatures  Similar to handwritten signatures, digital signatures must fulfill the following:  Must not be forgeable  Recipients must be able to verify them  Signers must not be able to repudiate them later  In addition, digital signatures cannot be constant and must be a function of the entire document it signs.

5 Types of Signatures  Direct digital signature: involves only the communicating parties.  Assumed that receiver knows public key of sender. Signature may be formed by: 1. Encrypting entire message with sender’s private key or 2. Encrypting hash code of message with sender’s private key.  Further encryption of entire message + signature with receiver’s public key or shared private key ensures confidentiality.

6 Types of Signatures  Arbitrated digital signature: involves a trusted third party or arbiter.  Every signed message from sender, X, to receiver, Y, goes to an arbiter, A, first.  A subjects message + signature to number of tests to check origin & content.  A dates the message and sends it to Y with indication that it has been verified to its satisfaction.

7 How digital Signature works? User A User B Use A’s private key to sign the document Transmit via the Internet User B received the document with signature attached Verify the signature by A’s public key stored at the directory

8 Elements of digital signatures 1. Basic functionality 2. Hash functions and hash results 3. Asymmetric encryption 4. Certification 5. User’s realisation

9

10 2. Hash functions and hash results:  Hash function: algorithm which creates a digital representation in the form of a hash result of a standard length which is usually much smaller than the message but substantially unique to it.  A hash function takes the message, and produces a fixed size (typically 64 to 512 bits) value dependent on the message.  Premises for hash functions:  Hash function has to be unique.  “One-way-property”

11 3. Asymmetric encryption:  Basic: a pair of keys, namely a private key and a public key.  Premises:  Private key has to be saved.  Public key can be accessible for everyone, but its owner’s identity has to be identifiable without problems to guarantee authentication (certificate).  Not possible to generate the Private key by knowing someone’s Public key.

12 4. Encryption: Proceeding  Generating message’s digest (hash result).  Using Public Key to encrypt hash result.  Result of the encryption: digital signature.  Sender sends:  message, digital signature and certificate to receiver.  Receiver wants to check:  Integrity  Generating hash result, compare it to the sender’s hash result and decrypting the message with the sender’s public key.  Authenticity  Can be checked by means of the certificate.

13 Encryption: Proceeding

14 Certification  Important for authenticity:  Receiver of a message has to be sure that the public key he uses really belongs to the sender. Solution: Certification Authority (CA)  Certificate: comparable with a digital identity card  Document that shows someone’s identity doubtless  Three - stepped infrastructure guarantees authenticity: 1.Sender 2.Certification Authority (CA) 3.Authority that controls CA

15 Realisation by user Important for security:  Private key has to be absolutely saved and only available for his user.  Technical premises:  Chip card and PIN  Encryption of the hash result algorithms.  Card reader.  Computer and corresponding software.

16 Basic Features of Digital Signature  Private key: sender uses the private key to sign the document.  Public key: recipient uses the public key to authenticate the document.  Message hash algorithm: perform a mathematical calculation on the document and generate a hash value unique to the message.  Encryption algorithm: accept the private key and a hash value to generate a digital signature or accept a public key and a digital signature to generate a hash value.

17

18 Digital Signature Procedure  A Digital Signature is the result of encrypting the Hash of the data to be exchanged.  Encryption is the process of encoding data and information into an unreadable form.  A Hash (or Message Digest) is the process of mathematically reducing a data stream down to a fixed length field.  Signature Process is opposite to Encryption Process  Private Key is used to Sign (encrypt) Data  Public Key is used to verify (decrypt) Signature

19 Message Encryption (User A sends message to User B) Public Key Directory Text User A User B’s Public Key Encryption Encrypted Text

20 Digital Signature Process Step 1. Hash (digest) the data using one of the supported Hashing algorithms, e.g., DSA, RSA. Step 2. Encrypt the hashed data using the sender’s private key. Step 3. Append the signature (and a copy of the sender’s public key) to the end of the data that was signed. Data Hash Encrypt Hash Digital Signature Private Step 1.Step 2. Step 3. Public

21 RSA Algorithm  RSA is an algorithm for public-key cryptography.  It requires the use of a public key and a private key. p, q: primes, n = pq, ed = 1 mod f (n), Signing: S = M d mod n Verification: M = S e mod n Where: e: public key, d: secret key, (factoring, n: 1024 bits) M: message

22  RSA is an algorithm for public-key cryptography.  It requires the use of a public key and a private key. The following steps illustrate the key generation algorithm for RSA:  Choose two large prime numbers namely p and q.  Compute the product of these two primes, n = p*q.  Also, compute the value of f (n) = (p-1)(q-1(.  Choose an integer e between 1 and f(n)  Finally, compute d whereby e * d mod f(n) =1 OR d = e-1 mod f(n)

23 Example: Perform encryption and decryption using RSA for the following: p=3, q=11, e=7, M=5. Solution:  First, we need to find the private key d We know that the following must hold: e * d mod f(n) =1 f(n) = (p - 1) (q - 1) = 2 * 10=20 p * q=33 7 * d mod 20 = 1 d = 3 Encryption : Decryption : S = M d mod n = 5^7 mod 33 = 78125 mod 33 = 14 M = S e mod n = 14 mod 33= 2744 mod 33 = 5

24 Signature Verification Process  Step 1. Hash the original data using the same hashing algorithm.  Step 2. Decrypt the digital signature using the sender’s public key. All digital signatures contain a copy of the signer’s public key.  Step 3. Compare the results of the hashing and the decryption. If the values match then the signature is verified. If the values do not match, then the data or signature was probably modified in transit. Data Hash Decrypt Hash Digital Signature Public Key Step 2. Step 3. Hash Step 1.

25 Example: Alice wants to send Bob a private message. A public is Alice’s public key. A private is Alice’s private key. B public is Bob’s public key. B private is Bob’s private key.

26 Hello Bob,Wanna get together? AliceBob encrypt using B public decrypt using B private

27 OK Alice, Your place or mine? AliceBob decrypt using A private encrypt using A public

28 Procedure:  Nobody can read the message from Alice, but anyone could produce it. How does Bob know that the message was really sent from Alice?  Bob may be comforted to know that only Alice can read his reply.  Alice can create a digital signature and prove she sent the message (or someone with knowledge of her private key).  The signature can be a message digest encrypted with A private.

29 Alice’s Signature  Alice feeds her original message through a hash function and encrypts the message digest with A private.  Bob can decrypt the message digest using A public.  Bob can compute the message digest himself.  If the 2 message digests are identical, Bob knows Alice sent the message.

30 AliceBob Sign with A private check signature using A public encrypt using B public decrypt using B private Revised Scheme

31 Cryptography  3 cryptographic algorithms:  Message-digest algorithms  Map variable-length plaintext to fixed-length ciphertext.  Secret-key algorithms  Use one single key to encrypt and decrypt.  Public-key algorithms  Use 2 different keys – public key and private key.

32 Keys  It is a variable value that is used by cryptographic algorithms to produce encrypted text, or decrypt encrypted text.  The larger the key the greater the number of potential combinations that can be created.  Decryption of the information requires the key. EncryptionDecryption Plaintext Ciphertext Key

33 Secret-key Encryption  Use a secret key to encrypt a message into ciphertext.  Use the same key to decrypt the ciphertext to the original message.  Requires you to know which computers will be communicating with each other so you can install the key in each one  Also called “Symmetric cryptography”. EncryptionDecryption Plaintext Ciphertext Secret Key

34 Secret Key How to? Encrypted Text Original Text + Secret key = Encrypted Text Original TextSecret key + = Encryption Decryption

35 Secret-Key Problem?  All keys need to be replaced, if one key is compromised.  Not practical for the Internet environment.  On the other hand, the encryption speed is fast.  Suitable to encrypt your personal data.

36 Public-key Encryption  Involves 2 distinct keys – public, private.  The private key is kept secret and never be divulged.  The public key is not secret and can be freely distributed, shared with anyone.  It is also called “asymmetric cryptography”.  100 to 1000 times slower than secret-key algorithms. EncryptionDecryption Plaintext Ciphertext Public KeyPrivate Key

37

38 Questions? ?

Download ppt "Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department."

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.

Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.
Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.

Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptographic Technologies

Cryptographic Technologies
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

Similar presentations

Ads by Google