lecture 9 overview. digital signature properties cs 450/650 lecture 9: digital signatures 2...

Lecture 9 Overview

Digital Signature Properties

CS 450/650 Lecture 9: Digital Signatures 2

• Unforgeable: Only the signer can produce his/her signature

• Authentic: A signature is produced only by the signer deliberately signing the document

Digital Signature Properties• Non-Alterable: A signed document cannot be

altered without invalidating the signature

• Non-Reusable: A signature from one document cannot be moved to another document

• Signatures can be validated by other users– the signer cannot reasonably claim that he/she did

not sign a document bearing his/her signature


Digital Signature Using RSA• The RSA public-key cryptosystem can be used

to create a digital signature for a message m– Asymmetric Cryptographic techniques are well

suited for creating digital signatures

• The signer must have an RSA public/private key pair– c = Me mod n– M = cd mod n


Signature Generation (Signer)

Message

SignaturePrivate Key

RedundancyFunction

Formatted Message

Encrypt


Signature Verification

Message

Signature

Public Key

Verify

Formatted Message

Decrypt


Redundancy Function• The choice of a poor redundancy function can

make RSA vulnerable to forgery

• A good redundancy function should make forging signatures much harder


Example• generate signature S– d = 53– e = 413– n = 629– m = 7– Assume that R(X) = XX

• S = R(m)e mod n – S = 7753 mod 629 = 25


Example• verify signature with message recovery– Public key (e) = 413– n = 629– S = 25

• R(m) = Se mod n – R(m) = 25413 mod 629 = 77

• The verifier then checks that R(m) is of the form XX for some message X– m = R-1(m) = 7


Forging signature (revisited)• Choose a random number between 0 and n-1

for S– S = 323

• Use the signer’s public key to decrypt S – R(m) = 323413 mod 629 = 85

• However, 85 is not a legal value for R(m)– so S = 323 is not a valid signature


Privacy • Signature provides only authenticity.• How can we provide privacy in addition?


Getting a Message Digest from a document

Hash MessageDigest


Generating Signature

MessageDigest

Signature

Encrypt using private keyEncrypt using private key


Appending Signature to document

Append

Signature


Verifying Signature

Hash

Decrypt using public keyDecrypt using public key

MessageDigest

MessageDigest


Lecture 10Key Exchange

CS 450/650

Fundamentals of Integrated Computer Security

Slides are modified from Lawrie Brown

Key Management• public-key encryption helps address key

distribution problems

• have two aspects of this:– distribution of public keys– use of public-key encryption to distribute secret

keys

CS 450/650 Lecture 10: Key Exchange 17

Distribution of Public Keys• can be considered as using one of:– public announcement– publicly available directory– public-key authority– public-key certificates


Public Announcement• users distribute public keys to recipients or

broadcast to community at large– eg. append PGP keys to email messages or post to

news groups or email list• major weakness is forgery– anyone can create a key claiming to be someone

else and broadcast it– until forgery is discovered attacker can

masquerade as claimed user


Publicly Available Directory• can obtain greater security by registering keys

with a public directory• directory must be trusted with properties:– contains {name, public-key} entries– participants register securely with directory– participants can replace key at any time– directory is periodically published– directory can be accessed electronically

• still vulnerable to tampering or forgeryCS 450/650 Lecture 10: Key Exchange 20

Public-Key Authority• improve security by tightening control over

distribution of keys from directory• has properties of directory• requires users to know public key for the

directory• users interact with directory to obtain any

desired public key securely• requires real-time access to directory when

keys are needed


Public-Key Authority


Public-Key Certificates• certificates allow key exchange without real-

time access to public-key authority• a certificate binds identity to public key – usually with other info such as period of validity,

rights of use• all contents signed by a trusted Public-Key or

Certificate Authority (CA)• can be verified by anyone who knows the

public-key authority’s public-key


Public-Key Certificates


Distribution of Secret Keys• use previous methods to obtain public-key• can use for secrecy or authentication• public-key algorithms are slow• usually prefer to use private-key encryption to

protect message contents• hence need a session key• have several alternatives for negotiating a

suitable session


Simple Secret Key Distribution• proposed by Merkle in 1979– A generates a new temporary public key pair– A sends B the public key and the identity– B generates a session key K sends it to A encrypted

using the supplied public key– A decrypts the session key and both use

• Man in the middle attack:– an opponent can intercept and impersonate both

halves of protocol


Public-Key Distribution of Secret Keys

• if have securely exchanged public-keys:


Diffie-Hellman Key Exchange

Diffie-Hellman Key Exchange• public-key type scheme– proposed in 1976– note: now know that Williamson (UK CESG)

secretly proposed the concept in 1970 • A practical method for public exchange of a

secret key• Used in a number of commercial products

CS 450/650 Lecture 10: Diffie-Hellman Key Exchange 29

Diffie-Hellman Key Exchange• public-key distribution scheme – cannot be used to exchange an arbitrary message – rather it can establish a common key – known only to the two participants

• based on exponentiation in a finite field– modulo a prime or a polynomial

• security relies on the difficulty of computing discrete logarithms


Diffie-Hellman Setup• all users agree on global parameters:– large prime integer or polynomial p– g = primitive root mod p• for every integer a that has gcd(a, p) = 1, there is an

integer k such that gk ≡ a (mod p)

• each user generates their key– chooses a secret key (number): a < p – compute their public key: A = ga mod p


Diffie-Hellman Key Exchange• shared session key for users is KAB: – KAB = gab mod p

= Ab mod p (which B can compute) = Ba mod p (which A can compute)

• g can be small– 2 or 5 is common

• a, b, p should be large• attacker needs a or b to obtain the session key– must solve discrete log


Diffie-Hellman Example • users Alice & Bob who wish to swap keys– agree on prime p=353 and g=3

• select random secret keys:– A chooses a=97, B chooses b=233

• compute respective public keys:– A=397 mod 353 = 40 (Alice)– B=3233 mod 353 = 248 (Bob)

• compute shared session key as:– KAB = Ba mod 353 = 24897 = 160 (Alice)

– KAB = Ab mod 353 = 40233 = 160 (Bob)


Key Exchange Protocols• users could create random Diffie-Hellman keys

each time they communicate

• users could create a known Diffie-Hellman key and publish in a directory, then consulted and used to securely communicate with them

• both of these are vulnerable to a man-in-the-middle attack– authentication of the keys is needed


lecture 9 overview. digital signature properties cs 450/650 lecture 9: digital signatures 2...

Documents