SlideShare una empresa de Scribd logo

Iss lecture 4

Descargar como PPT, PDF
Ali Habeeb
Ali Habeeb
TecnologíaEducación
1 de 21
Information System SecurityInformation System Security Lecture 4Lecture 4 Message Authentication and Digital SignatureMessage Authentication and Digital Signature
22 OutlineOutline 1.1. Message authenticationMessage authentication 2.2. Authentication functionsAuthentication functions  Message EncyprtionMessage Encyprtion  Hash functionsHash functions  MACMAC 1.1. Digital signatureDigital signature – Arbitrated digital signatureArbitrated digital signature – True digital signatureTrue digital signature  RSA – based signatureRSA – based signature  ElGamal – based signature (DSA)ElGamal – based signature (DSA)
33 ReferencesReferences [1] Cryptography and Network Security, By W. Stallings. Prentice Hall, 2003. [2] Handbook of applied Cryptography by A. Menezes, P. Van Oorschot and S. Vanstone. 5th printing, 2001 http://www.cacr.math.uwaterloo.ca/hac
44 1. Message Authentication1. Message Authentication  Message authenticationMessage authentication is a procedure to verify that receivedis a procedure to verify that received messages come from the pretended source and have not beenmessages come from the pretended source and have not been altered.altered. – Also calledAlso called data origin authenticationdata origin authentication – It provides integrityIt provides integrity – Entity authentication (identification) is similar but entities are online.Entity authentication (identification) is similar but entities are online.  Message Authentication can thwart the following attacks:Message Authentication can thwart the following attacks: – MasqueradeMasquerade – Content modificationContent modification – Sequence modificationSequence modification – Timing modification: Message delay or replayTiming modification: Message delay or replay  Message authentication produces anMessage authentication produces an authenticatorauthenticator: a value to be: a value to be used to authenticate a message.used to authenticate a message.
55 Authentication functionsAuthentication functions  Three types of functions that may be used to produce anThree types of functions that may be used to produce an authenticator:authenticator: 1.1. Message encryption: The ciphertext of the entire message serves as itsMessage encryption: The ciphertext of the entire message serves as its authenticator.authenticator. 2.2. Hash functionHash function: a public function that maps a message of any length into: a public function that maps a message of any length into a fixed-length hash value, which serves as the authenticator .a fixed-length hash value, which serves as the authenticator . 3.3. Message Authentication Code (MACMessage Authentication Code (MAC)): a public function of the message: a public function of the message and a secret key that produces a fixed-length value that serves as theand a secret key that produces a fixed-length value that serves as the authenticator.authenticator.
66 Message encryptionMessage encryption  Message encryption provides authentication:Message encryption provides authentication: – Symmetric encryption: if the encryption/decryption key is not known toSymmetric encryption: if the encryption/decryption key is not known to any other party (except the sender and receiver).any other party (except the sender and receiver). – Asymmetric encryption: the sender should uses its private key to encryptAsymmetric encryption: the sender should uses its private key to encrypt the message. The sender’s public key is then used to decrypt the message.the message. The sender’s public key is then used to decrypt the message. This helps providing only authenticationThis helps providing only authentication  If we need authentication and confidentiality, then the senderIf we need authentication and confidentiality, then the sender should encrypt the message twice:should encrypt the message twice: – 11stst : with its private key (authentication): with its private key (authentication) – 22ndnd : with the receiver’s public key (confidentiality): with the receiver’s public key (confidentiality)
77 2. Hash function2. Hash function  A hash function produces a fixed-size output for a variable-sizeA hash function produces a fixed-size output for a variable-size messagemessage mm as an input.as an input. – It is denoted H(It is denoted H(mm) (the hash code).) (the hash code). – A hash code is also referred asA hash code is also referred as message digestmessage digest oror hash valuehash value..  It takes as input only the message itself.It takes as input only the message itself.  It is a one-way function.It is a one-way function.  H(H(mm) provides error-detection capability.) provides error-detection capability.  Hash code provides message authentication if used as follows:Hash code provides message authentication if used as follows: 1.1. (H((H(mm) ||) || mm ) encrypted using symmetric encryption.) encrypted using symmetric encryption. 2.2. H(H(mm) encrypted using symmetric encryption.) encrypted using symmetric encryption. – It’s a digital signatureIt’s a digital signature
88 2. Hash function2. Hash function 3.3. H(H(mm) encrypted using asymmetric encryption and the sender’s private) encrypted using asymmetric encryption and the sender’s private key.key. 4.4. H(H(mm||S), where S is secret key shared between the sender and receiver.||S), where S is secret key shared between the sender and receiver. – No encryptionNo encryption  Examples of hash algorithms (more info in Ch.12 of [1]):Examples of hash algorithms (more info in Ch.12 of [1]): – MD5:MD5: ([RFC 1321]([RFC 1321]** , 1992), 1992)  Input: any message of arbitrary lengthInput: any message of arbitrary length  Output: 128-bit message digestOutput: 128-bit message digest – SHA:SHA: ([FIPS 180]([FIPS 180]**** , 1993, [RFC 3174]), 1993, [RFC 3174])  Input: any message < 2Input: any message < 26464 bitsbits  Output: 160-bit message digestOutput: 160-bit message digest – SHA is more secure than MD5 but slowerSHA is more secure than MD5 but slower  Hash functions are much faster than symmetric ciphersHash functions are much faster than symmetric ciphers MD5 128-bit message digest Message of any length ** :: http://www.ietf.orghttp://www.ietf.org **** : US Federal Information Processing Standard: US Federal Information Processing Standard SHA 160-bit message digest Message, length < 264 bits
99 3. Message Authentication Code3. Message Authentication Code (MAC)(MAC)  MAC is a technique to provide authentication using a sharedMAC is a technique to provide authentication using a shared secret key to generate a small fixed-size block of datasecret key to generate a small fixed-size block of data – The MAC is also known as aThe MAC is also known as a cryptographic checksumcryptographic checksum – It is appended to the message.It is appended to the message.  A MAC can be viewed as a hash function with a secret key.A MAC can be viewed as a hash function with a secret key.  If A wants to send an authentic messageIf A wants to send an authentic message mm to B, using MAC:to B, using MAC: – A and B must share a secret key,A and B must share a secret key, KK – A computes the MAC as a function ofA computes the MAC as a function of mm andand KK,,  i.e., MAC =i.e., MAC = CCKK(M)(M) – A sends BA sends B mm plus the MACplus the MAC
1010 3. Message Authentication Code3. Message Authentication Code (MAC)(MAC)  MACs assures:MACs assures: 1.1. Message hasn’t been altered during transmission.Message hasn’t been altered during transmission. 2.2. Message coming from the pretended sender.Message coming from the pretended sender. 3.3. Sequence number hasn’t been ltered during transmission if the messageSequence number hasn’t been ltered during transmission if the message includes a sequence number.includes a sequence number.  Examples of MACs:Examples of MACs: – HMACHMAC ([RFC 2104], and Ch.12 of [1]):([RFC 2104], and Ch.12 of [1]):
1111 4. Digital signature4. Digital signature  A digital signature is a technique for establishing the origin of a particular message in order to settle later disputes about what message (if any) was sent. – DG includes measures that counter source repudiation. – DG can prevent destination repudiation attack if used in combinationDG can prevent destination repudiation attack if used in combination with specific protocols.with specific protocols.  The purpose of a digital signature is thus for an entity to bind its identity to a message.  We use the term signer for an entity who creates a digital signature, and the term verifier for an entity who receives a signed message and attempts to check whether the digital signature is “correct” or not.
1212 Digital signatureDigital signature  A digital signature on a message provides:A digital signature on a message provides: – Message authentication: message’s origin is known + integrityMessage authentication: message’s origin is known + integrity – Non-repudiationNon-repudiation  the digital signature takes as input parameters the message itselfthe digital signature takes as input parameters the message itself and a secret value, known only to the signer.and a secret value, known only to the signer.  A digital signature must be:A digital signature must be: – Easy to compute by the signer.Easy to compute by the signer. – Easy to verify by anyone.Easy to verify by anyone. – Hard to compute by anyone except the signer.Hard to compute by anyone except the signer.
1313 Types of digital signaturesTypes of digital signatures  There are 2 types of digital signaturesThere are 2 types of digital signatures arbitrated digitalarbitrated digital signaturesignature andand true digital signaturetrue digital signature  Arbitrated digital signature is based on a trusted third partyArbitrated digital signature is based on a trusted third party (arbiter). There are 2 types:(arbiter). There are 2 types: – Based on symmetric keyBased on symmetric key – Based on public-keyBased on public-key – Example:Example: MACKS Signer, S Verifier, V Arbiter, A message message M AC K V MAC K S –KKss shared between A and S,shared between A and S, kV shared between A and V
1414 True digital signatureTrue digital signature  The vast majority of digital signature techniques do not involve communication through a trusted arbitrator.  A true digital signature is one that can be sent directly from the signer to the verifier.  For the rest of this unit when we say “digital signature” we mean “true digital signature”.  A digital signature may be formed by encrypting the entire message with the signer’s private key or by encrypting a hash code of the message with sender’s private key. Signer’s public key should be available to the verifier.  We’ll see two schemesWe’ll see two schemes – RSA-based schemeRSA-based scheme – ElGamal- based scheme (or DSA)ElGamal- based scheme (or DSA)
1515 RSA SignatureRSA Signature message hash function hash (RSA) signature Signer’s private key message signature Signed messag e  RSA signature is similar to RSA encryption with inverse roles of keys, i.e., for signing, the sender’s private key is used and for verification, the sender’s public key is used.  Example: RSA is used to encrypt the hashed code with the sender’s private key.
1616 Verification of a RSAVerification of a RSA SignatureSignature message signature (RSA) verification key hash function = ? Decision  The verifier decrypts the signature with the sender’s public key and then compares the result with the message’s hash code.
1717 Digital Signature AlgorithmDigital Signature Algorithm (DSA)(DSA)  In 1991, the DSA has been published by the US NIST (National Institute of Standardizations and Technology) and become a US FIPS-186 under the name DSS (Digital Signature Standard).  DSS is the 1st digital signature scheme to be recognized by any government.  DSS is a variant of ElGamal signature scheme  DSS makes use of SHA
1818 DSS ApproachDSS Approach  DSS depends on:DSS depends on: – A hash function HA hash function H – a random numbera random number kk, (used once)., (used once). – The sender’s key pair (The sender’s key pair (Kv: private, Kp: public) – Global Public parameters,Global Public parameters, KGP M || H Sig M s r H Ver Compar e Kp KGP Kv KGP k Signature generation Signature verification
1919 DSS parameter generationDSS parameter generation  Global Public (GP) parameters (Global Public (GP) parameters (q,p,gq,p,g):): – qq: a 160-bit prime number: a 160-bit prime number – pp: a prime number; such that 2: a prime number; such that 2512512 ≤≤ pp ≤≤ 2210241024 andand qq||(p-1)(p-1) – gg:: = h= h(p-1)/q(p-1)/q mod p; andmod p; and g > 1g > 1  hh is an integer:is an integer: 1 < h < p-11 < h < p-1 – ((q,p,gq,p,g) can be common to a group of users) can be common to a group of users  User’s private keyUser’s private key Kv – xx: A random integer, 1 <: A random integer, 1 < xx << qq  User’s public keyUser’s public key Kp – yy == ggxx modmod pp
2020 DSS signature generationDSS signature generation  Signing: if an entity A wants to send a signed message m toSigning: if an entity A wants to send a signed message m to another entity B.another entity B. – Assume that (Assume that (p,q,gp,q,g): the global public parameters,): the global public parameters, xx: A’s private key, and: A’s private key, and yy: A’s public key.: A’s public key. – 11stst A randomly picks an integerA randomly picks an integer kk: 1 <: 1 < kk << qq – 22ndnd A computesA computes rr andand ss  rr = (= (ggkk modmod p)p) modmod qq  ss == kk-1-1 (H((H(mm) +) + xrxr) mod) mod qq – The signature is (The signature is (r,sr,s)) – A sends to B [A sends to B [mm || (|| (r,sr,s)])]
2121 DSS signature verificationDSS signature verification  Verification:Verification: assume that B receives [assume that B receives [mm’+(’+(rr’,’,ss’)],’)], i.e.i.e.,, mm’,’, rr’ ,’ ,ss’ are the’ are the received versions ofreceived versions of mm,, rr,, ss.. – Assume that B has an authentic copy of A’s public key,Assume that B has an authentic copy of A’s public key, yy, and GP, and GP parameters (parameters (p, q, gp, q, g).). – 11stst ,, B computesB computes w, uw, u11 , u, u22 such that :such that :  ww = (= (ss’)’)-1-1 modmod q,q,  uu11 == w.w.H(H(mm’) mod’) mod q,q,  uu22 = (= (rr’)’)ww modmod qq – 22ndnd B computesB computes vv = [(= [(ggu1u1 yyu2u2 ) mod) mod pp] mod] mod qq – 33rdrd B checks ifB checks if vv == r’r’ then signature is authenticthen signature is authentic

Recomendados

Message authentication and hash function
Message authentication and hash functionMessage authentication and hash function
Message authentication and hash functionomarShiekh1
 
MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication CodesDarshanPatil82
 
Cryptography and netwrk securityunit 4
Cryptography and netwrk securityunit 4Cryptography and netwrk securityunit 4
Cryptography and netwrk securityunit 4mallikarjun batchanaboina
 
Digital signature
Digital signatureDigital signature
Digital signatureNisha Menon K
 
A PAIRING-FREE IDENTITY BASED TRIPARTITE SIGNCRYPTION SCHEME
A PAIRING-FREE IDENTITY BASED TRIPARTITE SIGNCRYPTION SCHEMEA PAIRING-FREE IDENTITY BASED TRIPARTITE SIGNCRYPTION SCHEME
A PAIRING-FREE IDENTITY BASED TRIPARTITE SIGNCRYPTION SCHEMEijcisjournal
 
Unit 4
Unit 4Unit 4
Unit 4KRAMANJANEYULU1
 
6.hash mac
6.hash mac6.hash mac
6.hash macVirendrakumar Dhotre
 
Dsa & Digi Cert
Dsa & Digi CertDsa & Digi Cert
Dsa & Digi CertRam Dutt Shukla
 

Recomendados

Message authentication and hash function
Message authentication and hash functionMessage authentication and hash function
Message authentication and hash functionomarShiekh1
 
MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication CodesDarshanPatil82
 
Cryptography and netwrk securityunit 4
Cryptography and netwrk securityunit 4Cryptography and netwrk securityunit 4
Cryptography and netwrk securityunit 4mallikarjun batchanaboina
 
Digital signature
Digital signatureDigital signature
Digital signatureNisha Menon K
 
A PAIRING-FREE IDENTITY BASED TRIPARTITE SIGNCRYPTION SCHEME
A PAIRING-FREE IDENTITY BASED TRIPARTITE SIGNCRYPTION SCHEMEA PAIRING-FREE IDENTITY BASED TRIPARTITE SIGNCRYPTION SCHEME
A PAIRING-FREE IDENTITY BASED TRIPARTITE SIGNCRYPTION SCHEMEijcisjournal
 
Unit 4
Unit 4Unit 4
Unit 4KRAMANJANEYULU1
 
6.hash mac
6.hash mac6.hash mac
6.hash macVirendrakumar Dhotre
 
Dsa & Digi Cert
Dsa & Digi CertDsa & Digi Cert
Dsa & Digi CertRam Dutt Shukla
 
Pgp smime
Pgp smimePgp smime
Pgp smimeTania Agni
 
Digital signature
Digital signatureDigital signature
Digital signatureSadhana28
 
Digital signature schemes
Digital signature schemesDigital signature schemes
Digital signature schemesravik09783
 
Dss digital signature standard and dsa algorithm
Dss digital signature standard and dsa algorithmDss digital signature standard and dsa algorithm
Dss digital signature standard and dsa algorithmAbhishek Kesharwani
 
Computer System Security (UNIT IV) For AKTU Lucknow
Computer System Security (UNIT IV) For AKTU LucknowComputer System Security (UNIT IV) For AKTU Lucknow
Computer System Security (UNIT IV) For AKTU LucknowBrijesh Vishwakarma
 
Information and network security 45 digital signature standard
Information and network security 45 digital signature standardInformation and network security 45 digital signature standard
Information and network security 45 digital signature standardVaibhav Khanna
 
Public Key Encryption & Hash functions
Public Key Encryption & Hash functionsPublic Key Encryption & Hash functions
Public Key Encryption & Hash functionsDr.Florence Dayana
 
20CS2008 Computer Networks
20CS2008 Computer Networks 20CS2008 Computer Networks
20CS2008 Computer Networks Kathirvel Ayyaswamy
 
PUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONPUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONraf_slide
 
Message authentication
Message authenticationMessage authentication
Message authenticationCAS
 
Blockchain privacy approaches in hyperledger indy
Blockchain privacy approaches in hyperledger indyBlockchain privacy approaches in hyperledger indy
Blockchain privacy approaches in hyperledger indyManishKumarGiri2
 
Message Authentication: MAC, Hashes
Message Authentication: MAC, HashesMessage Authentication: MAC, Hashes
Message Authentication: MAC, HashesShafaan Khaliq Bhatti
 
Digital signature algorithm (de la cruz, genelyn).ppt 2
Digital signature algorithm (de la cruz, genelyn).ppt 2Digital signature algorithm (de la cruz, genelyn).ppt 2
Digital signature algorithm (de la cruz, genelyn).ppt 2YooGenelyn
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security 18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security Kathirvel Ayyaswamy
 
Message Authentication
Message AuthenticationMessage Authentication
Message Authenticationchauhankapil
 
CNS - Unit v
CNS - Unit vCNS - Unit v
CNS - Unit vArthyR3
 
Authentication Protocols
Authentication ProtocolsAuthentication Protocols
Authentication ProtocolsTrinity Dwarka
 
Unit v
Unit vUnit v
Unit vBathshebaparimala
 
Information and data security digital signatures
Information and data security digital signaturesInformation and data security digital signatures
Information and data security digital signaturesMazin Alwaaly
 
Distribution of public keys and hmac
Distribution of public keys and hmacDistribution of public keys and hmac
Distribution of public keys and hmacanuragjagetiya
 
unit - III.pptx
unit - III.pptxunit - III.pptx
unit - III.pptxsandyBS
 
final ppt TS.pptx
final ppt TS.pptxfinal ppt TS.pptx
final ppt TS.pptxpaluribalu2001
 

Más contenido relacionado

La actualidad más candente

Digital signature
Digital signatureDigital signature
Digital signatureSadhana28
 
Digital signature schemes
Digital signature schemesDigital signature schemes
Digital signature schemesravik09783
 
Dss digital signature standard and dsa algorithm
Dss digital signature standard and dsa algorithmDss digital signature standard and dsa algorithm
Dss digital signature standard and dsa algorithmAbhishek Kesharwani
 
Computer System Security (UNIT IV) For AKTU Lucknow
Computer System Security (UNIT IV) For AKTU LucknowComputer System Security (UNIT IV) For AKTU Lucknow
Computer System Security (UNIT IV) For AKTU LucknowBrijesh Vishwakarma
 
Information and network security 45 digital signature standard
Information and network security 45 digital signature standardInformation and network security 45 digital signature standard
Information and network security 45 digital signature standardVaibhav Khanna
 
Public Key Encryption & Hash functions
Public Key Encryption & Hash functionsPublic Key Encryption & Hash functions
Public Key Encryption & Hash functionsDr.Florence Dayana
 
PUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONPUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONraf_slide
 
Message authentication
Message authenticationMessage authentication
Message authenticationCAS
 
Blockchain privacy approaches in hyperledger indy
Blockchain privacy approaches in hyperledger indyBlockchain privacy approaches in hyperledger indy
Blockchain privacy approaches in hyperledger indyManishKumarGiri2
 
Digital signature algorithm (de la cruz, genelyn).ppt 2
Digital signature algorithm (de la cruz, genelyn).ppt 2Digital signature algorithm (de la cruz, genelyn).ppt 2
Digital signature algorithm (de la cruz, genelyn).ppt 2YooGenelyn
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security 18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security Kathirvel Ayyaswamy
 
Message Authentication
Message AuthenticationMessage Authentication
Message Authenticationchauhankapil
 
CNS - Unit v
CNS - Unit vCNS - Unit v
CNS - Unit vArthyR3
 
Authentication Protocols
Authentication ProtocolsAuthentication Protocols
Authentication ProtocolsTrinity Dwarka
 
Information and data security digital signatures
Information and data security digital signaturesInformation and data security digital signatures
Information and data security digital signaturesMazin Alwaaly
 
Distribution of public keys and hmac
Distribution of public keys and hmacDistribution of public keys and hmac
Distribution of public keys and hmacanuragjagetiya
 

La actualidad más candente (20)

Pgp smime
Pgp smimePgp smime
Pgp smime
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Digital signature schemes
Digital signature schemesDigital signature schemes
Digital signature schemes
 
Dss digital signature standard and dsa algorithm
Dss digital signature standard and dsa algorithmDss digital signature standard and dsa algorithm
Dss digital signature standard and dsa algorithm
 
Computer System Security (UNIT IV) For AKTU Lucknow
Computer System Security (UNIT IV) For AKTU LucknowComputer System Security (UNIT IV) For AKTU Lucknow
Computer System Security (UNIT IV) For AKTU Lucknow
 
Information and network security 45 digital signature standard
Information and network security 45 digital signature standardInformation and network security 45 digital signature standard
Information and network security 45 digital signature standard
 
Public Key Encryption & Hash functions
Public Key Encryption & Hash functionsPublic Key Encryption & Hash functions
Public Key Encryption & Hash functions
 
20CS2008 Computer Networks
20CS2008 Computer Networks 20CS2008 Computer Networks
20CS2008 Computer Networks
 
PUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONPUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTION
 
Message authentication
Message authenticationMessage authentication
Message authentication
 
Blockchain privacy approaches in hyperledger indy
Blockchain privacy approaches in hyperledger indyBlockchain privacy approaches in hyperledger indy
Blockchain privacy approaches in hyperledger indy
 
Message Authentication: MAC, Hashes
Message Authentication: MAC, HashesMessage Authentication: MAC, Hashes
Message Authentication: MAC, Hashes
 
Digital signature algorithm (de la cruz, genelyn).ppt 2
Digital signature algorithm (de la cruz, genelyn).ppt 2Digital signature algorithm (de la cruz, genelyn).ppt 2
Digital signature algorithm (de la cruz, genelyn).ppt 2
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security 18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
 
Message Authentication
Message AuthenticationMessage Authentication
Message Authentication
 
CNS - Unit v
CNS - Unit vCNS - Unit v
CNS - Unit v
 
Authentication Protocols
Authentication ProtocolsAuthentication Protocols
Authentication Protocols
 
Unit v
Unit vUnit v
Unit v
 
Information and data security digital signatures
Information and data security digital signaturesInformation and data security digital signatures
Information and data security digital signatures
 
Distribution of public keys and hmac
Distribution of public keys and hmacDistribution of public keys and hmac
Distribution of public keys and hmac
 

Similar a Iss lecture 4

unit - III.pptx
unit - III.pptxunit - III.pptx
unit - III.pptxsandyBS
 
Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3koolkampus
 
Information and data security cryptography and network security
Information and data security cryptography and network securityInformation and data security cryptography and network security
Information and data security cryptography and network securityMazin Alwaaly
 
Cs8792 cns - unit iv
Cs8792 cns - unit ivCs8792 cns - unit iv
Cs8792 cns - unit ivArthyR3
 
Cs8792 cns - unit iv
Cs8792 cns - unit ivCs8792 cns - unit iv
Cs8792 cns - unit ivArthyR3
 
module 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptxmodule 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptxprateekPallav2
 
Lecture 10Chapter 10ImplementingE-commerce Securit.docx
Lecture 10Chapter 10ImplementingE-commerce Securit.docxLecture 10Chapter 10ImplementingE-commerce Securit.docx
Lecture 10Chapter 10ImplementingE-commerce Securit.docxsmile790243
 
BAIT1103 Chapter 2
BAIT1103 Chapter 2BAIT1103 Chapter 2
BAIT1103 Chapter 2limsh
 
Cryptography by gaurav singh
Cryptography by gaurav singhCryptography by gaurav singh
Cryptography by gaurav singhGaurav Singh
 
15 ma cs and signatures
15 ma cs and signatures15 ma cs and signatures
15 ma cs and signaturesdrewz lin
 

Similar a Iss lecture 4 (20)

unit - III.pptx
unit - III.pptxunit - III.pptx
unit - III.pptx
 
final ppt TS.pptx
final ppt TS.pptxfinal ppt TS.pptx
final ppt TS.pptx
 
Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3
 
Information and data security cryptography and network security
Information and data security cryptography and network securityInformation and data security cryptography and network security
Information and data security cryptography and network security
 
Cs8792 cns - unit iv
Cs8792 cns - unit ivCs8792 cns - unit iv
Cs8792 cns - unit iv
 
Cs8792 cns - unit iv
Cs8792 cns - unit ivCs8792 cns - unit iv
Cs8792 cns - unit iv
 
module 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptxmodule 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptx
 
Module 2.pdf
Module 2.pdfModule 2.pdf
Module 2.pdf
 
Module 2.Cryptography and Cryptanalysis
Module 2.Cryptography and CryptanalysisModule 2.Cryptography and Cryptanalysis
Module 2.Cryptography and Cryptanalysis
 
Unit 3
Unit 3Unit 3
Unit 3
 
Network Security
Network SecurityNetwork Security
Network Security
 
Cns
CnsCns
Cns
 
network security
network securitynetwork security
network security
 
Lecture 10Chapter 10ImplementingE-commerce Securit.docx
Lecture 10Chapter 10ImplementingE-commerce Securit.docxLecture 10Chapter 10ImplementingE-commerce Securit.docx
Lecture 10Chapter 10ImplementingE-commerce Securit.docx
 
Network Security CS2
Network Security CS2Network Security CS2
Network Security CS2
 
BAIT1103 Chapter 2
BAIT1103 Chapter 2BAIT1103 Chapter 2
BAIT1103 Chapter 2
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Iss lecture 2
Iss lecture 2Iss lecture 2
Iss lecture 2
 
Cryptography by gaurav singh
Cryptography by gaurav singhCryptography by gaurav singh
Cryptography by gaurav singh
 
15 ma cs and signatures
15 ma cs and signatures15 ma cs and signatures
15 ma cs and signatures
 

Más de Ali Habeeb

Anonymous Connections And Onion Routing
Anonymous Connections And Onion RoutingAnonymous Connections And Onion Routing
Anonymous Connections And Onion RoutingAli Habeeb
 
Opinion Mining
Opinion MiningOpinion Mining
Opinion MiningAli Habeeb
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAli Habeeb
 
Data-Centric Routing Protocols in Wireless Sensor Network: A survey
Data-Centric Routing Protocols in Wireless Sensor Network: A surveyData-Centric Routing Protocols in Wireless Sensor Network: A survey
Data-Centric Routing Protocols in Wireless Sensor Network: A surveyAli Habeeb
 
Secure erasure code based distributed storage system with secure data forwarding
Secure erasure code based distributed storage system with secure data forwardingSecure erasure code based distributed storage system with secure data forwarding
Secure erasure code based distributed storage system with secure data forwardingAli Habeeb
 
Organizing User Search Histories
Organizing User Search HistoriesOrganizing User Search Histories
Organizing User Search HistoriesAli Habeeb
 
Detecting and Resolving Firewall Policy Anomalies
Detecting and Resolving Firewall Policy AnomaliesDetecting and Resolving Firewall Policy Anomalies
Detecting and Resolving Firewall Policy AnomaliesAli Habeeb
 
Bit Torrent Protocol
Bit Torrent ProtocolBit Torrent Protocol
Bit Torrent ProtocolAli Habeeb
 
A study of Data Quality and Analytics
A study of Data Quality and AnalyticsA study of Data Quality and Analytics
A study of Data Quality and AnalyticsAli Habeeb
 
Adhoc and Sensor Networks - Chapter 10
Adhoc and Sensor Networks - Chapter 10Adhoc and Sensor Networks - Chapter 10
Adhoc and Sensor Networks - Chapter 10Ali Habeeb
 
Adhoc and Sensor Networks - Chapter 09
Adhoc and Sensor Networks - Chapter 09Adhoc and Sensor Networks - Chapter 09
Adhoc and Sensor Networks - Chapter 09Ali Habeeb
 
Adhoc and Sensor Networks - Chapter 08
Adhoc and Sensor Networks - Chapter 08Adhoc and Sensor Networks - Chapter 08
Adhoc and Sensor Networks - Chapter 08Ali Habeeb
 
Adhoc and Sensor Networks - Chapter 07
Adhoc and Sensor Networks - Chapter 07Adhoc and Sensor Networks - Chapter 07
Adhoc and Sensor Networks - Chapter 07Ali Habeeb
 
Adhoc and Sensor Networks - Chapter 06
Adhoc and Sensor Networks - Chapter 06Adhoc and Sensor Networks - Chapter 06
Adhoc and Sensor Networks - Chapter 06Ali Habeeb
 
Adhoc and Sensor Networks - Chapter 05
Adhoc and Sensor Networks - Chapter 05Adhoc and Sensor Networks - Chapter 05
Adhoc and Sensor Networks - Chapter 05Ali Habeeb
 
Adhoc and Sensor Networks - Chapter 04
Adhoc and Sensor Networks - Chapter 04Adhoc and Sensor Networks - Chapter 04
Adhoc and Sensor Networks - Chapter 04Ali Habeeb
 

Más de Ali Habeeb (20)

Anonymous Connections And Onion Routing
Anonymous Connections And Onion RoutingAnonymous Connections And Onion Routing
Anonymous Connections And Onion Routing
 
Opinion Mining
Opinion MiningOpinion Mining
Opinion Mining
 
WAP
WAPWAP
WAP
 
USB 3.0
USB 3.0USB 3.0
USB 3.0
 
Blue Eyes
Blue EyesBlue Eyes
Blue Eyes
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Data-Centric Routing Protocols in Wireless Sensor Network: A survey
Data-Centric Routing Protocols in Wireless Sensor Network: A surveyData-Centric Routing Protocols in Wireless Sensor Network: A survey
Data-Centric Routing Protocols in Wireless Sensor Network: A survey
 
Web Security
Web SecurityWeb Security
Web Security
 
Secure erasure code based distributed storage system with secure data forwarding
Secure erasure code based distributed storage system with secure data forwardingSecure erasure code based distributed storage system with secure data forwarding
Secure erasure code based distributed storage system with secure data forwarding
 
Organizing User Search Histories
Organizing User Search HistoriesOrganizing User Search Histories
Organizing User Search Histories
 
Detecting and Resolving Firewall Policy Anomalies
Detecting and Resolving Firewall Policy AnomaliesDetecting and Resolving Firewall Policy Anomalies
Detecting and Resolving Firewall Policy Anomalies
 
Bit Torrent Protocol
Bit Torrent ProtocolBit Torrent Protocol
Bit Torrent Protocol
 
A study of Data Quality and Analytics
A study of Data Quality and AnalyticsA study of Data Quality and Analytics
A study of Data Quality and Analytics
 
Adhoc and Sensor Networks - Chapter 10
Adhoc and Sensor Networks - Chapter 10Adhoc and Sensor Networks - Chapter 10
Adhoc and Sensor Networks - Chapter 10
 
Adhoc and Sensor Networks - Chapter 09
Adhoc and Sensor Networks - Chapter 09Adhoc and Sensor Networks - Chapter 09
Adhoc and Sensor Networks - Chapter 09
 
Adhoc and Sensor Networks - Chapter 08
Adhoc and Sensor Networks - Chapter 08Adhoc and Sensor Networks - Chapter 08
Adhoc and Sensor Networks - Chapter 08
 
Adhoc and Sensor Networks - Chapter 07
Adhoc and Sensor Networks - Chapter 07Adhoc and Sensor Networks - Chapter 07
Adhoc and Sensor Networks - Chapter 07
 
Adhoc and Sensor Networks - Chapter 06
Adhoc and Sensor Networks - Chapter 06Adhoc and Sensor Networks - Chapter 06
Adhoc and Sensor Networks - Chapter 06
 
Adhoc and Sensor Networks - Chapter 05
Adhoc and Sensor Networks - Chapter 05Adhoc and Sensor Networks - Chapter 05
Adhoc and Sensor Networks - Chapter 05
 
Adhoc and Sensor Networks - Chapter 04
Adhoc and Sensor Networks - Chapter 04Adhoc and Sensor Networks - Chapter 04
Adhoc and Sensor Networks - Chapter 04
 

Último

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 

Último (20)

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 

Iss lecture 4

  • 1. Information System SecurityInformation System Security Lecture 4Lecture 4 Message Authentication and Digital SignatureMessage Authentication and Digital Signature
  • 2. 22 OutlineOutline 1.1. Message authenticationMessage authentication 2.2. Authentication functionsAuthentication functions  Message EncyprtionMessage Encyprtion  Hash functionsHash functions  MACMAC 1.1. Digital signatureDigital signature – Arbitrated digital signatureArbitrated digital signature – True digital signatureTrue digital signature  RSA – based signatureRSA – based signature  ElGamal – based signature (DSA)ElGamal – based signature (DSA)
  • 3. 33 ReferencesReferences [1] Cryptography and Network Security, By W. Stallings. Prentice Hall, 2003. [2] Handbook of applied Cryptography by A. Menezes, P. Van Oorschot and S. Vanstone. 5th printing, 2001 http://www.cacr.math.uwaterloo.ca/hac
  • 4. 44 1. Message Authentication1. Message Authentication  Message authenticationMessage authentication is a procedure to verify that receivedis a procedure to verify that received messages come from the pretended source and have not beenmessages come from the pretended source and have not been altered.altered. – Also calledAlso called data origin authenticationdata origin authentication – It provides integrityIt provides integrity – Entity authentication (identification) is similar but entities are online.Entity authentication (identification) is similar but entities are online.  Message Authentication can thwart the following attacks:Message Authentication can thwart the following attacks: – MasqueradeMasquerade – Content modificationContent modification – Sequence modificationSequence modification – Timing modification: Message delay or replayTiming modification: Message delay or replay  Message authentication produces anMessage authentication produces an authenticatorauthenticator: a value to be: a value to be used to authenticate a message.used to authenticate a message.
  • 5. 55 Authentication functionsAuthentication functions  Three types of functions that may be used to produce anThree types of functions that may be used to produce an authenticator:authenticator: 1.1. Message encryption: The ciphertext of the entire message serves as itsMessage encryption: The ciphertext of the entire message serves as its authenticator.authenticator. 2.2. Hash functionHash function: a public function that maps a message of any length into: a public function that maps a message of any length into a fixed-length hash value, which serves as the authenticator .a fixed-length hash value, which serves as the authenticator . 3.3. Message Authentication Code (MACMessage Authentication Code (MAC)): a public function of the message: a public function of the message and a secret key that produces a fixed-length value that serves as theand a secret key that produces a fixed-length value that serves as the authenticator.authenticator.
  • 6. 66 Message encryptionMessage encryption  Message encryption provides authentication:Message encryption provides authentication: – Symmetric encryption: if the encryption/decryption key is not known toSymmetric encryption: if the encryption/decryption key is not known to any other party (except the sender and receiver).any other party (except the sender and receiver). – Asymmetric encryption: the sender should uses its private key to encryptAsymmetric encryption: the sender should uses its private key to encrypt the message. The sender’s public key is then used to decrypt the message.the message. The sender’s public key is then used to decrypt the message. This helps providing only authenticationThis helps providing only authentication  If we need authentication and confidentiality, then the senderIf we need authentication and confidentiality, then the sender should encrypt the message twice:should encrypt the message twice: – 11stst : with its private key (authentication): with its private key (authentication) – 22ndnd : with the receiver’s public key (confidentiality): with the receiver’s public key (confidentiality)
  • 7. 77 2. Hash function2. Hash function  A hash function produces a fixed-size output for a variable-sizeA hash function produces a fixed-size output for a variable-size messagemessage mm as an input.as an input. – It is denoted H(It is denoted H(mm) (the hash code).) (the hash code). – A hash code is also referred asA hash code is also referred as message digestmessage digest oror hash valuehash value..  It takes as input only the message itself.It takes as input only the message itself.  It is a one-way function.It is a one-way function.  H(H(mm) provides error-detection capability.) provides error-detection capability.  Hash code provides message authentication if used as follows:Hash code provides message authentication if used as follows: 1.1. (H((H(mm) ||) || mm ) encrypted using symmetric encryption.) encrypted using symmetric encryption. 2.2. H(H(mm) encrypted using symmetric encryption.) encrypted using symmetric encryption. – It’s a digital signatureIt’s a digital signature
  • 8. 88 2. Hash function2. Hash function 3.3. H(H(mm) encrypted using asymmetric encryption and the sender’s private) encrypted using asymmetric encryption and the sender’s private key.key. 4.4. H(H(mm||S), where S is secret key shared between the sender and receiver.||S), where S is secret key shared between the sender and receiver. – No encryptionNo encryption  Examples of hash algorithms (more info in Ch.12 of [1]):Examples of hash algorithms (more info in Ch.12 of [1]): – MD5:MD5: ([RFC 1321]([RFC 1321]** , 1992), 1992)  Input: any message of arbitrary lengthInput: any message of arbitrary length  Output: 128-bit message digestOutput: 128-bit message digest – SHA:SHA: ([FIPS 180]([FIPS 180]**** , 1993, [RFC 3174]), 1993, [RFC 3174])  Input: any message < 2Input: any message < 26464 bitsbits  Output: 160-bit message digestOutput: 160-bit message digest – SHA is more secure than MD5 but slowerSHA is more secure than MD5 but slower  Hash functions are much faster than symmetric ciphersHash functions are much faster than symmetric ciphers MD5 128-bit message digest Message of any length ** :: http://www.ietf.orghttp://www.ietf.org **** : US Federal Information Processing Standard: US Federal Information Processing Standard SHA 160-bit message digest Message, length < 264 bits
  • 9. 99 3. Message Authentication Code3. Message Authentication Code (MAC)(MAC)  MAC is a technique to provide authentication using a sharedMAC is a technique to provide authentication using a shared secret key to generate a small fixed-size block of datasecret key to generate a small fixed-size block of data – The MAC is also known as aThe MAC is also known as a cryptographic checksumcryptographic checksum – It is appended to the message.It is appended to the message.  A MAC can be viewed as a hash function with a secret key.A MAC can be viewed as a hash function with a secret key.  If A wants to send an authentic messageIf A wants to send an authentic message mm to B, using MAC:to B, using MAC: – A and B must share a secret key,A and B must share a secret key, KK – A computes the MAC as a function ofA computes the MAC as a function of mm andand KK,,  i.e., MAC =i.e., MAC = CCKK(M)(M) – A sends BA sends B mm plus the MACplus the MAC
  • 10. 1010 3. Message Authentication Code3. Message Authentication Code (MAC)(MAC)  MACs assures:MACs assures: 1.1. Message hasn’t been altered during transmission.Message hasn’t been altered during transmission. 2.2. Message coming from the pretended sender.Message coming from the pretended sender. 3.3. Sequence number hasn’t been ltered during transmission if the messageSequence number hasn’t been ltered during transmission if the message includes a sequence number.includes a sequence number.  Examples of MACs:Examples of MACs: – HMACHMAC ([RFC 2104], and Ch.12 of [1]):([RFC 2104], and Ch.12 of [1]):
  • 11. 1111 4. Digital signature4. Digital signature  A digital signature is a technique for establishing the origin of a particular message in order to settle later disputes about what message (if any) was sent. – DG includes measures that counter source repudiation. – DG can prevent destination repudiation attack if used in combinationDG can prevent destination repudiation attack if used in combination with specific protocols.with specific protocols.  The purpose of a digital signature is thus for an entity to bind its identity to a message.  We use the term signer for an entity who creates a digital signature, and the term verifier for an entity who receives a signed message and attempts to check whether the digital signature is “correct” or not.
  • 12. 1212 Digital signatureDigital signature  A digital signature on a message provides:A digital signature on a message provides: – Message authentication: message’s origin is known + integrityMessage authentication: message’s origin is known + integrity – Non-repudiationNon-repudiation  the digital signature takes as input parameters the message itselfthe digital signature takes as input parameters the message itself and a secret value, known only to the signer.and a secret value, known only to the signer.  A digital signature must be:A digital signature must be: – Easy to compute by the signer.Easy to compute by the signer. – Easy to verify by anyone.Easy to verify by anyone. – Hard to compute by anyone except the signer.Hard to compute by anyone except the signer.
  • 13. 1313 Types of digital signaturesTypes of digital signatures  There are 2 types of digital signaturesThere are 2 types of digital signatures arbitrated digitalarbitrated digital signaturesignature andand true digital signaturetrue digital signature  Arbitrated digital signature is based on a trusted third partyArbitrated digital signature is based on a trusted third party (arbiter). There are 2 types:(arbiter). There are 2 types: – Based on symmetric keyBased on symmetric key – Based on public-keyBased on public-key – Example:Example: MACKS Signer, S Verifier, V Arbiter, A message message M AC K V MAC K S –KKss shared between A and S,shared between A and S, kV shared between A and V
  • 14. 1414 True digital signatureTrue digital signature  The vast majority of digital signature techniques do not involve communication through a trusted arbitrator.  A true digital signature is one that can be sent directly from the signer to the verifier.  For the rest of this unit when we say “digital signature” we mean “true digital signature”.  A digital signature may be formed by encrypting the entire message with the signer’s private key or by encrypting a hash code of the message with sender’s private key. Signer’s public key should be available to the verifier.  We’ll see two schemesWe’ll see two schemes – RSA-based schemeRSA-based scheme – ElGamal- based scheme (or DSA)ElGamal- based scheme (or DSA)
  • 15. 1515 RSA SignatureRSA Signature message hash function hash (RSA) signature Signer’s private key message signature Signed messag e  RSA signature is similar to RSA encryption with inverse roles of keys, i.e., for signing, the sender’s private key is used and for verification, the sender’s public key is used.  Example: RSA is used to encrypt the hashed code with the sender’s private key.
  • 16. 1616 Verification of a RSAVerification of a RSA SignatureSignature message signature (RSA) verification key hash function = ? Decision  The verifier decrypts the signature with the sender’s public key and then compares the result with the message’s hash code.
  • 17. 1717 Digital Signature AlgorithmDigital Signature Algorithm (DSA)(DSA)  In 1991, the DSA has been published by the US NIST (National Institute of Standardizations and Technology) and become a US FIPS-186 under the name DSS (Digital Signature Standard).  DSS is the 1st digital signature scheme to be recognized by any government.  DSS is a variant of ElGamal signature scheme  DSS makes use of SHA
  • 18. 1818 DSS ApproachDSS Approach  DSS depends on:DSS depends on: – A hash function HA hash function H – a random numbera random number kk, (used once)., (used once). – The sender’s key pair (The sender’s key pair (Kv: private, Kp: public) – Global Public parameters,Global Public parameters, KGP M || H Sig M s r H Ver Compar e Kp KGP Kv KGP k Signature generation Signature verification
  • 19. 1919 DSS parameter generationDSS parameter generation  Global Public (GP) parameters (Global Public (GP) parameters (q,p,gq,p,g):): – qq: a 160-bit prime number: a 160-bit prime number – pp: a prime number; such that 2: a prime number; such that 2512512 ≤≤ pp ≤≤ 2210241024 andand qq||(p-1)(p-1) – gg:: = h= h(p-1)/q(p-1)/q mod p; andmod p; and g > 1g > 1  hh is an integer:is an integer: 1 < h < p-11 < h < p-1 – ((q,p,gq,p,g) can be common to a group of users) can be common to a group of users  User’s private keyUser’s private key Kv – xx: A random integer, 1 <: A random integer, 1 < xx << qq  User’s public keyUser’s public key Kp – yy == ggxx modmod pp
  • 20. 2020 DSS signature generationDSS signature generation  Signing: if an entity A wants to send a signed message m toSigning: if an entity A wants to send a signed message m to another entity B.another entity B. – Assume that (Assume that (p,q,gp,q,g): the global public parameters,): the global public parameters, xx: A’s private key, and: A’s private key, and yy: A’s public key.: A’s public key. – 11stst A randomly picks an integerA randomly picks an integer kk: 1 <: 1 < kk << qq – 22ndnd A computesA computes rr andand ss  rr = (= (ggkk modmod p)p) modmod qq  ss == kk-1-1 (H((H(mm) +) + xrxr) mod) mod qq – The signature is (The signature is (r,sr,s)) – A sends to B [A sends to B [mm || (|| (r,sr,s)])]
  • 21. 2121 DSS signature verificationDSS signature verification  Verification:Verification: assume that B receives [assume that B receives [mm’+(’+(rr’,’,ss’)],’)], i.e.i.e.,, mm’,’, rr’ ,’ ,ss’ are the’ are the received versions ofreceived versions of mm,, rr,, ss.. – Assume that B has an authentic copy of A’s public key,Assume that B has an authentic copy of A’s public key, yy, and GP, and GP parameters (parameters (p, q, gp, q, g).). – 11stst ,, B computesB computes w, uw, u11 , u, u22 such that :such that :  ww = (= (ss’)’)-1-1 modmod q,q,  uu11 == w.w.H(H(mm’) mod’) mod q,q,  uu22 = (= (rr’)’)ww modmod qq – 22ndnd B computesB computes vv = [(= [(ggu1u1 yyu2u2 ) mod) mod pp] mod] mod qq – 33rdrd B checks ifB checks if vv == r’r’ then signature is authenticthen signature is authentic