Digital Signatures

1

Digital Signatures

Digital Signatures are used to “Sign” messages to validate the

source and integrity of the contents.

2

Digitized Written Signature??Simply taking a digital picture of a

written signature does not provide adequate security.

Such a digitized written signature could easily be copied from one electronic document to another with no way to determine whether it is legitimate.

Electronic signatures, on the other hand, are unique to the message being signed and will not verify if they are copied to another document.

3

Digital signatures are used just like handwritten signatures.Digital signatures are used just like

handwritten signatures. When you add them to a document, you

are "signing" that document as a way of endorsing or agreeing with what the document says.

Unlike handwritten signatures, digital signatures are used only with computers. They are electronic signatures that can be used to sign electronic documents, like word processing files or spreadsheets.

4

What is a digital signature?A digital signature is a kind of ID. You

can use it on the Internet to identify yourself in a secure manner. This is extremely useful in areas such as electronic commerce. For instance, when making a credit card purchase on the Internet, you can use your digital signature to "sign" that purchase. This helps to ensure that only you can make purchases with your credit card number.

5

Requirements for a Digital Signature The signature must be a bit pattern that depends on

the message being signed The signature must use some information unique to

the sender, to prevent both forgery and denial. It must be relatively easy to produce digital signature. It must be relatively easy to recognize and verify the

digital signature. It must be computationally infeasible to forge a digital

signature, either by constructing a new message for an existing digital signature or by constructing a fraudulent digital signature for a given message.

It must be practical to retain a copy of the digital signature in storage.

6

How is a Digital Signature Produced?Very briefly, a typical digital signature

works like this: A signature in the form of a code is

generated by applying an algorithm, such as RSA, and the sender's private key to some or all of the message contents.

The recipient verifies the signature by decrypting it using the sender's public key.

7

Message AuthenticationMessage authentication is playing an

important role in a variety of applications, especially those related to the Internet protocols and network management, where undetected manipulation of messages can have disastrous effects.

8

Conventional Encryption for Signatures and MACs There is no shortage of good message

authentication codes, beginning with DES-MAC, as defined in FIPS PUB 113.

Conventional (symmetric) encryption could be used for digital signatures - DESMAC specified by FIPS

However, message authentication codes based on encryption functions such as DES, which were designed for hardware implementation, may be somewhat limited in performance for soft-ware, and there is also the question of U.S. export restrictions on encryption functions.

9

Conventional Encryption for MACs When secret key cryptography is used, a message

authentication code (MAC) is calculated from and appended to the data.

To verify that the data has not been modified at a later time, any party with access to the correct secret key can recalculate the MAC. The new MAC is compared with the original MAC, and if they are identical, the verifier has confidence that the data has not been modified by an unauthorized party.

FIPS 113, Computer Data Authentication, specifies a standard technique for calculating a MAC for integrity verification.

Microsoft Word Document

10

Use of Encryption for MAC

11

Message DigestsInefficiency in encrypting the entire

messageUse a one-way hash function to

create a fixed size finger print of the variable sized message.

12

Requirements for One-way Hash FunctionH can be applied to a block of data of any

size.H produces a fixed length outputH(x) is relatively easy to compute, making

hw/sw implementations practicalFor any given code m it is computationally

infeasible to find x such that H(x)=mFor any given block x, it is computationally

infeasible to find y not= x with H(x)=H(y)

13

Message Digests

14

Message Digests with Conventional Encryption

15

Message Digests with a Secret Shared Value

16

Message Digests with Public Key Encryption

17

Secret Key Electronic Signatures Issues If two parties share a secret key, and one

party receives data with a MAC that is correctly verified using the shared key, that party may assume that the other party signed the data.

This assumes, however, that the two parties trust each other. Thus, through the use of a MAC, in addition to data integrity, a form of electronic signature is obtained.

Using additional controls, such as key notarization and key attributes, it is possible to provide an electronic signature even if the two parties do not trust each other.

18

The IdeaGoal - guarantee that message must

have originated with certain entity Idea - encrypt with private key,

decrypt with public keyOnly owner of the private key could

have generated original message

19

Digital Signatures and PrivacyCan combine techniques - signed by

private A, encrypt by public B A forms: X = encrypt(PUBB,

encrypt(PRVA, M)) B extracts: M = decrypt(PUBA,

decrypt(PRVB, X))

20

Digital Signatures and PrivacyDigital signatures use asymmetric

encryption to provide assurance of authentication of the origin of a message and, sometimes, the integrity of its contents.

They can also prevent repudiation (denial) as they can be used to prove, that providing the private key has not been disclosed, the signature is that of the sender.

21

Public Key Electronic Signatures Another type of electronic signature called a

digital signature is implemented using public key cryptography.

Data is electronically signed by applying the originator's private key to the data.

To increase the speed of the process, the private key is applied to a shorter form of the data, called a "hash" or "message digest," rather than to the entire set of data.

The resulting digital signature can be stored or transmitted along with the data.

22

Public Key Electronic SignaturesThe signature can be verified by any party

using the public key of the signer. This feature is very useful, for example,

when distributing signed copies of virus-free software. Any recipient can verify that the program remains virus-free.

If the signature verifies properly, then the verifier has confidence that the data was not modified after being signed and that the owner of the public key was the signer.

23

Steps in making a digital signature

24

Steps in making a digital signature Joe runs a one-way hash function to create a fixed

length message digest from the message to be sent Joe encrypts the message digest with his private

key to create a digital signature. Joe sends the signature and the message to Alice Alice decrypts the signature with Joe’s public key to

reveal the message digest Alice then applies the same one-way function to the

message she received from Joe to produce a message digest

Alice compares the message digest she created with the message digest sent by Joe. If they compare the integrity of the messages is verified.

25

Steps in making a digital signature

26

Steps in making a digital signaturePublic key cryptography verifies integrity by

using of public key signatures and secure hashes.

A secure hash algorithm is used to create a message digest. The message digest, called a hash, is a short form of the message that changes if the message is modified.

The hash is then signed with a private key. Anyone can recalculate the hash and use the corresponding public key to verify the integrity of the message.

27

Steps in making a digital signature

28

Importance of Digital SignaturesDigital Signatures are a central

component of modern cryptographic systems.

In analogy to handwritten signatures on paper documents digital signatures are used to guarantee the authenticity of electronic documents.

Thus they play an important role for example in secure and reliable systems for electronic commerce.

29

What is a hash function?A hash function H is a transformation

that takes an input m and returns a fixed-size string, which is called the hash value h (that is, h = H(m)).

Hash functions with just this property have a variety of general computational uses, but when employed in cryptography, the hash functions are usually chosen to have some additional properties.

30

Cryptographic Hash FunctionsThe basic requirements for a

cryptographic hash function are as follows. The input can be of any length. The output has a fixed length. H(x) is relatively easy to compute for any

given x. H(x) is one-way. H(x) is collision-free.

31

H(x) is one-way ...A hash function H is said to be one-

way if it is hard to invert, where ``hard to invert'' means that given a hash value h, it is computationally infeasible to find some input x such that H(x) = h.

32

H(x) is collision-free ...If, given a message x, it is

computationally infeasible to find a message y not equal to x such that H(x) = H(y), then H is said to be a weakly collision-free hash function.

A strongly collision-free hash function H is one for which it is computationally infeasible to find any two messages x and y such that H(x) = H(y).

33

Hash Functions as Message DigestsThe hash value represents concisely

the longer message or document from which it was computed; this value is called the message digest.

One can think of a message digest as a “digital fingerprint” of the larger document.

Examples of well known hash functions are MD2 and MD5 and SHA

34

Compression FunctionDamgard and Merkle greatly influenced

cryptographic hash function design by defining a hash function in terms of what is called a compression function.

A compression function takes a fixed-length input and returns a shorter, fixed-length output. Given a compression function, a hash function can be defined by repeated applications of the compression function until the entire message has been processed.

35

Compression Function In this process, a message of arbitrary length is

broken into blocks whose length depends on the compression function, and “padded” (for security reasons) so the size of the message is a multiple of the block size. The blocks are then processed sequentially, taking as input the result of the hash so far and the current message block, with the final output being the hash value for the message.

36

How do digital signatures work? To digitally sign a document, you must

first get something called a digital certificate. This certificate is a lot like a rubber stamp -- you can use it to "stamp" your signature onto things. When you do this, the signature is stored with the document. People who receive the document can then look at the signature to make sure that it is really yours.

37

Digital CertificatesDigital certificates come in two parts: a private

key and a public key. The private key is the part that you use to

stamp documents. The public key is more like a decoder ring -- you use it to decode the signature and make sure the document hasn't been tampered with. If the document has been tampered with, the signature won't decode properly and will "break." This means that if the signature is broken, the document has probably been tampered with and shouldn't be trusted.

38

What makes a digital signature break? Digital signatures contain a special

number. This number is generated by a complex mathematical formula when you sign a document. When the digital signature is added to a document, the document is passed to the formula. The formula examines the document and generates a number. This number is then saved as part of the digital signature.

39

What makes a digital signature break?When somebody uses your public key to decode

your signature, the same process occurs. The document is again passed to the formula, and the formula returns a number. The returned number is then compared to the number stored in the signature. If the numbers are the same, then the document hasn't been tampered with, and the signature is good. If the numbers are different, then something in the document has changed, and the signature will break.

This means that once a document is signed, it can't be changed without breaking the signature.

40

How do I know the signature isn't a fake? Even if the signature isn't broken, you

might be concerned that somebody has falsified a signature. For example, if your friend Bob managed to create his own digital certificate with your name on it, he could send documents with your signature on them. In effect, Bob would be forging your signature.

41

How do I know the signature isn't a fake?To make sure that a signature is authentic,

you can check who issued or created the certificate. Each certificate is issued by what is called a certificate authority (CA). Certificate authorities can be anyone, from the government to your next door neighbor. Whenever you view a digital signature, you can see who the certificate authority was that issued the original certificate. You then have to decide for yourself whether you can trust that certificate authority.

42

How do I know the signature isn't a fake?For example, if you looked at a

signature and saw that the certificate authority was the State of California, you would probably want to trust that signature. The State of California would have rigorous guidelines for issuing digital certificates. However, if the certificate authority was "Wild Bill", you might have second thoughts -- who knows what criteria Wild Bill might use?

43

How do I know the signature isn't a fake?Since digital certificates are stored on

your desktop computer, the only other way for somebody to "forge" your signature is for them to get access to your computer. However, digital certificates can also be password protected, in order to prevent this from happening.

44

Are digital signatures being used today? Electronic commerce is also turning to digital

signatures. "Smart cards," which are much like credit cards, can be used to store your digital certificate. You can then "swipe" these cards on your computer to sign things on the Internet, such as credit card purchases or bank deposits.

Over the next year, the number of applications using digital signatures will continue to grow. It will likely become the standard for identifying yourself on the Internet.

45

Certificate AuthoritiesTwo of the larger public CAs are

VeriSign and Digital Signature Trust. You can visit their Web sites at:

http://www.verisign.com http://www.digsigtrust.com

If you'd like more information on digital signatures legislation, go to:

http://www.mbc.com/ds_sum.html

46

Other Authentication / Integrity MethodsCryptographic signatures provide

extremely strong proof that a message has not been altered and was signed by a specific key. However, there are other mechanisms besides cryptographic-based electronic signatures that perform a similar function. These mechanisms provide some assurance of the origin of a message, some verification of the message's integrity, or both.

47

Other Authentication / Integrity Methods Examination of the transmission path of a message. When

messages are sent across a network, such as the Internet, the message source and the physical path of the message are recorded as a part of the message. These can be examined electronically or manually to help ascertain the origin of a message.

Use of a value-added network provider. If two or more parties are communicating via a third party network, the network provider may be able to provide assurance that messages originate from a given source and have not been modified.

Acknowledgement statements. The recipient of an electronic message may confirm the message's origin and contents by sending back an acknowledgement statement.

Use of audit trails. Audit trails can track the sending of messages and their contents for later reference.

48

Obtaining a Digital CertificateUser Certificates are generated by a

CA:Any user with access to the public key

of the CA can recover the user public key that was certified

No party other than the certification authority can modify the certificate without this being detected

49

Anatomy of a Digital Certificate

50

Hierarchy of Certification Authorities

Y<<X>> = the certificate of user X issued by certification authority Y

51

Revocation of Certificates1. The user’s secret key is assumed

to be compromised.2. The user is no longer certified by

this CA.3. The CA’s certificate is assumed to

be compromised

52

53

54

55

56

57

58

59

60

61

62