DIGITAL SIGNATURES Fred Piper & Mert Özarar Codes & Ciphers Ltd 12 Duncan Road Richmond Surrey TW9 2JD Information Security Group Royal Holloway, University.

DIGITAL SIGNATURES

Fred Piper & Mert Özarar

Codes & Ciphers Ltd12 Duncan RoadRichmondSurreyTW9 2JD

Information Security GroupRoyal Holloway, University of London

Egham, SurreyTW20 0EX

Digital Signatures 2

Outline

1. Brief Introduction to Cryptography

2. Public Key Systems

3. Basic Principles of Digital Signatures

4. Public Key Algorithms

5. Signing Processes

6. Arbitrated Signatures

7. Odds and Ends

NOTE: We will not cover all the sections


The Essence of Security

– Recognition of those you know

– Introduction to those you don’t

know

– Written signature

– Private conversation


The Challenge

• Transplant these basic social mechanisms to the telecommunications and/or business environment.


• Sender– Am I happy that the whole world sees this ?– Am I prepared to pay to stop them ?– Am I allowed to stop them ?

• Recipient– Do I have confidence in :

– the originator– the message contents and message stream– no future repudiation.

• Network Manager– Do I allow this user on to the network ?– How do I control their privileges ?

The Security Issues


Cryptography is used to provide:

1. Secrecy

2. Data Integrity

3. User Verification

4. Non-Repudiation

7Digital Signatures

Cipher System

cryptogramc

EncipheringAlgorithm

DecipheringAlgorithm

Key k(E) Key k(D)

messagem

messagem

Interceptor


The Attacker’s Perspective

DecipheringAlgorithm

Unknown Key

k(D)

Known c Wants m

Note: k(E) is not needed unlessit helps determine k(D)


Two Types of Cipher System

•Conventional or Symmetric–k(D) easily obtained from k(E)

•Public or Asymmetric–Computationally infeasible to

determine k(D) from k(E)


• THE SECURITY OF THE SYSTEM IS DEPENDENT ON THE SECURITY OF

THE KEYS


Public Key Systems

• Original Concept

• For a public key system an enciphering algorithm is

agreed and each would-be receiver publishes the key

which anyone may use to send a message to him.

• Thus for a public key system to be secure it must not be

possible to deduce the message from a knowledge of the

cryptogram and the enciphering key. Once such a system

is set up, a directory of all receivers plus their enciphering

keys is published. However, the only person to know any

given receiver’s deciphering key is the receiver himself.


Public Key Systems

• For a public key system, encipherment must be a ‘one-way function’ which has a ‘trapdoor’. The trapdoor must be a secret known only to the receiver.

• A ‘one-way function’ is one which is easy to perform but very difficult to reverse. A ‘trapdoor’ is a trick or another function which makes it easy to reverse the function


Some Mathematical One-Way Functions

1. Multiplication of two large primes.

2. Exponentiation modulo n ( n = pq ).

3. x ax in GF(2n) or GF(p).

4. k Ek(m) for fixed m where Ek is encryption in a symmetric key system which is secure against known plaintext attacks.

5. x a.x where x is an n-bit binary vector and a is a fixed n-tuple of integers. Thus a.x is an integer.


Public Key Cryptosystems

– Enable secure communications without exchanging secret keys

– Enable 3rd party authentication ( digital signature )

– Use number theoretic techniques– Introduce a whole new set of problems– Are extremely ingenious.


Digital Signatures

• According to ISO, the term Digital Signature is used: ‘to indicate a particular authentication technique used to establish the origin of a message in order to settle disputes of what message (if any) was sent’.


Digital Signatures

A signature on a message is some data that• validates a message and verifies its origin• a receiver can keep as evidence• a third party can use to resolve disputes.

It depends on• the message• a secret parameter only

available to the sender

It should be easy to compute

(by one person only) easy to verify difficult to forge


Digital Signature

• Cryptographic checksum

• Identifies sender

• Provides integrity check for data

• Can be checked by third party


Hand-Written Signatures

• Intrinsic to signer• Same on all documents• Physically attached to message• Beware plastic cards.

Digital Signatures• Use of secret parameter• Message dependent.


Principle of Digital Signatures

• There is a (secret) number which:

• Only one person can use

• Is used to identify that person

• ‘Anyone’ can verify that it has been used

NB: Anyone who knows the value of a number can use that number.


Attacks on Digital Signature Schemes

To impersonate A, I must either

• obtain A’s private key

• substitute my public key for A’s

NB: Similar attacks if A is receiving secret

data encrypted with A’s public key


Obtaining a Private Key

Mathematical attacks Physical attacks

NB: It may be sufficient to obtain a device which contains the key. Knowledge of actual value is not needed.


Certification Authority

AIM :To guarantee the authenticity of public keys.

METHOD :The Certification Authority guarantees the authenticity by signing a certificate containing user’s identity and public key with its secret key.

REQUIREMENT :All users must have an authentic copy of the Certification Authority’s public key.


Certification Process

Verifies credentials

CreatesCertificate

Receives(and checks)

Certificate

Presents Public Key and

credentials

Generates Key Set

Distribution

Centre

Owner


How Does it Work?

• The Certificate can accompany all Fred’s messages

• The recipient must directly or indirectly:• Trust the CA• Validate the certificate

The CA certifiesthat Fred Piper’s

public key is………..

Electronicallysigned by

the CA


User Authentication Certificates

• Ownership of certificate does not

establish identity

• Need protocols establishing use of

corresponding secret keys


WARNING

• Identity Theft

• You ‘are’ your private key

• You ‘are’ the private key corresponding to the public key in your certificiate


Certification Authorities

• Problems/Questions

• Who generates users’ keys?

• How is identity established?

• How can certificates be cancelled?

• Any others?


Fundamental Requirement

Internal infrastructure to support secure technological implementation


Is everything OK?

Announcement in Microsoft Security Bulletin MS01-017

“VeriSign Inc recently advised Microsoft that on January 29-30 2001 it issued two VeriSign Class 3 code-signing digital certificates to an individual who fraudulently claimed to be a Microsoft employee.”


How to Create a Digital Signature Using RSA

MESSAGE

HASHING FUNCTION

HASH OF MESSAGE

Sign using Private Key

SIGNATURE - SIGNED HASH OF MESSAGE


How to Verify a Digital Signature Using RSA

HASH OF MESSAGE

Verify theReceived Signature

Re-hash the Received Message

Verify using Public Key

Message

Hashing Function

HASH OF MESSAGE

MessageSignature

Signature

Message withAppended Signature

If hashes are equal, signature is authentic


Requirements for Hash Function h

(H1) condenses message M of arbitrary length into a fixed length ‘digest’ h(M)

(H2) is one-way

(H3) is collision free - it is computationally infeasible to construct messages M, M' with h(M) = h(M')

H3 implies a restriction on the size of h(M).


Diffie Hellman Key Establishment Protocol

General Idea: Use Public System

A and B exchange public keys: PA and PB

There is a publicly known function f which has 2 numbers as input and one number as output.

A computes f (SA, PB) where SA is A’s private key

B computes f (SB, PA) where SB is B’s private key

f is chosen so that f (SA, PB) = f (SB, PA)So A and B now share a (secret) number


D-H Man in the Middle Attack

A B

FraudsterF

AP FP

FP BP

The Fraudster has agreed keys with both A and BA and B believe they have agreed a common key

DIGITAL SIGNATURES Fred Piper & Mert Özarar Codes & Ciphers Ltd 12 Duncan Road Richmond Surrey TW9 2JD Information Security Group Royal Holloway, University.

Documents

kd slide

function slide

ke slide

digital signatures8

digital signatures4

digital signatures9

digital signatures2

digital signatures13