Top Banner
Digital Signatures
64

Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Dec 31, 2015

Download

Documents

Oscar Dennis
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Digital Signatures

Page 2: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Public Key Cryptography

Page 3: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Public Key Cryptography Requirements

1. It must be computationally easy to encipher or decipher a message given the appropriate key

2. It must be computationally infeasible to derive the private key from the public key

3. It must be computationally infeasible to determine the private key from a chosen plaintext attack

Page 4: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

RSA

• Exponentiation cipher

• Relies on the difficulty of determining the number of numbers relatively prime to a large integer n

Page 5: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Background

• Totient function (n)– Number of positive integers less than n and relatively

prime to n• Relatively prime means with no factors in common with n

• Example: (10) = 4– 1, 3, 7, 9 are relatively prime to 10

• Example: (21) = 12– 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, 20 are relatively

prime to 21

Page 6: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Algorithm

• Choose two large prime numbers p, q– Let n = pq; then (n) = (p–1)(q–1)– Choose e < n such that e is relatively prime to

(n).– Compute d such that ed mod (n) = 1

• Public key: (e, n); private key: d• Encipher: c = me mod n• Decipher: m = cd mod n

Page 7: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Example: Confidentiality

• Take p = 7, q = 11, so n = 77 and (n) = 60• Alice chooses e = 17, making d = 53• Bob wants to send Alice secret message HELLO

(07 04 11 11 14)– 0717 mod 77 = 28– 0417 mod 77 = 16– 1117 mod 77 = 44– 1117 mod 77 = 44– 1417 mod 77 = 42

• Bob sends 28 16 44 44 42

Page 8: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Example

• Alice receives 28 16 44 44 42• Alice uses private key, d = 53, to decrypt message:

– 2853 mod 77 = 07– 1653 mod 77 = 04– 4453 mod 77 = 11– 4453 mod 77 = 11– 4253 mod 77 = 14

• Alice translates message to letters to read HELLO– No one else could read it, as only Alice knows her

private key and that is needed for decryption

Page 9: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Example: Integrity/Authentication

• Take p = 7, q = 11, so n = 77 and (n) = 60• Alice chooses e = 17, making d = 53• Alice wants to send Bob message HELLO (07 04 11 11

14) so Bob knows it is what Alice sent (no changes in transit, and authenticated)– 0753 mod 77 = 35– 0453 mod 77 = 09– 1153 mod 77 = 44– 1153 mod 77 = 44– 1453 mod 77 = 49

• Alice sends 35 09 44 44 49

Page 10: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Example

• Bob receives 35 09 44 44 49

• Bob uses Alice’s public key, e = 17, n = 77, to decrypt message:– 3517 mod 77 = 07

– 0917 mod 77 = 04

– 4417 mod 77 = 11

– 4417 mod 77 = 11

– 4917 mod 77 = 14

• Bob translates message to letters to read HELLO– Alice sent it as only she knows her private key, so no one else could have

enciphered it

– If (enciphered) message’s blocks (letters) altered in transit, would not decrypt properly

Page 11: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Example: Both

• Alice wants to send Bob message HELLO both enciphered and authenticated (integrity-checked)– Alice’s keys: public (17, 77); private: 53– Bob’s keys: public: (37, 77); private: 13

• Alice enciphers HELLO (07 04 11 11 14):– (0753 mod 77)37 mod 77 = 07– (0453 mod 77)37 mod 77 = 37– (1153 mod 77)37 mod 77 = 44– (1153 mod 77)37 mod 77 = 44– (1453 mod 77)37 mod 77 = 14

• Alice sends 07 37 44 44 14

Page 12: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Security Services

• Confidentiality– Only the owner of the private key knows it, so

text enciphered with public key cannot be read by anyone except the owner of the private key

• Authentication– Only the owner of the private key knows it, so

text enciphered with private key must have been generated by the owner

Page 13: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

More Security Services

• Integrity– Enciphered letters cannot be changed

undetectably without knowing private key

• Non-Repudiation– Message enciphered with private key came

from someone who knew it

Page 14: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Warnings

• Encipher message in blocks considerably larger than the examples here– If 1 character per block, RSA can be broken

using statistical attacks (just like classical cryptosystems)

– Attacker cannot alter letters, but can rearrange them and alter message meaning

• Example: reverse enciphered message of text ON to get NO

Page 15: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Cryptographic Checksums

Page 16: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Cryptographic Checksums

• Mathematical function to generate a set of k bits from a set of n bits (where k ≤ n).– k is smaller then n except in unusual

circumstances

• Example: ASCII parity bit– ASCII has 7 bits; 8th bit is “parity”– Even parity: even number of 1 bits– Odd parity: odd number of 1 bits

Page 17: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Hashing

Page 18: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Definition

• Cryptographic checksum h: AB:1. For any x A, h(x) is easy to compute2. For any y B, it is computationally infeasible to

find x A such that h(x) = y3. It is computationally infeasible to find two inputs

x, x A such that x ≠ x and h(x) = h(x)– Alternate form (stronger): Given any x A, it is

computationally infeasible to find a different x A such that h(x) = h(x).

Page 19: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Collisions

• If x ≠ x and h(x) = h(x), x and x are a collision– Pigeonhole principle: if there are n containers

for n+1 objects, then at least one container will have 2 objects in it.

– Application: if there are 32 files and 8 possible cryptographic checksum values, at least one value corresponds to at least 4 files

Page 20: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Keys

• Keyed cryptographic checksum: requires cryptographic key– DES in chaining mode: encipher message, use

last n bits. Requires a key to encipher, so it is a keyed cryptographic checksum.

• Keyless cryptographic checksum: requires no cryptographic key– MD5 and SHA-1 are best known; others

include MD4, HAVAL, and Snefru

Page 21: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Public Key Infrastructure

Page 22: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Public Key Infrastructure

• Key exchange– Session vs. interchange keys– Classical, public key methods

• Cryptographic key infrastructure– Certificates

Page 23: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Notation

• X Y : { Z || W } kX,Y

– X sends Y the message produced by concatenating Z and W enciphered by key kX,Y, which is shared by users X and Y

• A T : { Z } kA || { W } kA,T

– A sends T a message consisting of the concatenation of Z enciphered using kA, A’s key, and W enciphered using kA,T, the key shared by A and T

• r1, r2 nonces (nonrepeating random numbers)

Page 24: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Session, Interchange Keys

• Alice wants to send a message m to Bob– Assume public key encryption– Alice generates a random cryptographic key ks and uses

it to encipher m• To be used for this message only• Called a session key

– She enciphers ks with Bob;s public key kB

• kB enciphers all session keys Alice uses to communicate with Bob

• Called an interchange key

– Alice sends { m } ks { ks } kB

Page 25: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Secret-key systems structure

Page 26: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Benefits

• Limits amount of traffic enciphered with single key– Standard practice, to decrease the amount of traffic an

attacker can obtain

• Prevents some attacks– Example: Alice will send Bob message that is either

“BUY” or “SELL”. Eve computes possible ciphertexts { “BUY” } kB and { “SELL” } kB. Eve intercepts enciphered message, compares, and gets plaintext at once

Page 27: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Key Exchange Algorithms

• Goal: Alice, Bob get shared key– Key cannot be sent in clear

• Attacker can listen in

• Key can be sent enciphered, or derived from exchanged data plus data not known to an eavesdropper

– Alice, Bob may trust third party

– All cryptosystems, protocols publicly known• Only secret data is the keys, ancillary information known only

to Alice and Bob needed to derive keys

• Anything transmitted is assumed known to attacker

Page 28: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Classical Key Exchange

• Bootstrap problem: how do Alice, Bob begin?– Alice can’t send it to Bob in the clear!

• Assume trusted third party, Cathy– Alice and Cathy share secret key kA

– Bob and Cathy share secret key kB

• Use this to exchange shared key ks

Page 29: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Simple Protocol

Alice Cathy{ request for session key to Bob } kA

Alice Cathy{ ks } kA || { ks } kB

Alice Bob{ ks } kB

Page 30: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Problems

• How does Bob know he is talking to Alice?– Replay attack: Eve records message from Alice

to Bob, later replays it; Bob may think he’s talking to Alice, but he isn’t

– Session key reuse: Eve replays message from Alice to Bob, so Bob re-uses session key

• Protocols must provide authentication and defense against replay

Page 31: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Needham-Schroeder

Alice CathyAlice || Bob || r1

Alice Cathy{ Alice || Bob || r1 || ks || { Alice || ks } kB } kA

Alice Bob{ Alice || ks } kB

Alice Bob{ r2 } ks

Alice Bob{ r2 – 1 } ks

Page 32: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Public Key Key Exchange

• Here interchange keys known– eA, eB Alice and Bob’s public keys known to all

– dA, dB Alice and Bob’s private keys known only to owner

• Simple protocol– ks is desired session key

Alice Bob{ ks } eB

Page 33: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Problem and Solution

• Vulnerable to forgery or replay– Because eB known to anyone, Bob has no assurance that

Alice sent message

• Simple fix uses Alice’s private key– ks is desired session key

Alice Bob{ { ks } dA } eB

Page 34: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Notes

• Can include message enciphered with ks

• Assumes Bob has Alice’s public key, and vice versa– If not, each must get it from public server

– If keys not bound to identity of owner, attacker Eve can launch a man-in-the-middle attack (next slide; Cathy is public server providing public keys)

• Solution to this (binding identity to keys) discussed later as public key infrastructure (PKI)

Page 35: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Man-in-the-Middle Attack

Alice Cathysend Bob’s public key

Eve Cathysend Bob’s public key

Eve CathyeB

AliceeE Eve

Alice Bob{ ks } eE

Eve Bob{ ks } eB

Eve intercepts request

Eve intercepts message

Page 36: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Cryptographic Key Infrastructure

• Goal: bind identity to key• Classical: not possible as all keys are shared

– Use protocols to agree on a shared key (see earlier)

• Public key: bind identity to public key– Crucial as people will use key to communicate with

principal whose identity is bound to key

– Erroneous binding means no secrecy between principals

– Assume principal identified by an acceptable name

Page 37: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Certificates

• Create token (message) containing– Identity of principal (here, Alice)– Corresponding public key– Timestamp (when issued)– Other information (perhaps identity of signer)

signed by trusted authority (here, Cathy)

CA = { eA || Alice || T } dC

Page 38: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Use

• Bob gets Alice’s certificate– If he knows Cathy’s public key, he can decipher the

certificate• When was certificate issued?• Is the principal Alice?

– Now Bob has Alice’s public key

• Problem: Bob needs Cathy’s public key to validate certificate– Problem pushed “up” a level– Two approaches: Merkle’s tree, signature chains

Page 39: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

The Problem

• Create certificate– Generate hash of certificate– Encipher hash with issuer’s private key

• Validate– Obtain issuer’s public key– Decipher enciphered hash– Recompute hash from certificate and compare

• Problem: getting issuer’s public key

Page 40: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

PKI basic entities and operations

Page 41: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

X.509 Certificate

• Some certificate components in X.509v3:– Version

– Serial number

– Signature algorithm identifier: hash algorithm

– Issuer’s name; uniquely identifies issuer

– Interval of validity

– Subject’s name; uniquely identifies subject

– Subject’s public key

– Signature: enciphered hash

Page 42: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

X.509 Certificate Validation

• Obtain issuer’s public key– The one for the particular signature algorithm

• Decipher signature– Gives hash of certificate

• Recompute hash from certificate and compare– If they differ, there’s a problem

• Check interval of validity– This confirms that certificate is current

Page 43: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Issuers

• Certification Authority (CA): entity that issues certificates

Page 44: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Multiple Issuers

• Multiple issuers pose validation problem• Alice’s CA is Cathy; Bob’s CA is Don; how can

Alice validate Bob’s certificate?• Have Cathy and Don cross-certify

– Each issues certificate for the other

Page 45: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Cross certificates

Page 46: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Validation and Cross-Certifying

• Certificates:– Cathy<<Alice>>– Dan<<Bob>– Cathy<<Dan>>– Dan<<Cathy>>

• Alice validates Bob’s certificate– Alice obtains Cathy<<Dan>>– Alice uses (known) public key of Cathy to validate

Cathy<<Dan>>– Alice uses Cathy<<Dan>> to validate Dan<<Bob>>

Page 47: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Certification Path Validation process

Page 48: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

X.509 in Practice

• In the X.509 system, a CA issues a certificate binding a public key to a particular Distinguished Name in the X.500 tradition, or to an Alternative Name such as an e-mail address or a DNS-entry.

• An organization's trusted root certificates can be distributed to all employees so that they can use the company PKI system.

• Browsers such as Internet Explorer, Netscape/Mozilla, Opera and Safari come with root certificates pre-installed, so SSL certificates from larger vendors who have paid for the privilege of being pre-installed will work instantly.

• In effect the browsers' owners determine which CAs are trusted third parties for the browsers' users. – Although these root certificates can be removed or disabled, users rarely

do so. – If pre-installed root certificates are removed on the Microsoft-platform,

the operating-system re-installs them as soon as a web-site using the certificate is visited.

Page 49: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

X.509 in Practice

• X.509 also includes standards for certificate revocation list (CRL) implementations, an often neglected aspect of PKI systems.

• The IETF-approved way of checking a certificate's validity is the Online Certificate Status Protocol (OCSP).

• Popular browsers like Internet Explorer and Firefox don't check for certificate revocation by default.

• The time lag for performing the checking could be one of the reasons.

Page 50: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

A Sample X.509 certificate

Page 51: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

A Sample X.509 certificate

• This is an example of a decoded X.509 certificate for www.freesoft.org, generated with OpenSSL -- the actual certificate is about 1KB in size.

• It was issued by Thawte (since acquired by VeriSign), as stated in the Issuer field.

• Its subject contains many personal details, but the most important part is usually the common name (CN), as this is the part that must match the host being authenticated.

• Also included is an RSA public key (modulus and public exponent), followed by the signature, computed by taking a MD5 hash of the first part of the certificate and encrypting it with Thawte's RSA private key.

Page 52: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Certificate Validation

• To validate this certificate, one needs the certificate that matches the Issuer (Thawte Server CA) of the first certificate.

• First one verifies that the second certificate is of a CA kind; that is, that it can be used to issue other certificates.– This is done by inspecting a value of the CA attribute in the

X509x3 extension section.

• Then the RSA public key from the CA certificate is used to decode the signature on the first certificate to obtain a MD5 hash, which must match an actual MD5 hash computed over the rest of the certificate.

Page 53: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

An example CA certificate

Page 54: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

An example CA certificate

• This is an example of a self-signed certificate, as the issuer and subject are the same.

• There's no way to verify this certificate except by checking it against itself; instead, these top-level certificates are manually stored by web browsers. – Thawte is one of the root certificate authorities recognized by both

Microsoft and Netscape. – This certificate comes with the web browser and is trusted by

default. – As a long-lived, globally trusted certificate that can sign anything

(as there are no constraints in the X509v3 Basic Constraints section), its matching private key has to be closely guarded.

Page 55: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Digital Signature

Page 56: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Digital Signature

• Construct that authenticated origin, contents of message in a manner provable to a disinterested third party (“judge”)

• Sender cannot deny having sent message (service is “nonrepudiation”)– Limited to technical proofs

• Inability to deny one’s cryptographic key was used to sign

– One could claim the cryptographic key was stolen or compromised

• Legal proofs, etc., probably required; not dealt with here

Page 57: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Common Error

• Classical: Alice, Bob share key k– Alice sends m || { m } k to Bob

This is a digital signature

WRONGWRONG

This is not a digital signature– Why? Third party cannot determine whether

Alice or Bob generated message

Page 58: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Classical Digital Signatures

• Require trusted third party– Alice, Bob each share keys with trusted party Cathy

• To resolve dispute, judge gets { m } kAlice, { m } kBob, and has Cathy decipher them; if messages matched, contract was signed

Alice Bob

Cathy Bob

Cathy Bob

{ m }kAlice

{ m }kAlice

{ m }kBob

Page 59: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Public Key Digital Signatures

• Alice’s keys are dAlice, eAlice

• Alice sends Bobm || { m } dAlice

• In case of dispute, judge computes{ { m } dAlice } eAlice

• and if it is m, Alice signed message– She’s the only one who knows dAlice!

Page 60: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.
Page 61: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Digital signature with message encryption and decryption

Page 62: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.
Page 63: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

RSA Digital Signatures

• Use private key to encipher message– Protocol for use is critical

• Key points:– Never sign random documents, and when

signing, always sign hash and never document• Mathematical properties can be turned against signer

– Sign message first, then encipher• Changing public keys causes forgery

Page 64: Digital Signatures. Public Key Cryptography Public Key Cryptography Requirements 1.It must be computationally easy to encipher or decipher a message.

Key Points

• Key management critical to effective use of cryptosystems– Different levels of keys (session vs. interchange)

• Keys need infrastructure to identify holders, allow revoking– Key escrowing complicates infrastructure

• Digital signatures provide integrity of origin and contentMuch easier with public key cryptosystems than with

classical cryptosystems