Digital Signature

1
Digital Signature
Computer Industry Lab. Incheon Paik
2
Contents

• Security Algorithms
• Conventional Key
• Public Key
• Digital Signature
• Certification Authorities

3
Security Function of Network

• Confidentiality
• Disallowing eavesdropping of transmitting
  contents by third party
• Authentication
• Verification of Identification of Information
  Sender
• Integrity
• Damage of Information Transmitted
• Non-repudiation
• Prevent the Repudiation of Information Sender

4
Cryptography Algorithms

• Symmetric Algorithm (Secret Key Algorithm)
• Public Key Algorithm
• Message Digest

5
Symmetric Algorithm
K
K
Original PlainText
PlainText
CipherText
Encryption
Decryption

• Sender and Receiver Use Same Secret Key
• Fast Encryption and Decryption Used in Data
  Encryption
• Problems in sharing the Keys, Short in
  authentication
• Algorithms RC4, DES, IDEA, etc

6
Public Key Algorithm
Kpublic
Kprivate
Original PlainText
PlainText
CipherText
Encryption
Decryption

• Encryption Key(Public Key) and Decryption
  Key(Private Key) are different.
• No defect in security when send the key to
  receiver Used in Key distribution or electronic
  signature
• Low Speed in Encryption/Decryption
• Algorithm RSA, DSA, etc

7
Message Digest
PlainText
Digest
Compare
Encryption
Decryption
Digest
K
K

• Convert Given Information into Large Number(Hash
  Value) within Fixed Length Using One-way
  Function(Hash)
• Check the Modification of Original Text Getting
  the Hash Value from Received Information, then
  Compare Hash Value with Information
• Hash Function MD4, MD5, SHA(Secure Hash
  Algorithm) ?

8
Application of Cryptography (1)

• Confidentialiy

Digital Envelope
Step 1
Kpublic
Kprivate
KS
Kpublic(KS)
KS
Encryption
Decryption
Step 2
KS
KS
Original PlainText
PlainText
CipherText
Encryption
Decryption
9
Application of Cryptography (2)

• Authentication/Integrity/Non-Repudiation

PlainText
Digest
Compare
Encryption
Decryption
Digest
Digital Signature
Kprivate
Kpublic
10
DES

• DES divide the message into 64 bits block, key is
  set by fixed size.
• DES Operation
• Transposition of bits
• Substitution of Bit Groups
• Exclusive-Or Operation
• Etc. Operation

11
DES


http//www.itl.nist.gov/fipspubs/fip46-2.htm
12
Some Basics for Crypto Algoritms

Euler Totient Function F(n) is the number of
elements in the reduced set of residues modulo
n. Theorem For npq and p,q prime, F(n)
F(p) F(q) (p-1)(q-1). Example Let p3 and q5.
Then F(15) (3-1)(5-1) 2 4 8, and there
are 8 elements in the reduced set of residues
modulo 151,2,4,7,8,11,13,14.

13
Some Basics for Crypto Algoritms

Fermats Theorem Let p be prime. Then for
every a such that gcd(a,p) 1. ap-1 mod p
1 Eulers Generalization a F(n) mod n
1 Example Let a 3 and n 7. Then x 35 mod
7, which we saw earlier is 5. This checks,
because 3 5 mod 7 1.

14
Some Basics for Crypto Algoritms

Exponentiation Ciphers (Pohlig-Hellman and RSA
Schemes) C Me mod n --- (1) M
Cd mod n --- (2) C
fastexp(M,e,n) M fastexp(C,d,n) MF(n) mod n
1 -? Fermats Theorem If e and d satisfy the
relation ed mod F(n) 1, then Eq. (1) is the
inverse of Eq. (2).

15
Some Basics for Crypto Algoritms

Exponentiation Ciphers (Pohlig-Hellman and RSA
Schemes) Theorem Given e and d satisfying Eq.
(2.4) and a message M ( 0,n-1 such that
gcd(M,n) 1, (Me mod n)d mod n M Proof
Refer Dennings Book Pohlig-Hellman Scheme
Example Let p 11, whence F(p) p 1 10.
Choose d7 and compute e inv(7,10) 3. Suppose
M5. Then M is enciphered as C Me mod p 53
mod 11 4. Similarly, C is deciphered as M
Cd mod p 47 mod 11 5.

16
Some Basics for Crypto Algoritms

Rivest-Shamir-Adleman (RSA) Scheme Example
npq. Thus F(n) (p 1)(q-1) Example Let p
5 and q7, whence nqp 35 and F(n) (5-1)(7-1)
24. Pick d 11. Then einv(11,24) 11(in
fact, e and d will always be the same for p5 and
q7). Suppose M2. Then C Me mod n 211 mod
35 2048 mod 35 18, and Cd mod n 1811 mod
35 2 M.

17
Certificate Authority and Digital Certificate

• Certificate Authority (CA)
• To Certify that somebodys public key is
  certainly his one.
• Certificate Authority certify somebodys public
  key by encrypting it with his own private key.
• Digital Certificate
• Public key encrypted by CAs private key
• In CA, after making digital certificate, encrypt
  the original plain text (1), digital signature
  (2), and his own digital certificate (3) with
  random private key (4), and then encrypt this
  private key by receivers public key. Finally
  send these two encrypted data to the receiver.

18
Electronic Payment System
19
Classification of E-Payment System
20
Secure Electronic Transaction (SET) Protocol
Hierarchy of Trust Based on X.509
21
X.509 Certificate

• Element of Certificate
• Version
• Serial Number
• Algorithm Identifier
• Issuer CA issued
• Period of Validity
• Subject
• Public-Key Information Algorithm, Param., Key
• Signature Encrypted by CAs Private Key

22
X.509 Certificate

• Certificate Authority
• Public CA Built by Government
• Private CA Build by Private
• Why Digital Signature
• To Verify the ID of Partners
• To Verify the Change of Business Transaction
• To Verify the Proof of Transaction Activities
• Application Area
• Internet Banking
• Electronic Contract
• Cyber Stock
• e-Business
• e-Government
• e-Tax
• e-Procurement, e-Education

23
Public Certificate Authority

• U.S.A
• Verisign.com
• SecureNet.com
• GlobalSign.com
• CertiSign.com
• Japan
• shakaihokenroumushi.jp (Association)
• gpki.go.jp (Government)
• soumu.go.jp (Soumusyou)
• meti.go.jp (Keizai Sangyousyou)
• Korea
• Kisa.or.kr Root, Manage CAs
• signgate.com
• Yessign.or.kr
• Corsscert.com
• Sign.nca.or.kr
• Tradesign.net

24
Concept of Digital Signature
Kv
Plain Document
Electronic Signature
Encrypt
Public Key D-Signature Creation Key Private Key
D-Signature Verification Key
Plain Document
Certificate

Transmit
Ku
25
Verification Digital Signature
O.K
Certificate
C.A
Ku
Ku
Decrypted Document
Effective
Electronic Signature
Decrypt

Compare
!
Plain Document
Plain Document
Not Effective
26
Secure Electronic Transaction (SET) Protocol
SET Encryption Overview
Suggested By VISA and MasterCard Co. Credit Card
Based
27
Secure Electronic Transaction (SET) Protocol
28
(No Transcript)
29
Secure Electronic Transaction (SET) Protocol
Card Holder Registration
30
Secure Electronic Transaction (SET) Protocol
Cardholder receives response and requests
registration form
31
Secure Electronic Transaction (SET) Protocol
Merchant Registration
32
Secure Electronic Transaction (SET) Protocol
Merchant receives registration form and requests
certificates
33
Secure Electronic Transaction (SET) Protocol
Purchase Request
34
Secure Electronic Transaction (SET) Protocol
Cardholder receives response and sends request
35
Secure Electronic Transaction (SET) Protocol
Merchant processes request message
36
Secure Electronic Transaction (SET) Protocol
Payment Authorization
37
Secure Electronic Transaction (SET) Protocol
Payment Gateway processes authorization request
38
Secure Electronic Transaction (SET) Protocol
Payment Capture
39
Secure Electronic Transaction (SET) Protocol
Payment Gateway processes capture request