Lecture 33 Computer Security - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

Lecture 33 Computer Security

Description:

Understand DSA for Java Signature Verification. Understand SHA-1 enough to use in DSA ... Though, somewhat expensive signature generation ... – PowerPoint PPT presentation

Number of Views:58
Avg rating:3.0/5.0
Slides: 20
Provided by: csUa
Category:

less

Transcript and Presenter's Notes

Title: Lecture 33 Computer Security


1
Lecture 33Computer Security
  • Phillip G. Bradford
  • Computer Science Department
  • The University of Alabama

2
Outline
  • DSA Signatures
  • SHA for DSA
  • All For Java Libraries
  • A Diversion
  • The BiBa Wireless Authentication Protocol
  • Originally by Perrig

3
Objectives
  • Understand DSA for Java Signature Verification
  • Understand SHA-1 enough to use in DSA
  • Understand the workings and construction of BiBa

4
SHA Secure Hash Algorithm
  • NIST
  • Used in DSA, etc.
  • Inputs a message of length lt 264 bits
  • Outputs 160 bit message digest

5
DSA The Very Basics
  • Make the input a multiple of 512 bits
  • Append a one followed by up to 511 -64 zeros
  • Last 64 bits put in the length of the message
    before the appending started
  • Sequentially processes 512 bit chunks
  • The Rounds of SHA

6
DSA
  • NIST proposed for
  • DSS (Digital Signature Standard)
  • DSA Algorithm that implements DSS
  • Key factors considered
  • Level of security
  • Ease of implementation
  • Hardware and Software
  • Ease of US export
  • Patent restrictions

7
DSA
  • Royalty Free!
  • Economic Benefit to Government and Public
  • Even for Smart Cards
  • Signing by weak smart cards
  • Verification by stronger machine

8
DSA
  • Controversy over DSA
  • What alternatives?
  • Just how fast is DSA?
  • Same signature generation speed as RSA
  • Signature Verification Speed much slower than RSA
  • 10 to 40 Times Slower

9
DSA How Does It Work?
  • Variant of Schnorr and ElGamal Algorithms
  • Start with a prime p of L bits
  • L 1024 gt L gt 512
  • And L is a multiple of 64
  • Let q be a 160-bit prime factor of p-1

10
DSA How Does It Work?
  • Let g h(p-1)/q mod p where h is s.t.
  • h p-1 gt h and
  • h(p-1)/q mod p gt 1
  • Let x lt q and
  • y gx mod p
  • Public parameters p, q and g
  • Public key y
  • Private key x

11
DSA How Does It Work?
  • Alice randomly generates k lt q
  • Alive computes
  • R (gk mod p) mod q
  • S (k-1 (H(m) xr)) mod q
  • Send ltR,Sgt as a Signature to Bob

12
DSA How Does It Work?
  • Bobs verification
  • W s-1 mod q
  • U1 (H(m)w) mod q
  • U2 (rw) mod q
  • V ((gu1 yu2) mod p) mod q
  • If V R, then Verified !

13
DSA Setting the StageWhy it Works?
  • Fermats Little Theorem
  • If pgt1 is prime, take an integer a s.t. p does
    not divide a, then
  • ap-1 1 mod p
  • Proof Foundation
  • Zp, is the same as
  • a mod p, 2a mod p, , (p-1)a mod p
  • For any a in Zp

14
Fermats Little Theorem
  • Why?
  • Suppose ia mod p ja mod p for i ! j
  • Since each element in Zp has a unique inverse
  • This means ij mod p, and since i and j in Zp,
    this is impossible!
  • This means
  • (p-1)!ap-1 (p-1)! Mod p
  • So, ap-1 1 Mod p

15
Introduction to BiBa
  • By A. Perrig
  • Short for Bins and Balls
  • Offers fast signature verification
  • Different from DSA!
  • Though, somewhat expensive signature generation
  • Why is inexpensive signature verification
    important?

16
Introduction to BiBa
  • Basic Idea
  • Using the Balls-in-Bins Problem or Birthday
    Problem to our advantage!
  • Where did we see the Birthday Attack?
  • Start with a well known one-way function F
  • Choose a set of Balls B1, , Bt private key
  • Say each is represented by an integer
  • The value t may be somewhat small
  • c1 F(B1), , ct F(Bt) public key

17
BiBa Signature Generating
  • Given a message m
  • Let h H(m)
  • The function h chooses another function gh Balls
    ? Bins
  • Then select a secret random subset
  • Bi1,,Bik, where k lt t
  • And i1, , ik subset of 1, ,t
  • Post the pattern gh(Bi1), , gh(Bik)

18
BiBa Signature Verification
  • Verify distinctness of Bi1,,Bik
  • Use public key c1, , ct
  • Verify F(Bi1), , F(Bik) subset of c1, , ct
  • Let h H(m) same H as in sig. generation
  • Verify the pattern gh(Bi1), , gh(Bik)

19
BiBa Brief Overview
  • So, how cheap is signature verification?
  • How expensive is signature generation?
Write a Comment
User Comments (0)
About PowerShow.com