DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 - PowerPoint PPT Presentation

About This Presentation
Title:

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13

Description:

SIGNATURE TECHNIQUES. Table 13.1: Scheme (a) Arbiter Sees Message. Conventional Encryption: ... y x NO. DIGITAL SIGNATURE ALGORITHM. DSS SIGNING AND VERIFYING ... – PowerPoint PPT presentation

Number of Views:2037
Avg rating:3.0/5.0
Slides: 28
Provided by: matthew124
Category:

less

Transcript and Presenter's Notes

Title: DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13


1
DIGITAL SIGNATURES and AUTHENTICATION
PROTOCOLS - Chapter 13
  • Digital Signatures
  • Authentication Protocols
  • Digital Signature Standard

2
AUTHENTICATION vs SIGNATURE
Authentication
auth A ?
B protects againstC Signature
sign
A ? B
protects againstA,C
3
SIGNATURE CHARACTERISTICS
Author
Verifiable Date Authenticate
by Time Contents
Third
Party
4
SIGNATURE TYPES
  • Direct
  • X ? Y
  • weakness security
    of private key
  • Arbitrated
  • date
  • X ? A ? Y

5
ARBITRATED DIGITALSIGNATURE TECHNIQUES
6
Table 13.1 Scheme (a) Arbiter Sees
Message
Conventional Encryption After X
? A ? Y Dispute between X and Y Y
? A EKayIDxMEKaxIDxH(M)
7
Table 13.1 Scheme (b)Arbiter Does Not See
Message
Conventional Encryption Arbiter
neither can read
message Eavesdropper
8
Table 13.1 Scheme (c)Arbiter Does Not See
Message
Public-Key (double) Encryption advantages
1. No information shared before communication
2. if KRx compromised
date is still correct 3. message secret
from Arbiter and Eavesdropper
9
REPLAY ATTACKS
Simple Replay X ?m
E ?m
Logged
Replay X ?mT0
t E ?mT0
(lt T0 later) i

m Undetected ReplayX ?m
e E ?m ?
Backward Replay X ?m
X ?m E
10
TIMESTAMP
mT
X
Y synchronized
clocks
11
CHALLENGE/RESPONSE
Use NONCE
N X
Y mN
X
Y handshake
required
12
ATTACK ON Fig 7.9
  • E avesdropper gets Old Ks
  • Replay Step 3
  • Intercept Step 4
  • Impersonate Step 5
  • Bogus Messages ? Y

13
SOLUTION TIMESTAMP
  • A ?IDAIDB
    KDC
  • 2. KDC ?EKA KSIDBTEKBKSIDAT
    A
  • 3. A ?EKBKSIDAT
    B
  • 4. B ?EKSN1
    A
  • 5. A ?EKSf(N1)
    B

14
CLOCK ATTACKS
To counteract Suppress Replay attacks

1. Check clocks regularly
use KDC clock
2. Handshaking via Nonce
15
AN IMPROVED PROTOCOL over Fig 7.9
  • To counteract suppress-replay attacks
  • A ?IDA NA
    B
  • B ?IDBNBEKBIDANATB
    KDC
  • KDC
  • ?EKAIDBNAKSTBEKBIDAKSTB
    NB


  • A
  • A ?EKBIDAKSTBEKSNB
    B
  • No clock synch.
  • TB only checked by B

16
AUTHENTICATION SERVER
  • - no secret key distribution
    (public key)
  • A ?IDAIDB
    AS
  • AS ?EKRASIDAKUATEKRASIDBKUBT
    A
  • 3. A ?EKRASIDAKUATEKRASIDBKUBTE
    KUBEKRAKST

  • B
  • Problem Clock Synch.

17
ALTERNATIVE NONCE PROTOCOL
1. A ?IDAIDB
KDC 2. KDC
?EKRauthIDBKUB
A 3. A ?EKUBNAIDA
B 4. B
?IDBIDAEKUauthNA
KDC 5. KDC ?EKRauthIDAKUAEKUBEKRauthNA
KSIDAIDB B 6. B
?EKUAEKRauthNAKSIDAIDBNB
A 7. A ?EKSNB
B
18
ONE-WAY AUTHENTICATION
  • (e.g. email)
  • Encrypt Message
  • Authenticate Sender

19
SYMMETRIC-KEY (one-way auth.)
  • A ?IDAIDBN1
    KDC
  • KDC ?EKAKSIDBN1EKBKSIDA A
  • 3. A ?EKBKS,IDAEKSM
    B

20
PUBLIC-KEY (one-way auth.)
Use Figs 11.1b,c, and d or A
?EKUBKSEKSM B or A
?MEKRAH(M) B
21
PUBLIC-KEY (one-way auth.)
Send As public key to B A ?MEKRAH(M)EKRA
STIDAKUA B
22
DSS USES SHA-1
Signature YES
Encryption NO
Key-Exchange NO
23
DSS USES SHA-1
24
DISCRETE LOG
p,q,g global public keys x - user
private key y - user public key k -
user per-message secret number r (gk mod p)
mod q s k-1(H(M) xr) mod q Signature
(r,s) precompute gk, k-1
25
VERIFY
w (s)-1 mod q u1 H(M)w mod q u2 (r)w
mod q v (gu1.yu2) mod p mod q
where y gx mod p
v r ? y gx is one-way
x ? y YES y ? x NO
26
DIGITAL SIGNATURE ALGORITHM
27
DSS SIGNING AND VERIFYING
Write a Comment
User Comments (0)
About PowerShow.com