9 views

Uploaded by Ilaiyaveni Iyandurai

- ch13
- How to Leak on Key Updates
- Digital Signature
- Chanr Suggested Answers - 2006 Bar Examinations in Labor Law
- Aces
- CYBER FINAL.txt
- [IJCT-V3I1P3]
- ENCHANCED PRIVACY PRESERVING FOR PUBLIC AUDITING WITH SHARED DATA IN THE CLOUD
- 02. Cryptosec Rkl
- 1354-1496-1-SM.pdf
- 5579585557-5340796102018-07-15-18-36-27-487
- ppt_09_ge
- Comp Seutrity
- cs06_votinbox
- Risk Management on the Internet
- Physiological Value Based Privacy Preservation of Patient's Data Using Elliptic Curve Cryptography
- Cryptography Presentation
- Tbw Ad-pki Guide Us Mj
- fdac ppt
- 1 Seminario Alex 2012

You are on page 1of 39

To guard against the baneful influence exerted by strangers is therefore an elementary dictate of savage prudence. Hence before strangers are allowed to enter a district, or at least before they are permitted to mingle freely with the inhabitants, certain ceremonies are often performed by the natives of the country for the purpose of disarming the strangers of their magical powers, or of disinfecting, so to speak, the tainted atmosphere by which they are supposed to be surrounded. The Golden Bough, Sir James George ra!er

Digital Signatures

have looked at

message authentication

but does not address issues of lack of trust verify author, date & time of signature authenticate message contents be verified by third parties to resolve disputes

Alice can deny sending a message to !ob since !ob can also produce A"s for different messages#

!ob can produce a A" for another message $ and can claim that it came from Alice#

!ob

Key Generation

!ob$s

PublicKey

Alice

PrivateKey

*oldwaser, icali and +ivest in %,-- identified several attack scenarios on digital signature schemes

.ey/only attack:

0 Attacker knows only the public key

0 Attacker is given access to a set of messages and their signatures

0 Attacker chooses a list of messages before attempting to break the signature, independent of the particular public key# 1hen he obtains valid signatures for those messages#

0 Similar as generic, but the messages are chosen after knowing a particular public key#

0 Attacker and signer are playing interactive game, where attacker asks for signing different messages, and his 2ueries depend on the knowledge he obtained from previous 2ueries#

*oldwaser, icali and +ivest also defined success of breaking a signature scheme

1otal break:

0 Attacker finds the signer$s private key

3niversal forgery:

0 Attacker finds an efficient signing algorithm that provides an e2uivalent way of constructing signatures on arbitrary messages#

Selective forgery:

0 Attacker forges a signature for a particular message chosen by him#

E4istential forgery:

0 Attacker can forge a signature for at least one message# 5owever he does not have control over the message 6so can not harm much the signer7#

must depend on the message signed must use information uni2ue to sender

must be relatively easy to produce must be relatively easy to recogni8e & verify be computationally infeasible to forge

with new message for e4isting digital signature with fraudulent digital signature for given message

involve only sender & receiver assumed receiver has sender$s public/key digital signature made by sender signing

entire message or hash with private/key can encrypt using receivers public/key important that sign first then encrypt message & signature security depends on sender$s private/key

involves use of arbiter A

re2uires suitable level of trust in arbiter can be implemented with either private or

have a range of approaches based on the

use of public/key encryption need to ensure have correct public keys for other parties using a central Authentication Server 6AS7 various protocols e4ist using timestamps or nonces

)u'lic*+ey "pproaches

have seen some public/key approaches if confidentiality is ma9or concern, can use:

A/:!:

.ey generation

)rime number 2, and generator Generate a random integer XA such that 1<XA<q-1 Compute YA=

X A

Signing a message

)roduce a hash m?56 7 "hose a random integer . such that %&' &q-1 and gcd#'$ q-1% = 1 Compute (1= ' mod 2 Compute '-1 mod 62/%7 Compute ()= '-16m / XA (17 mod 62/%7 1he signature is #(1, ()%

@erification of the signed message

#(1, ()%

)roduce a hash m?56 7 Compute *1= m mod 2 Compute *)= #YA% (1 6(17 () mod 2 >f *1 ?? *) return +,-.$ e"se return /A0(.

3S *ovt approved signature scheme designed by A>S1 & ASA in early ,BCs published as F>)S/%-D in %,,% revised in %,,&, %,,D & then 'BBB uses the S5A hash algorithm (SS is the standard, (SA is the algorithm F>)S %-D/' 6'BBB7 includes alternative +SA & elliptic curve signature variants

creates a &'B bit signature with E%'/'BF- bit security smaller and faster than +SA a digital signature scheme only security depends on difficulty of computing

0 where G? E%' to 'BF- bits and is a multiple of DF 0 and 2 is a prime factor of (p-1)

choose g = h(p-1)/q

0 where h<p-1, h(p-1)/q (mod p) > 1

to sign a message

M the sender:

generates a random signature key k, k<q nb# k must be random, be destroyed after use, and never be reused

sends signature

having received

w = u1= u2= v = s-1(mod q) (H(M).w)(mod q) (r.w)(mod q) (gu1.yu2(mod p)) (mod q)

if v=r then signature is verified see book web site for details of proof why

#this is not in the te0t'ook$

a# b# c# d# e# f# g# h# i# 9# k# l#

Security level parameter of the signature scheme, key generation speed, signing and verification speed the speed of the used hash function si8e of the private key si8e of the public key, si8e of the produced signatures, the underlying mathematical problem on which the scheme is based 1he period of stability of the scheme since its last tweak or update, patent issues connected with the scheme, )art of any standard "ertified software libraries and availability of open source libraries#

#this is not in the te0t'ook$

a#

#this is not in the te0t'ook$

b#

0>n most use case scenarios we need the generated publicIprivate keys to be valid for a certain period which is much longer than the period spent on key generation# 0From that point of view, the key generation speed, although an important attribute in the digital signatures metric, has not so big weight as a crucial operational attribute# 0Jn the other hand, the key exposure problem produces case scenarios where we need to generate 9ust short lived publicIprivate pairs# 0>f the user plan to employ the public key cryptography in such cases, then the key generation speed should be given a higher weight# 0(ifferent algorithms and techni2ues for faster generation of provable or probable prime numbers, and other parameters for the standardi8ed digital signatures schemes#

#this is not in the te0t'ook$

b#

#this is not in the te0t'ook$

c#

1he efficiency of digital signature schemes is mostly perceived via the signing and the verification speed# )oor performances compared with symmetric encryption techni2ues# Which signature scheme to use should be taken depending of what kind of signature processes will be performed in the system# >f the process is such that the company server receives a lot of signed transactions from individual clients and have to verify every signature, +SA signatures with small public e4ponent should be chosen# >f a company needs to send a bulk of signed invoices to hundreds of thousands 6or millions7 of users, then elliptical curve signature schemes should be chosen

#this is not in the te0t'ook$

c#

#this is not in the te0t'ook$

c#

#this is not in the te0t'ook$

c#

#this is not in the te0t'ook$

c#

#this is not in the te0t'ook$

d#

1he message hashing 6for long messages7 can have similar or even much higher computational cost then the operations of signing and verification#

#this is not in the te0t'ook$

d#

1he message hashing 6for long messages7 can have similar or even much higher computational cost then the operations of signing and verification#

#this is not in the te0t'ook$

d#

1he message hashing 6for long messages7 can have similar or even much higher computational cost then the operations of signing and verification#

#this is not in the te0t'ook$

e#

Si8e of the private key >f the private key is too big, that scheme might be not so appropriate for implementing in smart cards or +F>(s since the hardware resources are scarce in those technologies# Specifics of the signature scheme: For e4ample the si8e of the private key in +SA is of the same order as the si8e of the public key, but in all practical implementations 6like in the popular JpenSSG7 the si8e of the private key is actually - times bigger than the bit si8e of the public key 6due to the use of the "hinese +emainder 1heorem for speeding up the signature process7#

#this is not in the te0t'ook$

f#

Si8e of the public key 1radeoffs between security levels and the properties of the scheme E4ample: if we need to design a digital signature scheme that has 'ED bits of security, then choosing +SA would be totally unpractical since the public key would need %E&DB bits, and the operational speed would be low# >n such a case, a natural choice would be a signature scheme based on elliptical curves with parameters long around E%' bits#

#this is not in the te0t'ook$

g#

Si8e of the produced signatures Num'er of e4pected signed documents that the system will handle during the whole operational period 6and much far beyond that / as a legal re2uirements for archiving the signed documents7# 5ave to take into consideration the si8e of the produced signatures# For e4ample, if we model a digital signature system that will be used by %BB million bank customers, during a period of &B years, and if we assume that every customer during a period of &B years will produce K%B,BBB signed transactions then we have to plan for the storage of trillions signed documents# >n that case, any difference in the si8e of the signatures have big implications#

#this is not in the te0t'ook$

Summary

have discussed:

digital signatures authentication protocols 6mutual & one/way7 digital signature algorithm and standard

- ch13Uploaded bySrinidhi Nidhi
- How to Leak on Key UpdatesUploaded byBernardo David
- Digital SignatureUploaded bysanamkothari91
- Chanr Suggested Answers - 2006 Bar Examinations in Labor LawUploaded byNelorene Sugue
- AcesUploaded byManeesh Anand
- CYBER FINAL.txtUploaded byAdwait Thite
- [IJCT-V3I1P3]Uploaded byIjctJournals
- ENCHANCED PRIVACY PRESERVING FOR PUBLIC AUDITING WITH SHARED DATA IN THE CLOUDUploaded byIJSTE
- 02. Cryptosec RklUploaded byRohit Singh
- 1354-1496-1-SM.pdfUploaded bysb
- 5579585557-5340796102018-07-15-18-36-27-487Uploaded byGanisius J
- ppt_09_geUploaded byHabtamu Hailemariam Asfaw
- Comp SeutrityUploaded byarchana_sree13
- cs06_votinboxUploaded byIhwan Fauzi
- Risk Management on the InternetUploaded byAlex J Church
- Physiological Value Based Privacy Preservation of Patient's Data Using Elliptic Curve CryptographyUploaded byhiijjournal
- Cryptography PresentationUploaded bydvaishnav91
- Tbw Ad-pki Guide Us MjUploaded bygchani
- fdac pptUploaded byKumar Vikramaditya
- 1 Seminario Alex 2012Uploaded byHaffoudhi Nour
- IJETTCS-2014-07-17-49Uploaded byAnonymous vQrJlEN
- Analysis of Different Privacy Preserving Cloud Storage FrameworksUploaded byAnonymous Gl4IRRjzN
- ellenwoodstranscriptUploaded byapi-353798415
- Final xamUploaded byNaresh Kumar
- 2.File Assured Detection (1)Uploaded byRanjeet Singh
- Public Key EncryptionUploaded byNancy
- PRIVACY-PRESERVING DATA AGGREGATION IN COMMUNICATION NETWORKS.Uploaded byAnonymous vQrJlEN
- EncryptionUploaded byPranav Pathak
- An Investigation of Secure and Energy Efficient Data Aggregation in Wireless Sensor NetworksUploaded byIJSTR Research Publication
- E-commUploaded byForam Chheda

- SY0-201 Exam A 400Uploaded byalfredo_garcia
- CerberusUploaded byOktet
- 24 (Autosaved).docxUploaded byHaque Nawaz Lashari
- Merritt Maxim_ David Pollino-Wireless Security-McGraw-Hill_Osborne (2002)Uploaded by10000hours
- Ccn Sp Course OutlineUploaded bysdffasdasd
- Vyatta-VPN_6.5R1_v01Uploaded bymirfanaslam
- 10.1.1.17Uploaded byJelena Okiljevic
- Blogs _ StaySafeOnline2Uploaded byBennet Kelley
- CriminologyUploaded byraypure
- ET 115 ch1-ch6 quizUploaded byhyperphack
- Hacking smartcards and RFIDUploaded byDennis Flynn
- 2018 and 2019 Android IEEE Projects ListUploaded byRaga Vendra
- 3.CryptographyUploaded bySukhamoy Jana
- Bypassing Anti-virus by Creating Remote Thread into Target Process _ Damon Mohammadbagher _ Pulse _ LinkedIn.pdfUploaded byAgus Croci
- IT Security Risk Management Lecture 3Uploaded byridwan setiawan
- Substitution Transpositioin RSA ExerciseUploaded byyapvista86
- Learning Whitehat Hacking and Penetration Testing [Repost]Uploaded bymypinklagoon8411
- NOTLOGIN_NILLRETURNUploaded byMayukh Singh
- UntitledUploaded byJignesh Kheni
- What Every Employee Should Know About Cyber Securit - David O'BerryUploaded bye.Republic
- Dual SignatureUploaded bySrikar Duddukuri
- FIPS1402IGUploaded byNohemi Arias
- IT Software Token GuideUploaded byAseem Purohit
- Ethical Hacking at EikontechUploaded byVicky Bindass
- TB SecureSphere OWASP 2013-Top-TenUploaded byDescargarse
- The Weakness of Wireless NetworksUploaded byAndysah Putra Utama Siahaan
- 98-367Uploaded bypablogarlandeira
- LogRhythm Zero Day Exploits Use CaseUploaded byjordagro
- Implementing SSLUploaded bySavas Kaplan
- US Treasury: Single SignonUploaded byTreasury