PPT – DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 PowerPoint presentation

About This Presentation

Title:

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13

Description:

Title: Chapter 1 Subject: Lecture Notes, I248 Author: Matthew G. Parker Last modified by: matthew Created Date: 11/12/2000 7:32:50 PM Document presentation format – PowerPoint PPT presentation

Number of Views:126

Avg rating:3.0/5.0

Slides: 28

Provided by: MatthewG172

Category:

more less

Transcript and Presenter's Notes

Title: DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13

1
DIGITAL SIGNATURES and AUTHENTICATION
PROTOCOLS - Chapter 13

Digital Signatures
Authentication Protocols
Digital Signature Standard

2
AUTHENTICATION vs SIGNATURE
Authentication
auth A ?
B protects againstC Signature
sign
A ? B
protects againstA,C
3
SIGNATURE CHARACTERISTICS
Author
Verifiable Date Authenticate
by Time Contents
Third
Party
4
SIGNATURE TYPES

Direct
X ? Y
weakness security
of private key
Arbitrated
date
X ? A ? Y

5
ARBITRATED DIGITALSIGNATURE TECHNIQUES
6
Table 13.1 Scheme (a) Arbiter Sees
Message
Conventional Encryption After X
? A ? Y Dispute between X and Y Y
? A EKayIDxMEKaxIDxH(M)
7
Table 13.1 Scheme (b)Arbiter Does Not See
Message
Conventional Encryption Arbiter
neither can read
message Eavesdropper
8
Table 13.1 Scheme (c)Arbiter Does Not See
Message
Public-Key (double) Encryption advantages
1. No information shared before communication
2. if KRx compromised
date is still correct 3. message secret
from Arbiter and Eavesdropper
9
REPLAY ATTACKS
Simple Replay X ?m
E ?m
Logged
Replay X ?mT0
t E ?mT0
(lt T0 later) i

m Undetected ReplayX ?m
e E ?m ?
Backward Replay X ?m
X ?m E
10
TIMESTAMP
mT
X
Y synchronized
clocks
11
CHALLENGE/RESPONSE
Use NONCE
N X
Y mN
X
Y handshake
required
12
ATTACK ON Fig 7.9

Eavesdropper gets Old Ks
Replay Step 3
Intercept Step 4
Impersonate Step 5
Bogus Messages ? Y

13
SOLUTION TIMESTAMP

A ?IDAIDB
KDC
2. KDC ?EKA KSIDBTEKBKSIDAT
A
3. A ?EKBKSIDAT
B
4. B ?EKSN1
A
5. A ?EKSf(N1)
B

14
CLOCK ATTACKS
To counteract Suppress Replay attacks

1. Check clocks regularly
use KDC clock
2. Handshaking via Nonce
15
AN IMPROVED PROTOCOL over Fig 7.9

To counteract suppress-replay attacks
A ?IDA NA
B
B ?IDBNBEKBIDANATB
KDC
KDC
?EKAIDBNAKSTBEKBIDAKSTB
NB
A
A ?EKBIDAKSTBEKSNB
B
No clock synch.
TB only checked by B

16
AUTHENTICATION SERVER

- no secret key distribution
(public key)
A ?IDAIDB
AS
AS ?EKRASIDAKUATEKRASIDBKUBT
A
3. A ?EKRASIDAKUATEKRASIDBKUBTE
KUBEKRAKST
B
Problem Clock Synch.

17
ALTERNATIVE NONCE PROTOCOL
1. A ?IDAIDB
KDC 2. KDC
?EKRauthIDBKUB
A 3. A ?EKUBNAIDA
B 4. B
?IDBIDAEKUauthNA
KDC 5. KDC ?EKRauthIDAKUAEKUBEKRauthNA
KSIDAIDB B 6. B
?EKUAEKRauthNAKSIDAIDBNB
A 7. A ?EKSNB
B
18
ONE-WAY AUTHENTICATION

(e.g. email)
Encrypt Message
Authenticate Sender

19
SYMMETRIC-KEY (one-way auth.)

A ?IDAIDBN1
KDC
KDC ?EKAKSIDBN1EKBKSIDA A
3. A ?EKBKS,IDAEKSM
B

20
PUBLIC-KEY (one-way auth.)
Use Figs 11.1b,c, and d or A
?EKUBKSEKSM B or A
?MEKRAH(M) B
21
PUBLIC-KEY (one-way auth.)
Send As public key to B A ?MEKRAH(M)EKRA
STIDAKUA B
22
DSS USES SHA-1
Signature YES
Encryption NO
Key-Exchange NO
23
DSS USES SHA-1
24
DISCRETE LOG
p,q,g global public keys x - user
private key y - user public key k -
user per-message secret number r (gk mod p)
mod q s k-1(H(M) xr) mod q Signature
(r,s) precompute gk mod p, k-1 mod q
25
VERIFY
w (s)-1 mod q u1 H(M)w mod q u2 (r)w
mod q v (gu1.yu2) mod p mod q
where y gx mod p
v r ? y gx is one-way
x ? y YES y ? x NO
26
DIGITAL SIGNATURE ALGORITHM
27
DSS SIGNING AND VERIFYING

Write a Comment

User Comments (0)