- 84 Views
- Uploaded on
- Presentation posted in: General

Digital Signatures

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Digital Signatures

Digital Signatures are used to “Sign” messages to validate the source and integrity of the contents.

AC10F1AB38

- Simply taking a digital picture of a written signature does not provide adequate security.
- Such a digitized written signature could easily be copied from one electronic document to another with no way to determine whether it is legitimate.
- Electronic signatures, on the other hand, are unique to the message being signed and will not verify if they are copied to another document.

- Digital signatures are used just like handwritten signatures.
- When you add them to a document, you are "signing" that document as a way of endorsing or agreeing with what the document says.
- Unlike handwritten signatures, digital signatures are used only with computers. They are electronic signatures that can be used to sign electronic documents, like word processing files or spreadsheets.

- A digital signature is a kind of ID. You can use it on the Internet to identify yourself in a secure manner. This is extremely useful in areas such as electronic commerce. For instance, when making a credit card purchase on the Internet, you can use your digital signature to "sign" that purchase. This helps to ensure that only you can make purchases with your credit card number.

- The signature must be a bit pattern that depends on the message being signed
- The signature must use some information unique to the sender, to prevent both forgery and denial.
- It must be relatively easy to produce digital signature.
- It must be relatively easy to recognize and verify the digital signature.
- It must be computationally infeasible to forge a digital signature, either by constructing a new message for an existing digital signature or by constructing a fraudulent digital signature for a given message.
- It must be practical to retain a copy of the digital signature in storage.

- Very briefly, a typical digital signature works like this:
- A signature in the form of a code is generated by applying an algorithm, such as RSA, and the sender's private key to some or all of the message contents.
- The recipient verifies the signature by decrypting it using the sender's public key.

- Message authentication is playing an important role in a variety of applications, especially those related to the Internet protocols and network management, where undetected manipulation of messages can have disastrous effects.

- There is no shortage of good message authentication codes, beginning with DES-MAC, as defined in FIPS PUB 113.
- Conventional (symmetric) encryption could be used for digital signatures - DESMAC specified by FIPS
- However, message authentication codes based on encryption functions such as DES, which were designed for hardware implementation, may be somewhat limited in performance for soft-ware, and there is also the question of U.S. export restrictions on encryption functions.

- When secret key cryptography is used, a message authentication code (MAC) is calculated from and appended to the data.
- To verify that the data has not been modified at a later time, any party with access to the correct secret key can recalculate the MAC. The new MAC is compared with the original MAC, and if they are identical, the verifier has confidence that the data has not been modified by an unauthorized party.
- FIPS 113, Computer Data Authentication, specifies a standard technique for calculating a MAC for integrity verification.

- Inefficiency in encrypting the entire message
- Use a one-way hash function to create a fixed size finger print of the variable sized message.

- H can be applied to a block of data of any size.
- H produces a fixed length output
- H(x) is relatively easy to compute, making hw/sw implementations practical
- For any given code m it is computationally infeasible to find x such that H(x)=m
- For any given block x, it is computationally infeasible to find y not= x with H(x)=H(y)

- If two parties share a secret key, and one party receives data with a MAC that is correctly verified using the shared key, that party may assume that the other party signed the data.
- This assumes, however, that the two parties trust each other. Thus, through the use of a MAC, in addition to data integrity, a form of electronic signature is obtained.
- Using additional controls, such as key notarization and key attributes, it is possible to provide an electronic signature even if the two parties do not trust each other.

- Goal - guarantee that message must have originated with certain entity
- Idea - encrypt with private key, decrypt with public key
- Only owner of the private key could have generated original message

- Can combine techniques - signed by private A, encrypt by public B
- A forms: X = encrypt(PUBB, encrypt(PRVA, M))
- B extracts: M = decrypt(PUBA, decrypt(PRVB, X))

- Digital signatures use asymmetric encryption to provide assurance of authentication of the origin of a message and, sometimes, the integrity of its contents.
- They can also prevent repudiation (denial) as they can be used to prove, that providing the private key has not been disclosed, the signature is that of the sender.

- Another type of electronic signature called a digital signature is implemented using public key cryptography.
- Data is electronically signed by applying the originator's private key to the data.
- To increase the speed of the process, the private key is applied to a shorter form of the data, called a "hash" or "message digest," rather than to the entire set of data.
- The resulting digital signature can be stored or transmitted along with the data.

- The signature can be verified by any party using the public key of the signer.
- This feature is very useful, for example, when distributing signed copies of virus-free software. Any recipient can verify that the program remains virus-free.
- If the signature verifies properly, then the verifier has confidence that the data was not modified after being signed and that the owner of the public key was the signer.

- Joe runs a one-way hash function to create a fixed length message digest from the message to be sent
- Joe encrypts the message digest with his private key to create a digital signature.
- Joe sends the signature and the message to Alice
- Alice decrypts the signature with Joe’s public key to reveal the message digest
- Alice then applies the same one-way function to the message she received from Joe to produce a message digest
- Alice compares the message digest she created with the message digest sent by Joe. If they compare the integrity of the messages is verified.

- Public key cryptography verifies integrity by using of public key signatures and secure hashes.
- A secure hash algorithm is used to create a message digest. The message digest, called a hash, is a short form of the message that changes if the message is modified.
- The hash is then signed with a private key. Anyone can recalculate the hash and use the corresponding public key to verify the integrity of the message.

- Digital Signatures are a central component of modern cryptographic systems.
- In analogy to handwritten signatures on paper documents digital signatures are used to guarantee the authenticity of electronic documents.
- Thus they play an important role for example in secure and reliable systems for electronic commerce.

- A hash function H is a transformation that takes an input m and returns a fixed-size string, which is called the hash value h (that is, h = H(m)).
- Hash functions with just this property have a variety of general computational uses, but when employed in cryptography, the hash functions are usually chosen to have some additional properties.

- The basic requirements for a cryptographic hash function are as follows.
- The input can be of any length.
- The output has a fixed length.
- H(x) is relatively easy to compute for any given x.
- H(x) is one-way.
- H(x) is collision-free.

- A hash function H is said to be one-way if it is hard to invert, where ``hard to invert'' means that given a hash value h, it is computationally infeasible to find some input x such that H(x) = h.

- If, given a message x, it is computationally infeasible to find a message y not equal to x such that H(x) = H(y), then H is said to be a weakly collision-free hash function.
- A strongly collision-free hash function H is one for which it is computationally infeasible to find any two messages x and y such that H(x) = H(y).

- The hash value represents concisely the longer message or document from which it was computed; this value is called the message digest.
- One can think of a message digest as a “digital fingerprint” of the larger document.
- Examples of well known hash functions are MD2 and MD5 and SHA

- Damgard and Merkle greatly influenced cryptographic hash function design by defining a hash function in terms of what is called a compression function.
- A compression function takes a fixed-length input and returns a shorter, fixed-length output. Given a compression function, a hash function can be defined by repeated applications of the compression function until the entire message has been processed.

- In this process, a message of arbitrary length is broken into blocks whose length depends on the compression function, and “padded” (for security reasons) so the size of the message is a multiple of the block size. The blocks are then processed sequentially, taking as input the result of the hash so far and the current message block, with the final output being the hash value for the message.

- To digitally sign a document, you must first get something called a digital certificate. This certificate is a lot like a rubber stamp -- you can use it to "stamp" your signature onto things. When you do this, the signature is stored with the document. People who receive the document can then look at the signature to make sure that it is really yours.

- Digital certificates come in two parts: a private key and a public key.
- The private key is the part that you use to stamp documents. The public key is more like a decoder ring -- you use it to decode the signature and make sure the document hasn't been tampered with. If the document has been tampered with, the signature won't decode properly and will "break." This means that if the signature is broken, the document has probably been tampered with and shouldn't be trusted.

- Digital signatures contain a special number. This number is generated by a complex mathematical formula when you sign a document. When the digital signature is added to a document, the document is passed to the formula. The formula examines the document and generates a number. This number is then saved as part of the digital signature.

- When somebody uses your public key to decode your signature, the same process occurs. The document is again passed to the formula, and the formula returns a number. The returned number is then compared to the number stored in the signature. If the numbers are the same, then the document hasn't been tampered with, and the signature is good. If the numbers are different, then something in the document has changed, and the signature will break.
- This means that once a document is signed, it can't be changed without breaking the signature.

- Even if the signature isn't broken, you might be concerned that somebody has falsified a signature. For example, if your friend Bob managed to create his own digital certificate with your name on it, he could send documents with your signature on them. In effect, Bob would be forging your signature.

- To make sure that a signature is authentic, you can check who issued or created the certificate. Each certificate is issued by what is called a certificate authority (CA). Certificate authorities can be anyone, from the government to your next door neighbor. Whenever you view a digital signature, you can see who the certificate authority was that issued the original certificate. You then have to decide for yourself whether you can trust that certificate authority.

- For example, if you looked at a signature and saw that the certificate authority was the State of California, you would probably want to trust that signature. The State of California would have rigorous guidelines for issuing digital certificates. However, if the certificate authority was "Wild Bill", you might have second thoughts -- who knows what criteria Wild Bill might use?

- Since digital certificates are stored on your desktop computer, the only other way for somebody to "forge" your signature is for them to get access to your computer. However, digital certificates can also be password protected, in order to prevent this from happening.

- Electronic commerce is also turning to digital signatures. "Smart cards," which are much like credit cards, can be used to store your digital certificate. You can then "swipe" these cards on your computer to sign things on the Internet, such as credit card purchases or bank deposits.
- Over the next year, the number of applications using digital signatures will continue to grow. It will likely become the standard for identifying yourself on the Internet.

- Two of the larger public CAs are VeriSign and Digital Signature Trust. You can visit their Web sites at:
- http://www.verisign.comhttp://www.digsigtrust.com
- If you'd like more information on digital signatures legislation, go to:
- http://www.mbc.com/ds_sum.html

- Cryptographic signatures provide extremely strong proof that a message has not been altered and was signed by a specific key. However, there are other mechanisms besides cryptographic-based electronic signatures that perform a similar function. These mechanisms provide some assurance of the origin of a message, some verification of the message's integrity, or both.

- Examination of the transmission path of a message. When messages are sent across a network, such as the Internet, the message source and the physical path of the message are recorded as a part of the message. These can be examined electronically or manually to help ascertain the origin of a message.
- Use of a value-added network provider. If two or more parties are communicating via a third party network, the network provider may be able to provide assurance that messages originate from a given source and have not been modified.
- Acknowledgement statements. The recipient of an electronic message may confirm the message's origin and contents by sending back an acknowledgement statement.
- Use of audit trails. Audit trails can track the sending of messages and their contents for later reference.

- User Certificates are generated by a CA:
- Any user with access to the public key of the CA can recover the user public key that was certified
- No party other than the certification authority can modify the certificate without this being detected

Y<<X>> = the certificate of user X issued by certification authority Y

- 1. The user’s secret key is assumed to be compromised.
- 2. The user is no longer certified by this CA.
- 3. The CA’s certificate is assumed to be compromised