Digital Signature

Yuan Xue

@Yuan Xue (yuan.xue@vanderbilt.edu)

CS 285: Network Security

Fall 2008

Hash function
Hash function H


h = H(M)
 M is a message of variable length  h is a fixed-length hash value

H satisfies the following properties:

  

One-way property Weak collision resistance Strong collision resistance MD5 SHA family (e.g. SHA-1, SHA-2) Standalone With encryption algorithms
 Message Authentication  Digital Signature

Widely used hash functions

 

Usage
 

@Yuan Xue (yuan.xue@vanderbilt.edu)

CS 285 Network Security

Fall 2008

Hash Function Usage

Used Alone
  

File integrity verification Public key fingerprint Passwd storage Message Authentication
 HMAC

Combined with encryption functions



Digital Signature

@Yuan Xue (yuan.xue@vanderbilt.edu)

CS 285 Network Security

Fall 2008

Confidentiality and authentication

Authentication

Authentication, digital signature

@Yuan Xue (yuan.xue@vanderbilt.edu) CS 285 Network Security Fall 2008

Authentication, digital signature, confidentiality

Authentication (no encryption needed!)

Authentication, confidentiality
@Yuan Xue (yuan.xue@vanderbilt.edu) CS 285 Network Security Fall 2008

HMAC
Hash function works with a symmetric key to provide message authentication Two methods

MAC
(1) MAC = E [K, H(M)]

(2) MAC = H [M||S]

@Yuan Xue (yuan.xue@vanderbilt.edu)

Idea for HMAC

Fall 2008

CS 285 Network Security

HMAC Structure
36 in hex repeated

K+ = K padded with 0 on the left (b bits in total) ipad = 00110110 repeated b/8 times opad = 01011100 repeated b/8 times
5C in hex repeated

HMAC(K,M) = H[(K+opad)||H[(K+ipad)||M]]

@Yuan Xue (yuan.xue@vanderbilt.edu)

CS 285 Network Security

Fall 2008

Digital Signature Overview

Message Authentication Code Digital Signature


Message authentication + non-repudiation

@Yuan Xue (yuan.xue@vanderbilt.edu)

CS 285 Network Security

Fall 2008

Digital Signature
Two approaches


Encryption of hash value via private key provides digital signature Any asymmetric encryption algorithm could be used
 E.g. RSA

Many asymmetric encryption algorithms have export restriction DSA (digital signature algorithm)-based approach
Fall 2008

@Yuan Xue (yuan.xue@vanderbilt.edu)

CS 285 Network Security

Digital Signature Algorithm

Digital Signature Algorithm
  

Algorithm
 

An asymmetric key algorithm Can not be used for encryption Can ONLY be used for digital signature

Based on discrete log operation Global variables

 p, q, g  Private key x  Public key y = gx mod p

User per-msg secret num k

@Yuan Xue (yuan.xue@vanderbilt.edu)

CS 285 Network Security

Fall 2008

Key Exchange Algorithm

Distribution of Secret Key using Public Key Algorithm
  

Simple distribution With Authentication Diffie-Hellman

@Yuan Xue (yuan.xue@vanderbilt.edu)

CS 285 Network Security

Fall 2008

Diffie-Hellman Key Exchange

a is a primitive root of prime number p then a mod p, a2 mod p, , ap-1 mod p are distinct and consist of the integers from 1 through p-1 For any b and a primitive root a of p, unique exponent I can be found such that b = ai mod p (0<=i <= p-1)

@Yuan Xue (yuan.xue@vanderbilt.edu)

CS 285 Network Security

Fall 2008

Public-Key Algorithm Summary

Encryption/ Decryption Y N N Digital Signature Y N Y Key Exchange Y Y N

RSA DiffieHellman DSS

@Yuan Xue (yuan.xue@vanderbilt.edu)

CS 285 Network Security

Fall 2008

MAC and DS Summary

Message Authentication Code
 

CBC-based Hash-based
 Encrypt the hash code  Hash the message + key

Symmetric Key Encryption

HMAC

Digital Signature
 

Encrypt the hash code Digital signature standard

CS 285 Network Security

Asymmetric Key Encryption

@Yuan Xue (yuan.xue@vanderbilt.edu)

Fall 2008

Comparison
Computation efficiency


Hash > symmetric encryption > asymmetric encryption CBC-based Hash-based

 Encrypt the hash code  Hash the message + key

Message Authentication Code

 

faster

HMAC Encrypt the hash code Digital signature standard

CS 285 Network Security Fall 2008

Digital Signature
 

@Yuan Xue (yuan.xue@vanderbilt.edu)