Académique Documents
Professionnel Documents
Culture Documents
Digital Signatures
have looked at message authentication
but does not address issues of lack of trust
Mary may forge a message and claim it came
from John
John can deny sending a meesage
additional capabilities
Digital Signature
must depend on the message being signed
Properties
message
signature in storage
Arbitrated Digital
Signatures
involves use of arbiter A
validates any signed message
then dated and sent to recipient
public-key algorithms
arbiter may or may not see message
Authentication Protocols
used to convince parties of each others
Replay Attacks
where a valid signed message is copied and
later resent
simple replay
repetition that can be logged
repetition that cannot be detected
backward replay without modification
countermeasures include
use of sequence numbers (generally impractical)
timestamps (needs synchronized clocks)
challenge/response (using unique nonce)
8
Using Symmetric
Encryption
as discussed previously can use a two-level
hierarchy of keys
usually with a trusted Key Distribution Center
(KDC)
each party shares own master key with KDC
KDC generates session keys used for
Needham-Schroeder
Protocol
original third-party key distribution protocol
for session between A B mediated by KDC
1. AKDC: IDA || IDB || N1
2. KDCA: EKa[Ks || IDB || N1 || EKb[Ks||IDA] ]
3. AB: EKb[Ks||IDA]
4. BA: EKs[N2]
5. AB: EKs[f(N2)]
10
3. AB: E(Kb,[Ks||IDA || T ])
4. BA: E(Ks, N1)
5. AB: E(Ks,[f(N1)]
11
Modified version
12
Improved
version
1. AB: ID || Na
A
13
14
||T])
15
16
2. KDC A: E(PRauth,[IDB||PUb])
3. AB: E(PUb, [Na||IDA])
4. BKDC: IDA || IDB || E(PUauth, Na)
5. KDC B: E(PRauth,[IDA||PUa]) ||E(PUb, E(PRauth,
[Na ||Ks ||IDB||IDA] Nb))
6. BA: E(PUa, E(PRauth, [Na ||Ks ||IDB IDA|| ||Nb])
7. AB: E(Ks, Nb)
17
One-Way Authentication
required when sender & receiver are not in
18
Using Symmetric
Encryption
can refine use of KDC but cant have final
exchange of nonces:
19
Public-Key
Approaches
have seen some public-key approaches
if confidentiality is major concern, can use:
AB: E(Pua,Ks] || E(Ks,M]
has encrypted session key, encrypted message
More efficient than simply encrypting with Bs
public key
discrete logarithms
creates a 320 bit signature, but with 512-1024
bit security
Computationally efficient
21
Digital Signature
Algorithm (DSA)
22
24
DSA Signature
Verification
having received M & signature (r,s)
to verify a signature, recipient computes:
w = s-1(mod q)
u1= (H(M).w)(mod q)
u2= (r.w)(mod q)
v = (gu1.yu2(mod p)) (mod q)
if v=r then signature is verified
see book web site for details of proof why
25
Summary
have considered:
authentication protocols (mutual & one-way)
digital signature standard
26