Digital signatures


Published on

Chennai November 2011 Meet

Published in: Technology, Education
  • Be the first to comment

Digital signatures

  1. 1. Digital Signatures -Kannan Ravindran
  2. 2. Who am I ? I am Kannan Ravindran, A Student of Velammal Engineering College, Ambattur undertaking Bachelor of Engineering concentration on Computer Science and Engineering. I am a member of NullCon - International security conference(Chennai Chapter). I am serving as a Moderator.
  3. 3. Contents Introduction Symmetric Key Encryption Message Digest Birthday Attack MD5, SHA and Other Techniques Conclusion
  4. 4. Introduction – What is it? Cryptography is primarily used as a tool to protect national secrets and strategies. It is extensively used by the military, the diplomatic services and the banking sector. One of the landmark developments in the history of cryptography was the introduction of the revolutionary concept of public-key. A cryptographic algorithm or cipher, is a mathematical function used in the encryption and decryption process. This mathematical function works in combination with a key to encrypt the plaintext (the original message)
  5. 5. Introduction – How it works?A cryptographic algorithm, plus all possible keys and theprotocols that make it work comprise a Cryptosystem.
  6. 6. Introduction - Objective Confidentiality is used to keep the content of information secret from unauthorized Persons This is achieved through symmetric and asymmetric encryption. Data integrity addresses the unauthorized alteration of data. This is addressed by hash functions. Authentication is related to identification. This applies to both entity and information itself. This is achieved through digital signature certificates and digital signatures.
  7. 7. Symmetric Cryptography In conventional Cryptography, also called secret-key or symmetric-key encryption , the same key is used for both encryption and decryption. Caesars Cipher: Julius Caesar didn‟t trust his messengers. So when he sent a message to his generals, he replaced every „A‟ with „D‟, every „B‟ with „E‟ and so on. Only the Caesar and the generals knew the “shift by 3” rule. So if we want to encrypt the word “NULLCON” then the cipher will be “QXOOFRQ”. While decrypting it we follow the same “shift by 3” rule, but we shift in the opposite side.
  8. 8. Message DigestThe original text: 7391743Operation ResultMultiply 7 by 3 21Discard first digit 1Multiply 1 by 9 9Multiply 9 by 1 9Multiply 9 by 7 63Discard first digit 3Multiply 3 by 4 12Discard first digit 2Multiply 2 by 3 6The Message Digest is 6
  9. 9. Message DigestRequirements: The given message should be very easy to find its corresponding message digest. Also the message digest should always be same every time.
  10. 10. Message DigestRequirements: The message digest should be in such a way that, it must be very difficult to find the original message by just the reverse algorithm
  11. 11. Birthday Attack How many people do you need so that the probability of having two of them share the same birthday is > 50% ? Random sample of n birthdays (input) taken from k (365, output) kn total number of possibilities (k)n=k(k-1)…(k-n+1) possibilities without duplicate birthday Probability of no repetition:  p = (k)n/kn  1 - n(n-1)/2k For k=366, minimum n = 23 n(n-1)/2 pairs, each pair has a probability 1/k of having the same output n(n-1)/2k > 50%  n>k1/2
  12. 12. Birthday AttackThus the birthday attack creates a problemin which more than one message can yieldthe same message digest. And thisprobability of this type of collision is morethan 50% to prevent these birthday attacksalgorithms like MD5 and SHA are used.
  13. 13. How many bits for hash? m bits, takes 2m/2 to find two with the same hash 64 bits, takes 232 messages to search (doable) Need at least 128 bits
  14. 14. Hash for authentication Alice to Bob: challenge rA Bob to Alice: MD(KAB|rA) Bob to Alice: rB Alice to Bob: MD(KAB|rB) Only need to compare MD results
  15. 15. MD5 input Message Output 128 bits Digest• Until recently the most widely used hash algorithm – in recent times have both brute-force & cryptanalytic concerns• Specified as Internet standard RFC1321
  16. 16. MD51. Pad message so its length is 448 mod 5122. Append a 64-bit original length value to message3. Initialise 4-word (128-bit) MD buffer (A,B,C,D) Process message in 16-word (512-bit) blocks:  Using 4 rounds of 16 bit operations on message block & buffer  Add output to buffer input to form new buffer value4. Output hash value is the final buffer value
  17. 17. SHA Developed by NIST, specified in the Secure Hash Standard (SHS, FIPS Pub 180), 1993 SHA is specified as the hash algorithm in the Digital Signature Standard (DSS), NIST
  18. 18. SHA Input message must be < 264 bits  not really a problem Message is processed in 512-bit blocks sequentially Message digest is 160 bits SHA design is similar to MD5, but a lot stronger
  19. 19. MD5 Vs SHA Brute force attack is harder (160 vs 128 bits for MD5) Not vulnerable to any known cryptanalytic attacks (compared to MD4/5) A little slower than MD5 (80 vs 64 steps)  Both work well on a 32-bit architecture Both designed as simple and compact for implementation
  20. 20. Revised Secure Hash Standards NIST have issued a revision FIPS 180-2 adds 3 additional hash algorithms SHA-256, SHA-384, SHA-512 designed for compatibility with increased security provided by the AES cipher structure & detail is similar to SHA-1 hence analysis should be similar
  21. 21. Conclusion Thus different concepts of Digital signatures are discussed and a overview of the various algorithms used are discussed
  22. 22. Questions??