SlideShare a Scribd company logo

Information and data security digital signatures

Download as PPT, PDF
M
Mazin Alwaaly

Information And Data Security Digital Signatures seminar Mustansiriya University Department of Education Computer Science

Science
1 of 27
BYBY FARAHFARAH Digital SignaturesDigital Signatures
A digital signature isA digital signature is an authentication mechanism that enables thean authentication mechanism that enables the creator of a message to attach a code that actscreator of a message to attach a code that acts as a signatureas a signature. Typically the signature is formed by taking the hash of the message and encryptingthe hash of the message and encrypting the message with the creator’s private keythe message with the creator’s private key. The signature guarantees the source and integrity of the message.  The digital signature standard (DSS) is andigital signature standard (DSS) is an NIST standard that uses the secure hashNIST standard that uses the secure hash algorithm (SHA).algorithm (SHA).
Properties Message authentication protects two partiesMessage authentication protects two parties who exchange messages from any third partwho exchange messages from any third party. However, it does not protect the two parties against each other. Several forms of dispute between the two are possible.
For example, suppose that John sends an authenticated message to Mary using one of the schemes of Figure 12.1. Consider the following disputes that could arise. 1. Mary may forge a different message and claim that it came from John. Mary would simply have to create a message and append an authentication code using the key that John and Mary share. 2. John can deny sending the message. Because it is possible for Mary to forge a message, there is no way to prove that John did in fact send the message.
In situations where there is not complete trustIn situations where there is not complete trust between sender and receiver something more thanbetween sender and receiver something more than authentication is neededauthentication is needed. The most attractivesolution to this problem is theThe most attractivesolution to this problem is the digital signature .digital signature . The digital signature must haveThe digital signature must have the following properties:the following properties: It must verify the author and the date and time of theIt must verify the author and the date and time of the signature.signature. It must authenticate the contents at the time of the signature.It must authenticate the contents at the time of the signature. It must be verifiable by third parties, to resolve disputes.It must be verifiable by third parties, to resolve disputes. Thus, the digital signature function includes theThus, the digital signature function includes the authentication functionauthentication function.
Digital Signature Model • Bob can sign a message using a digital signature generation algorithm. •The inputs to the algorithm are the message and Bob's private key. • Alice, can verify the signature using a verification algorithm, whose inputs are the message. the signature, and Bob's public key
Digital Signature Model
Attacks and ForgeriesAttacks and Forgeries Here A denotes the user whose signature is being attacked and C denotes the attacker  key-only attack : C only knows A's public key.  known message attack: C is given access to a set of messages and signatures.  generic chosen message attack: C chooses a list of messages before attempting to breaks A's signature scheme, independent of A's public key. C then obtains from A valid signatures for the chosen messages. The attack is generic because it does not depend on A's public key; the same attack is used against everyone.
 directed chosen message attack : Similar to the generic attack, except that the list of messages is chosen after C knows A's public key but before signatures are seen.  adaptive chosen message attack: C is allowed to use A as an "oracle." This means the A may request signatures of messages that depend on previously obtained message-signature pairs.
[GOLD 88] then defines success at breaking a signature scheme as an outcome in which C can do any of the following with a non-negligible probability: Total break: C determines A’s private key.  Universal forgery: C finds an efficient signing algorithm that provides an equivalent way of constructing signatures on arbitrary messages. Selective forgery: C forges a signature for a particular message chosen by C. Existential forgery: C forges a signature for at least one message. C has no control over the message. Consequently, this forgery may only be a minor nuisance to A.
Digital Signature RequirementsDigital Signature Requirements Must be a bit pattern that depend on the message being signed must use information unique to sender  to prevent both forgery and denial must be relatively easy to produce must be relatively easy to recognize & verify be computationally infeasible to forge  with new message for existing digital signature  with fraudulent digital signature for given message be practical save digital signature in storage
Direct Digital SignaturesDirect Digital Signatures Direct digital signatureDirect digital signature refers to a digital signature scheme that involves only the communicating parties (source, destination). It is assumed that the destination knows the public key of the source. Confidentiality can be provided by encrypting the entire message plus signature with a shared secret key (symmetric encryption). It is important to perform the signature function first and then an outer confidentiality function. In case of dispute, some third party must view the message and its signature
 The validity of the scheme just described depends on the security of the sender’s private key. If a sender later wishes to deny sending a particular message, the sender can claim that the private key was lost or stolen and that someone else forged his or her signature Administrative controls relating to the security of private keys can be employed to thwart or at least weaken this ploy One example is to require every signed message to include a timestamp (date and time).  Another threat is that some private key might actually be stolen from X at time T. The opponent can then send a message signed with X’s signature and stamped with a time before or equal to T.  The universally accepted technique for dealing with these threats is the use of a digital certificate and certificate authorities
ElGamal Digital SignaturesElGamal Digital Signatures The ElGamal signature schemeThe ElGamal signature scheme involves the use of the private key for encryption and the public key for decryption signature variant of ElGamal.  so uses exponentiation in a finite (Galois)so uses exponentiation in a finite (Galois)  with security based difficulty of computing discretewith security based difficulty of computing discrete logarithmslogarithms. use private key for encryption (signing) uses public key for decryption (verification) each user (eg. A) generates their key  chooses a secret key (number):chooses a secret key (number): 1 <1 < xxAA < q-1< q-1  compute their public key:compute their public key: yyAA = a= a xxAA mod qmod q
ElGamal Digital Signature Alice signs a message M to Bob by computing  the hashthe hash m = H(M)m = H(M), 0 <= m <= (q-1), 0 <= m <= (q-1)  chose random integerchose random integer KK withwith 1 <= K <= (q-1)1 <= K <= (q-1) andand gcd(K,q-1)=1gcd(K,q-1)=1  compute temporary key:compute temporary key: SS11 = a= a kk mod qmod q  computecompute KK-1-1 the inverse ofthe inverse of K mod (q-1)K mod (q-1)  compute the value:compute the value: SS22 = K= K-1-1 (m-x(m-xAASS11) mod (q-1)) mod (q-1)  signature is:signature is:(S(S11,S,S22)) any user B can verify the signature by computing  VV11 = a= a mm mod qmod q  VV22 = y= yAA SS11 SS11 SS22 mod qmod q  signature is valid ifsignature is valid if VV11 = V= V22
For example, let us start with the prime field GF(19); that is, q = 19. It has primitive roots {2, 3, 10, 13, 14, 15}.We choose Alice generates a key pair as follows: Alice computes her key:  AA chooseschooses xxAA=16=16 & computes& computes yyAA=10=10 1616 mod 19 = 4mod 19 = 4 Alice signs message with hash m=14 as (3,4):  choosing randomchoosing random K=5K=5 which haswhich has gcd(18,5)=1gcd(18,5)=1  computingcomputing SS11 = 10= 10 55 mod 19 = 3mod 19 = 3  findingfinding KK-1-1 mod (q-1) = 5mod (q-1) = 5-1-1 mod 18 = 11mod 18 = 11  computingcomputing SS22 = 11(14-16.3) mod 18 = 4= 11(14-16.3) mod 18 = 4 any user B can verify the signature by computing  VV11 = 10= 10 1414 mod 19 = 16mod 19 = 16  VV22 = 4= 433 .3.344 = 5184 = 16 mod 19= 5184 = 16 mod 19  sincesince 1616 = 16= 16 signature is validsignature is valid
Schnorr Digital SignaturesSchnorr Digital Signatures security based on discrete logarithms. minimizes message dependent computation  multiplying a 2n-bit integer with an n-bit integer main work can be done in idle time have using a prime modulus pp  p–1p–1 has a prime factorhas a prime factor qq of appropriate sizeof appropriate size  typicallytypically pp 1024-bit and1024-bit and qq 160-bit numbers160-bit numbers
Schnorr Key Setup choose suitable primeschoose suitable primes pp , q, q choosechoose aa such thatsuch that aa qq = 1 mod p= 1 mod p (a,p,q)(a,p,q) are global parameters for allare global parameters for all each user (eg. A) generates a keyeach user (eg. A) generates a key  chooses a secret key (number):chooses a secret key (number): 0 < s < q0 < s < q  compute their public key:compute their public key: v = av = a -s-s mod qmod q
Schnorr SignatureSchnorr Signature user signs message byuser signs message by choosing randomchoosing random rr withwith 0<r<q0<r<q and computingand computing x = ax = arr mod pmod p concatenate message withconcatenate message with xx and hash result to computing:and hash result to computing: ee = H(M || x)= H(M || x) computing:computing: y = (r + se) mod qy = (r + se) mod q signature is pairsignature is pair (e, y)(e, y) any other user can verify the signature asany other user can verify the signature as follows:follows: computing:computing: x' = ax' = ayy vvee mod pmod p verifying that:verifying that: e = H(M || x’)e = H(M || x’) x'= ax'= ayy vvee = a= ayy aa -se-se =a=ay–sey–se =a=arr =x(mod p)=x(mod p) Hence H(M || x’) = H(M || x)Hence H(M || x’) = H(M || x)
Digital Signature Standard (DSS)Digital Signature Standard (DSS) The National Institute of Standards and Technology (NIST) has published Federal Information Processing Standard FIPS 186, known as the Digital Signature Standard (DSS). revised in 1993, 1996 & then 2000 uses the SHA hash algorithm DSS is the standard, DSA is the algorithm FIPS 186-2 (2000) includes alternative RSA & elliptic curve signature variants DSA is digital signature only unlike RSA is a public-key technique
DSS vs RSA SignaturesDSS vs RSA Signatures
Digital Signature Algorithm (DSA)Digital Signature Algorithm (DSA) creates a 320 bit signature with 512-1024 bit security smaller and faster than RSA a digital signature scheme only security depends on difficulty of computing discrete logarithms variant of ElGamal & Schnorr schemes
DSA Key GenerationDSA Key Generation have shared global public key values (p,q,g):  choose 160-bit prime number qchoose 160-bit prime number q  choose a large prime p withchoose a large prime p with 22L-1L-1 << p < 2p < 2LL  where L= 512 to 1024 bits and is a multiple of 64  such that q is a 160 bit prime divisor of (p-1)  choosechoose g = hg = h(p-1)/q(p-1)/q  where h is an integer 1<h<p-1 and h(p-1)/q mod p > 1 users choose private & compute public key:  choose random private key:choose random private key: x<qx<q  compute public key:compute public key: y = gy = gxx mod pmod p
DSA Signature CreationDSA Signature Creation to sign a message M the sender:  generates a random signature keygenerates a random signature key k, k<qk, k<q  nb.nb. kk must be random, be destroyed after use, andmust be random, be destroyed after use, and never be reusednever be reused then computes signature pair: r = (gr = (gkk mod p)mod qmod p)mod q s = [ks = [k-1-1 (H(M)+ xr)] mod q(H(M)+ xr)] mod q  sends signaturesends signature (r,s)(r,s) with messagewith message MM
DSA Signature VerificationDSA Signature Verification having received M & signature (r,s) to verify a signature, recipient computes: w = sw = s-1-1 mod qmod q u1= [H(M)w ]mod qu1= [H(M)w ]mod q u2= (rw)mod qu2= (rw)mod q v = [(gv = [(gu1u1 yyu2u2 )mod p ]mod q)mod p ]mod q if v = rv = r then signature is verified .
DSS OverviewDSS Overview
Information and data security digital signatures

Recommended

Email security
Email securityEmail security
Email securityIndrajit Sreemany
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)Prafull Johri
 
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityCRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityJyothishmathi Institute of Technology and Science Karimnagar
 
IP Security
IP SecurityIP Security
IP SecurityKeshab Nath
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distributionRiya Choudhary
 
Network security cryptography ppt
Network security cryptography pptNetwork security cryptography ppt
Network security cryptography pptThushara92
 
2. Stream Ciphers
2. Stream Ciphers2. Stream Ciphers
2. Stream CiphersSam Bowne
 
RSA algorithm
RSA algorithmRSA algorithm
RSA algorithmArpana shree
 

Recommended

Email security
Email securityEmail security
Email securityIndrajit Sreemany
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)Prafull Johri
 
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityCRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityJyothishmathi Institute of Technology and Science Karimnagar
 
IP Security
IP SecurityIP Security
IP SecurityKeshab Nath
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distributionRiya Choudhary
 
Network security cryptography ppt
Network security cryptography pptNetwork security cryptography ppt
Network security cryptography pptThushara92
 
2. Stream Ciphers
2. Stream Ciphers2. Stream Ciphers
2. Stream CiphersSam Bowne
 
RSA algorithm
RSA algorithmRSA algorithm
RSA algorithmArpana shree
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail securityDr.Florence Dayana
 
Cipher techniques
Cipher techniquesCipher techniques
Cipher techniquesMohd Arif
 
Operating system security
Operating system securityOperating system security
Operating system securityRamesh Ogania
 
Hash Function
Hash FunctionHash Function
Hash FunctionSiddharth Srivastava
 
Elgamal &amp; schnorr digital signature scheme copy
Elgamal &amp; schnorr digital signature scheme copyElgamal &amp; schnorr digital signature scheme copy
Elgamal &amp; schnorr digital signature scheme copyNorth Cap University (NCU) Formely ITM University
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSADr.Florence Dayana
 
Digital signature
Digital signatureDigital signature
Digital signatureHossain Md Shakhawat
 
block ciphers
block ciphersblock ciphers
block ciphersAsad Ali
 
S/MIME
S/MIMES/MIME
S/MIMEmaria azam
 
Wireless network security
Wireless network securityWireless network security
Wireless network securityVishal Agarwal
 
Digital signature schemes
Digital signature schemesDigital signature schemes
Digital signature schemesravik09783
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
Key Management and Distribution
Key Management and DistributionKey Management and Distribution
Key Management and DistributionSyed Bahadur Shah
 
Email Security : PGP & SMIME
Email Security : PGP & SMIMEEmail Security : PGP & SMIME
Email Security : PGP & SMIMERohit Soni
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptkusum sharma
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Security policies
Security policiesSecurity policies
Security policiesNishant Pahad
 
Information and network security 13 playfair cipher
Information and network security 13 playfair cipherInformation and network security 13 playfair cipher
Information and network security 13 playfair cipherVaibhav Khanna
 
Network defenses
Network defensesNetwork defenses
Network defensesG Prachi
 
Transposition Cipher
Transposition CipherTransposition Cipher
Transposition Cipherdaniyalqureshi712
 
Introduction to Digital signatures
Introduction to Digital signaturesIntroduction to Digital signatures
Introduction to Digital signaturesRohit Bhat
 
Elgamal Digital Signature
Elgamal Digital SignatureElgamal Digital Signature
Elgamal Digital SignatureSou Jana
 

More Related Content

What's hot

Cipher techniques
Cipher techniquesCipher techniques
Cipher techniquesMohd Arif
 
Operating system security
Operating system securityOperating system security
Operating system securityRamesh Ogania
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSADr.Florence Dayana
 
block ciphers
block ciphersblock ciphers
block ciphersAsad Ali
 
Wireless network security
Wireless network securityWireless network security
Wireless network securityVishal Agarwal
 
Digital signature schemes
Digital signature schemesDigital signature schemes
Digital signature schemesravik09783
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
Key Management and Distribution
Key Management and DistributionKey Management and Distribution
Key Management and DistributionSyed Bahadur Shah
 
Email Security : PGP & SMIME
Email Security : PGP & SMIMEEmail Security : PGP & SMIME
Email Security : PGP & SMIMERohit Soni
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Information and network security 13 playfair cipher
Information and network security 13 playfair cipherInformation and network security 13 playfair cipher
Information and network security 13 playfair cipherVaibhav Khanna
 
Network defenses
Network defensesNetwork defenses
Network defensesG Prachi
 

What's hot (20)

Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail security
 
Cipher techniques
Cipher techniquesCipher techniques
Cipher techniques
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Hash Function
Hash FunctionHash Function
Hash Function
 
Elgamal &amp; schnorr digital signature scheme copy
Elgamal &amp; schnorr digital signature scheme copyElgamal &amp; schnorr digital signature scheme copy
Elgamal &amp; schnorr digital signature scheme copy
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSA
 
Digital signature
Digital signatureDigital signature
Digital signature
 
block ciphers
block ciphersblock ciphers
block ciphers
 
S/MIME
S/MIMES/MIME
S/MIME
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
 
Digital signature schemes
Digital signature schemesDigital signature schemes
Digital signature schemes
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
Key Management and Distribution
Key Management and DistributionKey Management and Distribution
Key Management and Distribution
 
Email Security : PGP & SMIME
Email Security : PGP & SMIMEEmail Security : PGP & SMIME
Email Security : PGP & SMIME
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
Security policies
Security policiesSecurity policies
Security policies
 
Information and network security 13 playfair cipher
Information and network security 13 playfair cipherInformation and network security 13 playfair cipher
Information and network security 13 playfair cipher
 
Network defenses
Network defensesNetwork defenses
Network defenses
 
Transposition Cipher
Transposition CipherTransposition Cipher
Transposition Cipher
 

Similar to Information and data security digital signatures

Introduction to Digital signatures
Introduction to Digital signaturesIntroduction to Digital signatures
Introduction to Digital signaturesRohit Bhat
 
Elgamal Digital Signature
Elgamal Digital SignatureElgamal Digital Signature
Elgamal Digital SignatureSou Jana
 
digital_sign_interview.ppt
digital_sign_interview.pptdigital_sign_interview.ppt
digital_sign_interview.pptjayarao21
 
CYBER SECURITY : DIGITAL SIGNATURE,
CYBER SECURITY : DIGITAL SIGNATURE,CYBER SECURITY : DIGITAL SIGNATURE,
CYBER SECURITY : DIGITAL SIGNATURE,ShivangiSingh241
 
Ao318992
Ao318992Ao318992
Ao318992IJMER
 
Information and network security 44 direct digital signatures
Information and network security 44 direct digital signaturesInformation and network security 44 direct digital signatures
Information and network security 44 direct digital signaturesVaibhav Khanna
 
Digital Signature Standard
Digital Signature StandardDigital Signature Standard
Digital Signature StandardSou Jana
 
15 ma cs and signatures
15 ma cs and signatures15 ma cs and signatures
15 ma cs and signaturesdrewz lin
 
Computer System Security (UNIT IV) For AKTU Lucknow
Computer System Security (UNIT IV) For AKTU LucknowComputer System Security (UNIT IV) For AKTU Lucknow
Computer System Security (UNIT IV) For AKTU LucknowBrijesh Vishwakarma
 
CMACs and MACS based on block ciphers, Digital signature
CMACs and MACS based on block ciphers, Digital signatureCMACs and MACS based on block ciphers, Digital signature
CMACs and MACS based on block ciphers, Digital signatureAdarsh Patel
 
Digitall signature update
Digitall signature updateDigitall signature update
Digitall signature updateRashi Dhagat
 

Similar to Information and data security digital signatures (20)

Introduction to Digital signatures
Introduction to Digital signaturesIntroduction to Digital signatures
Introduction to Digital signatures
 
Elgamal Digital Signature
Elgamal Digital SignatureElgamal Digital Signature
Elgamal Digital Signature
 
Ch13
Ch13Ch13
Ch13
 
Digital Signature.ppt
Digital Signature.pptDigital Signature.ppt
Digital Signature.ppt
 
digital_sign_interview.ppt
digital_sign_interview.pptdigital_sign_interview.ppt
digital_sign_interview.ppt
 
Dsa & Digi Cert
Dsa & Digi CertDsa & Digi Cert
Dsa & Digi Cert
 
ch13.ppt
ch13.pptch13.ppt
ch13.ppt
 
Digital signature
Digital signatureDigital signature
Digital signature
 
CYBER SECURITY : DIGITAL SIGNATURE,
CYBER SECURITY : DIGITAL SIGNATURE,CYBER SECURITY : DIGITAL SIGNATURE,
CYBER SECURITY : DIGITAL SIGNATURE,
 
Iss lecture 4
Iss lecture 4Iss lecture 4
Iss lecture 4
 
Ao318992
Ao318992Ao318992
Ao318992
 
SHA_and_DS.pdf
SHA_and_DS.pdfSHA_and_DS.pdf
SHA_and_DS.pdf
 
Information and network security 44 direct digital signatures
Information and network security 44 direct digital signaturesInformation and network security 44 direct digital signatures
Information and network security 44 direct digital signatures
 
Digital Signature Standard
Digital Signature StandardDigital Signature Standard
Digital Signature Standard
 
15 ma cs and signatures
15 ma cs and signatures15 ma cs and signatures
15 ma cs and signatures
 
Computer System Security (UNIT IV) For AKTU Lucknow
Computer System Security (UNIT IV) For AKTU LucknowComputer System Security (UNIT IV) For AKTU Lucknow
Computer System Security (UNIT IV) For AKTU Lucknow
 
Chapter 15 - Security
Chapter 15 - SecurityChapter 15 - Security
Chapter 15 - Security
 
Digital signature
Digital signatureDigital signature
Digital signature
 
CMACs and MACS based on block ciphers, Digital signature
CMACs and MACS based on block ciphers, Digital signatureCMACs and MACS based on block ciphers, Digital signature
CMACs and MACS based on block ciphers, Digital signature
 
Digitall signature update
Digitall signature updateDigitall signature update
Digitall signature update
 

More from Mazin Alwaaly

Pattern recognition voice biometrics
Pattern recognition voice biometricsPattern recognition voice biometrics
Pattern recognition voice biometricsMazin Alwaaly
 
Pattern recognition palm print authentication system
Pattern recognition palm print authentication systemPattern recognition palm print authentication system
Pattern recognition palm print authentication systemMazin Alwaaly
 
Pattern recognition on line signature
Pattern recognition on line signaturePattern recognition on line signature
Pattern recognition on line signatureMazin Alwaaly
 
Pattern recognition multi biometrics using face and ear
Pattern recognition multi biometrics using face and earPattern recognition multi biometrics using face and ear
Pattern recognition multi biometrics using face and earMazin Alwaaly
 
Pattern recognition IRIS recognition
Pattern recognition IRIS recognitionPattern recognition IRIS recognition
Pattern recognition IRIS recognitionMazin Alwaaly
 
Pattern recognition hand vascular pattern recognition
Pattern recognition hand vascular pattern recognitionPattern recognition hand vascular pattern recognition
Pattern recognition hand vascular pattern recognitionMazin Alwaaly
 
Pattern recognition Hand Geometry
Pattern recognition Hand GeometryPattern recognition Hand Geometry
Pattern recognition Hand GeometryMazin Alwaaly
 
Pattern recognition forensic dental identification
Pattern recognition forensic dental identificationPattern recognition forensic dental identification
Pattern recognition forensic dental identificationMazin Alwaaly
 
Pattern recognition fingerprints
Pattern recognition fingerprintsPattern recognition fingerprints
Pattern recognition fingerprintsMazin Alwaaly
 
Pattern recognition facial recognition
Pattern recognition facial recognitionPattern recognition facial recognition
Pattern recognition facial recognitionMazin Alwaaly
 
Pattern recognition ear as a biometric
Pattern recognition ear as a biometricPattern recognition ear as a biometric
Pattern recognition ear as a biometricMazin Alwaaly
 
Pattern recognition 3d face recognition
Pattern recognition 3d face recognitionPattern recognition 3d face recognition
Pattern recognition 3d face recognitionMazin Alwaaly
 
Multimedia multimedia over wireless and mobile networks
Multimedia multimedia over wireless and mobile networksMultimedia multimedia over wireless and mobile networks
Multimedia multimedia over wireless and mobile networksMazin Alwaaly
 
Multimedia network services and protocols for multimedia communications
Multimedia network services and protocols for multimedia communicationsMultimedia network services and protocols for multimedia communications
Multimedia network services and protocols for multimedia communicationsMazin Alwaaly
 
Multimedia content based retrieval in digital libraries
Multimedia content based retrieval in digital librariesMultimedia content based retrieval in digital libraries
Multimedia content based retrieval in digital librariesMazin Alwaaly
 
Multimedia lossy compression algorithms
Multimedia lossy compression algorithmsMultimedia lossy compression algorithms
Multimedia lossy compression algorithmsMazin Alwaaly
 
Multimedia lossless compression algorithms
Multimedia lossless compression algorithmsMultimedia lossless compression algorithms
Multimedia lossless compression algorithmsMazin Alwaaly
 
Multimedia basic video compression techniques
Multimedia basic video compression techniquesMultimedia basic video compression techniques
Multimedia basic video compression techniquesMazin Alwaaly
 
Multimedia image compression standards
Multimedia image compression standardsMultimedia image compression standards
Multimedia image compression standardsMazin Alwaaly
 
Multimedia fundamental concepts in video
Multimedia fundamental concepts in videoMultimedia fundamental concepts in video
Multimedia fundamental concepts in videoMazin Alwaaly
 

More from Mazin Alwaaly (20)

Pattern recognition voice biometrics
Pattern recognition voice biometricsPattern recognition voice biometrics
Pattern recognition voice biometrics
 
Pattern recognition palm print authentication system
Pattern recognition palm print authentication systemPattern recognition palm print authentication system
Pattern recognition palm print authentication system
 
Pattern recognition on line signature
Pattern recognition on line signaturePattern recognition on line signature
Pattern recognition on line signature
 
Pattern recognition multi biometrics using face and ear
Pattern recognition multi biometrics using face and earPattern recognition multi biometrics using face and ear
Pattern recognition multi biometrics using face and ear
 
Pattern recognition IRIS recognition
Pattern recognition IRIS recognitionPattern recognition IRIS recognition
Pattern recognition IRIS recognition
 
Pattern recognition hand vascular pattern recognition
Pattern recognition hand vascular pattern recognitionPattern recognition hand vascular pattern recognition
Pattern recognition hand vascular pattern recognition
 
Pattern recognition Hand Geometry
Pattern recognition Hand GeometryPattern recognition Hand Geometry
Pattern recognition Hand Geometry
 
Pattern recognition forensic dental identification
Pattern recognition forensic dental identificationPattern recognition forensic dental identification
Pattern recognition forensic dental identification
 
Pattern recognition fingerprints
Pattern recognition fingerprintsPattern recognition fingerprints
Pattern recognition fingerprints
 
Pattern recognition facial recognition
Pattern recognition facial recognitionPattern recognition facial recognition
Pattern recognition facial recognition
 
Pattern recognition ear as a biometric
Pattern recognition ear as a biometricPattern recognition ear as a biometric
Pattern recognition ear as a biometric
 
Pattern recognition 3d face recognition
Pattern recognition 3d face recognitionPattern recognition 3d face recognition
Pattern recognition 3d face recognition
 
Multimedia multimedia over wireless and mobile networks
Multimedia multimedia over wireless and mobile networksMultimedia multimedia over wireless and mobile networks
Multimedia multimedia over wireless and mobile networks
 
Multimedia network services and protocols for multimedia communications
Multimedia network services and protocols for multimedia communicationsMultimedia network services and protocols for multimedia communications
Multimedia network services and protocols for multimedia communications
 
Multimedia content based retrieval in digital libraries
Multimedia content based retrieval in digital librariesMultimedia content based retrieval in digital libraries
Multimedia content based retrieval in digital libraries
 
Multimedia lossy compression algorithms
Multimedia lossy compression algorithmsMultimedia lossy compression algorithms
Multimedia lossy compression algorithms
 
Multimedia lossless compression algorithms
Multimedia lossless compression algorithmsMultimedia lossless compression algorithms
Multimedia lossless compression algorithms
 
Multimedia basic video compression techniques
Multimedia basic video compression techniquesMultimedia basic video compression techniques
Multimedia basic video compression techniques
 
Multimedia image compression standards
Multimedia image compression standardsMultimedia image compression standards
Multimedia image compression standards
 
Multimedia fundamental concepts in video
Multimedia fundamental concepts in videoMultimedia fundamental concepts in video
Multimedia fundamental concepts in video
 

Recently uploaded

Detectability of Solar Panels as a Technosignature
Detectability of Solar Panels as a TechnosignatureDetectability of Solar Panels as a Technosignature
Detectability of Solar Panels as a TechnosignatureSérgio Sacani
 
SCHIZOPHRENIA Disorder/ Brain Disorder.pdf
SCHIZOPHRENIA Disorder/ Brain Disorder.pdfSCHIZOPHRENIA Disorder/ Brain Disorder.pdf
SCHIZOPHRENIA Disorder/ Brain Disorder.pdfSELF-EXPLANATORY
 
NuGOweek 2024 full programme - hosted by Ghent University
NuGOweek 2024 full programme - hosted by Ghent UniversityNuGOweek 2024 full programme - hosted by Ghent University
NuGOweek 2024 full programme - hosted by Ghent Universitypablovgd
 
National Biodiversity protection initiatives and Convention on Biological Di...
National Biodiversity protection initiatives and Convention on Biological Di...National Biodiversity protection initiatives and Convention on Biological Di...
National Biodiversity protection initiatives and Convention on Biological Di...PABOLU TEJASREE
 
Topography and sediments of the floor of the Bay of Bengal
Topography and sediments of the floor of the Bay of BengalTopography and sediments of the floor of the Bay of Bengal
Topography and sediments of the floor of the Bay of BengalMd Hasan Tareq
 
In silico drugs analogue design: novobiocin analogues.pptx
In silico drugs analogue design: novobiocin analogues.pptxIn silico drugs analogue design: novobiocin analogues.pptx
In silico drugs analogue design: novobiocin analogues.pptxAlaminAfendy1
 
biotech-regenration of plants, pharmaceutical applications.pptx
biotech-regenration of plants, pharmaceutical applications.pptxbiotech-regenration of plants, pharmaceutical applications.pptx
biotech-regenration of plants, pharmaceutical applications.pptxANONYMOUS
 
PRESENTATION ABOUT PRINCIPLE OF COSMATIC EVALUATION
PRESENTATION ABOUT PRINCIPLE OF COSMATIC EVALUATIONPRESENTATION ABOUT PRINCIPLE OF COSMATIC EVALUATION
PRESENTATION ABOUT PRINCIPLE OF COSMATIC EVALUATIONChetanK57
 
GEOLOGICAL FIELD REPORT On Kaptai Rangamati Road-Cut Section.pdf
GEOLOGICAL FIELD REPORT On Kaptai Rangamati Road-Cut Section.pdfGEOLOGICAL FIELD REPORT On Kaptai Rangamati Road-Cut Section.pdf
GEOLOGICAL FIELD REPORT On Kaptai Rangamati Road-Cut Section.pdfUniversity of Barishal
 
Richard's entangled aventures in wonderland
Richard's entangled aventures in wonderlandRichard's entangled aventures in wonderland
Richard's entangled aventures in wonderlandRichard Gill
 
The importance of continents, oceans and plate tectonics for the evolution of...
The importance of continents, oceans and plate tectonics for the evolution of...The importance of continents, oceans and plate tectonics for the evolution of...
The importance of continents, oceans and plate tectonics for the evolution of...Sérgio Sacani
 
word2vec, node2vec, graph2vec, X2vec: Towards a Theory of Vector Embeddings o...
word2vec, node2vec, graph2vec, X2vec: Towards a Theory of Vector Embeddings o...word2vec, node2vec, graph2vec, X2vec: Towards a Theory of Vector Embeddings o...
word2vec, node2vec, graph2vec, X2vec: Towards a Theory of Vector Embeddings o...Subhajit Sahu
 
RNA INTERFERENCE: UNRAVELING GENETIC SILENCING
RNA INTERFERENCE: UNRAVELING GENETIC SILENCINGRNA INTERFERENCE: UNRAVELING GENETIC SILENCING
RNA INTERFERENCE: UNRAVELING GENETIC SILENCINGAADYARAJPANDEY1
 
Cancer cell metabolism: special Reference to Lactate Pathway
Cancer cell metabolism: special Reference to Lactate PathwayCancer cell metabolism: special Reference to Lactate Pathway
Cancer cell metabolism: special Reference to Lactate PathwayAADYARAJPANDEY1
 
INSIGHT Partner Profile: Tampere University
INSIGHT Partner Profile: Tampere UniversityINSIGHT Partner Profile: Tampere University
INSIGHT Partner Profile: Tampere UniversitySteffi Friedrichs
 
Climate extremes likely to drive land mammal extinction during next supercont...
Climate extremes likely to drive land mammal extinction during next supercont...Climate extremes likely to drive land mammal extinction during next supercont...
Climate extremes likely to drive land mammal extinction during next supercont...Sérgio Sacani
 
EY - Supply Chain Services 2018_template.pptx
EY - Supply Chain Services 2018_template.pptxEY - Supply Chain Services 2018_template.pptx
EY - Supply Chain Services 2018_template.pptxAlguinaldoKong
 
A Giant Impact Origin for the First Subduction on Earth
A Giant Impact Origin for the First Subduction on EarthA Giant Impact Origin for the First Subduction on Earth
A Giant Impact Origin for the First Subduction on EarthSérgio Sacani
 
FAIR & AI Ready KGs for Explainable Predictions
FAIR & AI Ready KGs for Explainable PredictionsFAIR & AI Ready KGs for Explainable Predictions
FAIR & AI Ready KGs for Explainable PredictionsMichel Dumontier
 
Multi-source connectivity as the driver of solar wind variability in the heli...
Multi-source connectivity as the driver of solar wind variability in the heli...Multi-source connectivity as the driver of solar wind variability in the heli...
Multi-source connectivity as the driver of solar wind variability in the heli...Sérgio Sacani
 

Recently uploaded (20)

Detectability of Solar Panels as a Technosignature
Detectability of Solar Panels as a TechnosignatureDetectability of Solar Panels as a Technosignature
Detectability of Solar Panels as a Technosignature
 
SCHIZOPHRENIA Disorder/ Brain Disorder.pdf
SCHIZOPHRENIA Disorder/ Brain Disorder.pdfSCHIZOPHRENIA Disorder/ Brain Disorder.pdf
SCHIZOPHRENIA Disorder/ Brain Disorder.pdf
 
NuGOweek 2024 full programme - hosted by Ghent University
NuGOweek 2024 full programme - hosted by Ghent UniversityNuGOweek 2024 full programme - hosted by Ghent University
NuGOweek 2024 full programme - hosted by Ghent University
 
National Biodiversity protection initiatives and Convention on Biological Di...
National Biodiversity protection initiatives and Convention on Biological Di...National Biodiversity protection initiatives and Convention on Biological Di...
National Biodiversity protection initiatives and Convention on Biological Di...
 
Topography and sediments of the floor of the Bay of Bengal
Topography and sediments of the floor of the Bay of BengalTopography and sediments of the floor of the Bay of Bengal
Topography and sediments of the floor of the Bay of Bengal
 
In silico drugs analogue design: novobiocin analogues.pptx
In silico drugs analogue design: novobiocin analogues.pptxIn silico drugs analogue design: novobiocin analogues.pptx
In silico drugs analogue design: novobiocin analogues.pptx
 
biotech-regenration of plants, pharmaceutical applications.pptx
biotech-regenration of plants, pharmaceutical applications.pptxbiotech-regenration of plants, pharmaceutical applications.pptx
biotech-regenration of plants, pharmaceutical applications.pptx
 
PRESENTATION ABOUT PRINCIPLE OF COSMATIC EVALUATION
PRESENTATION ABOUT PRINCIPLE OF COSMATIC EVALUATIONPRESENTATION ABOUT PRINCIPLE OF COSMATIC EVALUATION
PRESENTATION ABOUT PRINCIPLE OF COSMATIC EVALUATION
 
GEOLOGICAL FIELD REPORT On Kaptai Rangamati Road-Cut Section.pdf
GEOLOGICAL FIELD REPORT On Kaptai Rangamati Road-Cut Section.pdfGEOLOGICAL FIELD REPORT On Kaptai Rangamati Road-Cut Section.pdf
GEOLOGICAL FIELD REPORT On Kaptai Rangamati Road-Cut Section.pdf
 
Richard's entangled aventures in wonderland
Richard's entangled aventures in wonderlandRichard's entangled aventures in wonderland
Richard's entangled aventures in wonderland
 
The importance of continents, oceans and plate tectonics for the evolution of...
The importance of continents, oceans and plate tectonics for the evolution of...The importance of continents, oceans and plate tectonics for the evolution of...
The importance of continents, oceans and plate tectonics for the evolution of...
 
word2vec, node2vec, graph2vec, X2vec: Towards a Theory of Vector Embeddings o...
word2vec, node2vec, graph2vec, X2vec: Towards a Theory of Vector Embeddings o...word2vec, node2vec, graph2vec, X2vec: Towards a Theory of Vector Embeddings o...
word2vec, node2vec, graph2vec, X2vec: Towards a Theory of Vector Embeddings o...
 
RNA INTERFERENCE: UNRAVELING GENETIC SILENCING
RNA INTERFERENCE: UNRAVELING GENETIC SILENCINGRNA INTERFERENCE: UNRAVELING GENETIC SILENCING
RNA INTERFERENCE: UNRAVELING GENETIC SILENCING
 
Cancer cell metabolism: special Reference to Lactate Pathway
Cancer cell metabolism: special Reference to Lactate PathwayCancer cell metabolism: special Reference to Lactate Pathway
Cancer cell metabolism: special Reference to Lactate Pathway
 
INSIGHT Partner Profile: Tampere University
INSIGHT Partner Profile: Tampere UniversityINSIGHT Partner Profile: Tampere University
INSIGHT Partner Profile: Tampere University
 
Climate extremes likely to drive land mammal extinction during next supercont...
Climate extremes likely to drive land mammal extinction during next supercont...Climate extremes likely to drive land mammal extinction during next supercont...
Climate extremes likely to drive land mammal extinction during next supercont...
 
EY - Supply Chain Services 2018_template.pptx
EY - Supply Chain Services 2018_template.pptxEY - Supply Chain Services 2018_template.pptx
EY - Supply Chain Services 2018_template.pptx
 
A Giant Impact Origin for the First Subduction on Earth
A Giant Impact Origin for the First Subduction on EarthA Giant Impact Origin for the First Subduction on Earth
A Giant Impact Origin for the First Subduction on Earth
 
FAIR & AI Ready KGs for Explainable Predictions
FAIR & AI Ready KGs for Explainable PredictionsFAIR & AI Ready KGs for Explainable Predictions
FAIR & AI Ready KGs for Explainable Predictions
 
Multi-source connectivity as the driver of solar wind variability in the heli...
Multi-source connectivity as the driver of solar wind variability in the heli...Multi-source connectivity as the driver of solar wind variability in the heli...
Multi-source connectivity as the driver of solar wind variability in the heli...
 

Information and data security digital signatures

  • 2. A digital signature isA digital signature is an authentication mechanism that enables thean authentication mechanism that enables the creator of a message to attach a code that actscreator of a message to attach a code that acts as a signatureas a signature. Typically the signature is formed by taking the hash of the message and encryptingthe hash of the message and encrypting the message with the creator’s private keythe message with the creator’s private key. The signature guarantees the source and integrity of the message.  The digital signature standard (DSS) is andigital signature standard (DSS) is an NIST standard that uses the secure hashNIST standard that uses the secure hash algorithm (SHA).algorithm (SHA).
  • 3. Properties Message authentication protects two partiesMessage authentication protects two parties who exchange messages from any third partwho exchange messages from any third party. However, it does not protect the two parties against each other. Several forms of dispute between the two are possible.
  • 4. For example, suppose that John sends an authenticated message to Mary using one of the schemes of Figure 12.1. Consider the following disputes that could arise. 1. Mary may forge a different message and claim that it came from John. Mary would simply have to create a message and append an authentication code using the key that John and Mary share. 2. John can deny sending the message. Because it is possible for Mary to forge a message, there is no way to prove that John did in fact send the message.
  • 5. In situations where there is not complete trustIn situations where there is not complete trust between sender and receiver something more thanbetween sender and receiver something more than authentication is neededauthentication is needed. The most attractivesolution to this problem is theThe most attractivesolution to this problem is the digital signature .digital signature . The digital signature must haveThe digital signature must have the following properties:the following properties: It must verify the author and the date and time of theIt must verify the author and the date and time of the signature.signature. It must authenticate the contents at the time of the signature.It must authenticate the contents at the time of the signature. It must be verifiable by third parties, to resolve disputes.It must be verifiable by third parties, to resolve disputes. Thus, the digital signature function includes theThus, the digital signature function includes the authentication functionauthentication function.
  • 6. Digital Signature Model • Bob can sign a message using a digital signature generation algorithm. •The inputs to the algorithm are the message and Bob's private key. • Alice, can verify the signature using a verification algorithm, whose inputs are the message. the signature, and Bob's public key
  • 8. Attacks and ForgeriesAttacks and Forgeries Here A denotes the user whose signature is being attacked and C denotes the attacker  key-only attack : C only knows A's public key.  known message attack: C is given access to a set of messages and signatures.  generic chosen message attack: C chooses a list of messages before attempting to breaks A's signature scheme, independent of A's public key. C then obtains from A valid signatures for the chosen messages. The attack is generic because it does not depend on A's public key; the same attack is used against everyone.
  • 9.  directed chosen message attack : Similar to the generic attack, except that the list of messages is chosen after C knows A's public key but before signatures are seen.  adaptive chosen message attack: C is allowed to use A as an "oracle." This means the A may request signatures of messages that depend on previously obtained message-signature pairs.
  • 10. [GOLD 88] then defines success at breaking a signature scheme as an outcome in which C can do any of the following with a non-negligible probability: Total break: C determines A’s private key.  Universal forgery: C finds an efficient signing algorithm that provides an equivalent way of constructing signatures on arbitrary messages. Selective forgery: C forges a signature for a particular message chosen by C. Existential forgery: C forges a signature for at least one message. C has no control over the message. Consequently, this forgery may only be a minor nuisance to A.
  • 11. Digital Signature RequirementsDigital Signature Requirements Must be a bit pattern that depend on the message being signed must use information unique to sender  to prevent both forgery and denial must be relatively easy to produce must be relatively easy to recognize & verify be computationally infeasible to forge  with new message for existing digital signature  with fraudulent digital signature for given message be practical save digital signature in storage
  • 12. Direct Digital SignaturesDirect Digital Signatures Direct digital signatureDirect digital signature refers to a digital signature scheme that involves only the communicating parties (source, destination). It is assumed that the destination knows the public key of the source. Confidentiality can be provided by encrypting the entire message plus signature with a shared secret key (symmetric encryption). It is important to perform the signature function first and then an outer confidentiality function. In case of dispute, some third party must view the message and its signature
  • 13.  The validity of the scheme just described depends on the security of the sender’s private key. If a sender later wishes to deny sending a particular message, the sender can claim that the private key was lost or stolen and that someone else forged his or her signature Administrative controls relating to the security of private keys can be employed to thwart or at least weaken this ploy One example is to require every signed message to include a timestamp (date and time).  Another threat is that some private key might actually be stolen from X at time T. The opponent can then send a message signed with X’s signature and stamped with a time before or equal to T.  The universally accepted technique for dealing with these threats is the use of a digital certificate and certificate authorities
  • 14. ElGamal Digital SignaturesElGamal Digital Signatures The ElGamal signature schemeThe ElGamal signature scheme involves the use of the private key for encryption and the public key for decryption signature variant of ElGamal.  so uses exponentiation in a finite (Galois)so uses exponentiation in a finite (Galois)  with security based difficulty of computing discretewith security based difficulty of computing discrete logarithmslogarithms. use private key for encryption (signing) uses public key for decryption (verification) each user (eg. A) generates their key  chooses a secret key (number):chooses a secret key (number): 1 <1 < xxAA < q-1< q-1  compute their public key:compute their public key: yyAA = a= a xxAA mod qmod q
  • 15. ElGamal Digital Signature Alice signs a message M to Bob by computing  the hashthe hash m = H(M)m = H(M), 0 <= m <= (q-1), 0 <= m <= (q-1)  chose random integerchose random integer KK withwith 1 <= K <= (q-1)1 <= K <= (q-1) andand gcd(K,q-1)=1gcd(K,q-1)=1  compute temporary key:compute temporary key: SS11 = a= a kk mod qmod q  computecompute KK-1-1 the inverse ofthe inverse of K mod (q-1)K mod (q-1)  compute the value:compute the value: SS22 = K= K-1-1 (m-x(m-xAASS11) mod (q-1)) mod (q-1)  signature is:signature is:(S(S11,S,S22)) any user B can verify the signature by computing  VV11 = a= a mm mod qmod q  VV22 = y= yAA SS11 SS11 SS22 mod qmod q  signature is valid ifsignature is valid if VV11 = V= V22
  • 16. For example, let us start with the prime field GF(19); that is, q = 19. It has primitive roots {2, 3, 10, 13, 14, 15}.We choose Alice generates a key pair as follows: Alice computes her key:  AA chooseschooses xxAA=16=16 & computes& computes yyAA=10=10 1616 mod 19 = 4mod 19 = 4 Alice signs message with hash m=14 as (3,4):  choosing randomchoosing random K=5K=5 which haswhich has gcd(18,5)=1gcd(18,5)=1  computingcomputing SS11 = 10= 10 55 mod 19 = 3mod 19 = 3  findingfinding KK-1-1 mod (q-1) = 5mod (q-1) = 5-1-1 mod 18 = 11mod 18 = 11  computingcomputing SS22 = 11(14-16.3) mod 18 = 4= 11(14-16.3) mod 18 = 4 any user B can verify the signature by computing  VV11 = 10= 10 1414 mod 19 = 16mod 19 = 16  VV22 = 4= 433 .3.344 = 5184 = 16 mod 19= 5184 = 16 mod 19  sincesince 1616 = 16= 16 signature is validsignature is valid
  • 17. Schnorr Digital SignaturesSchnorr Digital Signatures security based on discrete logarithms. minimizes message dependent computation  multiplying a 2n-bit integer with an n-bit integer main work can be done in idle time have using a prime modulus pp  p–1p–1 has a prime factorhas a prime factor qq of appropriate sizeof appropriate size  typicallytypically pp 1024-bit and1024-bit and qq 160-bit numbers160-bit numbers
  • 18. Schnorr Key Setup choose suitable primeschoose suitable primes pp , q, q choosechoose aa such thatsuch that aa qq = 1 mod p= 1 mod p (a,p,q)(a,p,q) are global parameters for allare global parameters for all each user (eg. A) generates a keyeach user (eg. A) generates a key  chooses a secret key (number):chooses a secret key (number): 0 < s < q0 < s < q  compute their public key:compute their public key: v = av = a -s-s mod qmod q
  • 19. Schnorr SignatureSchnorr Signature user signs message byuser signs message by choosing randomchoosing random rr withwith 0<r<q0<r<q and computingand computing x = ax = arr mod pmod p concatenate message withconcatenate message with xx and hash result to computing:and hash result to computing: ee = H(M || x)= H(M || x) computing:computing: y = (r + se) mod qy = (r + se) mod q signature is pairsignature is pair (e, y)(e, y) any other user can verify the signature asany other user can verify the signature as follows:follows: computing:computing: x' = ax' = ayy vvee mod pmod p verifying that:verifying that: e = H(M || x’)e = H(M || x’) x'= ax'= ayy vvee = a= ayy aa -se-se =a=ay–sey–se =a=arr =x(mod p)=x(mod p) Hence H(M || x’) = H(M || x)Hence H(M || x’) = H(M || x)
  • 20. Digital Signature Standard (DSS)Digital Signature Standard (DSS) The National Institute of Standards and Technology (NIST) has published Federal Information Processing Standard FIPS 186, known as the Digital Signature Standard (DSS). revised in 1993, 1996 & then 2000 uses the SHA hash algorithm DSS is the standard, DSA is the algorithm FIPS 186-2 (2000) includes alternative RSA & elliptic curve signature variants DSA is digital signature only unlike RSA is a public-key technique
  • 21. DSS vs RSA SignaturesDSS vs RSA Signatures
  • 22. Digital Signature Algorithm (DSA)Digital Signature Algorithm (DSA) creates a 320 bit signature with 512-1024 bit security smaller and faster than RSA a digital signature scheme only security depends on difficulty of computing discrete logarithms variant of ElGamal & Schnorr schemes
  • 23. DSA Key GenerationDSA Key Generation have shared global public key values (p,q,g):  choose 160-bit prime number qchoose 160-bit prime number q  choose a large prime p withchoose a large prime p with 22L-1L-1 << p < 2p < 2LL  where L= 512 to 1024 bits and is a multiple of 64  such that q is a 160 bit prime divisor of (p-1)  choosechoose g = hg = h(p-1)/q(p-1)/q  where h is an integer 1<h<p-1 and h(p-1)/q mod p > 1 users choose private & compute public key:  choose random private key:choose random private key: x<qx<q  compute public key:compute public key: y = gy = gxx mod pmod p
  • 24. DSA Signature CreationDSA Signature Creation to sign a message M the sender:  generates a random signature keygenerates a random signature key k, k<qk, k<q  nb.nb. kk must be random, be destroyed after use, andmust be random, be destroyed after use, and never be reusednever be reused then computes signature pair: r = (gr = (gkk mod p)mod qmod p)mod q s = [ks = [k-1-1 (H(M)+ xr)] mod q(H(M)+ xr)] mod q  sends signaturesends signature (r,s)(r,s) with messagewith message MM
  • 25. DSA Signature VerificationDSA Signature Verification having received M & signature (r,s) to verify a signature, recipient computes: w = sw = s-1-1 mod qmod q u1= [H(M)w ]mod qu1= [H(M)w ]mod q u2= (rw)mod qu2= (rw)mod q v = [(gv = [(gu1u1 yyu2u2 )mod p ]mod q)mod p ]mod q if v = rv = r then signature is verified .

Editor's Notes

  1. Lecture slides by Lawrie Brown for “Cryptography and Network Security”, 5/e, by William Stallings, Chapter 13 – “Digital Signatures”.
  2. .
  3. Stallings Figure 13.1 is a generic model of the process of making and using digital signatures.
  4. In simplified terms, the essence of the digital signature mechanism is shown in Stallings Figure 13.2. This repeats the logic shown in Figure 11.3. On example, using RSA, is available at this book&amp;apos;s Web site. We begin this chapter with an overview of digital signatures. Then, we introduce the Digital Signature Standard (DSS).
  5. [GOLD88] lists the following types of attacks, in order of increasing severity.. • Key-only attack • Known message attack:. • Generic chosen message attack • Directed chosen message attack • Adaptive chosen message attack: C is allowed to use A as an &amp;quot;oracle.&amp;quot; This means the A may request signatures of messages that depend on previously obtained message-signature pairs. [GOLD88] then defines success as breaking a signature scheme as an outcome in which C can do any of the following with a non-negligible probability: • Total break: C determines A&amp;apos;s private key. • Universal forgery: C finds an efficient signing algorithm that provides an equivalent way of constructing signatures on arbitrary messages. • Selective forgery: C forges a signature for a particular message chosen by C. • Existential forgery: C forges a signature for at least one message. C has no control over the message. Consequently this forgery may only be a minor nuisance to A.
  6. On the basis of the properties on the previous slide, we can formulate the requirements for a digital signature as shown. A variety of approaches has been proposed for the digital signature function. A secure hash function, embedded in a scheme such as that shown in Stallings Figure 13.2, provides a basis for satisfying these requirements. However care must be taken in the design of the details of the scheme. These approaches fall into two categories: direct and arbitrated.
  7. The term direct digital signature refers to a digital signature scheme that involves only the communicating parties (source, destination). It is assumed that the destination knows the public key of the source. Direct Digital Signatures involve the direct application of public-key algorithms involving only the communicating parties. A digital signature may be formed by encrypting the entire message with the sender’s private key, or by encrypting a hash code of the message with the sender’s private key. Confidentiality can be provided by further encrypting the entire message plus signature using either public or private key schemes. It is important to perform the signature function first and then an outer confidentiality function, since in case of dispute, some third party must view the message and its signature. But these approaches are dependent on the security of the sender’s private-key. Will have problems if it is lost/stolen and signatures forged. The universally accepted technique for dealing with these threats is the use of a digital certificate and certificate authorities. We defer a discussion of this topic until Chapter 14, and focus in this chapter on digital signature algorithms. Also need time-stamps and timely key revocation.
  8. Recall from Chapter 10, that in 1984, T. Elgamal announced a public-key scheme based on discrete logarithms, closely related to the Diffie-Hellman technique [ELGA84, ELGA85]. The ElGamal encryption scheme is designed to enable encryption by a user&amp;apos;s public key with decryption by the user&amp;apos;s private key. The ElGamal signature scheme involves the use of the private key for encryption and the public key for decryption. The ElGamal cryptosystem is used in some form in a number of standards including the digital signature standard (DSS) and the S/MIME email standard. As with Diffie-Hellman, the global elements of ElGamal are a prime number q and a, which is a primitive root of q. User A generates a private/public key pair as shown. The security of ElGamal is based on the difficulty of computing discrete logarithms, to recover either x given y, or k given K (next slide).
  9. To sign a message M, user A first computes the hash m = H(M), such that m is an integer in the range 0 &amp;lt;= m &amp;lt;= q – 1. A then forms a digital signature as shown. The basic idea with El Gamal signatures is to again choose a temporary random signing key, protect it, then use it solve the specified equation on the hash of the message to create the signature (in 2 pieces). Verification consists of confirming the validation equation that relates the signature to the (hash of the) message (see text for proof). Again note that El Gamal encryption involves 1 modulo exponentiation and multiplications (vs 1 exponentiation for RSA).
  10. Here is an example of creating and verifying an ElGamal signature from the text using the prime field GF(19); that is, q = 19. It has primitive roots {2, 3, 10, 13, 14, 15}, as shown in Table 8.3. We choose a = 10. Alice generates a key pair as shown, which is = {19, 10, 4}. Alice can sign a message with hash m = 14 as shown to compute the signature pair (3,4). Any user B can verify the signature by computing confirming the validation equation as shown.
  11. As with the ElGamal digital signature scheme, the Schnorr signature scheme is based on discrete logarithms [SCHN89, SCHN91]. The Schnorr scheme minimizes the message dependent amount of computation required to generate a signature. The main work for signature generation does not depend on the message and can be done during the idle time of the processor. The message dependent part of the signature generation requires multiplying a 2n-bit integer with an n-bit integer. The scheme is based on using a prime modulus p, with p – 1 having a prime factor q of appropriate size; that is p – 1 = 1 (mod q). Typically, we use p approx 21024 and q approx 2160. Thus, p is a 1024-bit number and q is a 160-bit number, which is also the length of the SHA-1 hash value.
  12. The first part of this scheme is the generation of a private/public key pair, which consists of the following steps: Choose primes p and q, such that q is a prime factor of p – 1. Choose an integer a such that aq = 1 mod p. The values a, p, and q comprise a global public key that can be common to a group of users. Choose a random integer s with 0 &amp;lt; s &amp;lt; q. This is the user&amp;apos;s private key. Calculate v = a–s mod p. This is the user&amp;apos;s public key.
  13. A user with public key s and private key v generates a signature as follows: Choose a random integer r with 0 &amp;lt; r &amp;lt; q and compute x = ar mod p. This is independent of any message M, hence can be pre-computed. Concatenate message with x and hash result to compute: e = H(M || x) Compute y = (r + se) mod q. The signature consists of the pair (e, y). Any other user can verify the signature as follows: Compute x&amp;apos; = ayve mod p. Verify that e = H(M || x&amp;apos;). See text for details of why the verification works.
  14. DSA is the US Govt approved signature scheme, which is designed to provide strong signatures without allowing easy use for encryption. The National Institute of Standards and Technology (NIST) published Federal Information Processing Standard FIPS 186, known as the Digital Signature Standard (DSS). The DSS makes use of the Secure Hash Algorithm (SHA) described in Chapter 12 and presents a new digital signature technique, the Digital Signature Algorithm (DSA). The DSS was originally proposed in 1991 and revised in 1993 in response to public feedback concerning the security of the scheme. There was a further minor revision in 1996. In 2000, an expanded version of the standard was issued as FIPS 186-2. This latest version also incorporates digital signature algorithms based on RSA and on elliptic curve cryptography. In this section, we discuss the original DSS algorithm. The DSS uses an algorithm that is designed to provide only the digital signature function. Unlike RSA, it cannot be used for encryption or key exchange. Nevertheless, it is a public-key technique.
  15. Stallings Figure 13.3 contrasts the DSS approach for generating digital signatures to that used with RSA. In the RSA approach, the message to be signed is input to a hash function that produces a secure hash code of fixed length. This hash code is then encrypted using the sender&amp;apos;s private key to form the signature. Both the message and the signature are then transmitted. The recipient takes the message and produces a hash code. The recipient also decrypts the signature using the sender&amp;apos;s public key. If the calculated hash code matches the decrypted signature, the signature is accepted as valid. Because only the sender knows the private key, only the sender could have produced a valid signature. The DSS approach also makes use of a hash function. The hash code is provided as input to a signature function along with a random number k generated for this particular signature. The signature function also depends on the sender&amp;apos;s private key (PR a) and a set of parameters known to a group of communicating principals. We can consider this set to constitute a global public key (PUG). The result is a signature consisting of two components, labeled s and r. At the receiving end, the hash code of the incoming message is generated. This plus the signature is input to a verification function. The verification function also depends on the global public key as well as the sender&amp;apos;s public key (PUa), which is paired with the sender&amp;apos;s private key. The output of the verification function is a value that is equal to the signature component r if the signature is valid. The signature function is such that only the sender, with knowledge of the private key, could have produced the valid signature.
  16. The DSA is based on the difficulty of computing discrete logarithms (see Chapter 8) and is based on schemes originally presented by ElGamal [ELGA85] and Schnorr [SCHN91]. The DSA signature scheme has advantages, being both smaller (320 vs 1024bit) and faster (much of the computation is done modulo a 160 bit number), over RSA. Unlike RSA, it cannot be used for encryption or key exchange. Nevertheless, it is a public-key technique
  17. DSA typically uses a common set of global parameters (p,q,g) for a community of clients, as shown. A 160-bit prime number q is chosen. Next, a prime number p is selected with a length between 512 and 1024 bits such that q divides (p – 1). Finally, g is chosen to be of the form h(p–1)/q mod p where h is an integer between 1 and (p – 1) with the restriction that g must be greater than 1. Thus, the global public key components of DSA have the same for as in the Schnorr signature scheme. Then each DSA uses chooses a random private key x, and computes their public key as shown. The calculation of the public key y given x is relatively straightforward. However, given the public key y, it is computationally infeasible to determine x, which is the discrete logarithm of y to base g, mod p.
  18. To create a signature, a user calculates two quantities, r and s, that are functions of the public key components (p,q,g), the user’s private key (x), the hash code of the message H(M), and an additional integer k that should be generated randomly or pseudo-randomly and be unique for each signing. This is similar to ElGamal signatures, with the use of a per message temporary signature key k, but doing calculations first mod p, then mod q to reduce the size of the result. The signature (r,s) is then sent with the message to the recipient. Note that computing r only involves calculation mod p and does not depend on message, hence can be done in advance. Similarly with randomly choosing k’s and computing their inverses.
  19. At the receiving end, verification is performed using the formulas shown. The receiver generates a quantity v that is a function of the public key components, the sender’s public key, and the hash of the incoming message. If this quantity matches the r component of the signature, then the signature is validated. Note that the difficulty of computing discrete logs is why it is infeasible for an opponent to recover k from r, or x from s. Note also that nearly all the calculations are mod q, and hence are much faster save for the last step. The structure of this function is such that the receiver can recover r using the incoming message and signature, the public key of the user, and the global public key. It is certainly not obvious that such a scheme would work. A proof is provided in Stallings appendix K.
  20. Stallings Figure 13.5 depicts the functions of signing and verifying. The structure of the algorithm, as revealed here is quite interesting. Note that the test at the end is on the value r, which does not depend on the message at all. Instead, r is a function of k and the three global public-key components. The multiplicative inverse of k (mod q) is passed to a function that also has as inputs the message hash code and the user&amp;apos;s private key. The structure of this function is such that the receiver can recover r using the incoming message and signature, the public key of the user, and the global public key.