Authentication protocols allow communicating parties to verify each other's identities before exchanging confidential information. Digital signatures provide a way for senders to cryptographically sign messages in a way that cannot be forged or denied later. There are two main approaches: arbitrated signatures use a trusted third party to verify and time-stamp signatures, while direct signatures encrypt a hash of the message with the sender's private key for verification by the recipient. Key techniques like Diffie-Hellman key exchange, Kerberos, and public key infrastructures help enable secure authentication and signatures at scale.
Introduction to Public key Cryptosystems with block diagrams
Reference : Cryptography and Network Security Principles and Practice , Sixth Edition , William Stalling
Introduction to Public key Cryptosystems with block diagrams
Reference : Cryptography and Network Security Principles and Practice , Sixth Edition , William Stalling
Information and network security 45 digital signature standardVaibhav Khanna
The Digital Signature Standard is a Federal Information Processing Standard specifying a suite of algorithms that can be used to generate digital signatures established by the U.S. National Institute of Standards and Technology in 1994
Public Key Cryptosystems with Applications, Requirements and
Cryptanalysis, RSA algorithm, its computational aspects and security, Diffie-Hillman Key Exchange algorithm, Man-in-Middle attack
Information and network security 45 digital signature standardVaibhav Khanna
The Digital Signature Standard is a Federal Information Processing Standard specifying a suite of algorithms that can be used to generate digital signatures established by the U.S. National Institute of Standards and Technology in 1994
Public Key Cryptosystems with Applications, Requirements and
Cryptanalysis, RSA algorithm, its computational aspects and security, Diffie-Hillman Key Exchange algorithm, Man-in-Middle attack
Fundamentals of digital security. Some info I made throughout the years as a refresher for digital security. Basic primer for beginners. If you are an expert, comments and feedbacks welcome.
Module 4: Key Management and User Authentication
X.509 certificates- Public Key infrastructure-remote user authentication principles-remote user
authentication using symmetric and asymmetric encryption-Kerberos V5
The research of the digital certified mail up to implementing the base algorithm and then, go through more on pretty good privacy (PGP) applied to the email system.
This is a presentation by Dada Robert in a Your Skill Boost masterclass organised by the Excellence Foundation for South Sudan (EFSS) on Saturday, the 25th and Sunday, the 26th of May 2024.
He discussed the concept of quality improvement, emphasizing its applicability to various aspects of life, including personal, project, and program improvements. He defined quality as doing the right thing at the right time in the right way to achieve the best possible results and discussed the concept of the "gap" between what we know and what we do, and how this gap represents the areas we need to improve. He explained the scientific approach to quality improvement, which involves systematic performance analysis, testing and learning, and implementing change ideas. He also highlighted the importance of client focus and a team approach to quality improvement.
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
We all have good and bad thoughts from time to time and situation to situation. We are bombarded daily with spiraling thoughts(both negative and positive) creating all-consuming feel , making us difficult to manage with associated suffering. Good thoughts are like our Mob Signal (Positive thought) amidst noise(negative thought) in the atmosphere. Negative thoughts like noise outweigh positive thoughts. These thoughts often create unwanted confusion, trouble, stress and frustration in our mind as well as chaos in our physical world. Negative thoughts are also known as “distorted thinking”.
The Art Pastor's Guide to Sabbath | Steve ThomasonSteve Thomason
What is the purpose of the Sabbath Law in the Torah. It is interesting to compare how the context of the law shifts from Exodus to Deuteronomy. Who gets to rest, and why?
The Roman Empire A Historical Colossus.pdfkaushalkr1407
The Roman Empire, a vast and enduring power, stands as one of history's most remarkable civilizations, leaving an indelible imprint on the world. It emerged from the Roman Republic, transitioning into an imperial powerhouse under the leadership of Augustus Caesar in 27 BCE. This transformation marked the beginning of an era defined by unprecedented territorial expansion, architectural marvels, and profound cultural influence.
The empire's roots lie in the city of Rome, founded, according to legend, by Romulus in 753 BCE. Over centuries, Rome evolved from a small settlement to a formidable republic, characterized by a complex political system with elected officials and checks on power. However, internal strife, class conflicts, and military ambitions paved the way for the end of the Republic. Julius Caesar’s dictatorship and subsequent assassination in 44 BCE created a power vacuum, leading to a civil war. Octavian, later Augustus, emerged victorious, heralding the Roman Empire’s birth.
Under Augustus, the empire experienced the Pax Romana, a 200-year period of relative peace and stability. Augustus reformed the military, established efficient administrative systems, and initiated grand construction projects. The empire's borders expanded, encompassing territories from Britain to Egypt and from Spain to the Euphrates. Roman legions, renowned for their discipline and engineering prowess, secured and maintained these vast territories, building roads, fortifications, and cities that facilitated control and integration.
The Roman Empire’s society was hierarchical, with a rigid class system. At the top were the patricians, wealthy elites who held significant political power. Below them were the plebeians, free citizens with limited political influence, and the vast numbers of slaves who formed the backbone of the economy. The family unit was central, governed by the paterfamilias, the male head who held absolute authority.
Culturally, the Romans were eclectic, absorbing and adapting elements from the civilizations they encountered, particularly the Greeks. Roman art, literature, and philosophy reflected this synthesis, creating a rich cultural tapestry. Latin, the Roman language, became the lingua franca of the Western world, influencing numerous modern languages.
Roman architecture and engineering achievements were monumental. They perfected the arch, vault, and dome, constructing enduring structures like the Colosseum, Pantheon, and aqueducts. These engineering marvels not only showcased Roman ingenuity but also served practical purposes, from public entertainment to water supply.
The Indian economy is classified into different sectors to simplify the analysis and understanding of economic activities. For Class 10, it's essential to grasp the sectors of the Indian economy, understand their characteristics, and recognize their importance. This guide will provide detailed notes on the Sectors of the Indian Economy Class 10, using specific long-tail keywords to enhance comprehension.
For more information, visit-www.vavaclasses.com
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
2. Topics
• In a confidential communication the authenticity needs to be carefully
established for:
• �The two partners
• �Before sending any confidential information one needs to be sure to whom it sends that
information: authentication protocols
• �The messages received by each partner
• �One needs to be sure that the message received has not been modified –it coincides with
the sent message: message authentication
• �If the two partners do not quite trust each other, they need to make sure that the sender
cannot later deny having sent the message and the receiver cannot have devised the
message himself: digital signatures
3. I. Authentication protocols
• Such protocols enable communicating parties to satisfy themselves mutually about each other’s identity and
possibly, to exchange session keys
• �Two central problems here: confidentiality and timeliness
• �Essential identification information and the session keys must be communicated in encrypted form
• �Because of the threat of replay, timeliness is essential here
• �Replays could allow the attacker to get a session key or to impersonate another party
• �At minimum, the attacker could disrupt operations by presenting parties with messages that appear genuine but are not –
aims at a denial of service attack
• �Two approaches are generally used to defend replay attacks
• �Timestamps: A accepts a message as fresh only if it contains a timestamp that, in A’s judgment, is close enough to
A’s knowledge of current time –clocks need to be synchronized
• �Challenge/response: A, expecting a fresh message from B, first sends B a random number (challenge) and requires
that the subsequent message (response) received from B contains that random number or some agree-upon
transformation on it (this is also called hand-shaking sometimes
4. Authentication protocols and setting up secret keys
A Direct authentication
1.Based on a shared secret master key
2.Based on a public-key system
3.Diffie-Hellman
B. Mediated authentication
1.Based on key distribution centers
2.Kerberos
5. A1. Authentication based on a shared secret
key
• Assume here that A and B already share a secret key –this is called sometimes the master key MK
because the two will only use this rarely, whenever they need to authenticate each other and
establish a session key
• �Master keys will only be used to establish session keys
• �Concentrate here on how to establish session keys
• �Protocol
• �A issues a requests to B for a session key and includes a nonce N1
• �B responds with a message encrypted using the shared master key –include there the session key he
selects, A’s id, a value f(N1) and another nonce N2
• �At this point, A is sure of B’s identity: only he knows the master key; B is not sure of anything yet
• �Using the new session key, A return f(N2) to B
• �B is sure of A’s identity: only A can read the message he sent, including the session key
6.
7. A2. A general scheme of public-key authentication
(and distribution of secret keys)
• �Assume here that A and B know each other’s
public key
• �N1 and N2 in the scheme are random
numbers –they ensure the authenticity of A and
B (because only they can decrypt the messages
and read N1 and N2)
• �After Step 2, A is sure of B’s identity: right
response to its challenge
• �After Step 3, B is sure of A’s identity: right
response to its challenge
8.
9. A3. A concrete scheme: Diffie-Hellman key exchange
• This is the first ever published public-key algorithm –used in a number of commercial products
• Elegant idea: establish a secret key based on each other’s public keys
• Protocol
• Alice and Bob need to agree on two large numbers n,g, where n is prime, (n-1)/2 is also prime and some extra
conditions are satisfied by g (to defeat math attacks) –these numbers may be public so Alice could generate this on
her own�
• Alice picks a large (say, 512-bit) number x and B picks another one, say y�
• Alice initiates the key exchange protocol by sending Bob a message containing (n,g,g^xmod n)�
• Bob sends Alice a message containing g^ymod n�
• Alice raises the number Bob sent her to the x-th power mod n to get the secret key: (g^ymod n)^ x mod n=g^xy mod
n�
• Bob raises the number Alice sent to the y-thpower modulo n to get the secret key: (g^x mod n)^y mod n= g^xy mod
n
10.
11. B1. Authentication using key distribution centers (KDC)
Authentication using key distribution centers (KDC)
• �Setting up a shared key was fairly involved with
the previous approaches and perhaps not quite
worth doing
• �Each user has to maintain a secret key (perhaps
on some plastic card) for each of his friends –this
may be a problem for popular people
• �Different approach: have a trusted key
distribution center (KDC)
• �Each user maintains one single secret key –the
one to communicate with KDC
• �Authentication and all communications go
through KDC
• �Alice picks Ks and tells KDC that she wants to talk
to Bob using Ks–A uses secret key KA used only to
communicate with KDC
• �KDC decrypts the message and sends Ks to Bob
together with Alice’s id –KDC uses key KB used
only to communicate with B
• �Authentication here is for free –key KA is only
known to A and KDC
12. Replay attack to the KDC-based protocol
• Say Eve manages to get a job with Alice and after doing the job, she asks Alice to pay her by bank transfer.
• �Alice establishes a secret key with the banker Bob and then sends Bob a message requesting money to be
transferred to Eve’s account
• Eve however is back to her old business, snooping on the network–she copies message 2 in the
protocol and the request for money that follows�
• Later Eve replays both messages to Bob –Bob will think that Alice has hired again Eve and pays
Eve the money�
• Eve is able to do many iterations of the procedure –replay attack
• Solution 1: include a timestamp with the message –any old message will be discarded�
• Problem: clocks are not always exactly synchronized so there will be a period when the message is still valid�
13. Authentication using Kerberos
• Kerberos is an authentication protocol used in many systems, including Windows 2000, using the KDC-based
approach
• �Kerberos was the name of a multi head dog in Greek mythology that used to guard the entrance to Hades
• �Designed at MIT to allow workstation users to access network resources securely
• �As such, it relies on the assumption that all clocks are fairly well synchronized
• �Kerberos v4 is the most widely used version –the one we discuss here
• �Includes three servers that communicate with Alice (at the workstation)
• �Authentication server (AS) –verifies the user during login
• �It shares a secret password with each user (plays the role of the KDC)
• �Ticket-granting server (TGS) –issues “proof of identity tickets”
• �Tickets will be used by the user to perform various jobs
• �Bob the server –actually does the work Alice needs to do, based on the identity ticket
• �Based on the identity ticket will grant Alice the right she is entitled to
14. Authentication using Kerberos
1. A sits down at an arbitrary public workstation and types her name
• �Workstation sends her name to the AS in plaintext
1. AS sends back a session key KS and a ticket KTGS(A,KS) for TGS –both
encrypted with A’s secret key
• �At this point the workstation asks for A’s password
• �Password is used to generate the secret key and decrypt the message, obtaining the
ticket for TGS
16. Authentication using Kerberos
• A tells the workstation she needs to contact the file server Bob
3. Workstation sends a message to TGS asking for a ticket to use Bob
• �Key element here is the ticket for TGS received from AS –this proves to TGS that the sender is really A
4. TGS creates and sends back a session key KAB for A to use with B
• �TGS sends a message encrypted with KS so that A can read and get KAB
• �TGS also includes a message intended only for Bob, sending A’s identity and the key KAB
• �If Eve replays message 3 she will be foiled by the timestamp t
• �Even if she replays the message quickly she will only get a copy of message 4 that she cannot read
5 Alice can now communicate with Bob using KAB
6. Bob confirms he has received the request and is ready to do the work
17. II. Digital signatures
• Having a sort of digital signature replacing hand written signatures is essential in the cyber-world
• �This is crucial between two parties who do not trust each other and need protection from each other’s
later false claims
• Requirements for a digital signature
• �Must authenticate the content of the message at the time of the signature
• �Must authenticate the author, date, and time of the signature
• �Receiver can verify the claimed identity of the sender
• �Sender cannot later repudiate the content of the message
• �Receiver cannot possibly have concocted the message himself
• �Can be verified by third-parties to resolve disputes
• �Examples:
• �The bank needs to verify the identity of the client placing a transfer order
• �The client cannot deny later having sent that order
• �It is impossible for the bank to create transfer orders and claim they actually came from the client
18. Digital signatures
• Computational requirements
• �Must be a bit pattern depending on the message being signed
• �Signature must use some information unique to the sender to prevent forgery and denial
• �Computationally easy to produce a signature
• �Computationally easy to recognize and verify the signature
• �Computationally infeasible to forge a digital signature
• ��Practical to retain a copy of the digital signature in storage
19. Two general schemes for digital signatures
• Arbitrated digital signatures
• �Every signed message from A to B goes to an arbiter BB (Big Brother) that everybody
trusts
• �BB checks the signature and the timestamp, origin, content, etc.
• �BB dates the message and sends it to B with an indication that it has been verified and
it is legitimate
20. Arbitrated digital signatures
• E.g., every user shares a secret key with
the arbiter
• �A sends to BB in an encrypted form the plaintext P
together with B’s id, a timestamp and a random number
RA
• �BB decrypts the message and thus makes sure it comes
from A; it also checks the timestamp to protect against
replays
• �BB then sends B the message P, A’s id, the timestamp
and the random number RA; he also sends a message
encrypted with his own private key (that nobody knows)
containing A’s id, timestamp t and the plaintext P (or a
hash)
• �B cannot check the signature but trusts it because it
comes from BB –he knows that because the entire
communication was encrypted with KB
• �B will not accept old messages or messages containing
the same RA to protect against replay
• �In case of dispute, B will show the signature he got
from BB (only BB may have produced it) and BB will
decrypt it
21. Direct digital signatures
• This involves only the communicating parties and it is based on public
keys
• �The sender knows the public key of the receiver
• �Digital signature: encrypt the entire message (or just a hash code of
the message) with the sender’s private key
• �If confidentiality is required: apply the receiver’s public key or
encrypt using a shared secret key
22. DS
• Weaknesses:
• �The scheme only works as long as KRA remains secret: if it is disclosed (or A discloses it
herself), then the argument of the judge does not hold: anybody can produce the signature
• �Attack: to deny the signature right after signing, simply claim that the private key has been lost–
similar to claims of credit card misuse
• �If A changes her public-private keys (she can do that often) the judge will apply
the wrong public key to check the signature
• �Attack: to deny the signature change your public-private key pair–this should not work if a
PKI is used because they may keep trace of old public keys
• �A should protect her private key even after she changes the key