Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1

Similar documents
Kurose & Ross, Chapters (5 th ed.)

CS Computer Networks 1: Authentication

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

UNIT - IV Cryptographic Hash Function 31.1

Background. Network Security - Certificates, Keys and Signatures - Digital Signatures. Digital Signatures. Dr. John Keeney 3BA33

Encryption. INST 346, Section 0201 April 3, 2018

ECEN 5022 Cryptography

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

Other Topics in Cryptography. Truong Tuan Anh

Chapter 11 Message Integrity and Message Authentication

Lecture 2 Applied Cryptography (Part 2)

The most important development from the work on public-key cryptography is the digital signature. Message authentication protects two parties who

Chapter 9: Key Management

Digital Signatures. KG November 3, Introduction 1. 2 Digital Signatures 2

Study Guide for the Final Exam

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

Public-key Cryptography: Theory and Practice

Chapter 9 Public Key Cryptography. WANG YANG

ENEE 459-C Computer Security. Message authentication

14. Internet Security (J. Kurose)

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Ten Risks of PKI : What You re not Being Told about Public Key Infrastructure By Carl Ellison and Bruce Schneier

Cryptographic Checksums

APPLICATIONS AND PROTOCOLS. Mihir Bellare UCSD 1

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

X.509. CPSC 457/557 10/17/13 Jeffrey Zhu

CSE 565 Computer Security Fall 2018

Introduction to Modern Cryptography. Benny Chor

CS 161 Computer Security

Digital Signatures. Luke Anderson. 7 th April University Of Sydney.

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Introduction to Cryptography Lecture 10

Cryptography and Network Security

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

Digital Signatures. Cole Watson

CSC 5930/9010 Modern Cryptography: Public-Key Infrastructure

Verteilte Systeme (Distributed Systems)

Crypto-systems all around us ATM machines Remote logins using SSH Web browsers (https invokes Secure Socket Layer (SSL))

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Public Key Algorithms

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Diffie-Hellman. Part 1 Cryptography 136

Cryptographic Hash Functions

CS 161 Computer Security

Cryptographic Hash Functions. Rocky K. C. Chang, February 5, 2015

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

Course Administration

Overview. SSL Cryptography Overview CHAPTER 1

Chapter 10: Key Management

Lecture 18 Message Integrity. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller & Bailey s ECE 422

CSC/ECE 774 Advanced Network Security

ASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Introduction to Software Security Hash Functions (Chapter 5)

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

S. Erfani, ECE Dept., University of Windsor Network Security

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

SECURITY IN NETWORKS

P2_L8 - Hashes Page 1

Certificates, Certification Authorities and Public-Key Infrastructures

Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

ASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

CSC 8560 Computer Networks: Network Security

T Cryptography and Data Security

SECURITY IN NETWORKS 1

Integrity of messages

Lecture 13. Public Key Distribution (certification) PK-based Needham-Schroeder TTP. 3. [N a, A] PKb 6. [N a, N b ] PKa. 7.

Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL

A hash function is strongly collision-free if it is computationally infeasible to find different messages M and M such that H(M) = H(M ).

Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

Security: Focus of Control

Zero Knowledge Protocol

Public-Key Infrastructure NETS E2008

n-bit Output Feedback

CSC 774 Network Security

Lecture 15 PKI & Authenticated Key Exchange. COSC-260 Codes and Ciphers Adam O Neill Adapted from

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Crypto meets Web Security: Certificates and SSL/TLS

PROVING WHO YOU ARE TLS & THE PKI

Chapter 9. Public Key Cryptography, RSA And Key Management

Digital Certificates Demystified

Security: Cryptography

CSCI 454/554 Computer and Network Security. Topic 4. Cryptographic Hash Functions

IBM i Version 7.2. Security Digital Certificate Manager IBM

Outline. Hash Function. Length of Hash Image. AIT 682: Network and Systems Security. Hash Function Properties. Question

Outline. AIT 682: Network and Systems Security. Hash Function Properties. Topic 4. Cryptographic Hash Functions. Instructor: Dr.

Dawn Song

Distributed Systems Principles and Paradigms. Chapter 09: Security

CT30A8800 Secured communications

Internet and Intranet Protocols and Applications

Lecture Notes 14 : Public-Key Infrastructure

Cryptographic hash functions and MACs

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

Security. Communication security. System Security

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

Cryptography V: Digital Signatures

Transcription:

Information Security message M one-way hash fingerprint f = H(M) 4/19/2006 Information Security 1

Outline and Reading Digital signatures Definition RSA signature and verification One-way hash functions Definition Applications Key distribution Certificates Revocation 4/19/2006 Information Security 2

Digital Signature A digital signature is a string S associated with a message M and the author A of M that has the following properties Integrity: S establishes that M has not been altered Nonrepudiation: S unequivocally identifies the author A of M and proves that A did indeed sign M A digital signature scheme provides algorithms for Signing a message by the author Verifying the signature of a message by the reader A recently passed law in the US gives digital signatures the same validity of handwritten signatures A public-key cryptosystem yields a digital signature scheme provided encrypt(k E, decrypt(k D, M)) = M Signature: Alice (author) computes S = decrypt(k D,M) using her private key K D and sends the pair (M,S) to Bob Verification: Bob (reader) computes M = encrypt(k E,S) using Alice s public key K E and checks that M = M 4/19/2006 Information Security 3

RSA Digital Signature Setup: n = pq, with p and q primes e relatively prime to φ(n) = (p 1) (q 1) d inverse of e in Z φ(n) Keys: Public key: K E = (n, e) Private key: K D = d Signature: Message M in Z n Signature S = M d mod n Verification: Check that M = S e mod n Setup: p = 5, q = 11 n = 5 11 = 55 φ(n) = 4 10 = 40 e = 3 d = 27 (3 27 = 81 = 2 40 + 1) Keys: Public key: K E = (55, 3) Private key: K D = 27 Signature: M = 51 S = 51 27 mod 55 = 6 Verification: S = 6 3 mod 55 = 216 mod 55 = 51 4/19/2006 Information Security 4

Cryptographic Hash Function A cryptographic hash function is a function H with the following properties M maps a string M of arbitrary length into an integer f = H(M) with a fixed number of bits, called the fingerprint or digest of M H can be computed efficiently Given an integer f, it is computationally infeasible to find a string M such that that H(M) = f (one-way) Given a string M, it is computationally infeasible to find another string M such that H(M) = H(M ) (collision resistance) It is computationally infeasible to find two strings M and M such that H(M) = H(M ) (strong collision resistance) 4/19/2006 Information Security 5

Ideal Cryptographic Hash Function A random oracle models a cryptographic hash function An oracle answers all possible questions and does so consistently No question goes unanswered Same question, same answer Computing H(q) consists of asking the oracle question q If the oracle has not previously heard q, it chooses a random value r, answers r and remembers the pair (q, r) Else, it remembers and replies with the previous answer 4/19/2006 Information Security 6

Practical Cryptographic Hash Functions MD5 (Message Digest 5, 1992) uses a 128-bit (16 bytes) fingerprint Try it: %> echo ipsumdolor md5sum SHA-1 (Secure Hash Algorithm 1, 1995) uses a 160-bit (20 bytes) fingerprint Try it: %> echo ipsumdolor sha1sum Various attacks published on MD5 and (more recently) SHA-1 SHA-1 is considered more secure than MD5 4/19/2006 Information Security 7

Applications of Cryptographic Hash Functions Data integrity: Alice sends a file to Bob and when Bob receives it, he knows that the file was not modified in transit Commitment: Alice commits to a string x without revealing x, and when she reveals x, Bob knows she didn't change her choice of x 4/19/2006 Information Security 8

Digitally Signed Fingerprints In the RSA digital signature scheme with modulus n, the message to be signed must be an integer in Z n, i.e., the message should have at most b = log n bits To overcome the above restriction on the message length, we can use the fingerprint f = H(M) of the message instead of the message itself, where H is a cryptographic hash function Alice computes first f = H(M) and then the signature S of f Bob first computes f = H(M) and then verifies S Since the cryptographic hash function H has the collisionresistance property, it is computationally infeasible to modify the message M while preserving the signature of the fingerprint f = H(M) message M crypto hash fingerprint f = H(M) sign signature S = f d mod n 4/19/2006 Information Security 9

Coin Flipping Over the Net Alice and Bob want to flip a random coin by communicating over the internet The following protocol, based on a cryptographic hash function H, ensures the fairness of the outcome Alice picks a random integer x Alice commits to x She computes the fingerprint f = H(x) and sends f to Bob Bob sends to Alice his guess of whether x is odd or even Alice announces the result of the coin flip: heads if Bob has guessed correctly and tails otherwise Alice sends to Bob integer x as a proof of the outcome of the flip Bob verifies that f = H(x) Because of the strong-collision resistance property, it is computationally infeasible for Alice to cheat 4/19/2006 Information Security 10

Birthday Attack Birthday paradox Suppose there are 23 people in a room. Q: what is the probability that two of them have the same birthday? A: 50% Hash values as birthdays Suppose that a hash function has m 2 possible values We can find a collision with 50% probability by trying 1.2 m random pairs of strings (about the square root of the size of the domain of the hash function) 4/19/2006 Information Security 11

Certificates Public-key cryptography is based on the knowledge by each participant of the public key of the other participants It is complicated to securely distribute the public keys of all the participants A certificate is a message of the type (name, public key) signed by a third-party Public-key infrastructure (PKI) An entity trusted by all the participants, called certification authority (CA), issues to each participant a certificate (Name, K E ) that authoritatively binds the participants to their public keys Only the CA s public key needs to be distributed securely Before sending an encrypted message to Bob or verifying a message digitally signed by Bob, Alice determines Bob s public key K E by using Bob s certificate (Bob, K E ) 4/19/2006 Information Security 12

Web Server Certificates A Web server certificate is used to authenticate the public key of a Web server Fields of a Web server certificate Serial number Hash and signature schemes (e.g., MD5 and RSA) Issuer (certification authority) Period of validity (from, to) Subject (URL and organization) Public key The SSL (secure socket layer) protocol uses Web server certificates to provide encryption and authentication in a secure Web connection (https) 4/19/2006 Information Security 13

Certificate Revocation In certain circumstances, a certificate may have to be revoked before its expiration date The private key of the subject has been compromised The certificate was incorrectly issued by the CA Certificate Revocation List (CRL) Time-stamped list of all the unexpired certificates that have been revoked by the CA Periodically published and signed by the CA When presented with a certificate, one should Verify the CA s signature on the certificate Check that the certificate has non been revoked by searching in the latest available CRL By default, Web browsers do not check the revocation status of a Web server certificate, which poses a security risk 4/19/2006 Information Security 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback