chapter three 3-part II-1lecture slide.pptx
meharikiros2
16 views
18 slides
Sep 17, 2024
Slide 1 of 18
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
About This Presentation
ASDSDSDASDSDFSF
Slide Content
3.2.2 Digital Signature Confidentiality ensures that messages cannot be intercepted and read by eavesdroppers, i.e., encryption protects against passive attack A different requirement is to protect against active attack ( falsification of data and transactions ). Protection against such attacks is known as message authentication A message, file, document, or other collection of data is said to be authentic when it is genuine (not altered) and comes from its alleged source A digital signature is not used to ensure the confidentiality of a message, but rather to guarantee who sent the message, i.e., authentication ( nonrepudiation ); it proves who the sender is Nonrepudation can be source repudiation(denial of transmission of message by source) or destination repudiation(denial of receipt of message by destination) 1
Digital signature is also used for Data Integrity ; it ensures that messages are protected against modification Note: authentication may mean both nonrepudiation and data integrity and sometimes only data integrity Masquerade : The creation of messages by an opponent that are purported to come from an authorized entity. In real world, the receiver of message needs assurance that the message belongs to the sender and he should not be able to repudiate the origination of that message. Digital Signature for Assurance Consider the situation where Bob has just sold Alice something for 500 Birr through a deal that is made by e- mail Alice sends an e- mail accepting to pay 500 Birr Two issues need to be taken care of in addition to authentication Alice needs to be assured that Bob will not modify the amount and show that Alice promised to pay more than 500 Bir Bob needs to be assured that Alice will not deny that she sends the message, i.e., source repudiation 2
Digital signature reverses the asymmetric encryption process Alice encrypts the message using her private key: Sends the encrypted message to Bob Bob then decrypts the signature using Alice’s public key: If successful, he ensures that it comes from Alice If Bob can decrypt it with Alice’s public key, the message must have been encrypted by Alice; No one else has Alice’s private key, and therefore no one else could have created a ciphertext that could be decrypted with Alice’s public key Therefore, the entire encrypted message serves as a digital signature In addition, it is impossible to alter the message without access to Alice’s private key , so the message is authenticated both in terms of source and data integrity 3
But anyone can decrypt the message using Alice’s public key if it is not important that the message be kept secret To combine both confidentiality and authentication Alice has to first encrypt the message using her private key Then encrypt the message with Bob’s public key Sends the encrypted message to Bob Bob decrypts the message using his private key Bob then decrypts the message using Alice’s public key 4
Disadvantage : The public- key algorithm must be applied four times rather than two in each communication which has an impact on efficiency. It is also possible with symmetric encryption , as far as the key is shared in secured way. 5
Digital Signature Using Message Digest Problems in Digital Signature Alice may claim that her private key has been stolen before the message was sent Alice may change her private key; a solution could be to have a central authority that keeps track of changes in keys and that signed messages be timestamped Alice’s entire message is encrypted which may be expensive in terms of processing requirements It also requires a great deal of storage . Each document must be kept in plaintext to be used for practical purposes. A copy also must be stored in ciphertext so that the origin and contents can be verified in case of a dispute A better and cheaper method is to use a message digest 6
Hash function A hash function H takes a message m of arbitrary length and produces a bit string h , h = H(m) When the hash value h is sent with the message m , it enables to determine whether m has been modified or not; the principal objective of a hash function is data integrity. It is similar to cyclic- redundancy check(CRC) and Checksum When a hash function is used to provide message authentication (integrity), the hash function value is often referred to as a message digest The two most common hashing algorithms are MD5 (Message Digest version 5) and Secure Hash Algorithm or SHA (SHA- 1 and later versions like SHA- 256) by NIST. h = H(m) is sent along m (not encrypted), where H is a cryptographic hash function 7
If m is changed to m’ , its hash H(m’ )will be different from h = H(m) and can be easily detected Alice first computes a message digest and encrypts it with her private key E( 𝐾 𝐴 −, H(m)) is sent so that Bob knows that it comes from Alice by decrypting it with her public key Bob decrypts the digest and calculates the message digest; if they match he knows the message has not. 8 Digitally signing a message using a message digest – for data integrity only
M can be sent as plaintext or if confidentiality is required can be encrypted using Bob’s public key E( 𝐾 𝐵 +, E ( 𝐾 𝐴 − , H(m))) is sent so that Bob knows that it comes from Alice by decrypting it with her public key Bob decrypts the digest and calculates the message digest; if they match he knows it has not been altered. The public- key approach has two advantages: It provides a digital signature as well as message authentication. It does not require the distribution of keys to communicating parties 9
MD5 Algorithm MD5 message- digest algorithm is the 5th version of the Message-Digest Algorithm developed by Ron Rivest to produce a 128- bit message digest. MD5 is quite fast than other versions of the message digest, which takes the plain text of 512- bit blocks, which is further divided into 16 blocks, each of 32 bit and produces the 128- bit message digest, which is a set of four blocks, each of 32 bits. MD5 produces the message digest through five steps, i.e. padding, append length, dividing the input into 512- bit blocks, initializing chaining variables a process blocks and 4 rounds, and using different constant it in each iteration. It was developed with the main motive of security as it takes an input of any size and produces an output if a 128- bit hash value. To be considered cryptographically secure, MD5 should meet two requirements: It is impossible to generate two inputs that cannot produce the same hash function. It is impossible to generate a message having the same hash value. 10
How do the MD5 Algorithm works? As we all know that MD5 produces an output of 128- bit hash value. This encryption of input of any size into hash values undergoes 5 steps, and each step has its predefined task. Step1: Append Padding Bits Assume that we have a message x with a length of l bit. To obtain an overall message size of a multiple of 512 bits, we append a single “1” followed by k zero bits and the binary 64-bit representation of l . Consequently, the number of required zeros k is given by k≡512−64−1−l 448−( l +1) mod 512. =443 assume if =24, representing each character in 8 bit. Step 2: Append Length After padding, 64 bits are inserted at the end, which is used to record the original input length. At this point, the resulting message has a length multiple of 512 bits. Step 3: Initialize MD buffer. A four- word buffer (A, B, C, D) is used to compute the values for the message digest Step 4: Processing message in 16-word block MD5 uses the auxiliary functions, which take the input as three 32-bit numbers and produce 32-bit output. These functions use logical operators like OR, XOR, NOR. Step 5 : Output- After all, rounds have performed, the buffer A, B, C, D contains the MD5 output starting with lower bit A and ending with higher bit D. MD5 algorithm with example 11
SHA Algorithm SHA algorithm is Secure Hash algorithm developed by the National Institute of Standards and Technology along with NSA, previously released as a Federal Information Processing Standard, later in 1995, It was named as SHA algorithm, design to modify the MD4 In the field of cryptography and crypt analytics, the SHA- 1 algorithm is a crypt- formatted hash function that is used to take a smaller input and produces a string that is 160 bits, also known as 20- byte hash value long. The hash value therefore generated, is known as a message digest which is typically rendered and produced as a hexadecimal number which is specifically 40 digits long. The Different Types of SHA algorithm include the ones: 12
Properties of Hash Function One- way function: It is computationally infeasible to find m that corresponds to a known output of h Or given a hash value h it should be difficult to find the message m such that h = H(m) That means you cannot “unhash” something Collision resistance Weak- collision resistance : It is computationally infeasible, given m and H, to find m’ ≠m such that H(m) = H(m’) Strong- collision resistance : Given H, it is computationally infeasible to find any two different input values m and m’, such that H(m) = H(m’) The output is of fixed-length no matter what input is given. This is exactly how Windows stores passwords . For example, if the password is password, then Windows will first hash it producing something like: 0BD181063899C9239016320B50D3E896693A96DF 13
3.3.4 Public Key Distribution Public Announcement of Public Keys Send a public key to any other participant or broadcast the key to the community But anyone can forge such a public announcement, i.e., some user could pretend to be a legitimate user and send a public key to another participant or broadcast it, so mechanism is required. Public- key Infrastructure We need a body that certifies the public key is that of the party we wish to communicate with, i.e., Certification/ Certificate Authority ( CA ) that signs (certifies) the public key. Public- Key Infrastructure(PKI) is the set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates based on asymmetric cryptography 14
Users publish certificates with the X.509 standard (for formatting certificates) A certificate is a public key and some naming “stuff”, digitally signed by someone you trust (third party), i.e., the CA The resulting certificate will contain information like user’s name/ID, user’s public key, name of CA, start date of certificate, and length of time it is valid The Internet Engineering Task Force (IETF) Public Key Infrastructure X.509 (PKIX) working group has been the driving force for deploying a certificate- based architecture on the Internet 15
Elements of the PKIX model End entity : Denotes end users, devices (e.g., servers, routers); end entities typically consume and/or support PKI- related services Certification Authority(CA): The issuer of certificates and (usually) certificate revocation lists (CRLs) Registration Authority(RA): An optional component that can assume a number of administrative functions from the CA CRL issuer : An optional component that a CA can delegate to publish CRLs Repository: Any method for storing certificates and CRLs so that they can be retrieved by end entities 16
Read about symmetric key distribution Using symmetric key encryption Using asymmetric key encryption 17
Concluding Remarks about Encryption Advantages and disadvantages Advantage of private- key ( symmetric/secret- key ) cryptography is that it provides better secrecy but needs prearranged key exchange Symmetric key cryptography is impractical for exchanging messages with a large group of previously unknown correspondents over a public network, e.g., in e-commerce, for a merchant to conduct transactions securely with millions of customers, each customer would need a distinct key assigned by that merchant and transmitted over a separate secure channel Advantage of public-key ( asymmetric ) cryptography is that, it allows for secrecy between two parties who have not arranged in advance to have a shared key (or trusted some third party to give it to them) and the disadvantage is overhead and speed Therefore, in practice, hybrid systems use public- key to establish session key for private key 18
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 16
- Slides 18
- Age 440 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
44 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views