Unit 4 DIGITAL SIGNATURE for class.pptx

TamilSelvi165 1 views 39 slides Oct 15, 2025
Slide 1
Slide 1 of 39
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20
Slide 21
21
Slide 22
22
Slide 23
23
Slide 24
24
Slide 25
25
Slide 26
26
Slide 27
27
Slide 28
28
Slide 29
29
Slide 30
30
Slide 31
31
Slide 32
32
Slide 33
33
Slide 34
34
Slide 35
35
Slide 36
36
Slide 37
37
Slide 38
38
Slide 39
39

About This Presentation

Digital signature

Size: 3.17 MB
Language: en
Added: Oct 15, 2025
Slides: 39 pages

Slide Content

Digital Signatures  A digital signature is an authentication mechanism that enables the creator of a message to attach a code that acts as a signature. The signature is formed by taking the hash of the message and encrypting the message with the creator's private key. The signature guarantees the source and integrity of the message. Mutual authentication protocols enable communicating parties to satisfy themselves mutually about each other's identity and to exchange session keys. The digital signature standard (DSS) is an NIST standard that uses the secure hash algorithm (SHA).

Arbitrated Digital Signature Techniques X = Sender Y = Recipient A = Arbiter M = Message T = Time Stamp

Signature encrypted in public key Authentication using private and public key

Digital Signature Standard (DSS) • It is designed to provide only the digital signature function. • It cannot be used for encryption or key exchange. • It is a public-key technique.

Algorithm A user must first select a cryptographic hash function (H) and an output length in bits, denoted by |H|. When the output length is longer than |H|, modulus length N is used. Then, find a key length L that is a multiple of 64 and ranges between 512 and 1024, as per the original DSS length. However , NIST suggests lengths of 2048 or 3072 for lifetime key security. According to FIPS 186-4, the values of L and N must be selected from the following range: (1024, 60), (2048, 224), (2048, 256), or (3072, 256). In addition, while selecting a modulus length N, the user should make sure that it is smaller than the key length (N<L) and equal to the output length (N<=|H |).

Algorithm After that, the user can select a prime number (q) of the N bit and another prime number (p) of the L bit so that p-1 is a multiple of q. Next , select an integer, h, from the list (2.....p-2). After getting the p and q values, determine − g = h^(p-1)/q*mod(p). Please try a different number for h and compute for g again, excluding 1, if you receive g = 1. The algorithm parameters that are shared by several system users are p, q, and g.

Signature Generation To get our hash digest (h), it runs the original message (M) through the hash function (H#). The signing function receives the digest as input and uses two variables, s and r, as output. You also use a random integer k, so that 0 < k < q, in addition to the digest. Use the formula r = ( gk mod p) mod q to find the value of r. You can use the formula s = [K - 1(h + x. R)mod q] to find the value of s. The signature is then packaged as { r,s }. The recipient receives the message and signature bundle in everything ({M, r, s}).

Signing The correct way to sign message m is as follows − First, select an integer k from the (1.......q-1) and Compute: r = g^(k)*mod(p)*mod(q). Try a different random value for k and compute again for all values of r excluding 0. If you get r = 0. Calculate: s=(k^(-1)*(H(m)+ xr ))*mod(q). Please try another random value for k and compute again for all values of s excluding 0. If you get s = 0. Two key elements define the signature ( r,s ). Also , a new message is created using key elements k and r. But calculating r using the modular exponential method is a very costly process that has to be done before the message is received.

Signature Verification To create the digest h, you use a similar hash function (H#). The verification function then receives this digest and needs additional variables as input. Calculate the value of w so that it s*w mod q equals one. Determine u1's value using the formula u1 = h*w mod q. Use the formula u2 = r*w mod q to figure out the value of u2. The formula for calculating the final verification component, v, is v = [((gu1. yu2) mod p) mod q]. The value of v is compared to the value of r that was received in the bundle. The signature verification process is finished if they match.

Authentication Applications: Kerberos, X.509 and Certificates 2003700691 REYHAN AYDOĞAN Authentication Applications

Outline • Introduction to KERBEROS • How Kerberos works? • Comparison between version 4 and 5 • Certificates • X.509 Directory Authentication Service • Conclusion Authentication Applications

• An authentication service developed for Project Athena at MIT • Provides • strong security on physically insecure network • a centralized authentication server which authenticates • Users to servers • Servers to users • Relies on conventional encryption rather than public-key encryption Authentication Applications

Why Kerberos is needed ?Problem : Not trusted workstation to identify their users correctly in an open distributed environment 3 Threats: • Pretending to be another user from the workstation • Sending request from the impersonated workstation • Replay attack to gain service or disrupt operations Authentication Applications Solution : • Building elaborate authentication protocols at each server • A centralized authentication server (Kerberos) Authentication Applications

Requirements for KERBEROS • Secure: An opponent does not find it to be the weak link • Reliable: The system should be able to back up another • Transparent: An user should not be aware of authentication • Scalable: The system supports large number of clients and severs Authentication Applications Versions of KERBEROS • Two versions are in common use • Version 4 is most widely used version • Version 4 uses of DES • Version 5 corrects some of the security deficiencies of Version 4 • Version 5 has been issued as a draft Internet Standard (RFC 1510) Authentication Applications

Kerberos Version 4: Dialog 1- Simple Pc=password of client 1- IDc + Pc+IDv 2- Ticket 3- IDc +Ticket kv =Secret Key between AS and V (Server) Ticket= Ekv [ IDc,ADc,IDv ] Authentication Applications Once per user logon session Once per type of service Kerberos Version 4 : Dialog 2-More Secure ticketTGS = EKtgs [ IDc,ADc , IDtgs,TS1,LifeTime1 ] 1- IDc + IDtgs 2- EKc [ TicketTGS ] 3- TicketTGS+IDc+IDv 4-TicketV Authentication Applications

Kerberos Version 4 : Dialog 2 - More Secure Cont. Once per service session 5- TicketV + IDc TicketV = EKv [IDc,ADc,IDv,Ts2,Lifetime2] Authentication Applications Kerberos : The Version 4 Authentication Dialog Once per user logon session ticketTGS = EKtgs [ Kc.tgs , IDc,ADc,IDtgs,TS2, LifeTime2 ] 1- IDc + IDtgs +TS1 2- EKc [Kc.tgs,IDtgs,Ts2, Lifetime2,TicketTGS] Authentication Applications Kerberos : The Version 4 Authentication Dialog Cont. Once per type of service ticketTGS = EKtgs [ Kc.tgs,IDc,ADc,IDtgs , TS2, LifeTime2 ] AuthenticatorC = EKc.tgs [IDc,ADc,TS3 ] ticketV =EKV[ Kc.v,IDc,ADc,IDv , TS4, LifeTime4 ] 3- TicketTGS + AuthenticatorC + IDv 4-EKc.tgs[ Kc.v,IDv,Ts4,Ticketv] Authentication Applications

Tickets : • Contains information which must be considered private to the user • Allows user to use a service or to access TGS • Reusable for a period of particular time • Used for distribution of keys securely Authentication Applications Authenticators • Proves the client’s identity • Proves that user knows the session key • Prevents replay attack • Used only once and has a very short life time • One authenticator is typically built per session of use of a service Authentication Applications Kerberos Realms • A single administrative domain includes: • a Kerberos server • a number of clients, all registered with server • application servers, sharing keys with server • What will happen when users in one realm need access to service from other realms?: • Kerberos provide inter-realm authentication Authentication Application s

Kerberos : Strengths • User's passwords are never sent across the network, encrypted or in plain text • Secret keys are only passed across the network in encrypted form • Client and server systems mutually authenticate • It limits the duration of their users' authentication. • Authentications are reusable and durable • Kerberos has been scrutinized by many of the top programmers, cryptologists and security experts in the industry Authentication Applications

Certificate : • Electronic counterparts to driver licenses, passports • Verifies authenticity of the public key • Prevents impersonation • Enables individuals and organizations to secure business and personal transactions Authentication Applications What a certificate includes : • Name of Entity being Certified • Public Key • Name of Certificate Authority • Serial Number • Expiration Date • Digital signature of the issuer • Other information (optional) Authentication Applications Certificate Authorities : • Trusted entity which issue and manage certificates for a population of public-private key-pair holders. • A digital certificate is issued by a CA and is signed with CA’s private key. Authentication Applications

Who are the Certificate Authorities? VeriSign GTE CyberTrust Entrust IBM CertCo USPS / Cylink Authentication Applications Certificate Issuance Process : • Generate public/private key pair • Sends public key to CA • Proves identity to CA - verify • CA signs and issues certificate • CA e-mails certificate or Requestor retrieves certificate from secure websites • Requestor uses certificate to demonstrate legitimacy of their public key Authentication Applications Types of Digital Certificates • E-Mail Certificates • Browser Certificates • Server (SSL) Certificates • Software Signing Certificates Authentication Applications

Potential security holes: • Was the user really identified? • Security of the private key • Can the Certificate Authority be trusted? • Names are not unique Authentication Applications X.509 Directory Authentication Service • CCITT recommendation defining a directory service • Defines a framework for the authentication services • The X.500 directory serving as a repository of public-key certificates • Defines alternative authentication protocols Authentication Applications

Authentication Procedures : • Three alternative authentication procedures: • One-Way Authentication • Two-Way Authentication • Three-Way Authentication • All use public-key signatures Authentication Applications One-Way Authentication : • 1 message ( A->B) used to establish • the identity of A and that message is from A • message was intended for B • integrity & originality of message A B 1-A { ta,ra,B,sgnData,KUb [ Kab ]} Ta-timestamp rA =nonce B =identity sgnData =signed with A’s private key Authentication Applications
Tags
Categories
Technology
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 1
  • Slides 39
  • Age 49 days
Related Slideshows
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx 11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
48 views
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx 10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
47 views
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx 13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx 11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
35 views
Know for Certain 21
Know for Certain
DaveSinNM
23 views
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx 17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views
View More in This Category