Information Security and Management 13' Digital Signatures and Authentication Protocols

1
Information Security and Management 13. Digital
Signatures and Authentication Protocols

• Chih-Hung Wang
• Sep. 2006

2
Digital Signature

• Dispute of message authentication
• Message authentication protects two parties who
  exchange messages from any third party. However,
  it does not protect the two parties against each
  other.
• Several forms of dispute between the two are
  possible

3
Problem of Authentication

• The following disputes could arise
• Receiver may forge a different message and claim
  that it came from sender.
• Sender can deny sending the message

4
Properties

• The digital signature is analogous to the
  handwritten signature. It must have the following
  properties
• It must be able to verify the author and the date
  and time of the signature
• It must be able to authenticate the contents at
  the time of the signature
• The signature must be verifiable by third
  parties, to resolve dispute

5
Requirements (1/2)

• The signature must be a bit pattern that depends
  on the message being signed
• The signature must use some information unique to
  the sender, to prevent both forgery and denial
• It must be relatively easy to produce the digital
  signature
• It must be relatively easy to recognize and
  verify the digital signature

6
Requirements (2/2)

• It must be computationally infeasible to forge a
  digital signature, either by constructing a new
  message for an existing digital signature or by
  constructing a fraudulent digital signature for a
  given message
• It must be practical to retain a copy of the
  digital signature in storage

7
Digital Signature Concept
8
Dispute Concept
Verify Judge
Signers Digital Signature
Third Party
Dispute
Sender
Receiver
9
RSA Digital Signature
10
Digital Signature Standard (DSS)

• The National Institute of Standards and
  Technology (NIST) has published Federal
  Information Processing Standard FIPS PUB 186,
  known as the Digital Signature Standard (DSS).
• The DSS makes use of the Secure Hash Algorithm
  (SHA)
• The DSS was originally proposed in 1991 and
  revised in 1993 in response to public feedback
  concerning the security of the scheme

11
DSS Concept (1/2)

• The DSS uses an algorithm that is designed to
  provide only the digital signature function
• Unlike RSA, it cannot be used for encryption or
  key exchange

12
DSS Concept (2/2)
13
DSS Algorithm

• Discrete Logarithms (page 228-233)
• Consider the equation
• y gx mod p
• Given g,x,and p, it is straightforward matter to
  calculate y
• Given y, g, and p, it is, in general, very
  difficult to calculate x
• Computational complexity
• e((ln p)1/3ln(ln p))2/3

14
DSS Algorithm

• Setup
• p large prime bit length of between 512 and 1024
  bits in increments of 64 bits 2L-1 lt p lt 2L and
• 512 lt L lt 1024
• q prime divisor of (p-1) and 2159 lt q lt
  2160,i.e., the length is 160 bits
• g h(p-1)/q mod p, where 1lth lt p-1 ,h is an
  integer(I.e., gq 1 mod p)

15
DSS Algorithm

• Sign
• User As private key
• x random ? 0 lt x ltq
• User As public key
• y gx mod p
• Signing
• Randomly select k, 0ltkltq
• calculate r (gk mod p) mod q
• calculate s k-1(H(M) xr) mod q
• Signature (r,s)

16
DSS Algorithm

• Sign

17
DSS Algorithm

• Verify
• Verifying (r, s) (M)
• Calculate w (s)-1 mod q
• Calculate u1 H(M)w mod q
• Calculate u2 (r)w mod q
• Calculate v (gu1yu2) mod p mod q
• Verify v r (?). If yes, (r, s) is a valid
  signature on the message M

18
DSS Algorithm

• Verify

19
Criticisms of DSS (1/2)

• DSS cannot be used for encryption or key
  distribution
• DSS was developed by the NSA, and there may be a
  trapdoor in the algorithm
• DSS is slower than RSA
• RSA is the ISO 9796, the international digital
  signature standard

20
Criticisms of DSS (2/2)

• The DSS selection process was not public
  sufficient time for analysis has not been
  provided
• DSS may infringe on other pattern
• The key size is too small