DIGITAL SIGNATURES

1
DIGITAL SIGNATURES
Fred Piper Mert Özarar
Codes Ciphers Ltd 12 Duncan Road Richmond Surrey
TW9 2JD
Information Security Group Royal Holloway,
University of London Egham, Surrey TW20 0EX
2
Outline

• Brief Introduction to Cryptography
• Public Key Systems
• Basic Principles of Digital Signatures
• Public Key Algorithms
• Signing Processes
• Arbitrated Signatures
• Odds and Ends
• NOTE We will not cover all the sections

3
The Essence of Security

• Recognition of those you know
• Introduction to those you dont know
• Written signature
• Private conversation

4
The Challenge

• Transplant these basic social mechanisms to the
  telecommunications and/or business environment.

5
The Security Issues

• Sender
• Am I happy that the whole world sees this ?
• Am I prepared to pay to stop them ?
• Am I allowed to stop them ?
• Recipient
• Do I have confidence in
• the originator
• the message contents and message stream
• no future repudiation.
• Network Manager
• Do I allow this user on to the network ?
• How do I control their privileges ?

6
Cryptography is used to provide

• 1. Secrecy
• 2. Data Integrity
• 3. User Verification
• 4. Non-Repudiation

7
Cipher System
Key k(E)
Key k(D)

• cryptogram
• c

message m
message m
Enciphering Algorithm
Deciphering Algorithm
Interceptor
8
The Attackers Perspective

• Unknown Key
• k(D)

Known c
Wants m
Deciphering Algorithm
Note k(E) is not needed unless it helps
determine k(D)
9
Two Types of Cipher System

• Conventional or Symmetric
• k(D) easily obtained from k(E)
• Public or Asymmetric
• Computationally infeasible to determine k(D)
  from k(E)

10

• THE SECURITY OF THE SYSTEM IS DEPENDENT ON THE
  SECURITY OF THE KEYS

11
Public Key Systems

• Original Concept
• For a public key system an enciphering algorithm
  is agreed and each would-be receiver publishes
  the key which anyone may use to send a message to
  him.
• Thus for a public key system to be secure it must
  not be possible to deduce the message from a
  knowledge of the cryptogram and the enciphering
  key. Once such a system is set up, a directory
  of all receivers plus their enciphering keys is
  published. However, the only person to know any
  given receivers deciphering key is the receiver
  himself.

12
Public Key Systems

• For a public key system, encipherment must be a
  one-way function which has a trapdoor. The
  trapdoor must be a secret known only to the
  receiver.
• A one-way function is one which is easy to
  perform but very difficult to reverse. A
  trapdoor is a trick or another function which
  makes it easy to reverse the function

13
Some Mathematical One-Way Functions

• 1. Multiplication of two large primes.
• 2. Exponentiation modulo n ( n pq ).
• 3. x ? ax in GF(2n) or GF(p).
• 4. k ? Ek(m) for fixed m where Ek is
  encryption in a symmetric key system which is
  secure against known plaintext attacks.
• 5. x ? a.x where x is an n-bit binary vector
  and a is a fixed n-tuple of integers. Thus
  a.x is an integer.

14
Public Key Cryptosystems

• Enable secure communications without exchanging
  secret keys
• Enable 3rd party authentication ( digital
  signature )
• Use number theoretic techniques
• Introduce a whole new set of problems
• Are extremely ingenious.

15
Digital Signatures

• According to ISO, the term Digital Signature is
  used to indicate a particular authentication
  technique used to establish the origin of a
  message in order to settle disputes of what
  message (if any) was sent.

16
Digital Signatures

• A signature on a message is some data that
• validates a message and verifies its origin
• a receiver can keep as evidence
• a third party can use to resolve disputes.
• It depends on
• the message
• a secret parameter only
• available to the sender

• It should be
• easy to compute
• (by one person only)
• easy to verify
• difficult to forge

17
Digital Signature

• Cryptographic checksum
• Identifies sender
• Provides integrity check for data
• Can be checked by third party

18
Hand-Written Signatures

• Intrinsic to signer
• Same on all documents
• Physically attached to message
• Beware plastic cards.
• Digital Signatures
• Use of secret parameter
• Message dependent.

19
Principle of Digital Signatures

• There is a (secret) number which
• Only one person can use
• Is used to identify that person
• Anyone can verify that it has been used
• NB Anyone who knows the value of a number can
  use that number.

20
Attacks on Digital Signature Schemes

• To impersonate A, I must either
• obtain As private key
• substitute my public key for As
• NB Similar attacks if A is receiving secret
  data encrypted with As public key

21
Obtaining a Private Key

• Mathematical attacks
• Physical attacks
• NB It may be sufficient to obtain a device
  which contains the key. Knowledge of actual
  value is not needed.

22
Certification Authority

• AIM
• To guarantee the authenticity of public keys.
• METHOD
• The Certification Authority guarantees the
  authenticity by signing a certificate containing
  users identity and public key with its secret
  key.
• REQUIREMENT
• All users must have an authentic copy of the
  Certification Authoritys public key.

23
Certification Process
Creates Certificate
Centre

• Verifies
• credentials

Distribution
Owner
Generates Key Set
Receives (and checks) Certificate
Presents Public Key and credentials
24
How Does it Work?

• The Certificate can accompany all Freds messages
• The recipient must directly or indirectly
• Trust the CA
• Validate the certificate

The CA certifies that Fred Pipers public key
is..
Electronically signed by the CA
25
User Authentication Certificates

• Ownership of certificate does not establish
  identity
• Need protocols establishing use of corresponding
  secret keys

26
WARNING

• Identity Theft
• You are your private key
• You are the private key corresponding to the
  public key in your certificiate

27
Certification Authorities

• Problems/Questions
• Who generates users keys?
• How is identity established?
• How can certificates be cancelled?
• Any others?

28
Fundamental Requirement
Internal infrastructure to support secure
technological implementation
29
Is everything OK?
Announcement in Microsoft Security Bulletin
MS01-017
VeriSign Inc recently advised Microsoft that on
January 29-30 2001 it issued two VeriSign Class 3
code-signing digital certificates to an
individual who fraudulently claimed to be a
Microsoft employee.
30
How to Create a Digital Signature Using RSA
MESSAGE
HASHING FUNCTION
HASH OF MESSAGE
Sign using Private Key
SIGNATURE - SIGNED HASH OF MESSAGE
31
How to Verify a Digital Signature Using RSA
Message
Signature
Re-hash the Received Message
Message with Appended Signature
Verify the Received Signature
Message
Signature
Hashing Function
Verify using Public Key
HASH OF MESSAGE
HASH OF MESSAGE
If hashes are equal, signature is authentic
32
Requirements for Hash Function h

• (H1) condenses message M of arbitrary length into
  a fixed length digest h(M)
• (H2) is one-way
• (H3) is collision free - it is computationally
  infeasible to construct messages M, M' with
  h(M) h(M')
• H3 implies a restriction on the size of h(M).

33
Diffie Hellman Key Establishment Protocol

• General Idea Use Public System
• A and B exchange public keys PA and PB
• There is a publicly known function f which has 2
  numbers as input and one number as output.
• A computes f (SA, PB) where SA is As private
  key
• B computes f (SB, PA) where SB is Bs private
  key
• f is chosen so that f (SA, PB) f (SB, PA)
• So A and B now share a (secret) number

34
D-H Man in the Middle Attack
A
B
Fraudster F
The Fraudster has agreed keys with both A and B A
and B believe they have agreed a common key