computer security lecture 7 ch.13 digital signatures prepared by dr. lamiaa elshenawy
TRANSCRIPT
![Page 1: Computer Security Lecture 7 Ch.13 Digital Signatures Prepared by Dr. Lamiaa Elshenawy](https://reader036.vdocuments.mx/reader036/viewer/2022062305/5697bf8c1a28abf838c8bdd3/html5/thumbnails/1.jpg)
Computer Security
Lecture 7Ch.13
Digital SignaturesPrepared by Dr. Lamiaa Elshenawy
![Page 2: Computer Security Lecture 7 Ch.13 Digital Signatures Prepared by Dr. Lamiaa Elshenawy](https://reader036.vdocuments.mx/reader036/viewer/2022062305/5697bf8c1a28abf838c8bdd3/html5/thumbnails/2.jpg)
Digital Signatures
• Digital Signatures Properties Attacks and Forgeries Digital Signature Requirements Direct Digital Signature
• ElGamal Digital Signature Scheme• Schnorr Digital Signature Scheme• Digital Signature Standard The DSS Approach The Digital Signature Algorithm
![Page 3: Computer Security Lecture 7 Ch.13 Digital Signatures Prepared by Dr. Lamiaa Elshenawy](https://reader036.vdocuments.mx/reader036/viewer/2022062305/5697bf8c1a28abf838c8bdd3/html5/thumbnails/3.jpg)
Digital SignaturesKey Points
• Digital signature authentication mechanism that enables the creator of a message to attach a code that acts as a signature.
• Digital signature standard (DSS) NIST standard secure hash algorithm (SHA)
Encryption AlgorithmH(M)
Private Key
Digital Signature
![Page 4: Computer Security Lecture 7 Ch.13 Digital Signatures Prepared by Dr. Lamiaa Elshenawy](https://reader036.vdocuments.mx/reader036/viewer/2022062305/5697bf8c1a28abf838c8bdd3/html5/thumbnails/4.jpg)
Digital SignaturesKey Points
Most important development of public-key cryptography
Digital Signature
![Page 5: Computer Security Lecture 7 Ch.13 Digital Signatures Prepared by Dr. Lamiaa Elshenawy](https://reader036.vdocuments.mx/reader036/viewer/2022062305/5697bf8c1a28abf838c8bdd3/html5/thumbnails/5.jpg)
Digital SignaturesGeneric Model
![Page 6: Computer Security Lecture 7 Ch.13 Digital Signatures Prepared by Dr. Lamiaa Elshenawy](https://reader036.vdocuments.mx/reader036/viewer/2022062305/5697bf8c1a28abf838c8bdd3/html5/thumbnails/6.jpg)
Digital SignaturesEssential Elements
![Page 7: Computer Security Lecture 7 Ch.13 Digital Signatures Prepared by Dr. Lamiaa Elshenawy](https://reader036.vdocuments.mx/reader036/viewer/2022062305/5697bf8c1a28abf838c8bdd3/html5/thumbnails/7.jpg)
Digital SignaturesProperties
Message Authentication
![Page 8: Computer Security Lecture 7 Ch.13 Digital Signatures Prepared by Dr. Lamiaa Elshenawy](https://reader036.vdocuments.mx/reader036/viewer/2022062305/5697bf8c1a28abf838c8bdd3/html5/thumbnails/8.jpg)
Digital SignaturesProperties
![Page 9: Computer Security Lecture 7 Ch.13 Digital Signatures Prepared by Dr. Lamiaa Elshenawy](https://reader036.vdocuments.mx/reader036/viewer/2022062305/5697bf8c1a28abf838c8bdd3/html5/thumbnails/9.jpg)
Digital SignaturesAttacks and Forgeries
A C
![Page 10: Computer Security Lecture 7 Ch.13 Digital Signatures Prepared by Dr. Lamiaa Elshenawy](https://reader036.vdocuments.mx/reader036/viewer/2022062305/5697bf8c1a28abf838c8bdd3/html5/thumbnails/10.jpg)
Digital SignaturesAttacks and Forgeries
• Key-only attack: C A’s public key• Known message attack: C set of
messages and their signatures.• Generic chosen message attack: C list of
messages independent of A’s public key• Directed chosen message attack: C list
of messages dependent of A’s public key signatures seen
know
access
choose
choose
before
![Page 11: Computer Security Lecture 7 Ch.13 Digital Signatures Prepared by Dr. Lamiaa Elshenawy](https://reader036.vdocuments.mx/reader036/viewer/2022062305/5697bf8c1a28abf838c8bdd3/html5/thumbnails/11.jpg)
Digital SignaturesAttacks and Forgeries
• Total break: C A’s private key• Universal forgery: C efficient signing
algorithm that provides an equivalent way of constructing signatures on arbitrary messages
• Selective forgery: C signature for chosen message
• Existential forgery: C signature for at least one message. C control over the message
determine
find
forges
forges
no
![Page 12: Computer Security Lecture 7 Ch.13 Digital Signatures Prepared by Dr. Lamiaa Elshenawy](https://reader036.vdocuments.mx/reader036/viewer/2022062305/5697bf8c1a28abf838c8bdd3/html5/thumbnails/12.jpg)
Digital SignaturesRequirements
• Signature bit pattern signed message
• Signature information unique to the sender forgery and denial• Easy digital signature• Easy digital signature• Easy copy of digital signature in storage
• Infeasible computation digital signature
depends
use
prevent
produce
recognize & verify
forge
retain
![Page 13: Computer Security Lecture 7 Ch.13 Digital Signatures Prepared by Dr. Lamiaa Elshenawy](https://reader036.vdocuments.mx/reader036/viewer/2022062305/5697bf8c1a28abf838c8bdd3/html5/thumbnails/13.jpg)
Digital SignaturesDirect Digital Signature
Source Destination
![Page 14: Computer Security Lecture 7 Ch.13 Digital Signatures Prepared by Dr. Lamiaa Elshenawy](https://reader036.vdocuments.mx/reader036/viewer/2022062305/5697bf8c1a28abf838c8bdd3/html5/thumbnails/14.jpg)
Digital SignaturesSchemes
• ElGamal Digital Signature Scheme “Taher AlGamal (1985)”• Schnorr Digital Signature Scheme “Claus Peter Schnorr (1991-2008)”• Digital Signature Standard (DSS)
![Page 15: Computer Security Lecture 7 Ch.13 Digital Signatures Prepared by Dr. Lamiaa Elshenawy](https://reader036.vdocuments.mx/reader036/viewer/2022062305/5697bf8c1a28abf838c8bdd3/html5/thumbnails/15.jpg)
Digital SignaturesElGamal Scheme
Let q is prime number & α is a primitive root of q
Generate the private/ public keys
Sign the message
![Page 16: Computer Security Lecture 7 Ch.13 Digital Signatures Prepared by Dr. Lamiaa Elshenawy](https://reader036.vdocuments.mx/reader036/viewer/2022062305/5697bf8c1a28abf838c8bdd3/html5/thumbnails/16.jpg)
Digital SignaturesElGamal Scheme
Verify the message
If V1=V2
No
Yes
Valid
Not valid
![Page 17: Computer Security Lecture 7 Ch.13 Digital Signatures Prepared by Dr. Lamiaa Elshenawy](https://reader036.vdocuments.mx/reader036/viewer/2022062305/5697bf8c1a28abf838c8bdd3/html5/thumbnails/17.jpg)
Digital SignaturesElGamal Scheme
Let q=19; Primitive roots of q= {2, 3, 10, 13, 14, 15};
α=10
Generate the private/ public keys
Alice wants to sign a messageLet m=4
![Page 18: Computer Security Lecture 7 Ch.13 Digital Signatures Prepared by Dr. Lamiaa Elshenawy](https://reader036.vdocuments.mx/reader036/viewer/2022062305/5697bf8c1a28abf838c8bdd3/html5/thumbnails/18.jpg)
Digital SignaturesElGamal Scheme
Verify the message
![Page 19: Computer Security Lecture 7 Ch.13 Digital Signatures Prepared by Dr. Lamiaa Elshenawy](https://reader036.vdocuments.mx/reader036/viewer/2022062305/5697bf8c1a28abf838c8bdd3/html5/thumbnails/19.jpg)
Digital SignaturesElGamal Scheme
Example• We consider q = 467; α = 2; XA = 127
• Now YA is calculated: YA = αXA mod p = 2127 mod 467 = 132• So the Alice’s pair of keys is (127) , (467,2,132)• We take m= 100 and K = 213 for the signature of this message• Here we notice that (213, 466)= 1• Calculate 213-1 mod 466 = 431• Having these parameters, we can start to calculate the signature of Alice on the message
M, which is represented by the pair (S1,S2)
• S1= αK mod q = 2213 mod 467 = 29
• S2= K-1 [m−(XA S1)] mod q = 431(100-127 x 29) mod 466 = 51
• Verification step:• αm mod q = (YA ) S1
(S1) S2 mod q• 2100 ≡ 189 (mod 467)• 13229 x 2951 ≡ 189 (mod 467) • The verification confirms that the signature is valid.
![Page 20: Computer Security Lecture 7 Ch.13 Digital Signatures Prepared by Dr. Lamiaa Elshenawy](https://reader036.vdocuments.mx/reader036/viewer/2022062305/5697bf8c1a28abf838c8bdd3/html5/thumbnails/20.jpg)
Digital SignaturesSchnorr Scheme
Generate the private/ public keys
Sign the message
![Page 21: Computer Security Lecture 7 Ch.13 Digital Signatures Prepared by Dr. Lamiaa Elshenawy](https://reader036.vdocuments.mx/reader036/viewer/2022062305/5697bf8c1a28abf838c8bdd3/html5/thumbnails/21.jpg)
Digital SignaturesSchnorr Scheme
Verify the message
![Page 22: Computer Security Lecture 7 Ch.13 Digital Signatures Prepared by Dr. Lamiaa Elshenawy](https://reader036.vdocuments.mx/reader036/viewer/2022062305/5697bf8c1a28abf838c8bdd3/html5/thumbnails/22.jpg)
Digital SignaturesSchnorr Scheme
1. Choose p = 23, q = 11, where 11 is a prime factor of 22 = 23-1.2. Choose a such that a11 = 1 mod 23. Let a = 2, since 211 = 2048 = 1
mod 23.3. Choose a random integer s, 0 < s < q. Let s= 9, since 9<11.4. Generate a public key by calculating ν, where ν = 29 mod 23 =6
Generate the private/ public keys
User’s Public key: ν = 6 User’s Private key: s = 9
![Page 23: Computer Security Lecture 7 Ch.13 Digital Signatures Prepared by Dr. Lamiaa Elshenawy](https://reader036.vdocuments.mx/reader036/viewer/2022062305/5697bf8c1a28abf838c8bdd3/html5/thumbnails/23.jpg)
Digital SignaturesSchnorr Scheme
Sign the message
1. Customer chooses r = 3 < 11, and computes x = 23 mod = 8 Customer sends x = 8 to merchant
2. Merchant sends e=5 to customer3. Customer calculates y = (3+9x5) mod 11 = 48 mod 11 = 4, and
returns y = 4 to the merchant. The signature (e , y)
1. Merchant calculates x’ ν e mod p = 8 x 6 5 mod 23 = 62208 mod 23 = 16
2. Merchant also calculates a y mod p = 2 4 = 16 These are the same so the merchant accepts that the customer
knows x
Verify the message
![Page 24: Computer Security Lecture 7 Ch.13 Digital Signatures Prepared by Dr. Lamiaa Elshenawy](https://reader036.vdocuments.mx/reader036/viewer/2022062305/5697bf8c1a28abf838c8bdd3/html5/thumbnails/24.jpg)
Digital SignaturesDigital Signature Standard (DSS)
• NIST Federal Information Processing Standard (FIPS 186)-DSS
• DSS Secure Hash Algorithm (SHA) new Digital Signature Algorithm (DSA)DSS (1991) (1993,1996)DSS (2000) (FIPS 186-2)DSS (2009) (FIPS 186-3)
published
use
presented
proposed revised
expand-version
updated
presented
presented
![Page 25: Computer Security Lecture 7 Ch.13 Digital Signatures Prepared by Dr. Lamiaa Elshenawy](https://reader036.vdocuments.mx/reader036/viewer/2022062305/5697bf8c1a28abf838c8bdd3/html5/thumbnails/25.jpg)
Digital SignaturesDigital Signature Standard (DSS)
random number
verify
![Page 26: Computer Security Lecture 7 Ch.13 Digital Signatures Prepared by Dr. Lamiaa Elshenawy](https://reader036.vdocuments.mx/reader036/viewer/2022062305/5697bf8c1a28abf838c8bdd3/html5/thumbnails/26.jpg)
Digital SignaturesDigital Signature Algorithm (DSA)
![Page 27: Computer Security Lecture 7 Ch.13 Digital Signatures Prepared by Dr. Lamiaa Elshenawy](https://reader036.vdocuments.mx/reader036/viewer/2022062305/5697bf8c1a28abf838c8bdd3/html5/thumbnails/27.jpg)
Digital SignaturesDigital Signature Algorithm (DSA)
![Page 28: Computer Security Lecture 7 Ch.13 Digital Signatures Prepared by Dr. Lamiaa Elshenawy](https://reader036.vdocuments.mx/reader036/viewer/2022062305/5697bf8c1a28abf838c8bdd3/html5/thumbnails/28.jpg)
Let p, q, g are public to all• p= 18x71+1=1279 prime number• q= 71 (prime divisor of (p-1))• g= 318 mod 1279=1157• Let x= 15, k=10• y=115715 mod 71=851• User’s private key:{x=15}• User’s public key: {y=851}
Digital SignaturesDigital Signature Algorithm (DSA)
![Page 29: Computer Security Lecture 7 Ch.13 Digital Signatures Prepared by Dr. Lamiaa Elshenawy](https://reader036.vdocuments.mx/reader036/viewer/2022062305/5697bf8c1a28abf838c8bdd3/html5/thumbnails/29.jpg)
Signing• r =(1157 10 mod 1279) mod 71 = 32• s =[10 -1 (123+15x32)] mod 71=39• m=123, Signature={32,39} Verifying• W=39-1 mod 71= 51• u1=123 x 51 mod 71=25
• u2=32 x 51 mod 71=70• ν = [(115725 85170) mod 1279] mod 71=32• Test: ν=r the signature is valid
Digital SignaturesDigital Signature Algorithm (DSA)
![Page 30: Computer Security Lecture 7 Ch.13 Digital Signatures Prepared by Dr. Lamiaa Elshenawy](https://reader036.vdocuments.mx/reader036/viewer/2022062305/5697bf8c1a28abf838c8bdd3/html5/thumbnails/30.jpg)
Thank you for your attention