digital signature standard

8/18/2019 Digital Signature Standard

1/28

Network Security

Digital Signatures


2/28

Digital Signatures

have looked at message authentication but does not address issues of lack of trust

digital signatures provide the ability to: verify author, date & time of signature authenticate message contents be verified by third parties to resolve disputes

hence include authentication function withadditional capabilities

RQ


3/28

Digital Signature !roperties

must depend on the message signed

must use information uni"ue to sender to prevent both forgery and denial

must be relatively easy to produce must be relatively easy to recogni#e & verify

be computationally infeasible to forge

with new message for e$isting digital signature with fraudulent digital signature for given message

be practical save digital signature in storage

RQ %


4/28

nclusion

' conventional signature is included in the

document( it is part of the document) *ut when

we sign a document digitally, we send thesignature as a separate document)

RQ +


5/28

erification -ethod

.or a conventional signature, when the recipient

receives a document, she compares the signature on

the document with the signature on file) .or a digitalsignature, the recipient receives the message and the

signature) /he recipient needs to apply a verification

techni"ue to the combination of the message and the

signature to verify the authenticity)

RQ 0


6/28

Relationship

RQ 1

.or a conventional signature, there is normally a one

to2many relationship between a signature and

documents) .or a digital signature, there is a one2to2one relationship between a signature and a message)


7/28

Duplicity

RQ 3

n conventional signature, a copy of the signed

document can be distinguished from the original one

on file) n digital signature, there is no such distinctionunless there is a factor of time on the document)


8/28

Digital Signature !rocess

RQ 4


9/28

Need for 5eys

RQ 6

' digital signature needs a public2key system)/he signer signs with her private key( the verifier verifies with the

signer7s public key)


10/28

Signing the Digest

RQ 89


11/28

Services

e discussed several security services including

message confidentiality, message authentication,

message integrity, and Nonrepudiation) ' digitalsignature can directly provide the last three( for

message confidentiality we still need encryption

;decryption)

RQ 88


12/28

Digital signature approaches

' variety of approaches has been

proposed for the digital signature

function) /hese approaches fall into two

categories

Direct Digital Signature 'rbitrated Digital Signature

RQ 8


13/28

Direct Digital Signatures

involve only sender & receiver assumed receiver has sender7s public2key

digital signature made by sender signingentire message or hash with private2key

can encrypt using receivers public2key important that sign first then encrypt

message & signature security depends on sender7s private2key

RQ 8%


14/28

Direct Digital Signatures

!roblems with direct signatures: alidity of scheme depends on the

security of the sender7s private key

sender may later deny sending a certain

message)

!rivate key may actually be stolen from <

at time /, so timestamp may not help)

RQ 8+


15/28

'rbitrated Digital Signatures

involves use of arbiter ' validates any signed message

then dated and sent to recipient

re"uires suitable level of trust in arbiter

can be implemented with either private

or public2key algorithms arbiter may or may not see message

RQ 80


16/28

/rusted =entre for

Nonrepudiation

RQ 81

Nonrepudiation can be provided using a trusted

party)


17/28

'dding =onfidentiality

RQ 83

' digital signature does not provide privacy)

f there is a need for privacy, another layer of

encryption;decryption must be applied)


18/28

Digital Signature Schemes

Several digital signature schemes have evolved during

the last few decades) Some of them have been

implemented like :

RS' Digital Signature Scheme

Digital Signature Standard >DSS?

RQ 84


19/28

RS' Digital Signature Scheme

RQ 86

Signing and erifying


20/28

@$ample

RQ 9

's a trivial e$ample, suppose that 'lice chooses p A 4% and q A 60%,

and calculates n A 34+%86) /he value of f>n? is 340++) Now she

chooses e A %8% and calculates d A819996) 't this point key generation

is complete) Now imagine that 'lice wants to send a message with the

value of - A 86939 to *ob) She uses her private e$ponent, 819996,to sign the message:

'lice sends the message and the signature to *ob) *ob receives the

message and the signature) Be calculates

*ob accepts the message because he has verified 'lice7s

signature)


21/28

RS' Signature on the Digest

RQ 8

hen the digest is signed instead of the message itself, the

susceptibility of the RS' digital signature scheme depends on the

strength of the hash algorithm)


22/28

Digital Signature Standard

>DSS?

CS ovt approved signature scheme designed by NS/ & NS' in early 69Es

published as .!S2841 in 8668 revised in 866%, 8661 & then 999 uses the SB' hash algorithm

DSS is the standard, DS' is thealgorithm

RQ


23/28

Digital Signature 'lgorithm

>DS'?

creates a %9 bit signature

with 08289+ bit security

smaller and faster than RS'

a digital signature scheme only

security depends on difficulty of

computing discrete logarithms

RQ %


24/28

eneral dea *ehind DSS

Scheme

RQ +


25/28

=ontinued

RQ 0

5ey eneration)

'lice chooses primes p and ")

p should be between 08 and 89+ bits in length and a

multiple of 1+)>08,031,1+9 ,39+, 314, 4%, 461, 619, 89+?)

" should be 819 bits in length in such a way that " divides

>p28?)

'lice uses FGpH, I J and FG"H, IJ)

'lice creates e8 to be the "th root of 8 modulo p >e8p A 8 mod

p?)/o do so 'lice chooses a primitive element in G p , e 9 and

calculates e 8 A e 9 >p28?;" mod p

'lice chooses d and calculates e A e8d)mod p

'lice7s public key is >e8, e, p, "?( her private key is >d?)


26/28

erifying & Signing

RQ 1


27/28

@$ample

RQ 3

'lice chooses q A 898 and p A 4948) 'lice selects e9 A % and calculates e8

A e9> pK8?;q mod p A 1614) 'lice chooses d A 18 as the private key and

calculates e A e8d mod p A 9%4) Now 'lice can send a message to *ob)

'ssume that h>-? A 0999 and 'lice chooses r A 18:

'lice sends -, S8, and S

to *ob) *ob uses the public keys to calculate

)


28/28

Summary

have discussed:

digital signatures

digital signature algorithm and standard

RQ 4

digital signature standard

Documents