ppt of Digital Signature

Document Sample
ppt of Digital Signature Powered By Docstoc
					                     Digital Signatures

 have looked at message authentication
   but does not address issues of lack of trust

 digital signatures provide the ability to:
   verify author, date & time of signature

   authenticate message contents

   be verified by third parties to resolve disputes

 hence include authentication function with
  additional capabilities
           Digital Signature Properties

 Verify the author & the date and time of the
 Authenticate the contents at the time of the
 Verifiable by third parties, to resolve disputes.
Requirements for a Digital Signature

 must depend on the message signed
 must use information unique to sender
   to prevent both forgery and denial

 must be relatively easy to produce
 must be relatively easy to recognize & verify
 be computationally infeasible to forge
   with new message for existing digital signature

   with fraudulent digital signature for given message

 be practical save digital signature in storage
            Direct Digital Signatures

 involve only sender & receiver
 assumed receiver has sender’s public-key
 digital signature made by sender signing entire
  message or hash with private-key
 For confidentiality encrypt using receivers public-key
 Important to perform signature function first then
  outer confidentiality function
 security depends on sender’s private-key
Direct Digital Signatures
 Threats to Direct Digital Signatures

 Later sender may deny sending particular message
   claim that the private key was lost or stolen or someone forged

 Private key may stolen from X at time T.
   Opponent can send message signed with X’s signature and
    stamped with a time before or equal to T
         Arbitrated Digital Signatures
 The problem associated with direct digital
 signature can be addressed by using an arbiter.
 Every signed message from a sender X to a receiver
 Y goes first to an arbiter A.
 Arbiter subjects the message and its signature to a
 number of tests to check its origin and content.
 The message is then dated and sent to Y with an
 indication that it has been verified to the
 satisfaction of the arbiter.
         Arbitrated Digital Signatures

 The presence of A solves the problem faced by direct
  signature schemes: that X might disown the
 requires suitable level of trust in arbiter
 can be implemented with either private or public-key
 arbiter may or may not see message
        Arbitrated Digital Signatures
 Conventional encryption, Arbiter Sees Message
 X A : M || EKxa [IDx || H (M) ]
 A Y : EKay [ IDx || M || EKxa [IDx ||H(M))] ) || T ]

 It is assumed that the sender X and the arbiter A share a secret key
    Kxa and that A and Y share secret key Kay.
   X constructs a message M and computes its hash value H(M) .
   Then X transmits the message plus a signature to A. The signature
    consists of an identifier IDx of X plus the hash value, all encrypted
    using Kxa.
   A decrypts the signature and checks the hash value to validate the
   Then A transmits a message to Y, encrypted with Kay. The message
    includes IDx, the original message from X, the signature, and a
 Arbiter sees message
 Problem : the arbiter could form an alliance with
 sender to deny a signed message, or with the receiver
 to forge the sender’s signature
         Arbitrated Digital Signatures
 Public Key encryption,Arbiter does not see Message

 X A : IDx ||EKRx[ IDx|| EKUy (EKRx[M])]
 A Y : EKRa [ IDx || EKUy [EKRx [M]] || T]

 X double encrypts a message M first with X’s private key KRx, and then with
    Y’s public key,KUy.
   This is a signed, secret version of the message. This signed message, together
    with X’s identifier , is encrypted again with KRx and, together with IDx, is
    sent to A.
   The inner, double encrypted message is secure from the arbiter ( and
    everyone else except Y)
   A can decrypt the outer encryption to assure that the message must have
    come from X( because only X has PRx).
   A checks that X’s key pair is valid and verify the message.
   Then A transmits a message to Y, encrypted with KRa. The message
    includes IDx , the double encrypted message, and a timestamp.
     Arbiter does not see message