You are on page 1of 28

Network Security

Digital Signatures

Digital Signatures

have looked at message authentication

digital signatures provide the ability to:

RQ

but does not address issues of lack of trust


verify author, date & time of signature
authenticate message contents
be verified by third parties to resolve disputes

hence include authentication function with


additional capabilities

Digital Signature Properties

must depend on the message signed


must use information unique to sender

must be relatively easy to produce


must be relatively easy to recognize & verify
be computationally infeasible to forge

to prevent both forgery and denial

with new message for existing digital signature


with fraudulent digital signature for given message

be practical save digital signature in storage


RQ

Inclusion
A conventional signature is included in the
document; it is part of the document. But when
we sign a document digitally, we send the
signature as a separate document.

RQ

Verification Method
For a conventional signature, when the recipient
receives a document, she compares the signature on
the document with the signature on file. For a digital
signature, the recipient receives the message and the
signature. The recipient needs to apply a verification
technique to the combination of the message and the
signature to verify the authenticity.

RQ

Relationship
For a conventional signature, there is normally a one
to-many relationship between a signature and
documents. For a digital signature, there is a one-toone relationship between a signature and a message.

RQ

Duplicity
In conventional signature, a copy of the signed
document can be distinguished from the original one
on file. In digital signature, there is no such distinction
unless there is a factor of time on the document.

RQ

Digital Signature Process

RQ

Need for Keys

A digital signature needs a public-key system.


The signer signs with her private key; the verifier verifies with the
signers public key.

RQ

Signing the Digest

RQ

10

Services
We discussed several security services including
message confidentiality, message authentication,
message integrity, and Nonrepudiation. A digital
signature can directly provide the last three; for
message confidentiality we still need encryption
/decryption.

RQ

11

Digital signature approaches

A variety of approaches has been


proposed for the digital signature
function.
These approaches fall into two
categories

RQ

Direct Digital Signature


Arbitrated Digital Signature
12

Direct Digital Signatures

RQ

involve only sender & receiver


assumed receiver has senders public-key
digital signature made by sender signing
entire message or hash with private-key
can encrypt using receivers public-key
important that sign first then encrypt
message & signature
security depends on senders private-key
13

Direct Digital Signatures

Problems with direct signatures:

RQ

Validity of scheme depends on the


security of the senders private key
sender may later deny sending a certain
message.
Private key may actually be stolen from X
at time T, so timestamp may not help.

14

Arbitrated Digital Signatures

involves use of arbiter A

RQ

validates any signed message


then dated and sent to recipient

requires suitable level of trust in arbiter


can be implemented with either private
or public-key algorithms
arbiter may or may not see message
15

Trusted Centre for


Nonrepudiation
Nonrepudiation can be provided using a trusted
party.

RQ

16

Adding Confidentiality
A digital signature does not provide privacy.
If there is a need for privacy, another layer of
encryption/decryption must be applied.

RQ

17

Digital Signature Schemes


Several digital signature schemes have evolved during
the last few decades. Some of them have been
implemented like :

RQ

RSA Digital Signature Scheme


Digital Signature Standard (DSS)

18

RSA Digital Signature Scheme


Signing and Verifying

RQ

19

Example
As a trivial example, suppose that Alice chooses p = 823 and q = 953,
and calculates n = 784319. The value of f(n) is 782544. Now she
chooses e = 313 and calculates d =160009. At this point key generation
is complete. Now imagine that Alice wants to send a message with the
value of M = 19070 to Bob. She uses her private exponent, 160009,
to sign the message:
Alice sends the message and the signature to Bob. Bob receives the
message and the signature. He calculates

Bob accepts the message because he has verified Alices


signature.
RQ

20

RSA Signature on the Digest

When the digest is signed instead of the message itself, the


susceptibility of the RSA digital signature scheme depends on the
strength of the hash algorithm.
RQ

21

Digital Signature Standard


(DSS)

RQ

US Govt approved signature scheme


designed by NIST & NSA in early 90's
published as FIPS-186 in 1991
revised in 1993, 1996 & then 2000
uses the SHA hash algorithm
DSS is the standard, DSA is the
algorithm
22

Digital Signature Algorithm


(DSA)

RQ

creates a 320 bit signature


with 512-1024 bit security
smaller and faster than RSA
a digital signature scheme only
security depends on difficulty of
computing discrete logarithms

23

General Idea Behind DSS


Scheme

RQ

24

Continued

Key Generation.
Alice chooses primes p and q.
p should be between 512 and 1024 bits in length and a
multiple of 64.(512,576,640 ,704, 768, 832, 896, 960, 1024).
q should be 160 bits in length in such a way that q divides
(p-1).
Alice uses <Zp*, > and <Zq*, >.
Alice creates e1 to be the qth root of 1 modulo p (e1p = 1 mod
p).
To do so Alice chooses a primitive element in Zp , e 0 and
calculates e 1 = e 0 (p-1)/q mod p
Alice chooses d and calculates e2 = e1d.mod p

RQ

25

Alices public key is (e1, e2, p, q); her private key is (d).

Verifying & Signing

RQ

26

Example
Alice chooses q = 101 and p = 8081. Alice selects e0 = 3 and calculates e1
= e0 (p1)/q mod p = 6968. Alice chooses d = 61 as the private key and
calculates e2 = e1d mod p = 2038. Now Alice can send a message to Bob.
Assume that h(M) = 5000 and Alice chooses r = 61:

Alice sends M, S1, and S2 to Bob. Bob uses the public keys to calculate
V.

RQ

27

Summary

RQ

have discussed:

digital signatures

digital signature algorithm and standard

28