160 likes | 235 Views
Cryptography I. Lecture 5 Dimitrios Delivasilis Department of Information and Communication Systems Engineering University of Aegean. Digital Signatures. A cryptographic primitive fundamental in authentication, authorization and non-repudiation It consists of the following elements:
E N D
Cryptography I Lecture 5 Dimitrios Delivasilis Department of Information and Communication Systems Engineering University of Aegean
Digital Signatures • A cryptographic primitive fundamental in authentication, authorization and non-repudiation • It consists of the following elements: • M is the set of messages which can be signed • S is a set of elements called signatures • SA is called signing transformation SA :M ⃗ S • VA is called verification transformation VA : MxS ⃗ {true, false} • The transformations SA and VA provide a digital signature scheme for entity A.
Signing and Verifying • Signing procedure: Entity A creates a signature for a message m ∈ M with the following sequence of events: - Compute s = SA(m) - Transmit the pair (m,s), where s is the signature of message m. • Verification procedure: To verify that a signature s on a message m was created by A, the verifier has to follow the steps below: - Obtain the verification function VA of A - Compute u = VA(m,s) - Accept the signature as valid if u = true, or else reject the signature
Identification and Authentication • Definition: An identification or entity authentication technique assures one party of both the identity of a second party involved and that the second was active at the time the evidence was created • Definition: Data origin authentication or message authentication techniques provide to one party which receives a message assurance of the identity of the party which originated the message.
Public key encryption • Ee:e ∈ K is the set of encryption transformations • Dd:d ∈ K is the set of decryption transformations • There is also the property that given e it is infeasible to determine the corresponding decryption key d. • Definition: Consider an encryption scheme consisting of the sets of encryption and decryption transformations {Ee:e∈K} and {Dd:d∈K}, respectively. The encryption method is said to be public key encryption scheme if for each associated encryption/decryption pair (e,d), one key e (the public key) is made publicly available, while the other d (the private key) is kept secret.
Digital Signatures from reversible public-key encryption • Both Ee and Dd are permutations, therefore: Dd(Ee(m))=Ee(Dd(m))=m, for all m∈M and M=C. • Construction of a digital signature scheme • Let M be the message space for the signature scheme • Let C = M be the signature space S • Let (e,d) be a key pair for the public-key encryption scheme • Define the signing function SA to be Dd. Hence, the signature for a message m ∈ M is s = Dd(m) • Define the verification function VA by • A simplified version of the scheme is also known as digital signature scheme with message recovery
Symmetric vs. Asymmetric… • Advantages of symmetric-key cryptography • High rates of data throughput • Keys for symmetric-key ciphers are relatively short • Symmetric-key ciphers can be used as primitives to construct various cryptographic mechanisms (i.e. pseudorandom number generators) • Symmetric-key ciphers can be composed to produce stronger ciphers • Symmetric-key encryption is perceived to have an extensive history • Disadvantages of symmetric-key cryptography • Key must remain secret at both ends • In large networks, there are many keys pairs to be managed • Sound cryptographic practices dictates that the key be changed frequently • Digital signature mechanisms arising from symmetric-key encryption typically require either large keys or the use of Third Trusted Parties (TTP)
…Symmetric vs. Asymmetric • Advantages of Asymmetric-key cryptography • Only the private key must be kept secret • The administration of keys on a network requires the presence of only a functional trusted TTP as opposed to an unconditionally trusted TTP. • A private/public key pair key pair main remain unchanged for considerable long periods of time (depending on the usage) • There are many relatively efficient digital signature mechanisms as a result of asymmetric-key schemes • In a large network the number of keys necessary may be considerably smaller than in the symmetric-key scenario • Disadvantages of Asymmetric-key cryptography • Slower throughput rates than the best known symmetric-key schemes • Large key size • No asymmetric-key scheme has been proven to be secure • Lack of extensive history
Hash functions • Definition: A hash function is a computationally efficient function mapping binary strings of arbitrary length to binary strings of some fixed length, called hash-values. • The most common cryptographic uses of hash functions are with digital signatures and for data integrity • When hash functions are used to detect whether the message input has been altered, they are called modification detection codes (MDC) • There is another category of hash functions that involve a secret key and provide data origin authentication, as well as data integrity; these are called message authentication codes (MACs)
Cryptographic keys • Definition: Key establishment is any process whereby a shared secret key becomes available to two or more parties, for subsequent cryptographic use. • Definition: Key management is the set of processes and mechanisms which support key establishment and maintenance of ongoing keying relationships between parties, including replacing older keys with new keys as necessary • In a network with n entities, the number of secure exchanges required is
Symmetric-Key Management • Advantages: • It is easy to add and remove entities from the network • Each entity needs to store only one long-term secret key • Disadvantages: • All communications require initial interaction with the TTP • The TTP must store n long-term secret keys • The TTP has the ability to read all messages • If the TTP is compromised, all communications are insecure
Asymmetric-Key Management • Advantages: • No TTP is required • The public file could reside on each entity • Only n public keys need to be stored to allow secure communications between any pair of entities, assuming the only attack is that by a passive adversary • Disadvantages: • If the signing key of the TTP is compromised, then all communications become insecure • All trust is placed with one entity
Third Trusted Parties and Public-key Certificates • Definition: A TTP is said to be unconditionally trusted if it is trusted on all matters. • Definition: A TTP is said to be functionally trusted if the entity is assumed to be honest and fair but it does not have access to the secret or private keys of users. • A public-key certificate consists of a data part and a signature part. The data part consists of the name of an entity, the public-key corresponding to that entity, possibly additional relevant information. The signature part consists of the signature of a TTP over the data part.
Attacks on encryption schemes • Ciphertext-only attack • A known-plaintext attack • A chosen-plaintext attack • An adaptive chosen plaintext attack • A chosen-ciphertext attack • An adaptive chosen-ciphertext attack
Attacks on Protocols • Known-key attack • Replay attack • Impersonation attack • Dictionary attack • Forward search attack • Interleaving attack
Models for evaluating security • Unconditional security • Complexity-theoretic security • Provable security • Computational security • Ad hoc security