cnspp-ch13-Digital Signatures Authentication Protocols.pptVIP

DSS Signing and Verifying Summary have considered: digital signatures authentication protocols (mutual one-way) digital signature standard * * Direct Digital Signatures involve the direct application of public-key algorithms. But are dependent on security of the sender’s private-key. Have problems if lost/stolen and signatures forged. Need time-stamps and timely key revocation. * A digital signature may be formed by encrypting the entire message with the senders private key (Figure 11.1c) or by encrypting a hash code of the message with the senders private key (Figure 11.5c). Confidentiality can be provided by further encrypting the entire message plus signature with either the receivers public key (public-key encryption) or a shared secret key (symmetric encryption); for example, see Figures 11.1d and 11.5d. * See Stallings Table 13-1 for various alternatives. * This is the original, basic key exchange protocol. Used by 2 parties who both trusted a common key server, it gives one party the info needed to establish a session key with the other. Note that since the key server chooses the session key, it is capable of reading/forging any messages between AB, which is why they need to trust it absolutely! Note that all communications is between AKDC and AB, BKDC dont talk directly (though indirectly a message passes from KDC via A to B, encrypted in Bs key so that A is unable to read or alter it). Other variations of key distribution protocols can involve direct communications between BKDC. * There is a critical flaw in the protocol, as shown. This emphasises the need to be extremely careful in codifying assumptions, and tracking the timeliness of the flow of info in protocols. Designing secure protocols is not easy, and should not be done lightly. Great care and analysis is needed. * * DSA is the US Govt approved signature scheme - designed to provide strong signatures without allowing easy use for encryption. The signature scheme has advantages, being both s