Posted Below After reading chapter 13,12 analyze the advantages and disadvantages of digital signatures. You must use at least one scholarly resource

Posted Below
After reading chapter 13,12 analyze the advantages and disadvantages of digital signatures.
You must use at least one scholarly resource.Every discussion posting must be properly APA formatted.

Note: There should zero Plagiarism

Don't use plagiarized sources. Get Your Custom Assignment on
Posted Below After reading chapter 13,12 analyze the advantages and disadvantages of digital signatures. You must use at least one scholarly resource
From as Little as $13/Page

Cryptography and Network Security:

Principles and Practice
Eighth Edition

Chapter 13

Digital Signatures

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Figure 13.1 Simplified Depiction of

Essential Elements of Digital

Signature Process

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Digital Signature Properties

It must verify the author and the date and time of the

signature

It must authenticate the contents at the time of the

signature

It must be verifiable by third parties to resolve disputes

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Attacks

Key-only attack

C only knows As public key

Known message attack

C is given access to a set of messages and their signatures

Generic chosen message attack

C chooses a list of messages before attempting to break As
signature scheme, independent of As public key; C then obtains
from A valid signatures for the chosen messages

Directed chosen message attack

Similar to the generic attack, except that the list of messages to be
signed is chosen after C knows As public key but before any
signatures are seen

Adaptive chosen message attack

C may request from A signatures of messages that depend on
previously obtained message-signature pairs

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Forgeries

Total break

C determines As private key

Universal forgery

C finds an efficient signing algorithm that provides an

equivalent way of constructing signatures on arbitrary

messages

Selective forgery

C forges a signature for a particular message chosen

by C

Existential forgery

C forges a signature for at least one message; C has

no control over the message

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Digital Signature Requirements

The signature must be a bit pattern that depends on the

message being signed

The signature must use some information unique to the sender

to prevent both forgery and denial

It must be relatively easy to produce the digital signature

It must be relatively easy to recognize and verify the digital

signature

It must be computationally infeasible to forge a digital signature,

either by constructing a new message for an existing digital

signature or by constructing a fraudulent digital signature for a

given message

It must be practical to retain a copy of the digital signature in

storage

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Direct Digital Signature

Refers to a digital signature scheme that involves only the communicating

parties

It is assumed that the destination knows the public key of the source

Confidentiality can be provided by encrypting the entire message plus

signature with a shared secret key

It is important to perform the signature function first and then an outer

confidentiality function

In case of dispute some third party must view the message and its

signature

The validity of the scheme depends on the security of the senders private key

If a sender later wishes to deny sending a particular message, the sender

can claim that the private key was lost or stolen and that someone else

forged his or her signature

One way to thwart or at least weaken this ploy is to require every signed

message to include a timestamp and to require prompt reporting of

compromised keys to a central authority

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

ElGamal Digital Signature

Scheme involves the use of the private key for encryption

and the public key for decryption

Global elements are a prime number q and a, which is a

primitive root of q

Use private key for encryption (signing)

Uses public key for decryption (verification)

Each user generates their key

Chooses a secret key (number): 1 < xA < q-1 Compute their public key: yA = a xA mod q Copyright 2020 Pearson Education, Inc. All Rights Reserved. Schnorr Digital Signature Scheme is based on discrete logarithms Minimizes the message-dependent amount of computation required to generate a signature Multiplying a 2n-bit integer with an n-bit integer Main work can be done during the idle time of the processor Based on using a prime modulus p, with p 1 having a prime factor q of appropriate size Typically p is a 1024-bit number, and q is a 160-bit number Copyright 2020 Pearson Education, Inc. All Rights Reserved. N I S T Digital Signature Algorithm Published by N I S T as Federal Information Processing Standard F I P S 186 Makes use of the Secure Hash Algorithm (S H A) The latest version, F I P S 186-3, also incorporates digital signature algorithms based on R S A and on elliptic curve cryptography Copyright 2020 Pearson Education, Inc. All Rights Reserved. Figure 13.2 Two Approaches to Digital Signatures Copyright 2020 Pearson Education, Inc. All Rights Reserved. Figure 13.3 The Digital Signature Algorithm (D S A) Copyright 2020 Pearson Education, Inc. All Rights Reserved. Figure 13.4 D S A Signing and Verifying Copyright 2020 Pearson Education, Inc. All Rights Reserved. Elliptic Curve Digital Signature Algorithm (E C D S A) Four elements are involved: All those participating in the digital signature scheme use the same global domain parameters, which define an elliptic curve and a point of origin on the curve A signer must first generate a public, private key pair A hash value is generated for the message to be signed; using the private key, the domain parameters, and the hash value, a signature is generated To verify the signature, the verifier uses as input the signers public key, the domain parameters, and the integer s; the output is a value v that is compared to r ; the signature is verified if the v = r Copyright 2020 Pearson Education, Inc. All Rights Reserved. Figure 13.5 E C D S A Signing and Verifying Copyright 2020 Pearson Education, Inc. All Rights Reserved. R S A-P S S R S A Probabilistic Signature Scheme Included in the 2009 version of F I P S 186 Latest of the R S A schemes and the one that R S A Laboratories recommends as the most secure of the R S A schemes For all schemes developed prior to P S S it has not been possible to develop a mathematical proof that the signature scheme is as secure as the underlying R S A encryption/decryption primitive

The PSS approach was first proposed by Bellare and Rogaway

This approach, unlike the other R S A-based schemes,

introduces a randomization process that enables the security of

the method to be shown to be closely related to the security of

the R S A algorithm itself

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Mask Generation Function (M G F)

Typically based on a secure cryptographic hash function

such as S H A-1

Is intended to be a cryptographically secure way of

generating a message digest, or hash, of variable

length based on an underlying cryptographic hash

function that produces a fixed-length output

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Figure 13.6 R S A-P S S Encoding

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Figure 13.7 R S A-P S S E M Verification

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Summary

Present an overview of the digital signature process

Understand the ElGamal digital signature scheme

Understand the Schnorr digital signature scheme

Understand the N I S T digital signature scheme

Compare and contrast the N I S T digital signature scheme

with the ElGamal and Schnorr digital signature schemes

Understand the elliptic curve digital signature scheme

Understand the R S A-P S S digital signature scheme

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Copyright

This work is protected by United States copyright laws and is

provided solely for the use of instructors in teaching their

courses and assessing student learning. Dissemination or sale of

any part of this work (including on the World Wide Web) will

destroy the integrity of the work and is not permitted. The work

and materials from it should never be made available to students

except by instructors using the accompanying text in their

classes. All recipients of this work are expected to abide by these

restrictions and to honor the intended pedagogical purposes and

the needs of other instructors who rely on these materials. Cryptography and Network Security:

Principles and Practice
Eighth Edition

Chapter 12

Message Authentication Codes

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Message Authentication

Requirements (1 of 2)
Disclosure

Release of message contents to any person or process not

possessing the appropriate cryptographic key

Traffic analysis

Discovery of the pattern of traffic between parties

Masquerade

Insertion of messages into the network from a fraudulent

source

Content modification

Changes to the contents of a message, including insertion,

deletion, transposition, and modification

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Message Authentication

Requirements (2 of 2)
Sequence modification

Any modification to a sequence of messages between

parties, including insertion, deletion, and reordering

Timing modification

Delay or replay of messages

Source repudiation

Denial of transmission of message by source

Destination repudiation

Denial of receipt of message by destination

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Message Authentication Functions

Two levels of functionality:

Lower level

There must be some sort of

function that produces an

authenticator

Higher-level

Uses the lower-level function

as a primitive in an

authentication protocol that

enables a receiver to verify
the authenticity of a message

Hash function

A function that maps a message

of any length into a fixed-length

hash value which serves as the

authenticator

Message encryption

The ciphertext of the entire

message serves as its

authenticator

Message authentication code (M A C)

A function of the message and a

secret key that produces a

fixed-length value that serves as

the authenticator

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Figure 12.1 Basic Uses of Message

Encryption

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Figure 12.2 Internal and External

Error Control

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Figure 12.3 T C P Segment

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Public-Key Encryption

The straightforward use of public-key encryption provides

confidentiality but not authentication

To provide both confidentiality and authentication, A can

encrypt M first using its private key which provides the

digital signature, and then using Bs public key, which

provides confidentiality

Disadvantage is that the public-key algorithm must be

exercised four times rather than two in each

communication

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Figure 12.4 Basic Uses of Message

Authentication code (M A C)

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Requirements for M A Cs

Taking into account the types of attacks, the M A C needs to

satisfy the following:

The first requirement deals with message replacement

attacks, in which an opponent is able to construct a new

message to match a given M A C, even though the

opponent does not know and does not learn the key

The second requirement deals with the need to thwart a

brute-force attack based on chosen plaintext

The final requirement dictates that the authentication

algorithm should not be weaker with respect to certain

parts or bits of the message than others

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Brute-Force Attack

Requires known message-tag pairs

A brute-force method of finding a collision is to pick a

random bit string y and check if H(y) = H(x)

Two lines of attack:

Attack the key space

If an attacker can determine the M A C key then it is

possible to generate a valid M A C value for any input

x

Attack the M A C value

Objective is to generate a valid tag for a given

message or to find a message that matches a given

tag

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Cryptanalysis

Cryptanalytic attacks seek to exploit some property of the

algorithm to perform some attack other than an exhaustive

search

An ideal M A C algorithm will require a cryptanalytic effort

greater than or equal to the brute-force effort

There is much more variety in the structure of M A Cs than

in hash functions, so it is difficult to generalize about the

cryptanalysis of M A Cs

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

M A Cs Based on Hash Functions:

H M A C
There has been increased interest in developing a M A C

derived from a cryptographic hash function

Motivations:

Cryptographic hash functions such as M D5 and S H A

generally execute faster in software than symmetric

block ciphers such as D E S

Library code for cryptographic hash functions is widely

available

H M A C has been chosen as the mandatory-to-implement

M A C for I P security

Has also been issued as a N I S T standard (F I P S 198)

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

H M A C Design Objectives

R F C 2104 lists the following objectives for H M A C:

To use, without modifications, available hash functions

To allow for easy replaceability of the embedded hash

function in case faster or more secure hash functions

are found or required

To preserve the original performance of the hash

function without incurring a significant degradation

To use and handle keys in a simple way

To have a well understood cryptographic analysis of

the strength of the authentication mechanism based on

reasonable assumptions about the embedded hash

function

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Figure 12.5 H M A C Structure

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Figure 12.6 Efficient Implementation

of H M A C

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Security of H M A C

Depends in some way on the cryptographic strength of the

underlying hash function

Appeal of H M A C is that its designers have been able to

prove an exact relationship between the strength of the

embedded hash function and the strength of H M A C

Generally expressed in terms of the probability of

successful forgery with a given amount of time spent by

the forger and a given number of message-tag pairs

created with the same key

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Figure 12.7 Data Authentication

Algorithm (F I P S P U B 113)

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Figure 12.8 Cipher-based Message

Authentication Code (C M A C)

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Authenticated Encryption (A E)

A term used to describe encryption systems that

simultaneously protect confidentiality and authenticity of

communications

Approaches:

Hashing followed by encryption

Authentication followed by encryption

Encryption followed by authentication

Independently encrypt and authenticate

Both decryption and verification are straightforward for

each approach

There are security vulnerabilities with all of these

approaches

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Counter with Cipher Block Chaining-

Message Authentication Code (C CM)
Was standardized by N I S T specifically to support the security

requirements of I E EE 802.11 W iFi wireless local area networks

Variation of the encrypt-and-M A C approach to authenticated

encryption

Defined in N I S T S P 800-38C

Key algorithmic ingredients:

A E S encryption algorithm

C T R mode of operation

C M A C authentication algorithm

Single key K is used for both encryption and M A C algorithms

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

The input to the C CM encryption

process consists of three elements:
Data that will be both authenticated and encrypted

This is the plaintext message P of the data block

Associated data A that will be authenticated but not encrypted

An example is a protocol header that must be transmitted in

the clear for proper protocol operation but which needs to be

authenticated

A nonce N that is assigned to the payload and the associated

data

This is a unique value that is different for every instance

during the lifetime of a protocol association and is intended

to prevent replay attacks and certain other types of attacks

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Figure 12.9 Counter with Cipher

Block Chaining-Message

Authentication Code (C CM)

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Galois/Counter Mode (G C M)

N I S T standard S P 800-38D

Designed to be parallelizable so that it can provide high

throughput with low cost and low latency

Message is encrypted in variant of C T R mode

Resulting ciphertext is multiplied with key material and

message length information over G F (2128) to generate the

authenticator tag

The standard also specifies a mode of operation that

supplies the M A C only, known as G M A C

Makes use of two functions:

G H A S H – a keyed hash function

G C T R C T R mode with the counters determined by simple

increment by one operation

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Figure 12.10 G C M Authentication and

Encryption Functions

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Figure 12.11 Galois Counter

Message Authentication Code (G C M)

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Key Wrap (K W)

Most recent block cipher mode of operation defined by

N I S T

Uses A E S or triple D E A as the underlying encryption

algorithm

Purpose is to securely exchange a symmetric key to be

shared by two parties, using a symmetric key already

shared by those parties

The latter key is called a key encryption key (K E K)

Robust in the sense that each bit of output can be

expected to depend in a nontrivial fashion on each bit of

input

Only used for small amounts of plaintext

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Figure 12.12 Key Wrapping Operation

for 256-Bit Key

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Figure 12.13 Key Wrapping Operation

for 256-Bit Key: Stage t

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Pseudorandom Number Generation

Using Hash Functions and M A Cs
Essential elements of any pseudorandom number

generator (P R N G) are a seed value and a deterministic

algorithm for generating a stream of pseudorandom bits

If the algorithm is used as a pseudorandom function

(P R F) to produce a required value, the seed should

only be known to the user of the P R F

If the algorithm is used to produce a stream encryption

function, the seed has the role of a secret key that must

be known to the sender and the receiver

A hash function or M A C produces apparently random

output and can be used to build a P R N G

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Figure 12.14 Basic Structure of Hash-

Based P R N Gs (S P 800-90)

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Figure 12.15 Three P R N G s Based on

H M A C

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Summary

List and explain the possible

attacks that are relevant to

message authentication

Define the term message

authentication code

List and explain the

requirements for a message

authentication code

Present an overview of H M A C

Present an overview of C M A C

Explain the concept of

authenticated encryption

Present an overview of C CM

Present an overview of G C M

Discuss the concept of key

wrapping and explain its use

Understand how a hash function

or a message authentication

code can be used for

pseudorandom number

generation

Copyright 2020 Pearson Education, Inc. All Rights Reserved.

Copyright

This work is protected by United States copyright laws and is

provided solely for the use of instructors in teaching their

courses and assessing student learning. Dissemination or sale of

any part of this work (including on the World Wide Web) will

destroy the integrity of the work and is not permitted. The work

and materials from it should never be made available to students

except by instructors using the accompanying text in their

classes. All recipients of this work are expected to abide by these

restrictions and to honor the intended pedagogical purposes and

the needs of other instructors who rely on these materials.

Leave a Comment

Your email address will not be published. Required fields are marked *