8.3 – Message Integrity and Digital Signatures

  • To authenticate a message, Bob needs to verify:
    • The message indeed originated from Alice.
    • The message was not tampered with on its way to Bob

8.3.1 – Cryptographic Hash Functions

  • A has function takes an input m, and computes a fixed-size string H(m) known as a hash.
  • A cryptographic hash function is required to have the following additional property:
    • It is computationally infeasible to find any two different messages x and y such that h(x) = H(y)
  • The MD5 hash algorithm was invented by Ron Rivest.
  • MD5 computes a 128-bit hash in a four-step process consisting of a padding step (adding a one followed by enough 0’s so that the length of the message satisfies certain conditions), an append step (appending a 64-bit representation of the message length before padding), an initialization of an accumulator, and a final looping step in which the message’s 16-word blocks are processed in four rounds.
  • The second major hash algorithm in use today is the secure Hash Algorithm (SHA-1).
    • Based on principles similar to those used in the design of MD4.
    • SHA-1 is a US federal standard, and is required for use whenever a cryptographic hash algorithm is needed for federal applications.
    • It produces a 160-bit message digest. The longer output length makes SHA-1 more secure.

8.3.2 – Message Authentication Code

  • To perform message integrity, in addition to using cryptographic hash functions, Alice and Bob will need a shared secret s.
    • The shared secret, which is nothing more than a string of bits, is called the authentication key.
  • Message integrity can be performed as follows:
    • Alice creates message m, concatenates s with m to create m+s, and calculates the Hash H(m+s). H(m+s) is called the message authentication code (MAC)
    • Alice then appends the MAC to the message, creating an extended message (m, H(m+s)), and sends the extended message to Bob.
    • Bob receives an extended message (m,h) and knowing s, calculates the MAC H(m+s). If H(m+s)=h, Bob concludes that everything is fine.
  • The most popular standard today is HMAC which can be used with either MD5 or SHA-1.
    • It runs data and the authentication key through the has function twice.
  • How do we distribute the shared authentication key to the communication entities:
    • A network administrator could actually accomplish this by physically visiting each of the routers. Or, if the network administrator is lazy, and if each router has its own public key, the network administrator could distribute the authentication key to any one of the routers by encryption it with the router’s public key and then sending the encryption key over the network to the rotuer.

8.3.3 Digital Signatures

  • A digital signature is a cryptographic technique for achieving these goals in a digital world.
  • Suppose that Bob wants to digitally sign a document, m. We can think of the document as a file or a message that Bob is going to sign and send.
    • Bob simply uses his private key, $$K_B^-$$, to compute $$K_B^-(m)$$.
    • At first, it might seem odd that Bob is using his private key to sign a document. But recall that encryption and decryption are nothing more than mathematical operations and recall that Bob’s goal is not to scramble or obscure the contents of the document, but rather to sign the document in a manner that is verifiable and nonforgeable.
    • Bob’s digital signature of the document is $$K_B^-(m)$$.
  • Suppose Alice has m and $$K_B^-(m)$$. She wants to prove In court that Bob had indeed signed the document and was the only person who could have possibly signed the document.
    • Alice takes Bob’s public key, $$K_B^+$$ and applies it to the digital signature, $$K_B^-(m)$$, associated with the document, m. That is, she computes $$K_B^+(K_B^-(m))$$ which produces m, which exactly matches the original document.
    • Alice then argues that only Bob could have signed the document, because:
      • Whoever signed the message must have used the private key, $$K_B^-$$, in computing the signature $$K_B^-(m)$$, such that $$K_B^+(K_B^-(m))=m$$
      • The only person who could have known the private key, $$K_B^-$$, is Bob. Therefore, the only person who could know $$K_B^-$$ is the person who generated the pair of keys $$(K_B^-, K_B^+)$$, in the first place, Bob.
  • It is also important to note that if the original document, m, is ever modified to some alternate form, m’, the signature that Bob created for m will not be valid for m’. Thus digital signatures provide message integrity.
  • One concern with signing data by encryption is that encryption and decryption are computationally expensive. Given the overheads of encryption and decryption, signing data via complete encryption/decryption can be overkill.
  • An efficient approach is to introduce hash functions into the digital signature.
  • Summary of the operational procedure of creating a digital signature:
    • Bob puts his original long message through a hash function.
    • He then digitally signs the resulting hash with his private key.
    • The original message along with the digitally signed message digest is then sent to Alice.
    • Alice applies the sender’s public key to the message to obtain a hash result.
    • Alice also applies the hash function to the cleartext message to obtain a second hash result.
    • If the two hashes match, then Alice can be sure about the integrity and author of the message.
  • Both digital signatures and MACs start with a message (or a document). To create a MAC out of the message, we append an authentication key to the message, and then take the hash of the result.
    • Neither the public key nor symmetric key encryption is involved in creating the MAC
  • A digital signature is a “heavier” technique, since it requires an underlying Public Key Infrastructure (PKI) with certification authorities.
  • Public key certification:
    • Certifying that a public key belongs to a specific entity.
    • Public key certification is used in many popular secure network protocols, including IPsec and SSL.
  • Public key cryptography is useful to verify that you have the actual public key of the entity with whom you want to communicate.
    • F.ex. When Alice wants to communicate with Bob using public key cryptography, she needs to verify that the public key that is supposed to be Bob’s is indeed Bob’s.
  • Binding a public key to a particular entity is typically done by a Certification Authority (CA), whose job is to validate identities and issue certificates. A CA has the following roles:
    • A CA verifies that an entity is who it says it is. There are no mandated procedures for how certification is done. When dealing with a CA, one must trust the CA to have performed a suitably rigorous identity verification. F.ex. If a hacker were able to walk into the Fly-by-night CA and simply announces “I am a trusted person” and receives cerificates associated with the identity of Alice, then one shouldn’t put much faith in public keys certified by the Fly-by-Night CA. On the other hand, one might be more willing to trust a CA that is part of a federal or state program. You can trust the identity associated with a public key only to the extent to which you can trust a CA and its identity verification techniques
    • Once the CA certifies the identity of the entity, the CA creates a certificate that binds the public key of the entity to the identity. The ceritifcate contains the public key and globally unique identifying information about the owner of the public key. The certificate is digitally signed by the CA.
  • Both the International Telecommunication Union (ITU) and the IETF have developed standards for CAs.
    • ITU X-509 specifies an authentication service as well as a specific syntax for certificates.
    • [RFC 1422] describes CA-based key management for use with secure Internet e-mail. It is compatible with the X.509 but goes beyond X.509 by establishing procedures and conventions for a key management architecture.
  • Some important fields in a certificate:
    • Field Name: Description
    • Version: Version number of X.509 specification
    • Serial Number: CA-issued unique identifier for a certificate
    • Signature: Specifies the algorithm used by CA to sign this certificate
    • Issuer name: Identity of CA issuing this certificate, in distinguished name
    • Validity period: Start and end of period of validity for certificate
    • Subject name: Identity of entity whose public key is associated with this certificate, in DN format
    • Subject public key: The subject’s public key as well indication of the public key algorithm to be used with this key.

results matching ""

    No results matching ""