Anda di halaman 1dari 33

__________________________________________________________

TECHNICAL REPORT SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENT FOR THE AWARD OF DEGREE OF

Bachelor of Technology In

COMPUTER SCIENCE AND ENGINEERING


BY SRIKAR DHULIPALLA (08M91A0565)

Under the Guidance of Ms. REKHA CHORARIA

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING AURORAS SCIENTIFIC AND TECHNOLOGICAL INSTITUTE Aushapur (V), Ghatkesar (M), R. R. Dist - 501 301

AURORAS SCIENTIFIC AND TECHNOLOGICAL INSTITUTE Aushapur (V), Ghatkesar (M), R. R. Dist - 501 301

CERTIFICATE

This is to certify that this technical report entitled Message Authentication Code and Digital Signatures by Srikar Dhulipalla H.T. No: 08M91A0565 submitted in partial fulfillment of the requirements for the award of degree of Bachelor of Technology in Computer Science and Engineering of the Jawaharlal Nehru Technological University Hyderabad, during the academic year 2011-12, carried out under our guidance and supervision.

Signature of Internal Guide

Signature of H.O.D

ACKNOWLEDGEMENT

I am heartily thankful to my internal guide, Ms. Rekha Choraria, for her constant motivation and valuable help throughout the technical seminar work. I also express my gratitude to Mr. V. Satyanarayana, HOD of Computer Science and Engineering, for his valuable suggestions and advices throughout the course. I also extend my thanks to other faculties for their cooperation during my course.

SRIKAR DHULIPALLA

DECLARATION

I hereby declare that the technical report titled Message Authentication Code and Digital Signatures submitted to Auroras Scientific and Technological Institute, in partial fulfillment of the requirement for award of degree of Bachelor of Technology, is a bonafide work carried out by me at our college.

SRIKAR DHULIPALLA

ABSTRACT

Innovative ideas and secure details are communicated through a network. Distrust of communication leads to havoc. The main aim of communicating the things by using modern technology will be defeated if it does not reach the party concerned. So proper care should be taken to avoid the distrust in communication to achieve the desired goal. There are several threats that cause mutual distrust among the parties and may end in confiscating their resources associated with the other. To avoid such anomaly in the networks, a definite need for authentication is required for communicating the parties. A Message Authentication Code (MAC) has been introduced that helps in transmitting the messages through a network and ensures the authenticity of the parties. MAC or message authentication code protects both the parties who exchange messages from third party (such as the network acting as a medium of transmission). On the other hand, Digital Signatures protect the communicating parties form the other. Repudiation threat can also be resolved by using Digital Signatures. Authentication as well as legitimacy is required to protect each party from the other. These signatures authenticate the parties and the data they transmit. These signatures are analogous to the hand written signatures and thus provide a better security over the communications network. The communications network invariably needs a channel of high security that enables the communicating party to prove it to be legitimate and carry out its intended communication. The word, proving itself, is the top priority, that can be addressed by adopting the MAC (message authentication code) and DS (digital signatures), that maintains mutual trust among the parties.

TABLE OF CONTENTS

1. Introduction to authentication 1.1 Authentication 1.2 Authentication in Computer Networks 1.3 Authentication versus Authorization 1.4 Mutual Authentication 1.5 Types of Authentication

2. Message Authentication Code 1.1 An Overview Of MAC 1.2 Need For MAC 1.3 Message Confidentiality With Symmetric Encryption 1.4 Approaches To Message Authentication Code

3. Digital Signatures 1.1 An Overview Of Digital Signatures 1.2 Need For Digital Signatures 1.3 How Digital Signatures Work? 1.4 Use Of Digital Signatures 1.5 Generation And Verification Of Digital Signatures 1.6 Advantages Of Digital Signatures

4. Conclusion

5. Appendix A 1.1 Terminology 6. References

AUTHENTICATION

Authentication is a process which allows a sender and a receiver of information to validate each other. If the sender and the receiver information cannot properly authenticate each other, there is no trust in the activities or information provided by either party. Authentication can involve highly complex and secure methods or can be very simple. The simplest form of authentication is the transmission of shared password between entities wishing to authenticate each other. In art, antiques, and anthropology, a common problem is verifying that a person has the said identity or a given artifact produced by a certain person, or was produced in a certain place or period of history. There are there types of techniques for doing this: The first type of authentication is accepting proof of identity given by a credible person who has the evidence on the said identity or on the originator and the object under assessment as his artifact respectively. The second type of authentication is comparing the attributes of the objects itself to what is known about the objects of that origin. For example, an art expert might look at the similarities in the style of painting, check the location and form a signature, or compare the object to an old photograph. The third type of authentication relies on the documentation or other external affirmations. For example, the rules of evidence in criminal courts often require establishing the chain of custody of evidence presented.

The ways in which someone may be authenticated fall into three categories, based on what are known as factors of authentication. Each authentication factor covers a range of elements use to authenticate or verify a persons identity prior to being granted access, approving a transaction request, signing a document or other work product, granting authority to others, and establishing a chain of authority. Security research has determined that a positive identification, elements from at least two, and preferably all three, factors to be verified. The factors and some of the elements of each factor are: OWNERSHIP FACTOR: Something the user has e.g. wrist band, ID card, security token, software token, phone or cell phone. KNOWLEDGE FACTOR: Something the user knows e.g. a password, pass phrase or a PIN (personal identification number), and challenge response. INHERENCE FACTOR: Something the user is or does e.g. a fingerprint, retinal pattern, DNA sequence, signature, face, voice, unique bio-electric signals, or other biometric identifier.

AUTHENTICATION IN COMPUTER NETWORKS

Authentication in computer networks means verifying the identity of a user logging onto a network. Passwords, digital certificates, smart cards and biometrics can be used to prove the identity of the user to the network. Computer security authentication includes verifying message integrity, e-mail authentication and MAC (Message Authentication Code), checking the integrity of a transmitted message. There are human authentication, challenge-response authentication, password, digital signature, IP spoofing and biometrics. Human authentication is the verification that a person initiated the transaction, not the computer. Challenge-response authentication is an authentication method used to prove the identity of a user logging onto the network. When a user logs on, the network access server (NAS), wireless access point or authentication server creates a challenge, typically a random number sent to the client machine. The client software uses its password to encrypt the challenge through an encryption algorithm or a one-way hash function and sends the result back to the network which probably is the response. Two-factor authentication requires two independent ways to establish identity and privileges. The methods of using more than one factor or authentication is also called strong authentication. This contrasts with traditional authentication, requiring only one factor in order to gain access to a system. Password is a secret word or code used to serve as a security measure against unauthorized access to data. It is normally managed by the operating system or DBMS. However, a computer can only verify the legality of the password no the legality of the user. Two major applications of digital signatures are for setting up a secure connection to a website and verifying the integrity of files transmitted. IP spoofing refers to inserting the IP address of an authorized user into the transmission of an unauthorized user in order to gain illegal access to a computer system. Biometrics is a more secure form of authentication than typing passwords or even using smart cards that can be stolen. However, some ways have relatively high failure rates. For example, fingerprints can be captured from a water glass and fool scanners. The authentication of information can pose special problems especially man-in-the-middle attack, and is often wrapped up with authenticating identity. Various systems have been invented to allow users to authenticate that a given message was originated from or was relayed by them. These involve authentication factors like: A difficult to reproduce physical artifact, such as a seal, signature, watermark, special stationery, or fingerprint. A shared secret such as a pass-phrase, in the context of the message. An electronic signature, used to guarantee that a message has been signed by legitimate user.

AUTHETNICATION VERSUS AUTHORIZATION

The process of authorization is distinct from that of authentication. Whereas authentication is the process of verifying that you are who you say you are, authorization is the process of verifying that you are permitted to do what you are trying to do. Authorization thus presupposes authentication. For example, when you show proper identification credentials to a bank teller, you are asking to be authenticated to act on behalf of the account holder. If your authentication request is approved, you become authorized to access the accounts of that accountholder, but no others. Even though authorization cannot occur without authentication, the former term is sometimes used to mean the combination of both. To distinguish authentication from the closely related authorization, the short-hand notations A1 (authentication), A2 (authorization) as well as AuthN / AuthZ or Au / Az are used in some communities. Normally delegation was considered to be part of authorization domain. Recently authentication is also used for various types of delegation tasks. Delegation in IT network is also a new but evolving field. One familiar use of authentication and authorization is access control. A computer system that is supposed to be used only by those authorized must attempt to detect and exclude the unauthorized. Access to it is therefore usually controlled by insisting on an authentication procedure to establish with some degree of confidence the identity of the user, granting privileges established for that identity. Common examples of access control involving authentication include: Asking for photo ID when a contractor first arrives at a house to perform work. Using captcha as a means of asserting that a user is a human being and not a computer program. A computer program using a blind credential to authenticate to another program. Entering a country with a passport. Logging in to a computer. Using a confirmation E-mail to verify the ownership of an e-mail address. Using an internet banking system. Withdrawing cash from an ATM.

Security experts argue that it is impossible to prove the identity of a computer user with absolute certainty. It is only possible to apply one or more tests which, if passed, have been previously declared to be sufficient to proceed. The problem is to determine which tests are sufficient, and many such are inadequate. Any given test can be spoofed one way or the other, with varying degrees of difficulty.

MUTUAL AUTHENTICATION
The term Mutual Authentication has been used in the literature to define where the parties authenticate to each other within a single authentication process. Mutual authentication is normally seen as two separate identity bindings within one authentication algorithm, but EAP methods like AKA claim mutual authentication with a single identity binding based on joint state held by both parties. IKE with pre-shared key also produces a mutual authentication within its single exchange. Mutuality in a single authentication process can be achieved in many ways with different assumptions on trust. As such it is valuable to define different terminology here. In fact the use of Mutual in this context is problematic as a single flow, consisting of two nested authentication algorithms, can be attacked to the detriment of the authenticating parties. An authentication process may be called mutual and still the following issues are undefined: Is one or both identities exchanged? If only one identity is exchanged, is the other identity implied by knowledge of a symmetric key? Is/are the identities exchange secure? If two identities are securely exchanged, are they protected with one or two keys? If two identities, is there one identity exchange, two intertwined exchanges, or two serial or parallel exchanges?

To resolve these issues, it is best to limit the applicability of Mutual Authentication to authentication algorithms and how they act on Identity bindings. Authentication flows and channels are silent on mutuality. Mutuality is NOT established by a bi-directional or coupled unidirectional flow. It is appropriate to delineate the requirement of mutual authentication for a system. Describing an authentication algorithm as mutual or not mutual may be acceptable in some instances, in others instances it is too general for a classification. To that end there are two features that further typify an authentication. Are both identities explicitly included within the algorithm or is one implicit as in AKA. Is one of the identities not bound to its key, but protected with the other partys key?

Thus efficient algorithms can be built up by understanding the above listed issues and classifying the scenarios to establish a mutual authentication between the communicating parties and thus help encouraging a mutual trust between them to share their resources with the other efficiently.

TYPES OF AUTHENTICATION

Authentication can be accomplished in many ways. The importance of selecting an environment appropriate Authentication Method is perhaps the most crucial decision in designing secure systems. Authenticating protocols are capable of simply authenticating the connecting party or authenticating the connecting party as well as authenticating itself to the connecting party. The various ways in which an authentication process can be carried out are: Passwords One-time passwords Public-key cryptography Zero-knowledge proofs Message Authentication Code Digital Signatures

PASSWORDS:
Passwords are the most widely used form of authentication. Users provide an identifier, a typed in word or phrase or perhaps a token card, along with password. In many system the passwords, on the host itself, are not stored as plain text but are encrypted. Password authentication of this type is in general simple and does not require much processing power. Password authentication has several vulnerabilities, some of the more obvious are: Passwords are easy to guess. Writing the password and placing it in a high visible area. Discovering passwords by eavesdropping or even social engineering.

The risk of eavesdropping can be managed by using digests for authentication. The connecting party sends a value, typically a hash of the client IP address, time stamp, and additional secret information. Because this hash is unique for each accessed URI, no other documents can be accessed nor can it not be used from other IP address without detection. The password is also not vulnerable to eavesdropping because of the hashing. The system is, however, vulnerable to active attacks such as the man-in-the-middle attack.

ONE-TIME PASSWORDS:
To avoid the problems associated with passwords reuse, one-time passwords are developed. There are two types of one-time passwords, a challenge-response password and a password list.

The challenge-response password responds with a challenge value after receiving a user identifier. The response is then calculated from either with response value or select from a table based on the challenge. A one-time password list makes use of lists of passwords which are sequentially used by the person wanting to access a system. The values are generated so that it is very hard to calculate the next value from the previously presented values. It is important to keep in mind that Password systems only authenticate the connecting party. It does not provide the connecting party with any method of authenticating the system they are accessing, so it is vulnerable to spoofing or a man-in-the-middle attack.

PUBLIC KEY CRYPTOGRAPHY:


PKC is based on very complex mathematical problems that require very specialized knowledge. PKC makes use of two keys, one private and the other public. The two keys are linked together by the way of an extremely complex mathematical equation. The private key is used to decrypt and also encrypt messages between the communicating machines. Both encryption and verification of signature is accomplished with the public key. The advantage of PKC is that the public key is readily available to the public. In fact, public keys are often published to public directories on the internet so that they can be easily retrieved. This simplifies key-management efforts. The integrity of the public key is of the utmost importance. The integrity of a public key is usually assured by completion of a certification process carried out by a certification authority. Once the CA has certified that the credentials provided by the entity securing the public key are valid, the CA will digitally sign they key so that the visitors accessing the material the key is protecting will know the entity has been certified.

ZERO-KNOWLEDGE PROOFS:
Zero-knowledge proofs make it possible for a Host to convince another Host to allow access without revealing any secret information. The hosts involved in this form of authentication usually communicate several times to finalize authentication. The client will first create a random but difficult problem to solve and the solve it using information it has. The client then commits the solution using a bit-commitment scheme and then sends the problem and commitment to the server. The server then asks the client to either prove that the problems are related to open the committed solution and prove that it is the solution. The client compiles with the request.

Typically, about ten successful exchanges will be required to take place before the authentication process is complete and access is granted. The zero-knowledge proof of identity has its share of problems. Perhaps the most vulnerable one is that while Host A thinks he is proving his identity to Host B, it is possible for Host B to simultaneously authenticate to a third party, Host C, using Host As credentials.

MESSAGE AUTHENTICATION CODE:


In cryptography, a message authentication code (MAC) is a short piece of information used to authenticate a message. A MAC algorithm, sometimes called a keyed hash function, accepts as input a secret key and an arbitrary-length message to be authenticated, and outputs a MAC. The MAC value protects both a messages data integrity as well as its authenticity, by allowing verifiers to detect any changes to the message content. The algorithmic structure will be further illustrated in detail.

DIGITAL SIGNATURES:
In many instances it is not necessary to authenticate communicating parties; for instance when downloading application updates or patches form the Internet. From a security point-ofview, the server does not need to screen who is downloading the software. The user downloading the software does not necessarily care what particular server it is downloading form. However, the user may want to be assured that the downloadable data is genuine and not a Trojan horse or other malicious or invalid information. In this instance a digital signature would best serve to authenticate the downloadable data. A digital signature is a digest calculated from a singed document which is then signed. The client verifies the digest signature by decrypting it with the servers public key and compares it to the digest value calculated from message received. The signature can also be used by the server to verify data client is sending. More in-detail information will be given on digital signatures.

MESSAGE AUTHENTICATION CODE

In cryptography, a message authentication code (MAC) is short information used to authenticate a message. A MAC algorithm, sometimes called a keyed hash function, accepts as input a secret key and an arbitrary-length message to be authenticated, and outputs a MAC. The MAC value protects both a messages data integrity as well as its authenticity, by allowing verifiers to detect any changes to the message content. Message authentication is a mechanism or service used to verify the integrity of a message. It assures that the data received are exactly as sent by and that the purported identity of a sender is valid. These are used to protect the communication (the transit of messages) against active attacks (falsification of data and transactions). A message, file, document, or other collection of data is said to be authentic when it is genuine and came from its alleged source. Two important aspects are to verify that the contents of the message have not been altered and that the source is authentic. While MAC functions are similar to cryptographic hash functions, they possess different security requirements. To be considered secure, a MAC function must resist existential forgery under chosen-plaintext attacks. This means that even if an attacker has access to an oracle while possesses the secret key and generates MACs for messages of the attackers choosing, the attacker cannot guess the MAC for other messages without performing infeasible amounts of computation.

NEED FOR MESSAGE AUTHENTICATION

In the context of communication across the networks, the following attacks can be identified: 1. Disclosure: release of message contents to any person or process not possessing the appropriate cryptographic key. 2. Traffic analysis: Discovery of pattern of traffic between parties. In a connectionoriented application, the frequency and duration of connections could be determined. In either a connection-oriented or connectionless environment, the number and length of messages between parties could be determined. 3. Masquerade: Insertion of messages into the network from a fraudulent source. This includes the creation of messages by an opponent that are purported to come from an authorized entity. Also included are fraudulent acknowledgements of message receipt or non-receipt by someone other than the message recipient. 4. Content modification: Changes of the contents of a message, including insertion, deletion, transposition and modification.

5. Sequence modification: Any modification to a sequence of messages between parties, including insertion, deletion, and reordering. 6. Timing modifications: Delay or replay of messages. In a connection-oriented application, an entire session or sequence of messages could be replay of some previous valid session or individual messages in the sequence could be delayed or replayed. In a connectionless application, individual messages could be delayed or replayed. 7. Source repudiation: Denial of transmission of message by source. 8. Destination repudiation: Denial of receipt of message by destination.

DEFENSE AGAINST ATTACKS

1. Disclosure Dealt with 2. Traffic Analysis

SYMMETRIC ENCRYPTION

3. Masquerade 4. Content Modification Dealt with 5. Sequence Modification 6. Timing Modification MESSAGE AUTHENTICATION

7. Source repudiation Dealt with 8. Destination repudiation

DIGITAL SIGNATURES

The above figure depicts various ways in which the upcoming attacks in the communications networks can be defended and thus provide a better security in various scenarios.

MESSAGE CONFIDENTIALITY WITH SYMMMETRIC ENCRYPTION

SYMMETRIC ENCRYPTION: Symmetric encryption is an encryption scheme where a single secret key is shared between the sender and the receiver to communicate with each other by encrypting and decrypting the messages with the same secret key being shared.

MESSAGE CONFIDENTIALITY:
The two attacks in the context of communication networks i.e. disclosure and traffic analysis fall under the category of confidentiality which can be attained by using the symmetric encryption scheme. The approach towards the disclosure attack is possibly to encrypt the message and send it to the desired recipient who is actually intended to read the contents of the message. Even if the non-desired user gains an access to the message, since the message in encrypted, he will not be able to read the contents of the message, unless he attains the key for decryption. The approach towards the traffic analysis attack over the context of the communication networks can be dealt in by using the following two measures: Link Encryption End To End Encryption

LINK ENCRYPTION
TERMIN AL 1

P P TERMIN AL 2 P P P

Link Encryption P Packet Switching Node

TERMIN AL 3

In this scenario, each link between the nodes is encrypted to securely transmit the information over the network.

END TO END ENCRYPTION

TERMIN AL 1

P P TERMIN AL 2 P

P
P

End to End Encryption P- Packet Switching Network


TERMIN AL 3

In this scenario, only links connecting to the terminals are encrypted to securely transmit the information over the network.

PROBLEMS WITH LINK ENCRYPTION AND END TO END ENCRYPTION In LED, each PSN or P has to decrypt the packet it receives to identify the destination of the packet, which ultimately reveals the contents of the packets message and thus is prone to threat. In EED, the destination address is clearly visible in the header of the packet and thus the route tables can be modified and the destination address can be forged and thus prone to threat.

SOLUTION One possible solution that can help in dealing with the problems listed above would be combining both the encryption devices together to provide better confidentiality.

TERMIN AL 1

P P TERMIN AL 2 P P P

Link Encryption End to End Encryption P Packet Switching Network

TERMIN AL 3

APPROACHES TO MESSAGE AUTHENTICATION

MESSAGE ENCRYPTION
It is possible to perform authentication simply by the use of the conventional encryption. If we assume that only the sender and receiver share a key. Then only the genuine sender would be able to encrypt a message successfully for the other participant. Furthermore, if the message includes error detection code and a sequence number, the receiver is assured that no alterations have been made and that sequence number is proper. If the message also includes a timestamp, then the receiver is assured that the message has not been delayed beyond that normally expected for network transit. Message authentication using symmetric encryption Message authentication using public key encryption

MESSAGE AUTHENTICATION USING SYMMETRIC ENCRYPTION

E(K,M)

In this scenario, the following are the steps that occur between the sender and the receiver The sender generates a message and processes it for encryption. A shared key is used to encrypt the message denoted as Ek(M) and transmits it over to the receiver, The receiver on the other hand receives the message and decrypts the message with the same shared key denoted as Dk(C) and obtains the original message M.

The drawback of such a symmetric encryption scenario is that anyone who can obtain the shared key by any form of attack can read the message by successfully decrypting it which leads to loss of valuable information which was not intended to read by any attacker over the network.

MESSAGE AUTHENTICATION USING PUBLIC KEY ENCRYPTION

CONFIDENTIALITY

PUb

E (PUb, M)

PRb

The following are sequence of steps that occur in the above scenario Sender generates a key pair called public and private and distributes the public key over the network. Anyone who is interested in communication can acquire the public key and communicate. The willing party will encrypt a message with the public key of sender which is denoted as EPUk(M) and transmit it to the sender. The sender will decrypt the message with his private key which is only known to him and will acquire the message which is denoted as DPRk(C).

The drawback in this scenario is the lack of authenticity. Any user over the network can acquire the pubic key of sender and send him a message by masquerading that he is some other legitimate user.

AUTHENTICATION

PR

E (PR , M)
a

PU

The above scenario is a converse of the previously discussed scenario where they keys for encryption are interchanged i.e. the private key of the user is used to encrypt the message to reveal his authenticity in the communication. This method will justify the authenticity of the

sender but still there exists a problem of confidentiality cause the public key of the sender is available with the entire user over the network and thus can decrypt the message.

AUTHENTICATION AND CONFIDENTIALITY

PR

E (PR , M)
a

PU

E (PU , E (PR , M))


b a

PR

E (PR , M)
a

PU

The best way to overcome the lack of authenticity and confidentiality discussed in the above scenarios are to double encrypt the message which can be illustrated in the following steps

SENDER M ---- Message EPRa(M) ---- Encrypting M with private key of sender EPUb(EPRa(M)) ---- Encrypting the encrypted message with public key of Recipient

RECEIVER DPRb(EPRa(M)) ---- Decrypting the encrypted message with private key of Recipient DPUa(M) ---- Decrypting M with public key of sender M ---- Message

MESSAGE AUTHENTICATION CODE (MAC)


One authentication technique involves the use of a secret key to generate a small block of data, known as a message authentication code that is appended to the message. This technique assumes that the two communicating parties share a common secret key. When one party wants to send a message to the other, first party calculates the MAC as a function of the message and the key and then appends the MAC to the original message and transmits it to the other party. The receiving party separates the MAC from the message and then computes the MAC on the message and compares it with the MAC received over the network from the sender and if it matches then the authenticity of the sender is justified.

MA

M MAC

MAC

MAC

COMPARE

MA

MAC

K The following are the steps that are involved in the above scenario between the sender and the receiver Sender forms a message and computes MAC using the MAC algorithm. MAC is formed by encrypting the message with a shared secret key. The MAC is appended to the original message and the entire content is transmitted over the network to the recipient. The recipient separated the MAC from the message, performs MAC computation on the message with the same secret key. The recipient compares the received MAC and computed MAC and if they both tally, then he is satisfied that the message integrity is maintained and is not tampered by any unauthorized user over the network.

A slight difficulty which arises in MAC is that it accepts only fixed size message blocks for processing and to obtain that preprocessing consumes a lot of time.

HASH FUNCTION
A variation in the MAC is one-way hash function which accepts a variable-size message M as input and produces a fixed-size output which is referred to as hash code. The hash code is also known as the message digest or the hash value. A secret key is not taken as an input to hash function rather the message alone is passed to the hash algorithm to generate a message digest. To authenticate a message, the message digest is sent with the message in such a way that the message digest is authentic. There are three ways in which the message can be authenticated: Using conventional encryption Using public-key algorithm Using secret value

USING CONVENTIONAL ENCRYPTION

K
H

COMPARE

The Hash function technique is analogous to MAC where instead of a MAC algorithm a HASH function / algorithm is used to generate what is called a message digest. The processing is illustrated in the below steps: Initially sender forms a message and computes the hash of that message using a hash algorithm which produces a message digest. The message digest is encrypted with the shared key and an encrypted message digest is produced out of it. The content is then appended to entire message block and transmitted over the network to the desired recipient. The receiver detaches the message from the message digest and performs same computations performed by the sender and then matches the received message digest

with the computed digest to identify the integrity of the message and is satisfied if not tampered.

USING PUBLIC KEY ALGORITHM

PRa

PUa

COMPARE

This technique is analogous to the previous method where a public, private key pair is used instead of a shared secret value.

USING A SECRET VALUE

COMPARE H

This technique is similar to that of the above two techniques where no encryption scheme is followed. The flowing steps are involved in this technique:

The sender computes the message digest by passing the message and the shared secret as arguments to the hash function. The message digest produced is directly appended to the message without encrypting and is transmitted to the receiver over the network. The receiver detaches the message from the message digest and computes the message digest on the message with the shared key and message as input to the same hash function used by the sender. The computed message digest is compared with the received message digest and if they both match, then the integrity of the message is verified and the receiver is satisfied.

DIGITAL SIGNATURES

A digital signature or a digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit. Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery or tampering. A digital signature can be used with any kind of message, transactions and the like, whether it is encrypted or not, simply so that the receiver can be sure of the senders identity and that the message arrived intact. A digital certificate contains the digital signature of the certificateissuing authority so that anyone can verify that the certificate is real. This indeed is so commonly observed now in internet transactions.

NEED FOR DIGITAL SIGNATURES

Message authentication protects two parties who exchange messages from any third party. However, it does not protect the two parties against each other. Several forms of dispute between the two are possible. E.g. suppose that john sends an authenticated message to Mary, and then the following disputes could arise: Mary may forge different messages and claim that it came from John. Mary would simply have to create a message and append an authentication code using the key that John and Mary share. John can deny sending the message. Because it is possible for Mary to forge a message, there is no way to prove that John did in fact send the message.

Both scenarios are legitimate and thus they can lead to various kinds distrust between the senders and receivers and can form a path of no trust between the communicating parties. In situations where there is no complete trust between the sender and the receiver, something more than authentication is needed. The more attractive solution to this problem is the digital signature. The digital signature is analogous to the handwritten signature. It must have the following properties: It must verify the author and the date time of the signature. It must authenticate the contents at the time of the signature. It must be verifiable by third parties to resolve disputes.

Thus, the digital signature function includes the authentication function. On the basis of these properties, we can formulate the following requirements for a digital signature: The signature must be a bit pattern that depends on the message digest signed. The signature must some information unique to the sender, to prevent both forgery and denial. It must be relatively easy to produce the digital signature. It must be relatively easy to produce the digital signature. It must be computationally infeasible to forge a digital signature, either by constructing a new message for an existing digital signature or by constructing a fraudulent digital signature for a given message. It must be practical to retain a copy of the digital signature in storage.

HOW DIGITAL SIGNATURES WORK ?

Assume you were going to send the draft of a certain contract to your lawyer in another town. You want to give your lawyer the assurance that it was unchanged from what you sent and that it is really from you. Here then would be the process: You copy-and-paste the contact into an e-mail note. Using special software, you obtain a message hash or message digest of the contract by passing it to the hash algorithm. You then use a private key that you have previously obtained from a public-private key authority to encrypt the hash. The encrypted hash becomes your digital signature of the message (Note that it will be different each time you send a message).

USES OF DIGITAL SIGNATURES

As organizations move away from paper documents with ink signatures or authenticity stamps, digital signatures can provide added assurances of the evidence to provenance, identity, and status of an electronic document as well as acknowledging informed consent and approval by a signatory. The United States Government Printing Office (GPO) publishes electronic versions of the budget, public and private laws, and congressional bills with digital signatures. Universities including Penn State, University Of Chicago, and Stanford are publishing electronic student transcripts with digital signatures. Below are some common reasons for applying a digital signature to communications:

Authentication Integrity Non-repudiation

AUTHENTICATION
Although messages may often include information about the entity sending a message, that information may not be accurate. Digital signatures can be used to authenticate the source of messages. When ownership of a digital signature secret key is bound to a specific user, a valid signature shows that the message was sent by that user. The importance of high confidence in sender authenticity is especially obvious in a financial context. For example, suppose a bank's branch office sends instructions to the central office requesting a change in the balance of an account. If the central office is not convinced that such a message is truly sent from an authorized source, acting on such a request could be a grave mistake.

INTEGRITY
In many scenarios, the sender and receiver of a message may have a need for confidence that the message has not been altered during transmission. Although encryption hides the contents of a message, it may be possible to change an encrypted message without understanding it. (Some encryption algorithms, known as nonmalleable ones, prevent this, but others do not.) However, if a message is digitally signed, any change in the message after signature will invalidate the signature. Furthermore, there is no efficient way to modify a message and its signature to produce a new message with a valid signature, because this is still considered to be computationally infeasible by most cryptographic hash functions (see collision resistance).

NON-REPUDIATION
Non-repudiation, or more specifically non-repudiation of origin, is an important aspect of digital signatures. By this property an entity that has signed some information cannot at a later time deny having signed it. Similarly, access to the public key only does not enable a fraudulent party to fake a valid signature.

GENERATION AND VERIFICATION OF DIGITAL SIGNATURES

The following figure depicts the generation and the verification of the digital signatures which is illustrated in the form of steps below.

Fig: Creation and verification of digital signatures

GENERATION
A key pair, public and the private are generated by all the communicating parties. The message or data is hashed using a hash function which produces a message digest. The message digest is encrypted with the private key of the sender which ultimately turn forms a digital signature. This digital signature is appended with the message or any other related information and is transmitted over the network to the desired recipient.

VERIFICATION
The recipient receives the information or message along with the digital signature. The receiver decrypts the digital signature with the public key of the sender which he has already received prior to communication and thus obtains the message digest. Since hashing is one-way meaning that it is not reversible, the message is taken by the receiver and then he performs hash on the message to obtain the message digest. The receiver compares the computed message digest with the received message digest and if the both tally, then he is assured of the authenticity of the sender as well as the integrity of the message.

ADVANTAGES OF DIGITAL SIGNATURES

Just as with any technology, there will be plus and minuses. This is the way it is with anything, whether it is technology related or not. The advantages of using digital signatures include:

IMPOSTER PREVENTION: By using digital signatures you are actually eliminating the possibility of committing fraud by an imposter signing the document. Since the digital signature cannot be altered, this makes forging the signature impossible. MESSAGE INTEGIRTY: By having a digital signature you are in fact showing and simply proving the document to be valid. You are assuring the recipient that the document is free from forgery or false information. LEGAL REQUIREMENTS: Using a digital signature satisfies some type of legal requirement for the document in question. A digital signature takes care of any formal legal aspect of executing the document.

CONCLUSION
User authentication can be handled using one or more different authentication methods. Some authentication methods such as plain password authentication are easily implemented but are in general weak and primitive. The fact that plain password authentication it is still by far the most widely used form of authentication, gives credence to the seriousness of the lack of security on both the Internet and within private networks. Other methods of authentication that may be more complex and require more time to Implement and maintain, provide strong and reliable authentication (provided one keeps its secrets secret, i.e. private keys and phrases). That being said, one of the key factors to be considered in determining which method of authentication to implement is usability. The usability factor cannot be ignored when designing authentication systems. If the authentication methods are not deemed usable by those forced to utilize them, then they will avoid using the system or persistently try to bypass them. Usability is a key issue to the adoption and maintenance of a security system.

APPENDIX-A TERMINOLOGY KEYWORD DESCRIPTION

SHARED SECRET KEY

KPU KPR PKC

PUBLIC KEY OF USER

PRIVATE KEY OF USER

PUBLIC KEY CRYPTOGTAPHY

MA

MAC ALGORITHM

MAC

MESSAGE AUTHENTICATION CODE

HASH FUNCTION

MD

MESSAGE DIGEST

E and D

ENCRYPTION AND DECRYPTION

DS

DIGITAL SIGNATURES

REFERENCES

E-BOOKS:

http://www.entrust.com/resources/pdf/cryptointro.pdf http://www.ehow.com/list_5910155_types-authentication-protocols.pdf http://technet.microsoft.com/en-us/library/cc962021.pdf

WEBSITES:

http://en.wikipedia.org/wiki/Authentication http://www.duke.edu/~rob/kerberos/authvauth.html http://www.youdzone.com/signature.html http://cs.ucsb.edu/~koc/ccs130h/notes/mac2.html

TEXT BOOKS:

Cryptography and network security William Stallings, 4th Edition Hack proofing your network 2nd Edition, Dreamtech Publications Network Security Essentials William Stallings, 3rd Edition Internet and World Wide Web Nieto, Dreamtech Publications

Anda mungkin juga menyukai