Scribd Logo
Carica

Benvenuto in Scribd!

  • Digital Signature

    Caricato da

    Anupam Bali
    176 visualizzazioni31 pagine
    DIGITAL SIG

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formati disponibili

    PPT, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    DIGITAL SIG

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PPT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    176 visualizzazioni31 pagine

    Digital Signature

    Caricato da

    Anupam Bali
    DIGITAL SIG

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PPT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 31

    A Presentation On Digital Signature and Public Key Infrastructure.

    Begin Presentation Presented ByMayur Malik 1

    Digital Certificates

    Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

    Digital Certificate Contents


    Serial number Name of holder Public key of holder Name of trusted third party (certificate authority) DIGITAL SIGNATURE OF CERTIFICATE AUTHORITY Data on which hash and public-key algorithms have been used Other business or personal information

    Public Key Deception

    Moral:

    Public key encryption for privacy, confidentiality, authentication, and message integrity only works if
    The verifier gets the true partys public key independently of the applicant, From a trusted third party

    Digital Certificates

    Created by a Certificate Authority


    Certificate authority is the trusted third party
    Certificate Authority Digital Certificate

    Authenticated Party
    5

    Certificate Authorities

    Unfortunately, certificate authorities are not regulated You must only use certificate authorities you trust Company can be its own certificate authority for internal authentication among its hardware and software systems

    What is public/asymmetric key cryptography?


    Public key (asymmetric) cryptography is a system based on pairs of keys called public key and private key.

    Generating a Digital Certificate


    Version of Certificate Standard Certificate Serial Number Signature Algorithm Identifier

    Hashing Algorithm

    Issuer
    Period of Validity

    Subject
    C=US ST=NY L=Albany O=OFT CN=John Doe

    Message Digest

    Subjects Public Key


    Algorithm Identifier + Key Value

    Signature of Issuer

    Issuers Private Key

    Client Certificates
    Also called a personal or browser certificate Signing certificate

    Bound to key-pair used for digital signatures


    Encrypting certificate
    Bound to key-pair used for encryption

    Extensive support found in SSL/TLS (next lecture)


    9

    Certification Hierarchy

    What happens if you dont recognize the CA in a certificate or it is not a trusted CA? Suppose CA has a certificate issued by trusted CA2? You may choose to trust CA if you can verify that its certificate is genuine

    CA2
    CAS CERTIFICATE ISSUED BY CA2

    CA
    CERTIFICATE HOLDER

    HOLDERS CERTIFICATE ISSUED BY CA

    10

    10

    Steps for Creating Digital Certificates

    Assert that a true party (named) has the public key contained in the digital certificate
    Provides a name-public key pair Therefore prevents public key deception Fields and content are standardized by the ITUT X.509 Standard

    11

    Characteristics of Digital Certificates

    Each digital certificate has its own digital signature, signed (encrypted) by the private key of the certificate authority

    Provides message integrity so that an impostor cannot change the name field in the digital certificate to its own

    12

    Summarizing Digital Certificates

    Recap
    A digital signature gives the public key of a named party This is needed for public key authentication, to prevent public key deception However, a digital certificate alone does NOT provide authentication
    13

    Public Key Infrastructures (PKI)


    Private key creation and distribution Digital certificate creation and distribution Certificate Revocation List checking

    14

    PKI

    To use public key methods, an organization must establish a comprehensive Public Key Infrastructure (PKI)
    A PKI automates most aspects of using public key encryption and authentication PKI Uses a PKI Server Server

    15

    PKI Server Creates Public Key-Private Key Pairs


    Distributes private keys to applicants securely Often, private keys are embedded in delivered software

    Private Key PKI Server

    16

    PKI Server Provides CRL Checks


    Distributes digital certificates to verifiers Checks certificate revocation list before sending digital certificates
    Digital Certificate

    PKI Server

    17

    CRL Checks

    If applicant gives verifier a digital certificate, The verifier must check the certificate revocation list

    PKI Server

    CRL OK? OK or Revoked

    18

    What is a digital signature?


    is

    a type of asymmetric cryptography used to simulate the security properties of a signature in digital, rather than written, form. Digital signature schemes normally give two algorithms, one for signing which involves the user's secret or private key, and one for verifying signatures which involves the user's public key. The output of the signature process is called the "digital signature.
    is

    an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically time-stamped. The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later.

    19

    How it works

    The use of digital signatures usually involves two processes, one performed by the signer and the other by the receiver of the digital signature: Digital signature creation uses a hash result derived from and unique to both the signed message and a given private key. For the hash result to be secure, there must be only a negligible possibility that the same digital signature could be created by the combination of any other message or private key. Digital signature verification is the process of checking the digital signature by reference to the original message and a given public key, thereby determining whether the digital signature was created for that same message using the private key that corresponds to the referenced public key.

    20

    20

    Digital Signatures

    A handwritten signature is a function of the signer only, not the message Handwritten signatures can be copied and forged The digital equivalent of a handwritten signature would be useless in e-Commerce Must be able to Compare it with the real signature; AND Must be sure it isnt copied or forged How can A prove his identity over the Internet?

    21

    Functions of a Public Key Infrastructure


    Generate public/private key pairs Identify and authenticate key subscribers Bind public keys to subscriber by digital certificate Issue, maintain, administer, revoke, suspend, reinstate, and renew digital certificates Create and manage a public key repository

    22

    Major Ideas

    Digital signature = hash of message encrypted with signers private key. Computationally unforgeable Digital certificate = digital identity document issued by a trusted third party. Associates a public key with a real person A digital signatures without a certificate does not prove identity The holder of a certificate must be challenged to prove he knows the correct private key Certificate authorities form trust hierarchies, with certificate paths from sender to recipient, allowing verification of the trust relationship
    23

    Major Ideas

    MANY eCommerce applications do not require verification of identity, but only verification of authorization Digital certificates are useful when identity must be proven or when interacting with multiple parties not known in advance A long-term relationship between two parties does not require a digital certificate; a password is often (not always) sufficient ASN1. is a hidden method of specifying data formats, but used is many applications, including digital certificates

    24

    25

    26

    27

    Signature Definitions
    Digital Signatures

    Includes simple passwords or digitized images of handwritten signatures Do not rely on cryptography Not computer-readable characters Electronic Signatures

    Most full-featured and secure signature type Electronically signed documents that rely upon public key cryptography (PKC) to authenticate identity Can be encrypted for additional confidentiality

    28

    Public Key Cryptography (PKC)

    PKI is based upon PKC, an internationally accepted method for securing electronic communications PKC involves a pair of mathematically related keys
    Very large prime numbers of 1024 characters in length Public key Distributed freely to anyone whom the public key owner wishes to communicate securely

    Private Key Known only by the signer Used to sign a message that only the public key can verify
    29

    Figure illustrates the certificate request and issuance process by a CA:

    30

    Private Keys or Digital Certificates

    Contain
    User ids Private key Who certificate belongs to When certificate expires

    Storage
    In a browser On a piece of hardware such as a smart card or a plug-in USB device

    Fees
    Users pay an annual fee based on their level of security, liability limits also vary by level of security
    31

    Potrebbero piacerti anche