Hash Functions and Authentication Applications Essay
Hash Functions and Authentication Applications
Digital Signature or Public-key digital signature is a method of authenticating digital information comparable to common people’s personal signature on documents. The digital signature process is using techniques taken from public-key cryptography. Digital Signature is actually the output of public-key cryptography for signing and verification and is different from ordinary electronic signature like cable, telex, and fax. Since digital signatures are based cryptographic techniques, a digital signature should have the following properties.
Digital Signature should be: – not forgeable – authentic – cannot be modify after sending – not reusable – prevent repudiation The simpler properties are: – AUTHENTICITY The importance of authenticity is to prevent authorized intervention. Using the public-key cryptosystems, the recipient will be confident that the sender is real and the message is valid. – INTEGRITY Both sender and receiver will be confident that the message sent has not been altered during the transmission. The encryption ensures that no third party can view or read the message. – NON-REPUDIATION
Repudiation means the act of denying association with a message as in claming a third party sent it. This is true when a recipient of the message assert that the sender attach a signature to avoid any later repudiation. Digital Signature functions maybe possible using Direct or Arbitrated Digital Signature. The Direct approach relies only on communicating parties for their security using the public-key cryptosystems. The problem with Direct Digital Signature approach is the validation, wherein the security of the communication depends only on the sender’s private key.
It means that when sender’s security is breach, the whole transaction fails. Furthermore, the sender can also use the repudiation excuse and say that the he never sent a message or say his private keys were forged or stolen. The Arbitrated approach is better, unlike Direct Digital Signature, This approach employ an arbiter to test the sender’s messages and signatures to verify its content and origin. The arbiter, when fully satisfied, stamp the message with date and sent it to its final destination.
Arbitrated digital signatures can be implemented using conventional and public-key encryption. In a conventional approach, it assumed that sender “S” and the assigned arbiter “A”. Both arbiter and sender will now share a secret key, say “KSA” and later the recipient “R” will share secret key as “KRA”. The sender creates a message and computer it against its hash value M(H) then “S” submits the message to “A”. Arbiter will now decrypt the signature, check its hash value, validate the message, and send the message to “R”.
Recipient decrypts the message and restores the original message (M). An arbitrated digital signature using public-key encryption has a different approach wherein the arbiter cannot see the message. At first, the sender “S” encrypts the message with its own private key and encrypts it again with the recipient “R private key thereby producing a secret signed message. This signed message will be encrypted again with the senders ID, together the message will be sent to the arbiter. The inner double encrypted message is secure from the arbiter and from anybody except the recipient.
The arbiter can only see the outer messages to check the origin of the message and ensure that the sender private and public key is still valid. A replay attack is a type of network attack where valid data transmission is maliciously or fraudulently repeated or delayed. It can be the originator itself or an adversary who intercepts the data and re-transmits it. A simple replay attack immediately sends the same message soon enough that it will arrive within the recipients’ window.
A suppress replay attack is when an attacker breach security by initiating a message interception and withhold it for future replay. The attacker will wait for the proper time to effectively replay the message without detection from the recipient.
Data Security 2003, “Digital Signatures”,[online], http://www. cs. uku. fi/~junolain/secu2003/secu2003. html#digital Wikipedia, “Digital Signatures”, [online], http://en. wikipedia. org/wiki/Digital_signature Wikipedia, “Replay Attack”, [online], http://en. wikipedia. org/wiki/Replay_attack
University/College: University of Chicago
Type of paper: Thesis/Dissertation Chapter
Date: 20 March 2017