CIS3360: Chapter 8: Cryptography
Application of Public Cryptography
Cliff Zou
Spring 2012
Network Security
7-1
Acknowledgement
 Some slides are modified from the slides
provided by textbook:
 Computer
Networking: A Top Down Approach
Featuring the Internet, J. Kurose & K. Ross,
Addison Wesley, 4rd ed., 2007
Network Security
7-2
Digital Signatures
Cryptographic technique analogous to handwritten signatures.
 sender (Bob) digitally signs document,
establishing he is document owner/creator.
 verifiable, nonforgeable: recipient (Alice) can
prove to someone that Bob, and no one else
(including Alice), must have signed document
Network Security
7-3
Digital Signatures
Simple digital signature for message m:
 Bob signs m by encrypting with his private key
-
KB, creating “signed” message, KB(m)
Bob’s message, P
Dear Alice
Oh, how I have missed
you. I think of you all the
time! …(blah blah blah)
Bob
K B Bob’s private
key
Public key
encryption
algorithm
E K ¡ (P)
B
Bob’s message, P,
signed (encrypted)
with his private key
Network Security
7-4
Digital Signatures (more)
 Suppose Alice receives:

msg P’, and its digital signature E K B¡ (P)
 Alice verifies P’ signed by Bob by applying Bob’s
public key K B+ to E K B¡ (P)

checks if
D K + (E K ¡ (P)) = P 0
B
B
Alice thus verifies that:
 Bob signed P.
 No one else signed P.
 Bob signed P and not a different P’.
Non-repudiation:
 Alice can take P, and its signature to court
and prove that Bob signed P.
Network Security
7-5
Message Digests
Computationally expensive
to public-key-encrypt
long messages
Goal: fixed-length, easyto-compute digital
“fingerprint”
 apply hash function H
to m, get fixed size
message digest, H(m).
large
message
P
H: Hash
Function
H(m)
Hash function properties:
 many-to-1
 produces fixed-size msg
digest (fingerprint)
 given message digest x,
computationally
infeasible to find m such
that x = H(m)
Network Security
7-6
Hash Function Algorithms
 MD5 hash function widely used (RFC 1321)
computes 128-bit message digest in 4-step
process.
 arbitrary 128-bit string x, appears difficult to
construct msg m whose MD5 hash is equal to x.
 SHA-1 is also used.
 US standard [NIST, FIPS PUB 180-1]
 160-bit message digest

Network Security
7-7
Digital signature = signed message digest
Alice verifies signature and
integrity of digitally signed
message:
Bob sends digitally signed
message:
large
message
m
H: Hash
function
Bob’s
private
key
+
-
KB
encrypted
msg digest
H(m)
digital
signature
(encrypt)
encrypted
msg digest
large
message
m
H: Hash
function
E K ¡ (H (m))
B
No confidentiality !
E K ¡ (H (m))
B
Bob’s
public
key
+
KB
digital
signature
(decrypt)
H(m)
H(m)
equal
?
Network Security
7-8
Trusted Intermediaries
Public key problem:
 When Alice obtains Bob’s public key (from web site,
e-mail, diskette), how does she know it is Bob’s
public key, not Trudy’s?
Solution:
 trusted certification authority (CA)
Network Security
7-9
Certification Authorities
 Certification authority (CA): binds public key to
particular entity, E.
 E (person, router) registers its public key with CA.



E provides “proof of identity” to CA.
CA creates certificate binding E to its public key.
certificate containing E’s public key digitally signed by CA
– CA says “this is E’s public key”
E K ¡ (K B+ )
Bob’s
public
key
Bob’s
identifying
information
+
KB
digital
signature
(encrypt)
CA
private
key
K-
CA
CA
+
KB
certificate for
Bob’s public key,
signed by CA
Network Security 7-10
Certification Authorities
 When Alice wants Bob’s public key:
gets Bob’s certificate (Bob or elsewhere).
 apply CA’s public key to Bob’s certificate, get
Bob’s public key

+
KB
E K ¡ (K B+ )
CA
digital
signature
(decrypt)
CA
public
key
Bob’s
public
+
key
KB
+
K CA
Network Security
7-11
A certificate contains:
 Serial number (unique to issuer)
 info about certificate owner, including algorithm
and key value itself (not shown)
 info about
certificate
issuer
 valid dates
 digital
signature by
issuer
Network Security 7-12
Internet Web Security
Architecture
CA
Web Server B
K+B
E K ¡ (K B+ )
CA
Client A
Cert Request
E K ¡ (K B+ )
CA
EK
+
(KAB, R)
B
EK (R)
AB
EK (m)
AB
Network Security 7-13
Internet Web Security Conditions
 Clients’ web browsers have built-in CAs.
 CAs are trustable
 Web servers have certificates in CAs.
 Q: What if a server has no certificate?
 Example: SSH servers
Network Security 7-14
SSH Example
Web Server B
Client A
EK
+
(KAB, R)
B
EK (R)
AB
EK (m)
AB
 Initial setup:
Trust the first-time connection
 Save the server’s public key

 Still vulnerable due to the update of
server’s key
Network Security 7-15
Secure Message
Assumption: Public keys are pre-distributed securely
E.g: through CA, or pre-established like SSH
Alice wants to send confidential message, m, to Bob.
KS
m
.
KS( )
KS(m )
+
KS
Alice:




+
.
K B( )
+
K
B
Internet
E K + (K S )
B
generates random symmetric private key, KS.
encrypts message with KS (for efficiency)
also encrypts KS with Bob’s public key.
sends both KS(m) and E K + (K S ) to Bob.
B
Network Security 7-16
Secure Message

Alice wants to send confidential message, m, to Bob.
KS
m
E()
+
KS
EKS(m )
EKS(m )
D()
-
Internet
KS
D()
E()
+
KB
m
E K + (K S )
B
E K + (K S )
B
-
KB
Bob:
 uses his private key to decrypt and recover KS
 uses KS to decrypt EKS(m) to recover m
Network Security 7-17
Secure Message (continued)
• Alice wants to provide sender authentication
message integrity.
+
-
KA
m
K (.)
H(.)
-
E K ¡ (H (m))
A
A
+
Internet
m
KA
E K ¡ (H (m))
A
+
.
KA( )
m
H(m )
compare
.
H( )
H(m )
• Alice digitally signs message.
• sends both message (in the clear) and digital signature.
Network Security 7-18
Secure Message (continued)
• Alice wants to provide secrecy, sender authentication,
message integrity.
-
KA
m
.
H( )
-
.
E K ¡ (H (m))
A
KS
KA( )
+
.
KS( )
+
m
KS
+
.
K B( )
+
K
Internet
E K + (K S )
B
B
Alice uses three keys: her private key, Bob’s public
key, newly created symmetric session key
Network Security 7-19