As you educate the security staff on cryptographic concepts, you also will soon

Question

As you educate the security staff on cryptographic concepts, you also will soon make recommendations on the tools that will be appropriate for this company. You will address the topic of digital signatures with the staff. Present the concepts of digital signatures in an 8–10-slide presentation with speaker notes. The presentation should include an explanation of the topic with examples. The presentation should cover the following topics:

What properties should a digital signature have?

What is the difference between direct and arbitrated digital signature?

What is a suppress-replay attack?

What are the advantages and disadvantages of using digital signatures?

Be sure to reference all sources using APA format.

Explanation / Answer

Required properties of digital signatures To be valid, digital signatures require properties: -

a) Authenticity: a valid signature implies that the signer deliberately signed the associated message -

b) Unforgeability: only the signer can give a valid signature for the associated message -

c) Non-re-usability: the signature of a document can not be used on another document -

d) Non-repudiation: the signer can not deny having signed a document that has valid signature -

e) Integrity: ensure the contents have not been modified

a) Authenticity The active participation of the signer in the transaction must be ensured. This active participation can rely on two elements: - The presence of the smart card owned by the signer - The validation of a secret code known only by the signer (PIN code or password). The PIN is a secret that shall be protected in the same way as the keying material; the PIN shall be stored in the smart card.

b) Unforgeability and no-re-usability Those two properties imply: - The secrecy of the keying material, - The use of strong and secure cryptographic algorithms (e.g. RSA, DSA or other). So, those two properties require the storage of the keying material and the algorithms in a tamper resistant device protected against attacks. The smart card is a tamper resistant device containing hardware and software countermeasures to protect it against invasive attacks and logical attacks (fault attacks, power attacks, buffer overflows, malicious code attacks, and ultimately cryptanalysis). The software applications, more and more submitted to Trojan horses and malicious programs, lack those protected mechanisms.

. c) Non-repudiation This property relies on the security of the whole system: if there is any way to attack the system a signer can repudiate a signature arguing that the system is not secure. The security of the weakest link will determine the system’s overall security level. When designing a secure system, the security of every component must be taken into account. So, even if strong security mechanisms are defined to issue certificates and guaranty proof of possession, the non-repudiation property can be “defeated” if the storage of the private key is not secure.

d) The non-repudiation property requires the storage of the private keys and the execution of the cryptographic computation in a tamper-resistant device protected against attacks. The smart cards are designed to fulfil those requirements Moreover, smart cards can perform on-board key generation. The on-board key generation feature reinforces the secrecy of the private keys since they never go outside the smart card. No one other than the cardholder can access the private signature key.

Conclusion According to the required properties for digital signatures, the subscriber private keys and the cryptographic computations related to digital signatures shall be managed by the smart card.

What is the difference between direct and arbitrated digital signature?

The Direct Digital Signature

Understanding a direct digital signature begins by recognizing there are only two parties involved in the passing of the signed information: the sender and the receiver. Direct digital signatures only require these two entities because the receiver of the data (digital signature) knows the public key used by the sender. And the sender of the signature trusts the receiver not to alter the document in any way.

The Arbitrated Digital Signature

Implementing an arbitrated digital signature invites a third party into the process called a "trusted arbiter." The role of the trusted arbiter is usually twofold: first this independent third party verifies the integrity of the signed message or data. Second, the trusted arbiter dates, or time-stamps, the document, verifying receipt and the passing on of the signed document to its intended final destination.

Shortcomings of Direct Signature

Knowing the potential problems with a direct digital signature will help to differentiate it from an arbitrated digital document. Perhaps the biggest concern is the need for trust between the sender and receiver since there is no independent verification process in place. This process also requires the sender to have a private key (the receiver only has the public key they both share), and if the sender says it was lost or stolen, he can claim the signature is forged. Having the private key actually stolen, and subsequently forging signatures, is a potential security threat using a direct digital signature.

Shortcomings of Arbitrated Signature

Filling many of the concerns of the direct signature by using a trusted arbiter, an arbitrated signature has shortcomings of its own. Using an arbiter requires complete trust from both the sender and receiver that the arbiter will not only time-stamp and forward the document as instructed, but also not alter the data in any way. There is also the possibility that an arbiter may show bias toward one party or the other should any discretion arise.

What is a suppress-replay attack?

If the clock of the sender is ahead of the receivers and the message is intercepted, the opponent can replay the message when the timestamp becomes current. This type of attack is known as suppress-replay attack.

In order to address the concern of suppress-replay attack, an improved protocol was presented. Here are the detailed steps.

1. "A initiates the authentication exchange by generating a nonce, Na, and sending that plus its identifier to B in plaintext. This nonce will be returned to A in an encrypted message that includes the session key, assuring A of its timelines.

2. B alerts the KDC that a session key is needed. Its message to the KDC includes its identifier and a nonce, Nb. This nonce will be returned to B in an encrypted message that includes the session key, assuring B of its timeliness. B's message to the KDC also includes a block encrypted with the secret key shared by B and the KDC. This block is used to instruct the KDC to issue credentials to A; the block specifies the intended recipient of the credentials, a suggested expiration time for the credentials, and the nonce received from A.

3. The KDC passes on to A B's nonce and a block encrypted with the secret key by A for subsequent authentications, as will be seen. The KDC also sends A a block encrypted with the secret key shared by A and the KDC. This block verifies that B has received A's initial message (IDB) and that this is a timely message and not a replay (Na), and it provides A with a session key (KS) and the time limit on its use (Tb).

4. A transmits the ticket to B, together with the B's nonce, the latter encrypted with the session key. The ticket provides B with the secret key that is used to decrypt EKS[Nb] to recover the nonce. The fact that B's nonce is encrypted with the session key authenticates that the message came from A and is not a replay"

Advantages of Digital Signatures

The following are the main benefits of using digital signatures:

Disadvantages of Digital Signatures

Just like all other electronic products, digital signatures have some disadvantages that go with them. These include:

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.