NETWORKSECURITYAND CRYPTOGRAPHY EBhadrinath Radha Krishna
K
IV/IVB.Tech(I.T) IV/IVB.Tech(I.T)
[email protected] [email protected] KITS, WGL. KITS, WGL.
ABSTRACT This paper aims toprovide a broadreviewof andcryptography
networksecurity
, with particular regard to digital signatures.
Network security and cryptography is a subject too wide rangingto coverage about howtoprotect information indigital form and to provide security services. However, a general overviewof networksecurityandcryptographyis providedand various algorithms are discussed. A detailed review of the subject of
network security and cryptography
signatures
is then presented. The purpose of a
signature
is toprovide a means for anentitytobindits identity
to a piece of information. The common attacks on digital signature was reviewed. The first method was the RSA signature scheme, which remains today one of the most practical and versatile techniques available. Fiat-Shamir signature schemes, DSAand related signature schemes are two
in digital digital
other methods reviewed. Digital signatures have many applications in information security, including authentication, dataintegrity, andnon-repudiationwas reviewed.
INTRODUCTION The objective of this paper is to provide the reader with an insight intorecent developments in the field of network security and cryptography, with particular regard to digital signatures .cryptography was used as a tool to protect national secrets and strategies. The proliferation of computers and communications systems in the 1960s brought with it a demand from the private sector for means to protect information in digital formand to provide security services. DES, the Data Encryption Standard, is the most well-known cryptographic mechanism. It remains the standard means for securing electronic commerce for many financial institutions around the world. The most striking development in the history of cryptography came in 1976 when Diffie and Hellmanpublished A digital signature
NewDirections inCryptograph
y.
of a message is a number dependent on
some secret known only to the signer, and, additionally, on the content of the message being signed. Signatures must be verifiable; if a dispute arises as to whether a party signed a document (caused by either a lying signer trying to
repudiate
asignatureit didcreate, or afraudulent claimant), anunbiased third party should be able to resolve the matter equitably, without requiring access to the signer’s secret information (privatekey). The first method discovered was the RSA signature scheme,Which remains today one of the most practical and versatile techniques available. Sub-sequent research has resulted in many alternative digital signature techniques. The Feige-Fiat-Shamir signature scheme requires a one-way hash function.
Informationsecurityandcryptography Cryptography, an understanding of issues related to information security in general is necessary. Information security manifests itself in many ways according to the situation andrequirement. Over the centuries, an elaborate set of protocols and mechanisms has been created to deal with information security issues when the information is conveyed by physical documents. Often the objectives of information security cannot solely be achieved through mathematical algorithms and protocols alone, but require procedural techniques and abidance of laws to achieve.The concept of information
will be taken to be an understood quantity. For
example, privacy of letters is provided by sealed envelopes deliveredbyanacceptedmail service.
Randomized
Message recovery
Deterministi c
Digital signature schemes
Randomized Appendix Deterministi c Figure: taxonomy
of signatureschemes
ATTACKSONDIGITALSIGNATURES 1. Key-only attack
s. In these attacks, an adversary knows
onlythesigner’s public key. 2. Message attack
s. Hereanadversaryis abletoexamine
signatures correspondingeither toknownor chosenmessages. Messageattacks canbefurther subdividedintothree classes: (a) Known-messageattac
k. Anadversaryhas signatures for a
set of messages whichare knowntotheadversarybut not chosenbyhim. (b)
Chosen-message attac
k. An adversary obtains valid
signatures fromachosenlist of messages before attemptingto breakthe signaturescheme. This attack is
non-adaptive
inthe
sense that messages are chosen before any signatures are seen. Chosen-message attacks against signature schemes are analogous to chosen cipher text attacks against public-key encryptionschemes . (c) Adaptive chosen-message attac
k. Anadversaryis allowed
to use the signer as an oracle; the adversary may request signatures of messages whichdependonthe signer’s public key and he may request signatures of messages which depend on previously obtained signatures or messages.
Signingprocedure Entity A(the
signe r) creates a signature for a message m€ M
bydoingthefollowing: 1. Computes =S
A
(m).
2. Transmit thepair (m, s). s is calledthe
signature
message m.
Verificationprocedure Toverifythat asignatures onamessagemwas createdbyA, anentityBperforms the followingsteps: 1. ObtaintheverificationfunctionV 2. Computeu=V
A
A
of A.
(m, s).
3. Accept the signature as havingbeencreatedbyAif u= tru e, andreject thesignatureif u=
fals e.
for
The RSAsignature scheme The message space and cipher text space for the RSApublickeyencryptionscheme are bothZn={0, 1, 2…n-1}where n = pq is the product of two randomly chosen distinct prime numbers. Since the encryption transformation is a bijection, digital signatures can be created by reversing the roles of encryption and decryption. The RSA signature scheme is a deterministic digital signature scheme which provides message recovery. The signing space M S are both Z
n
S
and signature space
. Aredundancy function R: M
andis publicKnowledge. Algorithm:
Key generationfor theRSAsignaturescheme
SUMMARY
: eachentitycreates anRSApublic keyanda
correspondingprivatekey. EachentityAshoulddothe following: 1. Generatetwolargedistinct randomprimes pandq, each roughlythesamesize. 2. Computen=pqandΦ=(p-1)(q- 1). 3. Select a randominteger e, 1<e <Φ, suchthat gcd(e, Φ) =1. 4. Use theextendedEuclideanalgorithm(Algorithm2.107) to computetheunique integer d, 1
Z
n
is chosen
Algorithm:
RSAsignaturegenerationandverification
SUMMARY
: entityAsigns amessagem€M. AnyentityB
canverifyA’s signature andrecover themessage mfromthe signature. 1. Signature generation.
EntityAshoulddothefollowing:
(a) Computem=R(m), aninteger intherange [0, n-1]. d
(b) Computes =m
modn.
(c) A’s signaturefor mis s. 2. Verification.
ToverifyA’s signatures andrecover the
message m, Bshould: (a) ObtainA’s authenticpublickey(n; e). (b) Compute m=s
e
modn.
(c) Verifythat m€M (d) Recover m=R‾
; if not, reject the signature.
R 1
(m).
Feige-Fiat-Shamir signaturescheme The Feige-Fiat-Shamir signature schemeandrequires aonewayhashfunctionh:{0, 1}* integer k. Here {0, 1}
{0,1} k
k
for somefixedpositive
denotes theset of bit strings of bit
lengthk, and{0, 1}*denotes theset of all bit strings (of arbitrarybit lengths). Algorithm: signaturescheme
Key generationfor the Feige-Fiat-Shamir
SUMMARY
: eachentitycreates apublic keyand
correspondingprivatekey. EachentityAshoulddothe following: 1. Generaterandomdistinct secret primes p, qandformn= pq. 2. Select a positive integer kanddistinct randomintegers s1, s2 , ... ,sk€Z* 3. Computev
n
j
=s‾
2
modn, 1≤j ≤k.
j
4. A’s publickeyis thek-tuple(v1, v2,…vk) andthe modulus n; A’s privatekeyis the k-tuple (s1, s2,…, sk). Algorithm:
Feige-Fiat-Shamir signaturegenerationand
verification SUMMARY
: entityassigns a binarymessagemof arbitrary
length. AnyentityBcanverifythis signature byusingA’s publickey. 1. Signature generation
. EntityAshoulddothefollowing:
(a) Select arandominteger r, 1≤r ≤n- 1. (b) Computeu=r
2
modn.
(c) Computee =(e1, e2, …,ek) =h(m║u); eache (d) Computes =r.Π
k
j=1
s jej modn.
(e) A’s signaturefor mis (e, s). 2. Verification. dothe following:
ToverifyA’s signature(e, s) onm, Bshould
i
€{0, 1}.
(a) ObtainA’s authenticpublickey(v1, v2, …,vk) andn. 2
(b) Computew=s
.Π kj=1 v j ej mod n.
(c) Computee’ =h(m║w). (d) Accept the signature if andonlyif e =e’ .
TheDigital SignatureAlgorithm(DSA) InAugust of 1991, theU.S. National Instituteof Standards andTechnology(NIST) proposeda digital signature algorithm(DSA). TheDSAhas become aU.S. Federal InformationProcessingStandard(FIPS186) calledthe Digital SignatureStandard
(DSS), andis thefirst digital
signatureschemerecognizedbyanygovernment The signaturemechanismrequires a hashfunctionh: {0, 1}*
Zq
for someinteger q. Algorithm:
Key generationfor theDSA
SUMMARY
: eachentitycreates apublic keyand
correspondingprivatekey. EachentityAshoulddothe following: 159
1. Select a primenumber qsuchthat 2
160.
2. Chooset sothat 0≤t ≤8, andselect aprime number p where2 2
512+64t
511+64t
, withthepropertythat qdivides (p- 1).
3. (Select a generator αof theuniquecyclicgroupof order q inZ*
p.)
3.1Select anelement g€Z*
p
andcomputeα=g
(p-1)/q
modp.
3.2If α=1thengotostep3.1.
a suchthat 1≤
4. Select a randominteger
a ≤q- 1.
αa modp.
5. Computey=
6. A’s publickeyis (p, q, α, y); A’s privatekeyis
Algorithm:
DSAsignaturegenerationandverification
SUMMARY
: entityAsigns abinarymessage mof arbitrary
length. AnyentityBcanverifythis signature byusingA’s publickey. 1. Signature generation
. EntityAshoulddothe
following: (a) Select arandomsecret integer k; 0
(b) Computer =(α
modp) modq
(c) Computek‾1modq. (d) Computes =k‾1{h(m) +ar}modq. (e) A’s signaturefor mis the pair (r; s).
2. Verification
.
Toverify A’s signature(r, s) onm, B
shoulddothefollowing: (a) ObtainA’s authenticpublickey(p, q, α, y). (b) Verifythat 0
a.
(d) Computeu1=w.h(m) modqandu2=rwmodq. (e) Computev=(α
u1
y
u2
modp) modq.
(f) Accept the signature if andonlyif v=r.
APPLICATIONS: Digital signatures have many applications in information security, including authentication, data integrity, and nonrepudiation. Oneof the most significant applications of digital signatures is thecertificationof public keys inlarge networks. Certificationis a means for a trustedthirdparty(TTP) tobind the identity of a user to a public key, so that at some later time, other entities can authenticate a public key without assistancefromatrustedthirdparty.
CONCLUSION: This paper has providedabroadreviewof networksecurity andcryptographyalgorithms withparticular regardtodigital signatures Thetransformations SA (SIGNING) andVA (VERIFICATION) are typicallycharacterizedmore compactlybyakey that is, there is aclass of signingand verificationalgorithms publiclyknown, andeachalgorithmis identifiedbyakey. Thus thesigningalgorithmSAof Ais determinedbyakeykAandAis onlyrequiredtokeepkA
secret. Similarly, theverificationalgorithmVAof Ais determinedbyakeylAwhichis madepublic. Handwrittensignatures couldbe interpretedas aspecial class of digital signatures. Tosee this, takethe set of signatures Stocontainonlyone element whichis thehandwrittensignatureof A, denotedby sA. Theverificationfunctionsimplychecks if thesignature onamessagepurportedlysignedbyAis sA
REFERENCES: 1.AppliedCryptography, byA. Menezes, P. vanOorschot, andS. Vanstone, CRCPress, 1996. http:// Cacr.math.uwaterloo.com www.prenticehall.com 2.NetworkSecurityandCryptographybyWilliamStallings