Scribd
Upload
4 views

Lect 5

Uploaded by

rachelsteelbird
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
4 views

Lect 5

Uploaded by

rachelsteelbird
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Authentication

Recall: authentication is to verify users’ identity


Chapter 5

 Real-life examples: signatures


MACs and Signatures  (What does it mean when you put your signature on a
document?)
 Both authentication and integrity

 Message digests provide (some degree of) integrity


 Problem: attacker replaces the plaintext and the digest
 To provide authentication and integrity:
This is not a digital signature.  MAC: digest + secret key cryptography
 Signature: digest + public key cryptography

Message Authentication Code (MAC) What Do MACs Provide?


 A MAC is a keyed message digest  Integrity
 Takes an arbitrary amount of input data AND a secret key to  An attacker without the secret key cannot create a matching
create a short digest digest for the tampered message
 Sender sends both plaintext and MAC. Receiver computes his  Authentication
own MAC to see if they match
 Any other person does not have the correct key to create a
matching digest
Alice secret key Digest MAC  Confidentiality: No
algorithm network
 Plaintext is sent
plaintext

MAC  Common MAC algorithm: HmacSHA1


network plaintext Equal?
Digest Bob
secret key algorithm
3 4
Java Support for MAC Using MAC in Java
 Java support: javax.crypto.Mac  Generating a MAC:
 Usage is similar to message digests SecureRandom sr = new SecureRandom();
 Step 1: create a Mac object byte[] keyBytes = new byte[20];
sr.nextBytes(keyBytes); // random bytes for a key
 static final Mac getInstance(String Algorithm)
SecretKey key = new SecretKeySpec(keyBytes, “HmacSHA1”);
throws ...
// a secret key for algorithm HmcaSHA1
 Step 2: initialize the Mac with a key (and maybe
algorithm parameters) Mac m = Mac.getInstance(“HmacSHA1”);
m.init(key);
 final void init(Key key) throws ...
m.update(inputData); // some input data
 Step 3: feed MAC with data byte[] mac = m.doFinal();
 final void update(byte[] input) throws...
 Step 4: calculate the code  Verifying a MAC:
 final byte[] doFinal() throws ...  Just compare the two byte arrays (how?)

5 6

Public Key System for Authentication What is a Signature?


 We can reverse the use of keys in public key  Add digests to the previous idea
cryptography to provide authentication!  Signature: a message digest encrypted with the
Alice’s Alice’s signer’s private key
Alice private key public key Bob
ciphertext
plaintext encryption decryption plaintext Alice’s
Alice
network Digest private key
generating digest signature
the signature algorithm Encryption network
 Since the sender’s public key can decrypt correctly, the
plaintext
message must be encrypted using the signer’s private key plaintext
 Since only the signer has his own private key, this Alice’s
authenticates him public key
 Have integrity or confidentiality? signature
Decryption
network Bob verifying
 Disadvantage: long encryption time Digest Equal?
the signature
plaintext algorithm

7 8
What Do Signatures Provide? Two Uses of Public Key Cryptography
 Authentication
 Same reason as before Sender Receiver
Confidentiality Encrypt using Decrypt using
 Integrity receiver’s public key receiver’s private key
(no authentication)
 Attacker cannot produce matching digest of tampered
message without correct encryption key Authentication Sign using sender’s Unsign using sender’s
(no confidentiality) private key public key
 Confidentiality: No
 Plaintext is sent
 What if we want both confidentiality and
authentication?
 Common signature algorithm: DSA

9 10

Generating a Signature in Java Verifying a Signature in Java


 Step 1: Get a signature object  Similar to generating signature (only steps 2, 4
 static Signature getInstance(String algorithm) changed)
throws ...  Step 1: Get a signature object
 Step 2: Initialize the signature using signer’s private  static Signature getInstance(String
Algorithm) ...
key
 final void initSign(PrivateKey privateKey)  Step 2: Initialize signature using signer’s public key
throws ...  final void initVerify(PublicKey publicKey)...

 Step 3: Add data to the signature object  Step 3: Add data to the signature object
 final void update(byte[] input) ...
 final void update(byte[] input) throws ...
 Step 4: Check the signature against the signature to
 Step 4: Calculate the signature be verified
 final byte[] sign() throws ...  final boolean verify(byte[] signature)...

11 12
Signature Based Login StrongClient.java
import Protection; // this class is from last lecture!
 Recall we discussed a protected password login public class StrongClient {
system using message digest public void sendAuthentication(String user, PrivateKey key,
OutputStream outStream) throws IOException,
 Still, there are problems NoSuchAlgorithmException, InvalidKeyException, SignatureException {
DataOutputStream out = new DataOutputStream(outStream);
 People choose easy-to-guess passwords long t1 = (new Date()).getTime();
 People write down their passwords double q1 = Math.random();
Signature sig = Signature.getInstance(“DSA”);
 Here we consider a program which uses signatures sig.initSign(key);
(public/private key pairs) instead of passwords sig.update(Protection.makeBytes(t1,q1));
byte[] signature = sig.sign();
 The client creates a signature of a timestamp and a random
number out.writeUTF(user);
out.writeLong(t1);
 The server uses the client’s public key to verify the signature out.writeDouble(q1);
out.writeInt(signature.length);
out.write(signature);
out.flush();
}
13 14

StrongClient continued StrongServer.java


public static void main(String [] args) throws Exception { import Protection;
String host = args[0]; public class StrongServer {
int port = Integer.parseInt(args[1]); public boolean authenticate(InputStream inStream)
String user = “Stanley”; throws IOException, NoSuchAlgorithmException,
InvalidKeyException, SignatureException, ClassNotFoundException{
// Get the key to create the signature DataInputStream in = new DataInputStream(inStream);
ObjectInputStream keyIn = new ObjectInputStream( String user = in.readUTF();
new FileInputStream(“PrivateKey.ser”)); long t1 = in.readLong();
PrivateKey privateKey = (PrivateKey)keyIn.readObject(); double q1 = in.readDouble();
keyIn.close(); int length = in.readInt();
byte[] signature = new byte[length];
// Create the socket and call the login protocol in.readFully(signature);
Socket s = new Socket(host,port);
StrongClient client = new StrongClient(); PublicKey key = getKey(user); // next slide
client.sendAuthentication(user, privateKey, s.getOutputStream()); Signature sig = Signature.getInstance(“DSA”);
s.close(); sig.initVerify(key);
} sig.update(Protection.makeBytes(t1,q1));
} return sig.verify(signature);
}

15 16
StrongServer continued Signed Objects
private PublicKey getKey(String user) throws
FileNotFoundException, IOException, ClassNotFoundException {
 How to sign an Java object (not just bytes?)
ObjectInputStream keyIn = new ObjectInputStream(  Java provides a class
new FileInputStream(“PublicKey.ser”));
PublicKey publicKey = (PublicKey)keyIn.readObject();
java.security.SignedObject that encapsulates
keyIn.close(); (contains) and signs any serializable object
return publicKey;
} // assume hardcoded public key
 Create a signed object:
 SignedObject(Serializable object, PrivateKey
public static void main(String [] args) throws Exception { signingKey, Signature sigEngine) throws ...
int port = Integer.parseInt(args[1]);
ServerSocket s = new ServerSocket(port);  Verify the signature in a signed object:
Socket client = s.accept();  final boolean verify(PublicKey verifyKey,
StrongServer server = new StrongServer(); Signature verifyEngine) throws ...
if (server.authenticate(client.getInputStream())
System.out.println(“Client logged in”);  Retrieve the object:
else  Object getObject() throws ...
System.out.println(“Client failed to log in”);
s.close();
}}
17 18

Attack on Signatures Birthday Attack


 How to “forge” a signature?  Consider the following scenario:
 Different message but same digest?  Trudy generates 2n/2 variations M1, M2, … of a message M, all
 Attack: with essentially the same meaning
 Trudy generates another 2n/2 variations N1, N2, … of a
 Alice has a message M with digest D
different message N
 Suppose there is a different message M’ with a digest D’ such
 It is likely that D(Mi) = D(Nj) for some i and j (probability >
that D = D’
0.5)
 Alice generates the signature
 Trudy gives Mi to Alice to sign
 Attacker replaces M with M’, keeps same signature
 Trudy gives Alice’s signature and Nj to Bob
 Bob will believe Alice signs M’
 Bob believes Alice signs Nj
 Level of effort:
 Level of effort: ~2n/2, much smaller than before
 If the digest has n bits, then on average, it needs ~2n
 (1 second vs. billions of years, for n = 128)
messages to generate such a match

19 20
Message with Many Variations Summary
 To support authentication and integrity:
 MAC: digest + secret key cryptography
 Digest computed from message and shared secret value
 Signature: digest + public key cryptography
 Digest en/decrypted using sender’s private/public keys
 Birthday attack (on signatures)
 Key idea: create multiple copies of “genuine” and “fraudulent”
documents
 Conclusion:  Reduce complexity from 2n to ~2n/2
digest need to
be long enough

21 22

You might also like