Terms
arbiter |
The entity that acts as a trusted third party to verify signed messages. |
|
Arbitrated digital signature |
When a arbiter arbitrates the transactions between two people signing messages. |
|
Direct Digital Signature |
Involves only the source and destination. Somehow they know each others public keys to be able to verify the signature of the other. |
|
Digital Signature |
See 13.2 below |
|
DSA/DSS |
DSS (Digital Signature Standard) is a NIST standard that uses SHA. DSA is the Digital Signature Algorithm based on discrete logarithms. |
|
nounce |
a random bit(s) of information used in authentication. |
|
one-way authentication |
As in email, the reciever authenticates the sender, but the sender by nature can not authenticate the reciever until after the receiver has read the mail. Thus we call this kind of transaction one-way, because the sender can't authenticate the reciever before sending the message. |
|
repaly attack |
Simple Replay: Opponent copies message and replays it later. |
|
|
Repetition that can be logged: An opponent can replay a timestamped message within the valid time window. |
|
|
Repetition that cannot be detected: This situation could arise because the original message could have been suppressed and thus did not arrive at this destination; only the replay message arrives. |
|
|
Backward replay without modification: This is a replay back to the message sender. This attack is possible if symmetric encryption is used and the sender cannot easily recognize the difference between messages sent and messages received on the basis of content. |
|
Suppress-replay attack |
If the authentication protocol relies on timestamps and clocks get out of sync, than an oppenent can intercept a message from the sender and replay it later when the timestamp in the message becomes current at the recipient's site. This replay could cause unexpected results. These are referred to as Suppress-replay attacks. P. 387. |
|
Timestamp |
Well, it really the date and time stamped on a document, but in this case we digitally stamp it on the document. |
|
Review Questions
13.1 List two disputes that can arise in the context of message authentication?
P 180 Forgery: He sent me this! Repudiation: I never sent that!
13.2 What are the properties that a digital signature should have?
It must...
- verify the author and the date and time of the signature.
- authenticate the contents at the time of the signature.
- be verifiable by third parties, to resolve disputes.
13.3 What requirements should a digital signature scheme satisfy?
- Signature must depend on the message being signed.
- Signature must use some information unique to the sender to prevent (13.1)
- Relatively easy to produce the digital signature.
- Relatively easy to recognize and verify the digital signature.
- Computationally infeasible to forge a digital signature either by constructing a new message for an existing DS or by constructing a fradulent DS.
- Practical to retain a copy of the DS in storage.
13.4 What is the difference between direct and arbitrated digital signature?
See the definitions above.
13.5 In what order should the signature function and the confidentiality function be applied to a message, and why?
p381: "...it is important to perform the signature function first and then an outer confidentiality function. In case of dispute, some third party must view the message and its signature. If the signature is calculated on an encrypted message, then the third party also needs access to the decryption key to read the original message. However if the signature is the inner operation, then the recipient can store the plaintext me3ssage and its signature for later use in dispute resolution." (using a private key encrypted hash for the signature).
13.6 What are some threats associated with a direct digital signature scheme?
Repudiation: My private key was stolen. Forgery: The private key really was stolen and used to forge a message, but the theft was not reported.
13.7 Give examples of replay attacks
See replay attacks above.
13.8 List three general approaches to dealing with replay attacks.
- sequence numbers added to each message used in an authentication exchange.
- Time stamps (but you have clock synchronization time so really you must accept time intervals).
- Challenge/response: use a nounce for fresh messages. By using a new nounce, you can detect replays.
13.9 What is a suppress replay attack?
See Suppress replay attacks above.