2137
Comment:
|
3204
|
Deletions are marked like this. | Additions are marked like this. |
Line 20: | Line 20: |
'''11.1 List two disputes that can arise in the context of message authentication?''' | '''13.1 List two disputes that can arise in the context of message authentication?''' |
Line 22: | Line 22: |
P 180 Forgery: He sent me this! Repudiation: I never sent that! | |
Line 23: | Line 24: |
'''13.2 What are the properties that a digital signature should have?''' | |
Line 24: | Line 26: |
'''11.2 What are the properties that a digital signature should have?''' | It must... 1. verify the author and the date and time of the signature. 1. authenticate teh contents at the time of the signature. 1. be verifiable by third parties, to resolve disputes. '''13.3 What requirements should a digital signature scheme satisfy?''' 1. Signature must depend on the message being signed. 1. Signature must use some information unique to the sender to prevent (13.1) 1. Relatively easy to produce the digital signature. 1. Relatively easy to recognize and verify the digital signature. 1. Computationally infeasible to forge a digital signature either by constructing a new message for an existing DS or by constructing a fradulent DS. 1. Practical to retain a copy of the DS in storage. '''13.4 What is the difference between direct and arbitrated digital signature?''' See the definitions above. '''13.5 In what order should the signature function and the confidentiality function be applied to a message, and why?''' |
Terms
arbiter |
The entity that acts as a trusted third party to verify signed messages. |
|
Arbitrated digital signature |
When a arbiter arbitrates the transactions between two people signing messages. |
|
Direct Digital Signature |
Involves only the source and destination. Somehow they know each others public keys to be able to verify the signature of the other. |
|
Digital Signature |
See 13.2 below |
|
DSA/DSS |
DSS (Digital Signature Standard) is a NIST standard that uses SHA. DSA is the Digital Signature Algorithm based on discrete logarithms. |
|
nounce |
a random bit(s) of information used in authentication. |
|
one-way authentication |
As in email, the reciever authenticates the sender, but the sender by nature can not authenticate the reciever until after the receiver has read the mail. Thus we call this kind of transaction one-way, because the sender can't authenticate the reciever before sending the message. |
|
repaly attack |
Simple Replay: Opponent copies message and replays it later. |
|
|
Repetition that can be logged: An opponent can replay a timestamped message within the valid time window. |
|
|
Repetition that cannot be detected: This situation could arise because the original message could have been suppressed and thus did not arrive at this destination; only the replay message arrives. |
|
|
Backward replay without modification: This is a replay back to the message sender. This attack is possible if symmetric encryption is used and the sender cannot easily recognize the difference between messages sent and messages received on the basis of content. |
|
Suppress-replay attack |
See Repetition that cannot be detected above. |
|
Timestamp |
Well, it really the date and time stamped on a document, but in this case we digitally stamp it on the document. |
Review Questions
13.1 List two disputes that can arise in the context of message authentication?
P 180 Forgery: He sent me this! Repudiation: I never sent that!
13.2 What are the properties that a digital signature should have?
It must...
- verify the author and the date and time of the signature.
- authenticate teh contents at the time of the signature.
- be verifiable by third parties, to resolve disputes.
13.3 What requirements should a digital signature scheme satisfy?
- Signature must depend on the message being signed.
- Signature must use some information unique to the sender to prevent (13.1)
- Relatively easy to produce the digital signature.
- Relatively easy to recognize and verify the digital signature.
- Computationally infeasible to forge a digital signature either by constructing a new message for an existing DS or by constructing a fradulent DS.
- Practical to retain a copy of the DS in storage.
13.4 What is the difference between direct and arbitrated digital signature?
See the definitions above.
13.5 In what order should the signature function and the confidentiality function be applied to a message, and why?