{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

3.5.signatures

3.5.signatures - CS 161 Spring 2010 Computer Security...

Info icon This preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
CS 161 Computer Security Spring 2010 Paxson/Wagner Notes 3/5 Message Authentication Codes and Digital Signatures In the last two lectures, we looked at symmetric- and asymmetric-key encryption. Encryption is used to protect the confidentiality of communications over an insecure channel. This lecture, we’ll look at crypto- graphic schemes that provide integrity and authentication . In particular, the threat we’re concerned about is adversaries who send spoofed messages (pretending to be from a legitimate participant) or who mod- ify the contents of a message from a legitimate participant. To address these threats, we will introduce cryptographic schemes that enable the recipient to detect spoofing and tampering. We’ll look at schemes in both the symmetric-key and asymmetric-key models. If Alice and Bob share a secret key K , they can use a Message Authentication Code (also called a MAC, for short) to detect tampering with their messages. If they don’t have a shared key, but Bob knows Alice’s public key, Alice can sign her messages with her private key, using a digital signature scheme (also known as a public-key signature scheme). In tabular form, the big four types of cryptographic primitives are: Symmetric-key Asymmetric-key Confidentiality Symmetric-key encryption (e.g., AES-CBC) Public-key encryption (e.g., El Gamal) Integrity and authentication MACs (e.g., AES-CBC-MAC) Digital signatures (e.g., RSA) 1 Message Authentication Codes (MACs) Suppose Alice and Bob share a secret key K , and Alice wants to send a message to Bob over an insecure channel. The message isn’t secret, but she wants to prevent attackers from modifying the contents of the message. The idea of a Message Authentication Code (MAC) is to send a keyed checksum of the message along with the message, chosen so that any change to the message will render the checksum invalid. The MAC on a message M is a value F ( K , M ) computed from K and M ; the value F ( K , M ) is called the tag for M . Typically, we might use a 128-bit key K and 128-bit tags. Alice will send the pair of values M , T to Bob, where she computed the tag T = F ( K , M ) using the MAC. When Bob receives M , T , Bob will compute F ( K , M ) and check that it matches the provided tag T . If it matches, Bob will accept the message M as valid, authentic, and untampered; if F ( K , M ) 6 = T , Bob will ignore the message M and presume that some tampering or message corruption has occurred. The algorithm F is chosen so that if the attacker replaces M by some other message M 0 , then the tag will almost certainly 1 no longer be valid: in particular, F ( K , M ) 6 = F ( K , M 0 ) . More generally, there will be no 1 Strictly speaking, there is a very small chance that the tag for M will also be a valid tag for M 0 . However, if we choose tags to CS 161, Spring 2010, Notes 3/5 1
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
way for the adversary to modify the message and then make a corresponding modification to the tag to trick Bob into accepting the modified message: given M and T = F ( K , M ) , an attacker who does not know the key K should be unable to find a different message M 0 and a tag T 0 such that T 0 is a valid tag on
Image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern