Embed Size (px)
Citation preview
Digital Signatures
Anononymity and the Internet
Potential For Mischief
Microsoft
You
HackerControlled
Website
Signature
• Signature - verifies identity
• What could go wrong?
Signature Bank
• Record of signatures
Physical Signature
• Sign a message by locking with a key you own
Physical Key Back
• Still need a trusted entity to manage keys
Asymmetric Cryptography
• Symmetric cryptography:Key for encoding same as key for decoding– Shift three letters
• Asymmetric cryptography:Key for encoding different than for decoding
Simple Example
• Encryption Key : – Multiply by 6, clock size 11– Encode 5 = 5 * 6 clock 11 = 30 clock 11 = 8
Decoding
• If x * 6 clock 11 = ythen y * 2 clock 11 = x
Decryption Key
• 2 is the decryption Key for encryption key 6 and clock size 11
Picking Keys
• Pick clock size C– Prime clock sizes work best
• Find x and y such that x * y clock C = 1
Public / Private
• One key is kept private• Other key made public– Give to anyone who wants it
Private Key
• Any message encrypted with a private key MUST have been written by the person who signed it
• Anyone can decryptthe message– Encryption for
authenticationnot secrecy
How Do We Know Public Key Is Good?
Ravi
You
HackerControlled
Website
Authenticating a Key
• Official key bank??
Can't Really Trust a Bank
Key Bank
You
HackerControlled
Website
Authenticating a Key
• Key bank "signs" people's public keys by encrypting them
Authenticating a Key
• Browsers come with public keys of known banks called Certification Authorities
2 Part Message
• Send two things:– Message encrypted with private key– Public key encrypted by trusted authority
Chain Of Trust
• Reality may involve chain of locks
Encrypting With Public Key
• Anyone can use public key to secretly send message to holder of private key
Locked with Private KeyAuthentication
Locked with Public KeySecrecy
Web Security
• HTTPS : Secure web connection– Browser asks server for public key– Browser picks shared secret,
encrypts with public key, sendsto server
RSA
• Multiplication keys too easy to break…
RSA
• Multiplication keys too easy to break… …use exponents
• RSA (Rivest, Shamir, Adelman) invented algorithm in 1977
RSA Math
• Private key : raise to x power, clock size C• Public key : raise to y power, clock size C
Message: 443 clock 22 =64 clock 22 = 20Encrypted: 20207 clock 22 = 4
Picking Keys
• Start with two prime numbers p, q – multiply to make clock size
• Pick private key, calculate public key from private, p and q using multiplication trick
Picking Keys
• Start with two prime numbers p, q – multiply to make clock size
• Pick private key, calculate public key from private, p and q using multiplication trick
• If anyone figures out p and q they can figure out your private key
Factoring
• Factoring large numbers is hard– But we are getting faster
Factoring
• Factoring large numbers is hard– But we are getting faster
• Larger keys : 2048 bits (prime numbers with 100's of digits)
Factoring
• Factoring large numbers is hard– But we are getting faster
• Larger keys : 2048 bits (prime numbers with 100's of digits)
• May need to move to different kinds of math:http://arstechnica.com/security/2013/10/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/2/
Two messages:
• My public key: exponent 3, clock 34encrypted ^ exponent mod clock = message
• Which 1 of these messages is NOT from me?– Three should check out, one should not
Message 5 4 15 8EncryptedVersion
11 30 12 2
![HTML5 and Digital Signatures - vrk.fi · HTML5 AND DIGITAL SIGNATURES 1 Introduction This specification describes a method to generate digital signatures in HTML5 applications [HTML5]](https://img.pdfslide.us/doc/110x75/5c90e74609d3f2a94f8cd84f/html5-and-digital-signatures-vrkfi-html5-and-digital-signatures-1-introduction.jpg)
