Hash Functions and Authentication Applications Essay

Published: 2020-04-22 08:24:05
677 words
3 pages
printer Print
essay essay

Category: Application

Type of paper: Essay

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Hey! We can write a custom essay for you.

All possible types of assignments. Written by academics

GET MY ESSAY
Digital Signature or Public-key digital signature is a method of authenticating digital information comparable to common peoples personal signature on documents. The digital signature process is using techniques taken from public-key cryptography. Digital Signature is actually the output of public-key cryptography for signing and verification and is different from ordinary electronic signature like cable, telex, and fax. Since digital signatures are based cryptographic techniques, a digital signature should have the following properties.

Digital Signature should be: not forgeable authentic cannot be modify after sending not reusable prevent repudiation The simpler properties are: AUTHENTICITY The importance of authenticity is to prevent authorized intervention. Using the public-key cryptosystems, the recipient will be confident that the sender is real and the message is valid. INTEGRITY Both sender and receiver will be confident that the message sent has not been altered during the transmission. The encryption ensures that no third party can view or read the message. NON-REPUDIATION

Repudiation means the act of denying association with a message as in claming a third party sent it. This is true when a recipient of the message assert that the sender attach a signature to avoid any later repudiation. Digital Signature functions maybe possible using Direct or Arbitrated Digital Signature. The Direct approach relies only on communicating parties for their security using the public-key cryptosystems. The problem with Direct Digital Signature approach is the validation, wherein the security of the communication depends only on the senders private key.

It means that when senders security is breach, the whole transaction fails. Furthermore, the sender can also use the repudiation excuse and say that the he never sent a message or say his private keys were forged or stolen. The Arbitrated approach is better, unlike Direct Digital Signature, This approach employ an arbiter to test the senders messages and signatures to verify its content and origin. The arbiter, when fully satisfied, stamp the message with date and sent it to its final destination.

Arbitrated digital signatures can be implemented using conventional and public-key encryption. In a conventional approach, it assumed that sender S and the assigned arbiter A. Both arbiter and sender will now share a secret key, say KSA and later the recipient R will share secret key as KRA. The sender creates a message and computer it against its hash value M(H) then S submits the message to A. Arbiter will now decrypt the signature, check its hash value, validate the message, and send the message to R.

Recipient decrypts the message and restores the original message (M). An arbitrated digital signature using public-key encryption has a different approach wherein the arbiter cannot see the message. At first, the sender S encrypts the message with its own private key and encrypts it again with the recipient R private key thereby producing a secret signed message. This signed message will be encrypted again with the senders ID, together the message will be sent to the arbiter. The inner double encrypted message is secure from the arbiter and from anybody except the recipient.

The arbiter can only see the outer messages to check the origin of the message and ensure that the sender private and public key is still valid. A replay attack is a type of network attack where valid data transmission is maliciously or fraudulently repeated or delayed. It can be the originator itself or an adversary who intercepts the data and re-transmits it. A simple replay attack immediately sends the same message soon enough that it will arrive within the recipients window.

A suppress replay attack is when an attacker breach security by initiating a message interception and withhold it for future replay. The attacker will wait for the proper time to effectively replay the message without detection from the recipient.

References:

Data Security 2003, Digital Signatures,[online], http://www. cs. uku. fi/~junolain/secu2003/secu2003. html#digital Wikipedia, Digital Signatures, [online], http://en. wikipedia. org/wiki/Digital_signature Wikipedia, Replay Attack, [online], http://en. wikipedia. org/wiki/Replay_attack

Warning! This essay is not original. Get 100% unique essay within 45 seconds!

GET UNIQUE ESSAY

We can write your paper just for 11.99$

i want to copy...

This essay has been submitted by a student and contain not unique content

People also read