Boost Operations in Mexico with the Legitimacy of Digital Signatures

How to eSign a document: digital signature legitimateness for Operations in Mexico

a digital signature remembering that the purpose of a signature is it acts as a confirmation that someone agrees to that message I sign a document I confirm I've seen it I created it I've I agree to the contents of that message we want the same thing for files or or messages I send a message I want to sign that message how can we do that we want to be able to prove to anyone that a message originated or is approved at a particular user we can't use symmetric key cryptography the problem with symmetric key cryptography is that there's one key and two people in the world have that key it's say user a and b share a secret a has the key anything encrypted using that key could have come from A or B so with symmetric key cryptography we don't have confirmation that a message encrypted with that key comes from one particular user it could have come from two particular users so even though with symmetric key cryptography if someone receives a message let's say a they can verify that it came from the other user B that's okay but we can't have a third party C to prove that the message came from B because that message may have also come from a because both A and B have the key to encrypt so that's where public key cryptography comes in because there's only one person in the world that has a private key and we can confirm a message came from them using that approach the con concept is quite simple and we've seen it when we introduce public key cryptography a user signs a message by encrypting with their own private key I have a message I use my private key to encrypt and the nature of public key cryptography is it can only be decrypted with my public key so if it successfully decrypts with my public key it means it was encrypted with my private key so confirmation of this signature or or validation verification of the signature is done by the signature is attached to the message we send the message and the signature in fact we could just send the signature as is we'll see at a disadvantage of that in the next approach and then we verify the receiver and the receiver uses the public key to verify any questions you used your you've generated your RSA keys for the last homework and you're going to use them so don't lose your private keys if you don't have your private Carey you can't do the next homework because you're going to sign a document or sign a message and the way that you will sign you'll use your private key you'll send the message encrypted with your private key to the destination and they will verify by using your public key if it successfully decrypts with your public key we get the message and we know that that's the correct message it come from a because the only person who can encrypt such that it successfully decrypts with the public key of A is user a only user a has the private key of A so that's the concept in practice we don't encrypt the entire message we encrypt a hash of the message so we can do a confirmation just for the on across the hash so this is the the Practical digital signature and in fact from now on when I refer to a digital signature use the hash uh of the message we have a message M to sign the message to generate the signature s we encrypt using my private key the hash of that message hash the message encrypt with my private key I get signature s s is quite small because the hash value is small when we encrypt it we get a small signature even if the message is 10 gabes long the signature is a fixed size so what we do is we send the signature and the message and this is uh good for performance and there's not much communication overhead if my 10 GB message concatenated with a 256bit signature those 256 bits don't create much communication overhead there's not much extra to send we send the message and the signature s the user verifies by decrypting the signature with the sign as public key you know it came from Steve you use Steve's public key to decrypt and you get a hash value and you compare that hash value with the hash of the receive message if they match everything's okay if they don't match we have a problem let's see some some quick examples of how the digital signature is applied and we assume that users have keys key pairs in fact we have user a and user B and they know let's assume to get started They Know Each Other's key pair or They Know Each Other's public key so a has its own key pair they know Pua p p r a i know my own key pair but I also know pu and similar for B it knows pu PB the private key of B and the public key of A everyone knows their own key pair plus other users public key so the normal case the normal case is we send a message from A to B let's say there's no malicious user in this case and the message we can denote as message M1 concatenated with the encrypted hash value so that's the message plus its signature where the signature is obtained by hashing the message and encrypting with my or the senders private key this process is called signing the encryption of the hash is the the signing we sign the message and B verifies when they receive the way that they verify they decrypt the signature it came from a we decrypt with a public key of A and I'll say s which part is s this component so I don't have to write it all again is s the signature the encrypted hash value is the signature they decrypt the signature component what do they get well they get the original input the hash of M1 and then they compare does this hash value equal the hash of the receive message what was the receive message nothing's been modified here so the receive message is M1 yes they're the same does the hash of M1 equal the hash of M1 of course so this is the the message has been verified and we know that the message came from a because it successfully verifies using the public key of A that's the normal mode of using a signature questions on how to use the signature we sign with our private key but we encrypt the hash of the message not the entire message so let's see what happens when an attacker a malicious used that tries to do something same initial State They Know Each Other's Keys public keys and they know their own private key and now we do the same we sign a message and send it on to B where we send M1 concatenated let's denote it now to be more precise S1 where S1 was calculated as encrypting using the private key of A the hash of M1 so this is what a sends the signed message malicious user intercepts let's see see if they modify the message what happens when we change the message M1 let's say changes to M2 we don't change the signature in the first attack so leave it as S1 and then the verification steps at B to verify we decrypt the signature using the public key of A we know it came from a we decrypt the signature when we decrypt then we get H of M1 why because S1 was encrypted was the H of M1 encrypted with a private key of A therefore if we decrypt S1 using the public key of A we'll get the original input h of M1 and then we compare does h of M1 the decrypted value match the hash of the receive message and under our assumed properties of our hash function the hash of two different messages the hash values will be different so no what match our Collision free property the attacker can't find two different messages which produce the same hash value we say that the verification fails and you'll see this is similar to the what we've done already with the the authentication schemes if we modify the message but not the signature we get an error because the hash received h of M1 doesn't match the hash of the receive message h of M2 what else could the attacker try to do well we modify the message and the signature but how do we create a new S2 well we can calculate the hash of M2 but it needs to be encrypted with the private key of A the malicious user doesn't know the private key of A therefore they cannot produce the correct signature the correct signature is the hash of M2 encrypted with the private key of A but we don't know the private key of A so that would be detected what else could the malicious user do a masquerade attack pretend to be a sending a message to b but if I want to pretend to be a I need to know the private key of A because what B is going to do when they get a message thinking it's from a is use the public key of A so again if we try to pretend to be a we don't have the private key and the attack will be detected so very similar to what we saw with the attacks when we use symmetric key encryption but now we're using private key encryption of the hash that is it's very similar to this case where we encrypted the hash value with a shared secret key now we're encrypting the hash value with a private key the difference is not the the security it's about proving who sent the message if we use shared secret key and we have a signed message either A or B generated that signed message but if we use public key encryption if we have a signed message it came from one particular user in the world and that's what a signature should be we can confirm who the source is and digital signatures are very uh common application of public key cryptography today which algorithms are used for digital signatures we can use RSA so for the encryption decryption algorithm RSA is a common one but there are others there's a spe a special algorithm developed for digital signatures DSA the digital signature algorithm which is used in the digital signature standard DSS but there are variations and we may come across them in Practical examples of especially web security it's not just RSA you may see DSA A variation of DSA with something called elliptic elliptic curve cryptography EC DSA El gaml is another one and there are a couple of other approaches so there are different algorithms used to encrypt for digital signatures and we can use different hash algorithms md5 sh sh 2 sh 3 and so on we should use a secure hash algorithm md5 is no longer considered secure so sh two or above and those hash algorithms we need them to have particular properties and we've talked about the general properties of collision free and oneway property let's come back to those properties to finish the lecture today and look at them and we'll Define them a little bit further