Information Security

CSS 3071
Lecture 25
Dr. Saifullah Adnan
Lecture Objectives

• Present an overview of the digital signature mechanism and explain the concept of digital

envelopes.

• Explain the significance of random and pseudorandom numbers in cryptography.

Lecture Contents

• Digital signatures
• Public Key Certificates
• Symmetric Key Exchange Using Public-Key Encryption
• Digital Envelopes
• Random Numbers
• Pseudorandom
Digital signatures

• message be kept secret

• Message to be certain that it is indeed from respective sender.
• encrypts the hash code with his private key
• receives the message plus signature
(1) calculates a hash value for the message
(2) decrypts the signature using Bob’s public key
(3) compares the calculated hash value to the decrypted hash value.
Public Key Certificates

• Anyone can forge such a public announcement-Issue

• Consists of a public key plus a user ID of the key owner, with the whole block signed by a

trusted third party.

• Includes some information about the third party

• An indication of the period of validity of the certificate

Public Key Certificates

The user can then publish the certificate.

1. User software (client) creates a pair of keys: one public and one private.
2. Client prepares an unsigned certificate that includes the user ID and user’s
public key.
3. User provides the unsigned certificate to a CA in some secure manner. This
might require a face-to-face meeting, the use of registered e-mail, or happen via
a web form with e-mail verification.
4. CA creates a signature
Public Key Certificates

5. CA attaches the signature to unsigned certificate to create a signed certificate.

6. CA returns the signed certificate to client.
7. Client may provide the signed certificate to any other user.
8. Any user may verify that the certificate is valid as follows:
a. User calculates the hash code of certificate (not including signature).
b. User decrypts the signature using CA’s known public key.
c. User compares the results of (a) and (b). If there is a match, the certificate is
valid.
Public Key Certificates
Symmetric Key Exchange Using Public-Key Encryption

• Two parties to communicate securely is that they share a secret key

• Use of Diffie-Hellman key exchange
• Provides no authentication of the two communicating partners (No
authentication).
• Protocols are used other public-key algorithms that achieve the same objective
Digital Envelopes
• Used to protect a message without needing
to first arrange for sender and receiver to
have the same secret key
• Equivalent of a sealed envelope

1. Prepare a message
2. Encrypt that message using conventional
encryption with a one-time conventional
session key.
3. Encrypt the session key using public-key
encryption with Alice's public key.
4. Attach the encrypted session key to the
message and send it to Alice.
Random Numbers
• random numbers have a range of uses
• requirements:
• randomness
• based on statistical tests for uniform distribution and
independence
• unpredictability
• successive values not related to previous
• clearly true for truly random numbers
• but more commonly use generator
Pseudorandom verses Random Numbers
• often use algorithmic technique to create pseudorandom numbers
• which satisfy statistical randomness tests
• but likely to be predictable
• true random number generators use a nondeterministic source
• e.g. radiation, gas discharge, leaky capacitors
• increasingly provided on modern processors