Foundations of Computer SecurityLecture 53: Digital SignaturesDr. Bill YoungDepartment of Computer SciencesUniversity of Texas at AustinLecture 53: 1 Digital SignaturesDigital SignaturesSuppose you write a (physical) check. What would you like to betrue?A check is a tangible object authorizing the transaction.The signature on the check confirms authenticity.In the case of an alleged forgery, a third party may be calledto judge authenticity.The check is not alterable or alterations can be easilydetected.The signature is part of the check, so cannot be easilyremoved and re-used.Can we define a mechanism for signing a document digitally thathas analogous characteristics?Lecture 53: 2 Digital SignaturesDigital Signatures PropertiesSuppose S sends a message M to R with signature f (S, M): We’dlike the signature to have certain properties:unforgeable: it should be difficult for anyone but S to producef (S, M);authentic: R can verify that S signed the document M;no repudiation: S cannot deny producing the signature;tamperproof: after being transmitted, M cannot be modified;not reusable: the signature cannot be detached and reused foranother message.Lecture 53: 3 Digital SignaturesDigital Signatures (Cont.)Public key systems are well-suited for digital signatures. Recallthat some algorithms, RSA in particular, have the followingcharacteristic:{{M}K}K−1= M = {{M}K−1}K.So, if S wishes to send message M to R in a way that has some ofthe characteristics of a digitally signed message, S could send{{M}K−1S}KR.Most often, it’s not the M but a hash of M that is signed. Why?What assurance does R gain from this interchange?Lecture 53: 4 Digital SignaturesDigital Signatures PropertiesS sends to R the following message:{{M}K−1S}KR.This scheme has the desired properties:unforgeable: only S can use K−1S;authentic: a third party can verify the signature with KS;no repudiation: only S can use K−1S;tamperproof: only R can remove the outer layer of encryption;not reusable: the signature is tightly bound to the message M.Lecture 53: 5 Digital SignaturesLessonsDigital signatures function much as physical signatures.Ideally a signature should be: unforgeable, authentic,tamperproof, non-reusable, and allow no repudiation.Public key cryptosystems facilitate creating digital signatures.Next lecture: CertificatesLecture 53: 6 Digital
View Full Document