Please answer the following questions:
What is authentication and integrity?
Authentication:
Although messages may often include information about the entity sending a message, that information may not be accurate. Digital signatures can be used to authenticate the source of messages. When ownership of a digital signature secret key is bound to a specific user, a valid signature shows that the message was sent by that user. The importance of high confidence in sender authenticity is especially obvious in a financial context. For example, suppose a bank's branch office sends instructions to the central office requesting a change in the balance of an account. If the central office is not convinced that such a message is truly sent from an authorized source, acting on such a request could be a grave mistake.
Integrity:
In many scenarios, the sender and receiver of a message may have a need for confidence that the message has not been altered during transmission. Although encryption hides the contents of a message, it may be possible to change an encrypted message without understanding it. (Some encryption algorithms, known as nonmalleable ones, prevent this, but others do not.) However, if a message is digitally signed, any change in the message after signature invalidates the signature. Furthermore, there is no efficient way to modify a message and its signature to produce a new message with a valid signature, because this is still considered to be computationally infeasible by most cryptographic hash functions (see collision resistance).
What are the applications of digital signatures, when are they used?
A digital signature can be used with any kind of message -- whether it is encrypted or not -- simply so the receiver can be sure of the sender's identity and that the message arrived intact. Digital signatures make it difficult for the signer to deny having signed something (non-repudiation) -- assuming their private key has not been compromised -- as the digital signature is unique to both the document and the signer, and it binds them together. A digital certificate, an electronic document that contains the digital signature of the certificate-issuing authority, binds together a public key with an identity and can be used to verify a public key belongs to a particular person or entity.
Most modern email programs support the use of digital signatures and digital certificates, making it easy to sign any outgoing emails and validate digitally signed incoming messages. Digital signatures are also used extensively to provide proof of authenticity, data integrity and non-repudiation of communications and transactions conducted over the Internet.
Digital signatures are often used to implement electronic signatures, a broader term that refers to any electronic data that carries the intent of a signature, but not all electronic signatures use digital signatures.In some countries, including the United States, India, Brazil, and members of the European Union, electronic signatures have legal significance.
How do they work, how is message signed and verified?
Quelle: http://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Digital_Signature_diagram.svg/1280px-Digital_Signature_diagram.svg.png
What is the hash of a message? Which hash functions are the most popular ones?
What's the difference to an electronic signature?
Producing hash values for accessing data or for security. A hash value (or simply hash), also called a message digest, is a number generated from a string of text. The hash is substantially smaller than the text itself, and is generated by a formula in such a way that it is extremely unlikely that some other text will produce the same hash value.
Hashes play a role in security systems where they're used to ensure that transmitted messages have not been tampered with. The sender generates a hash of the message, encrypts it, and sends it with the message itself. The recipient then decrypts both the message and the hash, produces another hash from the received message, and compares the two hashes. If they're the same, there is a very high probability that the message was transmitted intact.
Hashing is also a common method of accessing data records. Consider, for example, a list of names:
- John Smith
- Sarah Jones
- Roger Adams
To create an index, called a hash table,for these records, you would apply a formula to each name to produce a unique numeric value. So you might get something like:
- 1345873 John smith
- 3097905 Sarah Jones
- 4060964 Roger Adams
Then to search for the record containing Sarah Jones,you just need to reapply the formula, which directly yields the index key to the record. This is much more efficient than searching through all the records till the matching record is found.
Quelle: http://www.webopedia.com/TERM/H/hashing.html
Name some digital signature algorithms:
- Pairing-based schemes such as BLS
- Undeniable signatures
- Rabin signature algorithm
- cryptographic protocols such as zero-knowledge proofs or secure c
- DSA and its elliptic curve variant ECDSA
- Aggregate signature
- RSA-based signature schemes, such as RSA-PSS
- ElGamal signature scheme as the predecessor to DSA, and variants Schnorr signature and Pointcheval–Stern signature algorithm
Which additional security precautions can be used?
- Putting the private key on a smart card
- Using smart card readers with a separate keyboard
- Other smart card designs
- Using digital signatures only with trusted applications
- Using a network attached hardware security module
Quelle: http://en.wikipedia.org/wiki/Digital_signature#Authentication
http://en.wikipedia.org/wiki/Digital_signature
http://www.webopedia.com/TERM/H/hashing.html
http://searchsecurity.techtarget.com/definition/digital-signature
Keine Kommentare:
Kommentar veröffentlichen