Module 2

Cryptography: Key management, distribution and user

authentication
____________________________________________________________________

MUSA Notes
Block cipher modes of operation
Encryption algorithms are divided into two categories based on the input type, as a
block cipher and stream cipher. Block cipher is an encryption algorithm that takes a
fixed size of input say b bits and produces a ciphertext of b bits again. If the input is
larger than b bits it can be divided further. For different applications and uses, there
are several modes of operations for a block cipher.

Electronic Code Book (ECB) –

Electronic code book is the easiest block cipher mode of functioning. It is easier because
of direct encryption of each block of input plaintext and output is in form of blocks of
encrypted ciphertext. Generally, if a message is larger than b bits in size, it can be
broken down into a bunch of blocks and the procedure is repeated.
Procedure of ECB is illustrated below:

1 | Module No: 1
Advantages of using ECB –
● Parallel encryption of blocks of bits is possible, thus it is a faster way of encryption.
● Simple way of the block cipher.
Disadvantages of using ECB –
● Prone to cryptanalysis since there is a direct relationship between plaintext and
ciphertext.

Cipher Block Chaining –

Cipher block chaining or CBC is an advancement made on ECB since ECB
compromises some security requirements. In CBC, the previous cipher block is given as
input to the next encryption algorithm after XOR with the original plaintext block. In a
nutshell here, a cipher block is produced by encrypting an XOR output of the previous
cipher block and present plaintext block.
The process is illustrated here:

Advantages of CBC –
● CBC works well for input greater than b bits.
● CBC is a good authentication mechanism.
● Better resistive nature towards cryptanalysis than ECB.

2 | Module No: 1
Disadvantages of CBC –
● Parallel encryption is not possible since every encryption requires a previous
cipher.

Cipher Feedback Mode (CFB) –

In this mode the cipher is given as feedback to the next block of encryption with some
new specifications: first, an initial vector IV is used for first encryption and output bits
are divided as a set of s and b-s bits.The left-hand side s bits are selected along with
plaintext bits to which an XOR operation is applied. The result is given as input to a
shift register having b-s bits to lhs,s bits to rhs and the process continues. The
encryption and decryption process for the same is shown below, both of them use
encryption algorithms.

Advantages of CFB –
● Since, there is some data loss due to the use of shift register, thus it is difficult for
applying cryptanalysis.

Output Feedback Mode –

The output feedback mode follows nearly the same process as the Cipher Feedback
mode except that it sends the encrypted output as feedback instead of the actual cipher

3 | Module No: 1
which is XOR output. In this output feedback mode, all bits of the block are sent
instead of sending selected s bits. The Output Feedback mode of block cipher holds
great resistance towards bit transmission errors. It also decreases the dependency or
relationship of the cipher on the plaintext.

Advantages of OFB –
● In the case of CFB, a single bit error in a block is propagated to all subsequent
blocks. This problem is solved by OFB as it is free from bit errors in the plaintext
block.

Counter Mode –
The Counter Mode or CTR is a simple counter-based block cipher implementation.
Every time a counter-initiated value is encrypted and given as input to XOR with
plaintext which results in ciphertext block. The CTR mode is independent of feedback
use and thus can be implemented in parallel.
Its simple implementation is shown below:

4 | Module No: 1
Advantages of Counter –
● Since there is a different counter value for each block, the direct plaintext and
ciphertext relationship is avoided. This means that the same plain text can map to
different ciphertext.
● Parallel execution of encryption is possible as outputs from previous stages are not
chained as in the case of CBC.

Data Encryption Standard

The Data Encryption Standard (DES) is a symmetric-key block cipher published by the
National Institute of Standards and Technology (NIST).
DES is an implementation of a Feistel Cipher. It uses 16 round Feistel structure. The
block size is 64-bit. Though, key length is 64-bit, DES has an effective key length of 56
bits, since 8 of the 64 bits of the key are not used by the encryption algorithm (function
as check bits only). General Structure of DES is depicted in the following illustration −

5 | Module No: 1
Since DES is based on the Feistel Cipher, all that is required to specify DES is −
● Round function
● Key schedule
● Any additional processing − Initial and final permutation
Initial and Final Permutation
The initial and final permutations are straight Permutation boxes (P-boxes) that are
inverses of each other. They have no cryptography significance in DES. The initial and
final permutations are shown as follows −

6 | Module No: 1
Round Function
The heart of this cipher is the DES function, f. The DES function applies a 48-bit key to
the rightmost 32 bits to produce a 32-bit output.

● Expansion Permutation Box − Since right input is 32-bit and round key is a 48-
bit, we first need to expand right input to 48 bits. Permutation logic is graphically
depicted in the following illustration −

● The graphically depicted permutation logic is generally described as table in DES

specification illustrated as shown −

● XOR (Whitener). − After the expansion permutation, DES does XOR operation
on the expanded right section and the round key. The round key is used only in
this operation.

7 | Module No: 1
 ● Substitution Boxes. − The S-boxes carry out the real mixing (confusion). DES
uses 8 S-boxes, each with a 6-bit input and a 4-bit output. Refer the following
illustration −

● The S-box rule is illustrated below −

● There are a total of eight S-box tables. The output of all eight s-boxes is then
combined in to 32 bit section.
● Straight Permutation − The 32 bit output of S-boxes is then subjected to the
straight permutation with rule
Key Generation
The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key. The
process of key generation is depicted in the following illustration −

8 | Module No: 1
The logic for Parity drop, shifting, and Compression P-box is given in the DES
description.
DES Analysis
The DES satisfies both the desired properties of block cipher. These two properties make
cipher very strong.
● Avalanche effect − A small change in plaintext results in the very great change
in the ciphertext.
● Completeness − Each bit of ciphertext depends on many bits of plaintext.

Advanced Encryption Standard (AES)

The more popular and widely adopted symmetric encryption algorithm likely to be
encountered nowadays is the Advanced Encryption Standard (AES). It is found at least
six time faster than triple DES.
A replacement for DES was needed as its key size was too small. With increasing
computing power, it was considered vulnerable against exhaustive key search attack.
Triple DES was designed to overcome this drawback but it was found slow.
The features of AES are as follows −

9 | Module No: 1
 ● Symmetric key symmetric block cipher
● 128-bit data, 128/192/256-bit keys
● Stronger and faster than Triple-DES
● Provide full specification and design details
● Software implementable in C and Java
Operation of AES
AES is an iterative rather than Feistel cipher. It is based on ‘substitution–permutation
network’. It comprises of a series of linked operations, some of which involve replacing
inputs by specific outputs (substitutions) and others involve shuffling bits around
(permutations).
Interestingly, AES performs all its computations on bytes rather than bits. Hence, AES
treats the 128 bits of a plaintext block as 16 bytes. These 16 bytes are arranged in four
columns and four rows for processing as a matrix −
Unlike DES, the number of rounds in AES is variable and depends on the length of the
key. AES uses 10 rounds for 128-bit keys, 12 rounds for 192-bit keys and 14 rounds for
256-bit keys. Each of these rounds uses a different 128-bit round key, which is calculated
from the original AES key.
The schematic of AES structure is given in the following illustration −

Encryption Process
Here, we restrict to description of a typical round of AES encryption. Each round
comprise of four sub-processes. The first round process is depicted below −

10 | Module No: 1
Byte Substitution (SubBytes)

The 16 input bytes are substituted by looking up a fixed table (S-box) given in design.
The result is in a matrix of four rows and four columns.

Shiftrows

Each of the four rows of the matrix is shifted to the left. Any entries that ‘fall off’ are re-
inserted on the right side of row. Shift is carried out as follows −
● First row is not shifted.
● Second row is shifted one (byte) position to the left.
● Third row is shifted two positions to the left.
● Fourth row is shifted three positions to the left.
● The result is a new matrix consisting of the same 16 bytes but shifted with respect
to each other.

MixColumns

Each column of four bytes is now transformed using a special mathematical function.
This function takes as input the four bytes of one column and outputs four completely
new bytes, which replace the original column. The result is another new matrix
consisting of 16 new bytes. It should be noted that this step is not performed in the last
round.

Addroundkey

The 16 bytes of the matrix are now considered as 128 bits and are XORed to the 128 bits
of the round key. If this is the last round then the output is the ciphertext. Otherwise,
the resulting 128 bits are interpreted as 16 bytes and we begin another similar round.
Decryption Process
The process of decryption of an AES ciphertext is similar to the encryption process in the
reverse order. Each round consists of the four processes conducted in the reverse order −

11 | Module No: 1
 ● Add round key
● Mix columns
● Shift rows
● Byte substitution

Since sub-processes in each round are in reverse manner, unlike for a Feistel Cipher, the
encryption and decryption algorithms needs to be separately implemented, although they
are very closely related.
AES Analysis
In present day cryptography, AES is widely adopted and supported in both hardware and
software. Till date, no practical cryptanalytic attacks against AES has been discovered.
Additionally, AES has built-in flexibility of key length, which allows a degree of ‘future-
proofing’ against progress in the ability to perform exhaustive key searches.
However, just as for DES, the AES security is assured only if it is correctly implemented
and good key management is employed.

RC5 algorithm

Public key cryptography

In cryptography, a key is a piece of information used for scrambling data so that it

appears random; often it's a large number, or string of numbers and letters. When
unencrypted data, also called plaintext, is put into an encryption algorithm using the
key, the plaintext comes out the other side as random-looking data. However, anyone
with the right key for decrypting the data can put it back into plaintext form.

For example, suppose we take a plaintext message, "hello," and encrypt it with a key*;
let's say the key is "2jd8932kd8." Encrypted with this key, our simple "hello" now reads
"X5xJCSycg14=", which seems like random garbage data. However, by decrypting it
with that same key, we get "hello" back.

Plaintext + key = ciphertext:

hello + 2jd8932kd8 = X5xJCSycg14=

Ciphertext + key = plaintext:

X5xJCSycg14= + 2jd8932kd8 = hello

Symmetric cryptography was well suited for organizations such as governments,
military, and big financial corporations were involved in the classified communication.
With the spread of more unsecure computer networks in last few decades, a genuine need
was felt to use cryptography at larger scale. The symmetric key was found to be non-

12 | Module No: 1
practical due to challenges it faced for key management. This gave rise to the public key
cryptosystems.
The process of encryption and decryption is depicted in the following illustration −

The most important properties of public key encryption scheme are −

● Different keys are used for encryption and decryption. This is a property which set
this scheme different than symmetric encryption scheme.
● Each receiver possesses a unique decryption key, generally referred to as his
private key.
● Receiver needs to publish an encryption key, referred to as his public key.
● Some assurance of the authenticity of a public key is needed in this scheme to avoid
spoofing by adversary as the receiver. Generally, this type of cryptosystem involves
trusted third party which certifies that a particular public key belongs to a specific
person or entity only.
● Encryption algorithm is complex enough to prohibit attacker from deducing the
plaintext from the ciphertext and the encryption (public) key.
● Though private and public keys are related mathematically, it is not be feasible to
calculate the private key from the public key. In fact, intelligent part of any public-
key cryptosystem is in designing a relationship between two keys.

RSA algorithm

The RSA algorithm is an asymmetric cryptography algorithm; this means that it uses
a public key and a private key (i.e two different, mathematically linked keys). As their
names suggest, a public key is shared publicly, while a private key is secret and must
not be shared with anyone.

The RSA algorithm is named after those who invented it in 1978: Ron Rivest, Adi
Shamir, and Leonard Adleman.

Algorithm
The RSA algorithm holds the following features −

13 | Module No: 1
 ● RSA algorithm is a popular exponentiation in a finite field over integers including
prime numbers.
● The integers used by this method are sufficiently large making it difficult to solve.
● There are two sets of keys in this algorithm: private key and public key.

You will have to go through the following steps to work on RSA algorithm −

Step 1: Generate the RSA modulus

The initial procedure begins with selection of two prime numbers namely p and q, and
then calculating their product N, as shown −
N=p*q
Here, let N be the specified large number.

Step 2: Derived Number (e)

Consider number e as a derived number which should be greater than 1 and less than
(p-1) and (q-1). The primary condition will be that there should be no common factor of
(p-1) and (q-1) except 1

Step 3: Public key

The specified pair of numbers n and e forms the RSA public key and it is made public.

Step 4: Private Key

Private Key d is calculated from the numbers p, q and e. The mathematical relationship
between the numbers is as follows −
ed = 1 mod (p-1) (q-1)
The above formula is the basic formula for Extended Euclidean Algorithm, which takes
p and q as the input parameters.
Encryption Formula
Consider a sender who sends the plain text message to someone whose public key
is (n,e). To encrypt the plain text message in the given scenario, use the following syntax
−
C = Pe mod n
Decryption Formula
The decryption process is very straightforward and includes analytics for calculation in
a systematic approach. Considering receiver C has the private key d, the result modulus
will be calculated as −
Plaintext = Cd mod n

14 | Module No: 1
Let's take some example of RSA encryption algorithm:

Example 1:

This example shows how we can encrypt plaintext 9 using the RSA public-key encryption
algorithm. This example uses prime numbers 7 and 11 to generate the public and private
keys.

Explanation:

Step 1: Select two large prime numbers, p, and q.

p=7

q = 11

Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for
encryption and decryption.

First, we calculate

n=pxq

n = 7 x 11

n = 77

Step 3: Choose a number e less that n, such that n is relatively prime to (p - 1) x (q -

1). It means that e and (p - 1) x (q - 1) have no common factor except 1. Choose "e" such
that 1<e < φ (n), e is prime to φ (n), gcd (e, d (n)) =1.

Second, we calculate

φ (n) = (p - 1) x (q-1)

φ (n) = (7 - 1) x (11 - 1)

φ (n) = 6 x 10

15 | Module No: 1
φ (n) = 60

Let us now choose relative prime e of 60 as 7.

Thus the public key is <e, n> = (7, 77)

Step 4: A plaintext message m is encrypted using public key <e, n>. To find ciphertext
from the plain text following formula is used to get ciphertext C.

To find ciphertext from the plain text following formula is used to get ciphertext C.

C = me mod n

C = 97 mod 77

C = 37

Step 5: The private key is <d, n>. To determine the private key, we use the following
formula d such that:

e mod {(p - 1) x (q - 1)} = 1

7d mod 60 = 1, which gives d = 43

The private key is <d, n> = (43, 77)

Step 6: A ciphertext message c is decrypted using private key <d, n>. To calculate plain
text m from the ciphertext c following formula is used to get plain text m.

m = cd mod n

m = 3743 mod 77

m=9

In this example, Plain text = 9 and the ciphertext = 37

Hashing Techniques:
What is hashing?
Hashing is a method of cryptography that converts any form of data into a unique
string of text. Any piece of data can be hashed, no matter its size or type. In traditional
hashing, regardless of the data’s size, type, or length, the hash that any data produces
is always the same length. A hash is designed to act as a one-way function — you can
put data into a hashing algorithm and get a unique string, but if you come upon a new
hash, you cannot decipher the input data it represents. A unique piece of data will
always produce the same hash.
How does it work?
Hashing is a mathematical operation that is easy to perform, but extremely difficult to
reverse. (The difference between hashing and encryption is that encryption can be
reversed, or decrypted, using a specific key.) The most widely used hashing functions

16 | Module No: 1
are MD5, SHA1 and SHA-256. Some hashing processes are significantly harder to
crack than others. For example, SHA1 is easier to crack than decrypt.

SHA256

A Definitive Guide to Learn The SHA-256 (Secure Hash

Algorithms)
Lesson 10 of 56By Simplilearn
Last updated on May 25, 202298822

PreviousNext

Among the many advancements seen in network security, encryption and hashing have
been the core principles of additional security modules. The secure hash algorithm with a
digest size of 256 bits, or the SHA 256 algorithm, is one of the most widely used hash
algorithms. While there are other variants, SHA 256 has been at the forefront of real-world
applications.

To understand the working of the SHA 256 algorithm, you need first to understand hashing
and its functional characteristics.

What is Hashing?

Hashing is the process of scrambling raw information to the extent that it cannot reproduce
it back to its original form. It takes a piece of information and passes it through a function
that performs mathematical operations on the plaintext. This function is called the hash
function, and the output is called the hash value/digest.

17 | Module No: 1
As seen from the above image, the hash function is responsible for converting the plaintext
to its respective hash digest. They are designed to be irreversible, which means your digest
should not provide you with the original plaintext by any means necessary. Hash functions
also provide the same output value if the input remains unchanged, irrespective of the
number of iterations.

There are two primary applications of hashing:

● Password Hashes: In most website servers, it converts user passwords into a hash value before
being stored on the server. It compares the hash value re-calculated during login to the one
stored in the database for validation.

● Integrity Verification: When it uploads a file to a website, it also shared its hash as a bundle.
When a user downloads it, it can recalculate the hash and compare it to establish data integrity.

18 | Module No: 1
Now that you understand the working of hash functions, look at the key topic in hand - SHA
256 algorithm.

What is the SHA-256 Algorithm?

SHA 256 is a part of the SHA 2 family of algorithms, where SHA stands for Secure Hash
Algorithm. Published in 2001, it was a joint effort between the NSA and NIST to introduce a
successor to the SHA 1 family, which was slowly losing strength against brute force attacks.

The significance of the 256 in the name stands for the final hash digest value, i.e.
irrespective of the size of plaintext/cleartext, the hash value will always be 256 bits.

The other algorithms in the SHA family are more or less similar to SHA 256. Now, look into
knowing a little more about their guidelines.

What are the Characteristics of the SHA-256 Algorithm?

19 | Module No: 1
Steps in SHA-256 Algorithm

You can divide the complete process into five different segments, as mentioned below:

Padding Bits

It adds some extra bits to the message, such that the length is exactly 64 bits short of a
multiple of 512. During the addition, the first bit should be one, and the rest of it should be
filled with zeroes.

Padding Length

You can add 64 bits of data now to make the final plaintext a multiple of 512. You can
calculate these 64 bits of characters by applying the modulus to your original cleartext
without the padding.

Initialising the Buffers:

You need to initialize the default values for eight buffers to be used in the rounds as follows:

20 | Module No: 1
You also need to store 64 different keys in an array, ranging from K[0] to K[63]. They are
initialized as follows:

SHA-512

Hashing Algorithm — SHA-512

So, SHA-512 does its work in a few stages. These stages go as follows:

1. Input formatting

2. Hash buffer initialization

3. Message Processing

4. Output

21 | Module No: 1
Let’s look at these one-by-one.

1. Input Formatting:

SHA-512 can’t actually hash a message input of any size, i.e. it has an input size limit.
This limit is imposed by its very structure as you may see further on. The entire
formatted mesage has basically three parts: the original message, padding bits, size of
original message. And this should all have a combined size of a whole multiple of 1024
bits. This is because the formatted message will be processed as blocks of 1024 bits
each, so each bock should have 1024 bits to work with.

<pic: original message>

Original message

Padding bits

The input message is taken and some padding bits are appended to it in order to get it
to the desired length. The bits that are used for padding are simply ‘0’ bits with a
leading ‘1’ (100000…000). Also, according to the algorithm, padding needs to be done,
even if it is by one bit. So a single padding bit would only be a ‘1’.

The total size should be equal to 128 bits short of a multiple of 1024 since the goal is to
have the formatted message size as a multiple of 1024 bits (N x 1024).

<pic: msg + pad>

Message with padding

Padding size

22 | Module No: 1
After this, the size of the original message given to the algorithm is appended. This size
value needs to be represented in 128 bits and is the only reason that the SHA-512 has a
limitation for its input message.

Since the size of the original message needs to be represented in 128 bits and the
largest number that can be represented using 128 bits is (2¹²⁸-1), the message size can
be at most (2¹²⁸-1) bits; and also taking into consideration the necessary single padding
bit, the maximum size for the original message would then be (2¹²⁸-2). Even though this
limit exists, it doesn’t actually cause a problem since the actual limit is so high (2¹²⁸-2 =
340,282,366,920,938,463,463,374,607,431,768,211,454 bits).

<pic: msg + pad +size>

Message with padding and size

Now that the padding bits and the size of the message have been appended, we are left
with the completely formatted input for the SHA-512 algorithm.

Formatted Message

2. Hash buffer initialization:

The algorithm works in a way where it processes each block of 1024 bits from the
message using the result from the previous block. Now, this poses a problem for the
first 1024 bit block which can’t use the result from any previous processing. This
problem can be solved by using a default value to be used for the first block in order to
start off the process. (Have a look at the second-last diagram).

Since each intermediate result needs to be used in processing the next block, it needs to
be stored somewhere for later use. This would be done by the hash buffer, this would
also then hold the final hash digest of the entire processing phase of SHA-512 as the
last of these ‘intermediate’ results.

So, the default values used for starting off the chain processing of each 1024 bit block
are also stored into the hash buffer at the start of processing. The actual value used is

23 | Module No: 1
of little consequence, but for those interested, the values used are obtained by taking
the first 64 bits of the fractional parts of the square roots of the first 8 prime numbers
(2,3,5,7,11,13,17,19). These values are called the Initial Vectors (IV).

Why 8 prime numbers instead of 9? Because the hash buffer actually consists of 8
subparts (registers) for storing them.

<pic: IV>

Hash buffer and Initialization Vector values

3. Message Processing:

Message processing is done upon the formatted input by taking one block of 1024 bits
at a time. The actual processing takes place by using two things: The 1024 bit block,
and the result from the previous processing.

This part of the SHA-512 algorithm consists of several ‘Rounds’ and an addition
operation.

<pic: Formatted input 1024 bit blocks;F(M.n ,H.n-1)=H.n>

24 | Module No: 1
So, the Message block (1024 bit) is expanded out into ‘Words’ using a ‘message
sequencer’. Eighty Words to be precise, each of them having a size of 64 bits.

Rounds

The main part of the message processing phase may be considered to be the Rounds.
Each round takes 3 things: one Word, the output of the previous Round, and a SHA-512
constant. The first Round doesn’t have a previous Round whose output it can use, so it
uses the final output from the previous message processing phase for the previous block
of 1024 bits. For the first Round of the first block (1024 bits) of the formatted input, the
Initial Vector (IV) is used.

SHA-512 constants are predetermined values, each of whom is used for each Round in
the message processing phase. Again, these aren’t very important, but for those
interested, they are the first 64 bits from the fractional part of the cube roots of the first
80 prime numbers.Why 80? Because there are 80 Rounds and each of them needs one of
these constants.

Once the Round function takes these 3 things, it processes them and gives an output of
512 bits. This is repeated for 80 Rounds. After the 80th Round, its output is simply
added to the result of the previous message processing phase to get the final result for
this iteration of message processing.

25 | Module No: 1
4. Output:

After every block of 1024 bits goes through the message processing phase, i.e. the last
iteration of the phase, we get the final 512 bit Hash value of our original message. So,
the intermediate results are all used from each block for processing the next block. And
when the final 1024 bit block has finished being processed, we have with us the final
result of the SHA-512 algorithm for our original message.

Thus, we obtain the final hash value from our original message. The SHA-512 is part of
a group of hashing algorithms that are very similar in how they work, called SHA-2.
Algorithms such as SHA-256 and SHA-384 are a part of this group alongside SHA-512.
SHA-256 is also used in the Bitcoin blockchain as the designated hash function.

HMAC and CMAC

HMAC algorithm stands for Hashed or Hash-based Message Authentication Code. It
is a result of work done on developing a MAC derived from cryptographic hash
functions. HMAC is a great resistance towards cryptanalysis attacks as it uses the
Hashing concept twice. HMAC consists of twin benefits of Hashing and MAC and thus

26 | Module No: 1
is more secure than any other authentication code. RFC 2104 has issued HMAC, and
HMAC has been made compulsory to implement in IP security. The FIPS 198 NIST
standard has also issued HMAC.
Objectives –
● As the Hash Function, HMAC is also aimed to be one way, i.e, easy to generate
output from input but complex the other way round.
● It aims at being less affected by collisions than the hash functions.
● HMAC reuses the algorithms like MD5 and SHA-1 and checks to replace the
embedded hash functions with more secure hash functions, in case found.
● HMAC tries to handle the Keys in a more simple manner.

HMAC algorithm –
The working of HMAC starts with taking a message M containing blocks of
length b bits. An input signature is padded to the left of the message and the whole is
given as input to a hash function which gives us a temporary message-digest MD’. MD’
again is appended to an output signature and the whole is applied a hash function
again, the result is our final message digest MD.
Here is a simple structure of HMAC:

27 | Module No: 1
Here, H stands for Hashing function,
M is the original message
Si and So are input and output signatures respectively,
Yi is the ith block in original message M, where I ranges from [1, L)
L = the count of blocks in M
K is the secret key used for hashing
IV is an initial vector (some constant)
The generation of input signature and output signature Si and So respectively.

To a normal hash function, HMAC adds a compression instance to the processing. This
structural implementation holds efficiency for shorter MAC values.

Digital Signature Schemes

DSS
As we have studied, signature is a way of authenticating the data coming from a
trusted individual. Similarly, digital signature is a way of authenticating a digital data
coming from a trusted source.
Digital Signature Standard (DSS) is a Federal Information Processing
Standard(FIPS) which defines algorithms that are used to generate digital signatures
with the help of Secure Hash Algorithm(SHA) for the authentication of electronic
documents. DSS only provides us with the digital signature function and not with any
encryption or key exchanging strategies.

28 | Module No: 1
Sender Side :
In DSS Approach, a hash code is generated out of the message and following
inputs are given to the signature function –
1. The hash code.
2. The random number ‘k’ generated for that particular signature.
3. The private key of the sender i.e., PR(a).
4. A global public key(which is a set of parameters for the communicating
principles) i.e., PU(g).
These input to the function will provide us with the output signature containing
two components – ‘s’ and ‘r’. Therefore, the original message concatenated with
the signature is sent to the receiver.
Receiver Side :
At the receiver end, verification of the sender is done. The hash code of the sent
message is generated. There is a verification function which takes the following
inputs –
1. The hash code generated by the receiver.
2. Signature components ‘s’ and ‘r’.
3. Public key of the sender.
4. Global public key.
The output of the verification function is compared with the signature
component ‘r’. Both the values will match if the sent signature is valid because
only the sender with the help of it private key can generate a valid signature

29 | Module No: 1
Remote user Authentication Protocols

Kerberos

Introduction to Kerberos Authentication

Kerberos is a network authentication protocol. It is designed to provide strong authentication for
client/server applications by using secret-key cryptography. It has the following characteristics:

•€€€It is secure: it never sends a password unless it is encrypted.

•€€€Only a single login is required per session. Credentials defined at login are then passed
between resources without the need for additional logins.

•€€€The concept depends on a trusted third party – a Key Distribution Center (KDC). The KDC
is aware of all systems in the network and is trusted by all of them.

•€€€It performs mutual authentication, where a client proves its identity to a server and a
server proves its identity to the client.

Kerberos introduces the concept of a Ticket-Granting Server (TGS). A client that wishes to use a
service has to receive a ticket – a time-limited cryptographic message – giving it access to the
server. Kerberos also requires an Authentication Server (AS) to verify clients. The two servers
combined make up a KDC. Active Directory performs the functions of the KDC. The following
figure shows the sequence of events required for a client to gain access to a service using
Kerberos authentication. Each step is shown with the Kerberos message associated with it, as
defined in RFC 4120 “The Kerberos Network Authorization Service (V5)”.

30 | Module No: 1
 •€€€Step 1: The user logs on to the workstation and requests service on the host. The
workstation sends a message to the Authorization Server requesting a ticket granting ticket
(TGT).

•€€€Step 2: The Authorization Server verifies the user’s access rights in the user database and
creates a TGT and session key. The Authorization Sever encrypts the results using a key
derived from the user’s password and sends a message back to the user workstation.

The workstation prompts the user for a password and uses the password to decrypt the
incoming message. When decryption succeeds, the user will be able to use the TGT to request
a service ticket.

•€€€Step 3: When the user wants access to a service, the workstation client application sends a
request to the Ticket Granting Service containing the client name, realm name and a
timestamp. The user proves his identity by sending an authenticator encrypted with the
session key received in Step 2.

•€€€Step 4: The TGS decrypts the ticket and authenticator, verifies the request, and creates a
ticket for the requested server. The ticket contains the client name and optionally the client
IP address. It also contains the realm name and ticket lifespan. The TGS returns the ticket to
the user workstation. The returned message contains two copies of a server session key – one
encrypted with the client password, and one encrypted by the service password.

•€€€Step 5: The client application now sends a service request to the server containing the
ticket received in Step 4 and an authenticator. The service authenticates the request by
decrypting the session key. The server verifies that the ticket and authenticator match, and
then grants access to the service. This step as described does not include the authorization
performed by the Intel AMT device, as described later.

•€€€Step 6: If mutual authentication is required, then the server will reply with a server
authentication message.

The Kerberos server knows "secrets" (encrypted passwords) for all clients and servers under
its control, or it is in contact with other secure servers that have this information. These
"secrets" are used to encrypt all of the messages shown in the figure above.

Digital Certificate:

Digital Certificate
It is basically a certificate issued digitally, issued to verify a user's authenticity i.e.,
verifying the user sending a message is who he or she claims to be, and also to provide
the receiver with the means to encode a reply.
Whoever wants to or an individual who wants to send encrypted messages applies for a
digital certificate from a Certificate Authority (CA).

Need of digital certificate

The digital certificate allows entities to share their public key in an authenticated way.
They are used in initializing and establishing secure SSL (Secure Sockets Layer)
connections between web browsers and web servers.
Given below is a diagram of digital certificate
31 | Module No: 1
X.509

X.509 is a digital certificate that is built on top of a widely trusted standard known
as ITU or International Telecommunication Union X.509 standard, in which the
format of PKI certificates is defined. X.509 digital certificate is a certificate-based
authentication security framework that can be used for providing secure
transaction processing and private information. These are primarily used for
handling the security and identity in computer networking and internet-based
communications.
Working of X.509 Authentication Service Certificate:
The core of the X.509 authentication service is the public key certificate connected
to each user. These user certificates are assumed to be produced by some trusted
certification authority and positioned in the directory by the user or the certified
authority. These directory servers are only used for providing an effortless
reachable location for all users so that they can acquire certificates. X.509
standard is built on an IDL known as ASN.1. With the help of Abstract Syntax
Notation, the X.509 certificate format uses an associated public and private key
pair for encrypting and decrypting a message.
Once an X.509 certificate is provided to a user by the certified authority, that
certificate is attached to it like an identity card. The chances of someone stealing
it or losing it are less, unlike other unsecured passwords. With the help of this
analogy, it is easier to imagine how this authentication works: the certificate is
basically presented like an identity at the resource that requires authentication.

32 | Module No: 1
Format of X.509 Authentication Service Certificate:

Generally, the certificate includes the elements given below:

● Version number: It defines the X.509 version that concerns the certificate.
● Serial number: It is the unique number that the certified authority issues.
● Signature Algorithm Identifier: This is the algorithm that is used for
signing the certificate.

33 | Module No: 1
● Issuer name: Tells about the X.500 name of the certified authority which
signed and created the certificate.
● Period of Validity: It defines the period for which the certificate is valid.
● Subject Name: Tells about the name of the user to whom this certificate has
been issued.
● Subject’s public key information: It defines the subject’s public key along
with an identifier of the algorithm for which this key is supposed to be used.
● Extension block: This field contains additional standard information.
● Signature: This field contains the hash code of all other fields which is
encrypted by the certified authority private key.
Applications of X.509 Authentication Service Certificate:
Many protocols depend on X.509 and it has many applications, some of them are
given below:
● Document signing and Digital signature
● Web server security with the help of Transport Layer Security (TLS)/Secure
Sockets Layer (SSL) certificates
● Email certificates
● Code signing
● Secure Shell Protocol (SSH) keys
● Digital Identities

34 | Module No: 1