Scribd
Upload
163 views29 pages

Digital Signature Algorithm

Digital signatures provide authentication, integrity, and non-repudiation for digital documents. They are created by hashing the document contents and encrypting the hash with the sender's private key. The receiver decrypts the signature with the public key to verify the document has not changed. Common algorithms like DSA are implemented in programming languages to enable digital signatures. Cybersecurity frameworks provide guidance for assessing risks and developing strategies to mitigate threats. Approaches like threat modeling involve decomposing systems to identify vulnerabilities and countermeasures.

Uploaded by

hawariya abel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
163 views29 pages

Digital Signature Algorithm

Digital signatures provide authentication, integrity, and non-repudiation for digital documents. They are created by hashing the document contents and encrypting the hash with the sender's private key. The receiver decrypts the signature with the public key to verify the document has not changed. Common algorithms like DSA are implemented in programming languages to enable digital signatures. Cybersecurity frameworks provide guidance for assessing risks and developing strategies to mitigate threats. Approaches like threat modeling involve decomposing systems to identify vulnerabilities and countermeasures.

Uploaded by

hawariya abel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 29

Digital Signature Algorithm

1
Model of Digital Signature
Encryption of Digital Signature
Design of Hashing Algorithms
Hash Function
• The Main application of hash function is Data
integrity or originality checker
Sketch the Hash function with MAC
Ek (M||H(M))
Sketch the Hash diagram

Ek(M||H(M||S))
At Sender Side
•1. Message digest is generated using a set of Hash functions.

•2. A message digest is encrypted using senders private key.

•3. The resulting encrypted message is known as digital


signature.

•4. Digital signature is attached with data or message and send


to receiver.
At Receiver Side
1. Receiver uses senders public key to decrypt senders digital
signature to obtain message digest send by receiver.

2. Receiver uses same message digest algorithm, which is used


by sender

3. Now, receiver will compare these two message digest

4. If message digest are equal then signature is valid else not.


Advantages
• Authentication:
– Identification of person sign.
• Integrity od data:
– Every change is detected.
• Non Repudiation:
– Author has encrypted sign on message.
• Speed:
– Contracts are easily written, completed, and signed by all
concerned parties in a little amount of time no matter how far the
parties are geographically.
Disadvantages
• Expiry
• Certificate issue procedures
• Software compatibility
Digital signature scheme
A digital signature scheme is a triple (Gen, Sign,
Ver):
•Gen(len): generate a key pair (pk,sk) of length
len
•Sign(m; sk): sign message m with key sk,
producing signature s as output
•Ver(m, s; sk): verify signature s on message m
with key pk
DSA
DSA: Digital Signature Algorithm [Kravitz 1991]
•Standardized by NIST and made available
royalty-free in 1991/1993
•Used for decades without any serious attacks
•Closely related to Elgamal encryption
Implementation of Cryptography?
• By Using Java, Python, CPP, C#
//Generate the pair of keys
KeyPair pair = keyPairGen.generateKeyPair();
import java.security.KeyPair; //Getting the private key from the key pair
PrivateKey privKey = pair.getPrivate();
import java.security.KeyPairGenerator;
import java.security.PrivateKey; //Creating a Signature object
Signature sign = Signature.getInstance("sha1withrsa");
import java.security.Signature;
//Initialize the signature
import java.util.Scanner; sign.initSign(privKey);
byte[] bytes = "msg".getBytes();
public class Digsign {
public static void main(String args[]) //Adding data to the signature
sign.update(bytes);
throws Exception {
//Calculating the signature
//Accepting text from user byte[] signature = sign.sign();
Scanner sc = new Scanner(System.in);
//Printing the signature
System.out.println("Enter some text"); System.out.println("Digital signature for given text: "+new String(signature, "UTF8"));
}
String msg = sc.nextLine(); }

//Creating KeyPair generator object


KeyPairGenerator keyPairGen =
KeyPairGenerator.getInstance("RSA");

//Initializing the key pair generator


keyPairGen.initialize(2048);
Discuss
on Cyber Security Frameworks
seven common cybersecurity
frameworks.
• NIST(National Institute of Standards &Technology)
• ISO 27001 and ISO 27002
• SOC2(Service Organization Control- type-2)
• NERC-CIP(North American Electric Reliability
Corporation - Critical Infrastructure Protection)
• HIPAA(Health Insurance Portability and Accountability
Act)
• GDPRThe General Data Protection Regulation)
• FISMA(Federal Information Security Management Act)
Framework 2: OCTAVE
• Operationally Critical Threat, Asset and
Vulnerability Evaluation
• Carnegie-Mellon University guidance
– Origin in 2001
– Used by US military and a growing number of
larger organisations
• www.cert.org/octave
Concept of OCTAVE
• Workshop-based analysis
• Collaborative approach
• Guided by an 18-volume publication
• Very specific, with suggested timings, personnel
selection etc.
• www.cert.org/octave/omig.html

• Smaller version, OCTAVE-S, for small and medium


organisations
• www.cert.org/octave/osig.html
OCTAVE Process
Phase 1 Progressive Series of Workshops
Organizational Assets
View Threats
Current Practices
Org. Vulnerabilities Phase 3
Security Req.
Strategy and Plan
Development
Planning

Risks
Phase 2 Protection Strategy
Tech. Vulnerabilities Mitigation Plans
Technological
View
Framework 3: Security Risk Analysis
• A simplified approach, taking into account
your assets exposure to security risks
• Requires:
1. Identifying your assets
2. Assesing risks and their impact, probability and
exposure
3. Formulating plans to reduce overall risk
exposure
Risk Impact Assessment
• For each asset and risk attach a measure of
impact
• Monetary scale if possible (difficult) or relative
numbers with agreed meaning
• E.g.: Trivial (1), Low (2), Medium (3), High (4),
Catastrophic (5)
• Ex:
• Asset: Internal MD mailbox
• Risk: Access to content by press
• Impact: Catastrophic (5)
Risk Probability Assessment
• Now for each entry measure probability the
loss may happen
• Real probabilities (difficult) or a relative scale
(easier) such as: Low (0.3), Medium, (0.6), and
High (0.9)
• Ex:
– Asset: Internal MD mailbox
– Risk: Access to content by press
– Probability: Low (0.3)
Risk Exposure and Risk List
• Multiply probability by impact for each entry
• Exposure = Probability x Impact
• Sort by exposure
• High-exposure risks need very strong security
measures
• Lowest-exposure risks can be covered by default
mechanisms or ignored
• Example:
• Press may access MD mailbox:
Exposure = P(Low=0.3) x I(Catastrophic=5) = 1.5
• By the way, minimum exposure is 0.3 and maximum is
4.5 is our examples
Mitigation and Contingency
• For high-exposure risks plan:
– Mitigation: Reduce its probability or impact (so
exposure)
– Transfer: Make someone else responsible for the
risk
– Avoidance: avoid the risk by not having the asset
– Contingency: what to do if the risk becomes
reality
Framework 4: Threat Modeling
• Structured analysis aimed at:
1. Identify Assets
– Finding infrastructure
2. Create an Architecture Overview vulnerabilities
– Evaluating security threats
3. Decompose the System
– Identify countermeasures
4. Identify the Threats
– Originated from software
5. Document the Threats development security threat
analysis
6. Rate the Threats
STRIDE
A Technique for Threat Identification (Step 4)
Type of Threat Examples

Spoofing Forging Email Message


Replaying Authentication

Tampering Altering data during transmission


Changing data in database

Repudiation Delete critical data and deny it


Purchase product and deny it

Information disclosure Expose information in error messages


Expose code on web site

Denial of Service Flood web service with invalid request


Flood network with SYN

Elevation of Privilege Obtain Administrator privileges


Use assembly in GAC to create acct
<<<<End>>>>

You might also like