CNS Unitv
CNS Unitv
Security
UNIT V
MESSAGE AUTHENTICATION
• COMPARISON
• Inclusion
• CONV S: Cheque and signature are together
• DIGI S: document / message and signature are separate
• Verification Method:
• Method of verifying the signature
• CS: once a document is received, signature is verified with the signature in file
• DS: a verification algorithm is used to verify a signature and the signature is not stored anywhere
• Relationship:
• CS: one to many rel- same signatures in many documents
• Digital sign: one to one – each message has a different signature
• Duplicity:
• CS: sign in copy of the signed document and the original may be slightly different
• DS: no change among the two
• Message Integrity
• If the message is changed, the same signature cannot be obtained.
• Hash functions are used in signing and verifying algorithms
• Nonrepudiation
• Denial of the transmission of a message by the source
• Though Alice may prove that the docu can be opened with the public key of Alice,
Alice would have changed both the keys
Dr. Nandhini Vineeth 15
• Solution:
• Trusted third party
• Explanation of the
figure
• Later if Alice denies,
Trusted centre shows
the copy of the saved
message.
• Known-Message Attack
• Eve has access to some M,S Pairs
• With this tries to create a message and tries to sign
• Like known- PT attack
• Chosen-Message Attack
• Eve somehow makes Alice sign one or more messages
• Eve now has a chosen message/ signature pair
• Chosen plaintext attack
a. The user’s (subject’s) private key (corresponding to the public key listed in the
certificate) might have been comprised.
b.The CA is no longer willing to certify the user. For example, the user’s certificate
relates to an organization that she no longer works for.
c. The CA’s private key, which can verify certificates, may have been
compromised. In this case, the CA needs to revoke all unexpired certificates.
Dr. Nandhini Vineeth 51
Dr. Nandhini Vineeth 52
Delta Revocation
• To make revocation more efficient, the delta certificate revocation list
(delta CRL) has been introduced. A delta CRL is created and posted on
the directory if there are
• changes after this update date and next update date. For example, if
CRLs are issued every month, but there are revocations in between,
the CA can create a delta CRL when there is a change during the
month. However, a delta CRL contains only the changes made after
the last CRL.