Obtaining & Revocation of Digital Certificate (X.509 Certificate) | How to obtain digital certificate | Why digital certificate is revoke?

 

Obtaining Digital Certificate (X.509 Certificate)

Any user can verify a certificate if he/she has the public key of the CA that issued the certificate. Since certificates are unforgeable, they are simply stored in the directory. The directory entry for each CA includes two types of certificates:

Forward certificates: Certificates of X generated by other CAs.

Reverse certificates: Certificates generated by X that are the certificates of other CAs.

 

Figure: Forward and Reverse Certificate

Users subscribed to same CA can obtain certificate from the directory. Suppose, A has obtained a certificate from certification authority (CA) X1 and B has obtained a certificate from certification authority (CA) X2. A user may directly send the certificate to the other user. If A does not know the public key of X2, then B's certificate, issued by X2, is useless to A because A can read B's certificate, but A cannot verify the signature. However, multiple CAs are there and users subscribed to different CAs may want to communicate with each other. (This paragraph related to below figure)

 

Figure: Obtaining Digital Certificate

But if the two CAs have securely exchanged their own public keys, the following procedure will enable A to obtain B's public key:

A obtains the certificate of X₂ signed by X₁ from the directory. A securely knows X₁'s public key, so A can obtain X₂'s public key from its certificate and verify X₁'s signature on the certificate. A then obtains the certificate of B signed by X₂. A now has a copy of X₂'s public key, so A can verify the signature and securely obtain B's public key. (This paragraph related to below figure). In this case, A has used a chain of certificates to obtain B's public key. In the notation of X.509, this chain is expressed as: X1<<X2>> X2 <<B>>

Figure: Chain of Certificate

Revocation of Digital Certificate (X.509 Certificate)

Certificate revocation is the act of invalidating a certificate before its scheduled expiration date. Certificates that are revoked are stored on a list by the CA, called the Certificate Revocation List (CRL). However, certificates need to be revoked if,

1.    The user’s private key has been compromised.

2.    The user’s certificate has been compromised.

3.    The user is no longer certified by the CA.

The certificate revocation format is shown in the figure.

Each CA (Certificate Authority) must maintain a list consisting of all revoked but not expired certificates issued by that CA, including both those issued to users and to other CAs. Each certificate revocation list (CRL) posted to the directory is signed by the issuer and includes

1.    The issuer’s name,

2.    The date the list was created,

3.    The date the next CRL is scheduled to be issued, and

4.    An entry for each revoked certificate.

Every user must check the CRL before using other user’s public key.

Figure: Certificate Revocation Format

What happens when you revoke a certificate?

Ideally, browsers and other clients should be able to detect that the certificate is revoked in timely manner, show the security warning, that certificate is no longer trusted, and prevent user from further consuming such a website. See below this figure.

To learn more about Obtain and Revocation of Digital Certificate Format, Click here

   Watch more videos click here.

Symmetric Key Distribution using Asymmetric Encryption | Secret Key Distribution using Asymmetric Encryption

 

There are two approaches: Simple Secret Key Distribution and Secret key Distribution with Confidentiality and Authentication.

Simple Secret Key Distribution

If A wishes to communicate with B, the following procedure is employed: A generates a public/private key pair {PU_a, PR_a} and transmits a message to B consisting of PU_a and an identifier of A, ID_A. B generates a secret key, K_s, and transmits it to A, which is encrypted with A’s public key.

Figure: Simple Secret Key Distribution

A decrypt message using, D (PR_a, E (PU_a, K_s)) to recover the secret key. Because only A can decrypt the message, only A and B will know the identity of K_s. A discards PU_a and PR_a and B discards PU_a. A and B can now securely communicate using conventional encryption and the session key K_s. At the completion of the exchange, both A and B discard K_s. 

Secret Key Distribution with Confidentiality and Authentication

A uses B’s public key to encrypt a message to B containing an identifier of A(ID_A)and a nonce (N₁), which is used to identify this transaction uniquely. B sends a message to user A encrypted with PU_a and containing A’s nonce as (N₁) well as a new nonce generated by B(N₂). Because only B could have decrypted message (1), the presence of N₁ in message (2) assures A that the correspondent is B. A returns N₂, encrypted using B’s public key, to assure B that its correspondent is A. A selects a secret key and sends M = E (PU_b, E (PR_a, K_s)) to B.

Figure: Secret Key distribution with confidentiality and authentication

Encryption of this message with B’s public key ensures that only B can read it; encryption with A’s private key ensures that only A could have sent it. B decrypt the message and get secret key K_s. The result is that this scheme ensures both confidentiality and authentication in the exchange of a secret key.

To learn more about Symmetric Key Distribution using Asymmetric Encryption, Click here

   Watch more videos click here.

Elgamal and Schnorr scheme of Digital Signature | Which scheme is best Elgamal or Schnorr?

 

Elgamal Scheme (Digital Signature Scheme)

This scheme is variant of digital signature algorithm. This scheme is based on computing assumption of large prime number. It is computationally very complex to compute S₁ and S₂. This scheme assure that authenticity of message m sent by sender/signer to verifier. As with Elgamal encryption, the global elements of Elgamal digital signature are based on prime number q and α, which is a primitive root of q.

 

Algorithm

Generating private key & public key pair:

Step-1: Generate a random integer X_A, such that 1 < X_A < q-1.

Step-2: Compute Y_A = α ^XA mod q.

Step-3: A’s private key is X_A; A’s pubic key is {q, α, Y_A}.

 

Create Digital Signature:

Step-1: Choose a random integer K such that 1 ≤ K ≤ q-1 and gcd (K, q-1) = 1. K is relatively prime to q-1.

Step-2: Compute S₁ = α ^K mod q.

Step-3: Compute S₂ = K^-1(m – X_AS₁) mod (q – 1).

Step-4: The signature consists of the pair (S₁, S₂).

 

Signature Verification

Step-1: Calculate V₁ = α^m mod q.

Step-2: Calculate V₂ = (Y_A)^S1 (S₁)^S2mod q.

 

Schnorr (Digital Signature Scheme)

The Schnorr signature scheme is also based on discrete logarithms. The Schnorr scheme minimizes the message-dependent amount of computation required to generate a signature. The main work for signature generation does not depend on the message. The scheme is based on using a prime modulus p, with having a (p-1) prime factor of q appropriate size; that is, p = 1 (mod q).  Typically, we use p = 2¹⁰²⁴ and q = 2¹⁶⁰. Thus, p is a 1024-bit number, and q is a 160-bit number, which is also the length of the SHA-1 hash value.

 

Algorithm

Generating private key & public key pair:

Step-1: Choose primes p and q, such that q is a prime factor of p-1.

Step-2: Choose an integer α, such that α^q = 1 mod p. The values α, p, and q comprise a global public key that can be common to a group of users.

Step-3: Choose a random integer s with 0 < s < q. This is the user’s private key.

Step-4: Calculate v = α ^-s mod p. This is the user’s public key.

 

Create Digital Signature:

Step-1: Choose a random integer r with 0 < r < q and compute x = α^r mod p. This computation is a pre-processing stage independent of the message M to be signed.

Step-2: Concatenate the message with and hash the result to compute the value:

e = H (M || x)

Step-3: Compute y = (r + se) mod q. The signature consists of the pair (e, y).

 

Signature Verification

Step-1: Compute x’

     x’ = α ^y v^e mod p

     x’ = α ^y α ^-se mod p      (∵ v = α ^-s mod p)

       x’ = α ^(y-se) mod p

       x’ = α ^r mod p               (∵ y = r + se)

       x’ = x

     So, here x’ = x.

     

Step-2: Verify e = H (M || x).

Hence, H (M || x’) = H (M || x).

 

Which scheme is best Elgamal or Schnorr?

Elgamal Signature scheme is more time consuming in compare to Schnorr Scheme. Schnorr scheme is 6 times faster than Elgamal and produce signature which is 6 times smaller.

To learn more about Elgamal & Schnorr Digital Signature Scheme, Click here

   Watch more videos click here.

Digital Signature Requirement and Security | Real time application of digital signature

Digital Signature Requirement

On the basis of the properties just discussed, we can formulate the following requirements for a digital signature.

The signature must be a bit pattern that depends on the message being signed.

The signature must use some unique information of the sender to prevent both forgery and denial.

It must be relatively easy to produce the digital signature.

It must be relatively easy to recognize and verify the digital signature.

It must be computationally infeasible to forge a digital signature, either by constructing a new message for an existing digital signature or by constructing a fraud digital signature for a given message.

It must be practical to retain a copy of the digital signature in storage.

 

Security

Message Authentication: A digital signature technique can provide message authentication. Digital signature is used to establish proof of identities and ensure that the origin of an electronic message is correctly identified.

Message Integrity: Digital signature are used to detect unauthorized modification to data which assures that the contents of message are not changed after sender sends but before it reaches to intended receiver.

Non-Repudiation: There are situation where a user sends a message and alter on refuses that he had sent that message. That is known as non-repudiation because the person who signed the document cannot repudiate the signature at a later time.

We can prevent man in the middle attack, Replay attack, Masquerade, Impersonation attack.

 

Realtime usage of digital signature

Now a day’s digital signature techniques are used in many application areas like sending confidential e-mails, during secure payment transfer and possibly all software companies, universities, educational institutions those want to achieve authentication and integrity of their confidential information.

Figure: Add digital signature in message

Figure: Signed and valid digital signature

To learn more about Digital Signature Requirement & Security, Click here

   Watch more videos click here.

Digital Signature | Process of digital Signature | Properties of Digital Signature | Purpose of Digital Signature

What is Digital Signature?

A digital signature is a mathematical technique used to validate the authenticity and integrity of a message or digital document. A digital signature is defined the signature generated electronically from the digital computer to ensure the identity of the sender and content of the message cannot be modified during transmission process.

Purpose of Digital Signature

Concept of digital signature is that sender of a message uses a signing key (Private key) to sign the message and send that message and its digital signature. The receiver uses a verification key (Public key) of the sender only to verify the origin of the message and make sure that it has not been tempered with while in transmission. Digital signature techniques achieve the authenticity and integrity of the data over internet.

 

Figure: Concept of Digital Signature

Process of Digital Signature

Hash value of a message when encrypted with the private key of a user is, his digital signature on that e-Document. Digital signature is an example of asymmetric key cryptography which uses three different algorithms to complete the process.

Step – 1: First step is key generation algorithm which generates private key and a corresponding public key.

Step – 2: Next step signing algorithm which selects sending message and a private key generated in step 1, to produce a signature.

Step – 3: Third step is signature verifying algorithm which verifies the authenticity of sending message and public key.

 

Figure: Process of Digital Signature

Properties of Digital Signature

In situations where, there is no complete trust between sender and receiver, something more than authentication is needed. The most attractive solution to this problem is the digital signature. The digital signature must have the following properties:

1.      It must verify the author and the date and time of the signature.

2.      It must authenticate the contents at the time of the signature.

3.      It must be verifiable by third parties, to resolve disputes.

Thus, the digital signature function includes the authentication function.

Advantage

Authentication: Identification of person that signs.

Integrity of data: Every change will be detected.

Non repudiation: Author cannot be denied of his work.

Imposter prevention: Elimination of possibility of committing fraud by an imposter.

Disadvantage

Expiry: In this era of fast technology, many of these tech products have a short life.

Certificates: In order to effectively use of digital signatures, both senders and receivers may have to buy digital certificates.

Software: To work with digital certificates/digital signatures, senders and receivers have to buy verification software or pay to third party for verification.

To learn more about Digital Signature, Click here

   Watch more videos click here.

Difference between SHA1 and MD5 | Compare SHA1 and MD5

 

SHA-1

The secure hash algorithm (SHA) was developed by National Institute of Standards and Technology (NIST). It is based on MD4 algorithm. Based on different digest lengths, SHA includes algorithms such as SHA-1, SHA-256, SHA-384 and SHA-512. Unlike encryption, given a variable length message x, a secure hash algorithm computes a function H(x) which has a fixed bit. When a message of any length is less than 264 bits is input, the SHA-1 produces a 160-bit output called message digest.

 

MD 5

128-bit message digest developed by Ron Rivest. This algorithm takes the input length of arbitrary length and 128-bit message digest is produced. The input message is 512-bit blocks. Figure shows processing of message to produce message digest.

 

Difference between SHA-1 and MD 5

To learn more about Difference between SHA1 and MD5, Click here

   Watch more videos click here.

Difference between Hash Function and MAC

Hash Function

In hash function H accepts a variable length block of input data called as ‘M’ and produces the fixed size hash value can be represented as h = M(H).

Figure: Block diagram of Hash Function

When hash function provides security, this is called cryptographic hash functions. Hash function protects the integrity of the message. If encryption process is applying on message with hash function, it is also providing authentication and confidentiality.

A hash function provides a property that has function applied on variable amount of data (M) and then it produces the fixed amount of output data. If any bit or bits changes in the data, then whole hash function output data will also change. Cryptographic has function is one-way function, which is practically infeasible to invert. The most popular hashing algorithm is MD5 and SHA.

MAC

Message authentication is a mechanism or service used to verify the integrity of a message. Message authentication guarantees that the sender of the message is authentic.

 

Figure: Block diagram of MAC

A MAC algorithm, sometimes called a keyed hash function accepts as input a secret key an arbitrary-length message to be authenticated, and outputs a MAC. MAC value protects both a message’s data integrity as well as its authenticity, by allowing verifies to detect any changes. The MAC is a small fixed-size block of data that is generated based on a message M of variable length using secret key K as follows. MAC is also called cryptographic checksum.

MAC = C (K, M)

Difference between Hash Function and Message Authentication Code (MAC)

To learn more about Difference between hash function and MAC, Click here

   Watch more videos click here.

Message Authentication Code based on Block Cipher | MAC based on Block Cipher | Data Authentication algorithm (DAA) | Cipher based Message Authentication Code (CMAC)

     Data Authentication Algorithm (DAA)

Figure: DAA Block Diagram

One of the most widely used MACs is referred to as the Data Authentication Algorithm. The algorithm is designed using the Cipher Block Chaining mode of operation of DES, as shown in figure. The data (e.g., message, record, file, or program) to be authenticated are grouped into fixed size 64-bit blocks: D1, D2,….., DN. If necessary, the final block is padded on the right with zeroes to make a 64-bit blocks. Using the DES encryption algorithm and a secret key, a data authentication code (DAC) is calculated as follows:

The DAC consists of either the entire block ON or the leftmost M bits of the block, with 16 ≤ M ≤ 64.

Cipher based message authentication code (CMAC)

 

Figure: CMAC Block Diagram

Data Authentication Algorithm (DAA), which is now obsolete. Then CMAC, which is designed to overcome the deficiencies of DAA. Cipher-based Message Authentication Code (CMAC) mode of operation for use with AES and triple DES. First, let us define the operation of CMAC when the message is an integer multiple n of the cipher block length b. For AES, b=128, and for triple DES, b=64. The message is divided into n blocks (M1, M2,…, Mn ).

For AES, the key size is 128, 192, or 256 bits; for triple DES, the key size is 112 or 168 bits. CMAC is calculated as follows:

C1 = E(K, M1)

C2 = E(K, [M2 ⊕ C1])

C3 = E(K, [M3 ⊕ C2])

   .

   .

   .

Cn = E(K, [Mn ⊕ Cn-1 ⊕ K1])

T = MSBTlen(Cn)

To learn more about MAC based on Block Cipher, Click here

   Watch more videos click here.