Digital signatures are considered the most important development in public key cryptography. Sun Developer Network states: “A digital signature is a string of bits that is calculated from some data (the data is ‘signed’) and the private key of an entity. The signature can be used to verify that the data comes from the entity. and was not modified in transit “(The Java Tutorial, nd). Digital signatures must have the properties of author verification, verification of the date and time of signing, authenticating the content at the time of signing, as well as being verifiable by a third party to resolve disputes. Based on these properties, there are various requirements for a digital signature. The first of these requirements is that the signature must be a bit pattern that depends on the message being signed. The following requirement is stated to avoid falsification and denial. It establishes that the signature must use some information that is unique to the sender. The third requirement is that it must be fairly easy to generate the digital signature. Being relatively easy to recognize and verify the digital signature is another requirement. The fifth requirement states that it must be computationally unfeasible to falsify a digital signature, either by constructing a new message for an existing digital signature or by constructing a fraudulent digital signature for a given message. The last requirement is that it is practical to store a copy of the digital signature. Many approaches have been proposed for the implementation of digital signatures, and are included in the direct and arbitrated digital signature approaches (Stallings, 2003).
Direct digital signature involves only communication between the source and destination parties, and arbitrated digital signature schemes include the use of an arbitrator. The direct digital signature is created by encrypting the entire message or a hash code of the message with the sender’s private key. More confidentiality can be provided by encrypting the message in its entirety and adding the signature using the recipient’s public key or a secret key shared between the sender and the recipient. A weakness in the direct signature scheme is that a sender can later deny having sent a message. Another weakness is the threat of theft of a private key and the sending of a message with the signature. Both of these weaknesses are the main reason for the arbitrated digital signature scheme. In the arbitrated scheme, a sender’s message must first pass through an arbiter who runs a series of tests to verify origin and content before being sent to the receiver. Because the referee plays such a crucial role, the sender and receiver must have a great deal of trust in this referee. This reliance on the referee assures the sender that no one can forge his signature and assures the receiver that the sender cannot deny his signature (Stallings, 2003).
The problem of replay attacks is a primary concern when it comes to mutual authentication when both parties confirm each other’s identity and exchange session keys. The main problems with mutual authentication lie in the exchange of keys: confidentiality and deadlines. Timelines are susceptible to replaying attacks that disrupt operations by presenting parties with messages that appear to be genuine but are not. One type of replay attack is the suppression-response attack that can occur in the Denning protocol. The Denning protocol uses timestamps to increase security. The problem here revolves around reliance on clocks that are synchronized across the entire network. It is stated, “… that distributed clocks can become desynchronized as a result of sabotage or failure of clocks or synchronization mechanism” (Stallings, 2003 p. 387). Li Gong states, “… the recipient is still vulnerable to accepting the message as current, even after the sender has detected its clock error and resynchronized the clock, unless the postdated message has been invalidated in some way” , which is unlikely. If the sender’s clock is ahead of the receivers and the message is intercepted, the opponent can replay the message when the timestamp becomes current. This type of attack is known as a suppress-repeat attack.
To address the delete-replay attack concern, an improved protocol was introduced. These are the detailed steps.
1. “A initiates the authentication exchange by generating a nonce, Na, and sending that plus its identifier to B in the complaint text. This nonce will be returned to A in an encrypted message that includes the session key, assuring A of your timelines.
2. B advises the KDC that a session key is required. Your message to the KDC includes your identifier and a nonce, Nb. This nonce will be returned to B in an encrypted message that includes the session key, assuring B of its punctuality. The message from B to the KDC also includes an encrypted block with the secret key shared by B and the KDC. This block is used to instruct the KDC to issue credentials to A; the block specifies the intended recipient of the credentials, a suggested expiration time for the credentials, and the nonce received from A.
3. The KDC passes the nonce of AB and an encrypted block with the secret key by A for later authentications, as will be seen. The KDC also sends A an encrypted block with the secret key shared by A and the KDC. This block verifies that B has received the initial message from A (IDB) and that this is a timely message and not a repetition (Na), and provides A with a session key (KS) and the time limit for its use ( Tb).
4. A transmits the ticket to B, together with B’s nonce, the latter encrypted with the session key. The ticket provides B with the secret key that is used to decrypt EKS[Nb] to retrieve the nonce. The fact that B’s nonce is encrypted with the session key authenticates that the message came from A and is not a repetition “(Stallings, 2003 pp. 387-388).
This protocol is not vulnerable to delete and replay attacks due to the fact that the names that the recipient will choose in the future are unpredictable to the sender (Gong, nd).
In conclusion, digital signatures are considered the most important development in public key cryptography and include direct and arbitrated digital signature approaches. Direct digital signature involves only communication between the source and destination parties, and arbitrated digital signature schemes include the use of an arbitrator. Suppress-replay attacks can occur if the sender’s clock is ahead of the receivers and the message is intercepted. This allows the opponent to replay the message when the timestamp becomes current. This problem is solved by implementing a protocol that uses timestamps that do not require synchronized clocks because receiver B only checks for self-generated timestamps (Stallings, 2003).
Cited works
Gong, Li (undated). Security risk of relying on synchronized clocks. ORA Corporation and Cornell University. Retrieved November 5, 2005, from https://portal.acm.org
Stallings, William. (2003). Cryptography and network security: principles and practices. New Jersey: Pearson Education, Inc.
The Java Tutorial (nd). Sun Developer Network. Retrieved November 5, 2005, from http://java.sun.com/docs/books/tutorial/index.html
