Digital Signature Algorithm

Digital signatures provide authentication, integrity, and non-repudiation for digital documents. They are created by hashing the document contents and encrypting the hash with the sender's private key. The receiver decrypts the signature with the public key to verify the document has not changed. Common algorithms like DSA are implemented in programming languages to enable digital signatures. Cybersecurity frameworks provide guidance for assessing risks and developing strategies to mitigate threats. Approaches like threat modeling involve decomposing systems to identify vulnerabilities and countermeasures.

Uploaded by

hawariya abel

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPT, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

210 views29 pages

Digital Signature Algorithm

Uploaded by

hawariya abel

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPT, PDF, TXT or read online on Scribd

You are on page 1/ 29

Digital Signature Algorithm

1
Model of Digital Signature
Encryption of Digital Signature
Design of Hashing Algorithms
Hash Function
• The Main application of hash function is Data
integrity or originality checker
Sketch the Hash function with MAC
Ek (M||H(M))
Sketch the Hash diagram

Ek(M||H(M||S))
At Sender Side
•1. Message digest is generated using a set of Hash functions.

•2. A message digest is encrypted using senders private key.

•3. The resulting encrypted message is known as digital

signature.

•4. Digital signature is attached with data or message and send

to receiver.
At Receiver Side
1. Receiver uses senders public key to decrypt senders digital
signature to obtain message digest send by receiver.

2. Receiver uses same message digest algorithm, which is used

by sender

3. Now, receiver will compare these two message digest

4. If message digest are equal then signature is valid else not.

Advantages
• Authentication:
– Identification of person sign.
• Integrity od data:
– Every change is detected.
• Non Repudiation:
– Author has encrypted sign on message.
• Speed:
– Contracts are easily written, completed, and signed by all
concerned parties in a little amount of time no matter how far the
parties are geographically.
Disadvantages
• Expiry
• Certificate issue procedures
• Software compatibility
Digital signature scheme
A digital signature scheme is a triple (Gen, Sign,
Ver):
•Gen(len): generate a key pair (pk,sk) of length
len
•Sign(m; sk): sign message m with key sk,
producing signature s as output
•Ver(m, s; sk): verify signature s on message m
with key pk
DSA
DSA: Digital Signature Algorithm [Kravitz 1991]
•Standardized by NIST and made available
royalty-free in 1991/1993
•Used for decades without any serious attacks
•Closely related to Elgamal encryption
Implementation of Cryptography?
• By Using Java, Python, CPP, C#
//Generate the pair of keys
KeyPair pair = keyPairGen.generateKeyPair();
import java.security.KeyPair; //Getting the private key from the key pair
PrivateKey privKey = pair.getPrivate();
import java.security.KeyPairGenerator;
import java.security.PrivateKey; //Creating a Signature object
Signature sign = Signature.getInstance("sha1withrsa");
import java.security.Signature;
//Initialize the signature
import java.util.Scanner; sign.initSign(privKey);
byte[] bytes = "msg".getBytes();
public class Digsign {
public static void main(String args[]) //Adding data to the signature
sign.update(bytes);
throws Exception {
//Calculating the signature
//Accepting text from user byte[] signature = sign.sign();
Scanner sc = new Scanner(System.in);
//Printing the signature
System.out.println("Enter some text"); System.out.println("Digital signature for given text: "+new String(signature, "UTF8"));
}
String msg = sc.nextLine(); }

//Creating KeyPair generator object

KeyPairGenerator keyPairGen =
KeyPairGenerator.getInstance("RSA");

//Initializing the key pair generator

keyPairGen.initialize(2048);
Discuss
on Cyber Security Frameworks
seven common cybersecurity
frameworks.
• NIST(National Institute of Standards &Technology)
• ISO 27001 and ISO 27002
• SOC2(Service Organization Control- type-2)
• NERC-CIP(North American Electric Reliability
Corporation - Critical Infrastructure Protection)
• HIPAA(Health Insurance Portability and Accountability
Act)
• GDPRThe General Data Protection Regulation)
• FISMA(Federal Information Security Management Act)
Framework 2: OCTAVE
• Operationally Critical Threat, Asset and
Vulnerability Evaluation
• Carnegie-Mellon University guidance
– Origin in 2001
– Used by US military and a growing number of
larger organisations
• www.cert.org/octave
Concept of OCTAVE
• Workshop-based analysis
• Collaborative approach
• Guided by an 18-volume publication
• Very specific, with suggested timings, personnel
selection etc.
• www.cert.org/octave/omig.html

• Smaller version, OCTAVE-S, for small and medium

organisations
• www.cert.org/octave/osig.html
OCTAVE Process
Phase 1 Progressive Series of Workshops
Organizational Assets
View Threats
Current Practices
Org. Vulnerabilities Phase 3
Security Req.
Strategy and Plan
Development
Planning

Risks
Phase 2 Protection Strategy
Tech. Vulnerabilities Mitigation Plans
Technological
View
Framework 3: Security Risk Analysis
• A simplified approach, taking into account
your assets exposure to security risks
• Requires:
1. Identifying your assets
2. Assesing risks and their impact, probability and
exposure
3. Formulating plans to reduce overall risk
exposure
Risk Impact Assessment
• For each asset and risk attach a measure of
impact
• Monetary scale if possible (difficult) or relative
numbers with agreed meaning
• E.g.: Trivial (1), Low (2), Medium (3), High (4),
Catastrophic (5)
• Ex:
• Asset: Internal MD mailbox
• Risk: Access to content by press
• Impact: Catastrophic (5)
Risk Probability Assessment
• Now for each entry measure probability the
loss may happen
• Real probabilities (difficult) or a relative scale
(easier) such as: Low (0.3), Medium, (0.6), and
High (0.9)
• Ex:
– Asset: Internal MD mailbox
– Risk: Access to content by press
– Probability: Low (0.3)
Risk Exposure and Risk List
• Multiply probability by impact for each entry
• Exposure = Probability x Impact
• Sort by exposure
• High-exposure risks need very strong security
measures
• Lowest-exposure risks can be covered by default
mechanisms or ignored
• Example:
• Press may access MD mailbox:
Exposure = P(Low=0.3) x I(Catastrophic=5) = 1.5
• By the way, minimum exposure is 0.3 and maximum is
4.5 is our examples
Mitigation and Contingency
• For high-exposure risks plan:
– Mitigation: Reduce its probability or impact (so
exposure)
– Transfer: Make someone else responsible for the
risk
– Avoidance: avoid the risk by not having the asset
– Contingency: what to do if the risk becomes
reality
Framework 4: Threat Modeling
• Structured analysis aimed at:
1. Identify Assets
– Finding infrastructure
2. Create an Architecture Overview vulnerabilities
– Evaluating security threats
3. Decompose the System
– Identify countermeasures
4. Identify the Threats
– Originated from software
5. Document the Threats development security threat
analysis
6. Rate the Threats
STRIDE
A Technique for Threat Identification (Step 4)
Type of Threat Examples

Spoofing Forging Email Message

Replaying Authentication

Tampering Altering data during transmission

Changing data in database

Repudiation Delete critical data and deny it

Purchase product and deny it

Information disclosure Expose information in error messages

Expose code on web site

Denial of Service Flood web service with invalid request

Flood network with SYN

Elevation of Privilege Obtain Administrator privileges

Use assembly in GAC to create acct
<<<<End>>>>

Applying The Concepts Studied in The Chapter To The Case Study
100% (2)
Applying The Concepts Studied in The Chapter To The Case Study
2 pages
Introduction To The Linux Operating System
No ratings yet
Introduction To The Linux Operating System
5 pages
Database Lifecycle Guide
100% (2)
Database Lifecycle Guide
4 pages
Database Admin & Management Course
No ratings yet
Database Admin & Management Course
4 pages
LAB Set Questions Rdbms
No ratings yet
LAB Set Questions Rdbms
18 pages
Introduction To Databases Transparencies: © Pearson Education Limited 1995, 2005
No ratings yet
Introduction To Databases Transparencies: © Pearson Education Limited 1995, 2005
24 pages
4 Network-Building-Blocks
No ratings yet
4 Network-Building-Blocks
14 pages
Modeling and Detection of Camouflaging Worm
No ratings yet
Modeling and Detection of Camouflaging Worm
37 pages
Midterm Guide for CS Students
No ratings yet
Midterm Guide for CS Students
8 pages
Arid Agriculture University, Rawalpindi: Final Exam / Fall 2020 (Paper Duration 24 Hours) To Be Filled by Teacher
No ratings yet
Arid Agriculture University, Rawalpindi: Final Exam / Fall 2020 (Paper Duration 24 Hours) To Be Filled by Teacher
10 pages
Disconnected Architecture in Ado
No ratings yet
Disconnected Architecture in Ado
12 pages
Network Security UNIT I
No ratings yet
Network Security UNIT I
35 pages
CHAPTER - 5 FINAL FOR CLASS Color Image Processing
No ratings yet
CHAPTER - 5 FINAL FOR CLASS Color Image Processing
63 pages
Java File I/O: Text and Binary Streams
No ratings yet
Java File I/O: Text and Binary Streams
64 pages
Security in Distributed Systems
No ratings yet
Security in Distributed Systems
16 pages
Human Computer Interface - Unit 4
82% (17)
Human Computer Interface - Unit 4
47 pages
Software Engineering Concepts (CSC291) : Dr. Tassawar Iqbal Department of Computer Science CUI, Wah Cantt Campus
No ratings yet
Software Engineering Concepts (CSC291) : Dr. Tassawar Iqbal Department of Computer Science CUI, Wah Cantt Campus
14 pages
PHP Lab Manual Odd Sem Bca
No ratings yet
PHP Lab Manual Odd Sem Bca
50 pages
Design Concepts
No ratings yet
Design Concepts
3 pages
PHP Lab - Iv Sem - Bca
No ratings yet
PHP Lab - Iv Sem - Bca
16 pages
Database Management System Assignment
No ratings yet
Database Management System Assignment
8 pages
Unit4 Ecommerce
100% (1)
Unit4 Ecommerce
9 pages
Normalization in DBMS
No ratings yet
Normalization in DBMS
10 pages
Data Communication & OSI Model Basics
No ratings yet
Data Communication & OSI Model Basics
13 pages
Heuristic Query Optimization Guide
No ratings yet
Heuristic Query Optimization Guide
30 pages
Software Life Cycle Models
No ratings yet
Software Life Cycle Models
15 pages
Chapter 6 Security Reference Model
No ratings yet
Chapter 6 Security Reference Model
30 pages
DBMS All Units
No ratings yet
DBMS All Units
134 pages
Students Marks Analysis
No ratings yet
Students Marks Analysis
3 pages
Ts1 ts2
No ratings yet
Ts1 ts2
61 pages
Database System II Notes
No ratings yet
Database System II Notes
30 pages
Advanced Database Transactions
100% (1)
Advanced Database Transactions
59 pages
System Analysis and Design Notes For Bca 2nd Semester Vbspu
No ratings yet
System Analysis and Design Notes For Bca 2nd Semester Vbspu
20 pages
Lending-Schema (Branch-Name, Branch-City, Assets, Customer-Name, Loan-Number, Amount)
No ratings yet
Lending-Schema (Branch-Name, Branch-City, Assets, Customer-Name, Loan-Number, Amount)
6 pages
07 Parallel Algorithms in Parallel and Distributed Computing
No ratings yet
07 Parallel Algorithms in Parallel and Distributed Computing
13 pages
2009 S Pre Exam2 Review 6up PDF
No ratings yet
2009 S Pre Exam2 Review 6up PDF
9 pages
Database System Architecture: Kamran Dahri Lecturer, IICT
No ratings yet
Database System Architecture: Kamran Dahri Lecturer, IICT
13 pages
Fill in The Blanks: Is A Physical or Conceptual Connection Between Objects
No ratings yet
Fill in The Blanks: Is A Physical or Conceptual Connection Between Objects
3 pages
ADS & A Unit-5 Study Material
No ratings yet
ADS & A Unit-5 Study Material
50 pages
Database Management System - Question and Answers
No ratings yet
Database Management System - Question and Answers
7 pages
HTML Advantage and Disadvantage
No ratings yet
HTML Advantage and Disadvantage
4 pages
Dbms Practical
0% (1)
Dbms Practical
2 pages
User Interface Design
No ratings yet
User Interface Design
12 pages
CS3492 Database Management Systems Lecture Notes 2
100% (1)
CS3492 Database Management Systems Lecture Notes 2
170 pages
C# Laboratory Activity #3 - Working On C# Listview v2
No ratings yet
C# Laboratory Activity #3 - Working On C# Listview v2
9 pages
Recoverability and Serializability
No ratings yet
Recoverability and Serializability
3 pages
Data-Mining-Lab-Manual Final
No ratings yet
Data-Mining-Lab-Manual Final
40 pages
Virtual Systems & Services Lecture 1
No ratings yet
Virtual Systems & Services Lecture 1
13 pages
Cyber Security: OSI & Encryption Basics
No ratings yet
Cyber Security: OSI & Encryption Basics
42 pages
TOC Notes
No ratings yet
TOC Notes
133 pages
Experiment-II: Data Flow Diagrams
No ratings yet
Experiment-II: Data Flow Diagrams
6 pages
Normalization
No ratings yet
Normalization
14 pages
Rashtrasant Tukadoji Maharaj Nagpur University, Nagpur Question Bank Bachelor of Commerce (Computer Application) (Bcca)
100% (1)
Rashtrasant Tukadoji Maharaj Nagpur University, Nagpur Question Bank Bachelor of Commerce (Computer Application) (Bcca)
16 pages
Vb. Record Lab 2021
No ratings yet
Vb. Record Lab 2021
100 pages
Distributed File Systems: Unit - V Essay Questions
No ratings yet
Distributed File Systems: Unit - V Essay Questions
10 pages
BIT-III User Interface Design Notes
No ratings yet
BIT-III User Interface Design Notes
23 pages
INF 311 - Lecture 4
No ratings yet
INF 311 - Lecture 4
78 pages
CSS Module 4
No ratings yet
CSS Module 4
6 pages
Security Term Defination
No ratings yet
Security Term Defination
42 pages
Ias Reviewer (Isla)
No ratings yet
Ias Reviewer (Isla)
3 pages
2018 Regular 1st Sem Schedule
No ratings yet
2018 Regular 1st Sem Schedule
7 pages
Civics 2017
No ratings yet
Civics 2017
4 pages
Answer 1-8 Chem
No ratings yet
Answer 1-8 Chem
10 pages
1 - Chapter One-Introduction To Data Communication and Computer Networking
No ratings yet
1 - Chapter One-Introduction To Data Communication and Computer Networking
110 pages
Group Assignment For 2017smmer Students
No ratings yet
Group Assignment For 2017smmer Students
2 pages
Operate DB Application
No ratings yet
Operate DB Application
64 pages
Assgnment Intro To Climatology
No ratings yet
Assgnment Intro To Climatology
1 page
Data Transmission
No ratings yet
Data Transmission
14 pages
App - Climat. CH4-Group Assignment
No ratings yet
App - Climat. CH4-Group Assignment
3 pages
Short Story Best
No ratings yet
Short Story Best
7 pages
Sidaamu Afiinna Borreessammete Rosaanota Xiinxallote Umma 2013 Arro
No ratings yet
Sidaamu Afiinna Borreessammete Rosaanota Xiinxallote Umma 2013 Arro
2 pages
INT To Dirama
No ratings yet
INT To Dirama
21 pages
Temesgen Tadesse
No ratings yet
Temesgen Tadesse
119 pages
Thesis Review by Hawariya Abel, Year II
No ratings yet
Thesis Review by Hawariya Abel, Year II
11 pages
05classification Rule Mining
No ratings yet
05classification Rule Mining
56 pages
Association Rule Mining
No ratings yet
Association Rule Mining
54 pages
02datawarehousing For DM
No ratings yet
02datawarehousing For DM
38 pages
Data Security and Privacy
100% (1)
Data Security and Privacy
14 pages
Seqrite EPS Cloud
No ratings yet
Seqrite EPS Cloud
3 pages
ACS Questions Answers
No ratings yet
ACS Questions Answers
3 pages
Cybersecurity Compliance Exam
75% (4)
Cybersecurity Compliance Exam
17 pages
Fuck Israel
No ratings yet
Fuck Israel
191 pages
2024.07.26 Cybersecurity Guidelines for Financial Sector Technology Innovation Providers - 加水印-01
No ratings yet
2024.07.26 Cybersecurity Guidelines for Financial Sector Technology Innovation Providers - 加水印-01
40 pages
AgroChem Security Weaknesses
No ratings yet
AgroChem Security Weaknesses
2 pages
Makalah Bahasa Inggris
No ratings yet
Makalah Bahasa Inggris
14 pages
Consider One's and Others' Reputation When Using The Internet
No ratings yet
Consider One's and Others' Reputation When Using The Internet
58 pages
Enterprise Threat Hunting Guide
No ratings yet
Enterprise Threat Hunting Guide
25 pages
Week 4 Quiz Incident Handling and Response (10452.B1)
No ratings yet
Week 4 Quiz Incident Handling and Response (10452.B1)
9 pages
FSU-Secure Access Manager (FSU-SAM) 4.9 User Guide: Silver Spring Networks 555 Broadway Street Redwood City, CA 94063
No ratings yet
FSU-Secure Access Manager (FSU-SAM) 4.9 User Guide: Silver Spring Networks 555 Broadway Street Redwood City, CA 94063
27 pages
PPP
No ratings yet
PPP
7 pages
Computer Security Question Paper of Exam
No ratings yet
Computer Security Question Paper of Exam
32 pages
Security Exam for IT Professionals
100% (1)
Security Exam for IT Professionals
11 pages
Assignment 2
No ratings yet
Assignment 2
7 pages
NIS Project
No ratings yet
NIS Project
10 pages
Cyber Threats Barometer - November 2024 - Gatewatcher
No ratings yet
Cyber Threats Barometer - November 2024 - Gatewatcher
1 page
Book 1
No ratings yet
Book 1
5 pages
Cloud Security & ABE Enhancement
No ratings yet
Cloud Security & ABE Enhancement
30 pages
Ransomware
No ratings yet
Ransomware
14 pages
Prueba de FortiEDR - Intento de Revisión - ES
No ratings yet
Prueba de FortiEDR - Intento de Revisión - ES
2 pages
Cipher - Overview: by Samson Matthew
No ratings yet
Cipher - Overview: by Samson Matthew
14 pages
AppSec Intro
No ratings yet
AppSec Intro
19 pages
Diploma in Cyber Forensics and Information Security
No ratings yet
Diploma in Cyber Forensics and Information Security
4 pages
WhatsApp Chat With Videsi Girls Group
No ratings yet
WhatsApp Chat With Videsi Girls Group
1 page
SOC Analyst - Training
100% (1)
SOC Analyst - Training
3 pages
Overview: Remote Access Policy
No ratings yet
Overview: Remote Access Policy
3 pages
MSEI 022 Full Textbook
No ratings yet
MSEI 022 Full Textbook
298 pages
Literature Review
No ratings yet
Literature Review
6 pages