Message Integrity and Authentication
An Introduction
Prof. David Bernstein
James Madison University
Computer Science Department
bernstdh@jmu.edu
Message Integrity and Authentication
The Situation:
Alice sends a message to Bob
The Issues:
Bob wants to verify that the message came from Alice
Bob wants to verify that the message wasn't tampered with
Digital Signatures
Creation:
A's message is hashed to create the
message digest
The message digest is encrypted using A's private key to create a
digital signature
Transmission and Use:
A's message and digital signature are transmitted to B
A's message is hashed to create the message digest
A's digital signature is decrypted using A's public key to create the verification value
B compares the message digest and verification value to see if they are identical
Certification
Certificate:
A digitally signed statement that provides independent confirmation of an attribute claimed by an individual/organization
Certification Authority (CA):
A public or private organization that acts as a "trusted third party" in the issuance of certificates (e.g., VeriSign, CyberTrust)
Certification (cont.)
Identifying Certificate:
Binds a name to a public key (i.e., identifies the source of a public key)
Authorizing Certificate:
Provides authorization information (e.g., age, membership status, residence)
Transactional Certificate:
Attests to some fact about a transaction (e.g., a cyber notary)