Message Integrity and Authentication

Message Integrity and Authentication
An Introduction

Prof. David Bernstein
James Madison University

Computer Science Department

bernstdh@jmu.edu

The Situation:
- Alice sends a message to Bob
The Issues:
- Bob wants to verify that the message came from Alice
- Bob wants to verify that the message wasn't tampered with

Digital Signatures

Creation:
1. A's message is hashed to create the message digest
2. The message digest is encrypted using A's private key to create a digital signature
Transmission and Use:
1. A's message and digital signature are transmitted to B
2. A's message is hashed to create the message digest
3. A's digital signature is decrypted using A's public key to create the verification value
4. B compares the message digest and verification value to see if they are identical

Certification

Certificate:
- A digitally signed statement that provides independent confirmation of an attribute claimed by an individual/organization
Certification Authority (CA):
- A public or private organization that acts as a "trusted third party" in the issuance of certificates (e.g., VeriSign, CyberTrust)

Certification (cont.)

Identifying Certificate:
- Binds a name to a public key (i.e., identifies the source of a public key)
Authorizing Certificate:
- Provides authorization information (e.g., age, membership status, residence)
Transactional Certificate:
- Attests to some fact about a transaction (e.g., a cyber notary)