Cryptography and Network Security

6.

Digital Signatures and Authentication Protocols

6.1.

Digital Signatures

6.1.1.

Properties of Digital Signatures

6.1.1.1.

6.1.1.1.1.

Signer Identity Verification

6.1.1.2.

6.1.1.2.1.

Message Integrity Assurance

6.1.1.3.

Non-repudiation

6.1.1.3.1.

Undeniable Proof

6.1.2.

Digital Signature Schemes

6.1.2.1.

Signature Generation

6.1.2.1.1.

Private Key Usage

6.1.2.1.2.

Message Processing

6.1.2.2.

Signature Verification

6.1.2.2.1.

Public Key Usage

6.1.2.2.2.

Verification Algorithm

6.1.3.

Security Requirements

6.1.3.1.

Existential Unforgeability

6.1.3.2.

Chosen Message Attacks

6.1.3.3.

Adaptive Attacks

6.1.4.

The Digital Signature Standard (DSS)

6.1.4.1.

Digital Signature Algorithm (DSA)

6.1.4.1.1.

Parameter Generation

6.1.4.1.1.1.

Prime Selection

6.1.4.1.1.2.

Generator Selection

6.1.4.1.2.

6.1.4.1.2.1.

Private Key Selection

6.1.4.1.2.2.

Public Key Computation

6.1.4.1.3.

Signing Process

6.1.4.1.3.1.

Random Number Generation

6.1.4.1.3.2.

Signature Computation

6.1.4.1.4.

Verification Process

6.1.4.1.4.1.

Signature Validation

6.1.4.2.

Elliptic Curve DSA (ECDSA)

6.1.4.2.1.

Elliptic Curve Parameters

6.1.4.2.2.

6.1.4.2.3.

Signing and Verification

6.1.5.

6.1.5.1.

6.1.5.1.1.

Probabilistic Signature Scheme

6.1.5.1.2.

Salt Generation

6.1.5.2.

PKCS#1 v1.5 Signatures

6.1.5.2.1.

Deterministic Padding

6.1.5.2.2.

Security Considerations

6.2.

Public Key Infrastructure (PKI)

6.2.1.

6.2.1.1.

Certificate Authorities

6.2.1.2.

Registration Authorities

6.2.1.3.

Certificate Repositories

6.2.1.4.

Certificate Revocation Systems

6.2.2.

Digital Certificates

6.2.2.1.

X.509 Certificate Standard

6.2.2.1.1.

Certificate Structure

6.2.2.1.1.1.

6.2.2.1.1.2.

6.2.2.1.1.3.

Signature Algorithm

6.2.2.1.1.4.

6.2.2.1.1.5.

Validity Period

6.2.2.1.1.6.

6.2.2.1.1.7.

Subject Public Key Info

6.2.2.1.1.8.

6.2.2.1.2.

Certificate Fields

6.2.2.1.2.1.

Mandatory Fields

6.2.2.1.2.2.

Optional Fields

6.2.2.1.2.3.

Extension Fields

6.2.2.2.

Certificate Types

6.2.2.2.1.

End Entity Certificates

6.2.2.2.2.

CA Certificates

6.2.2.2.3.

Cross-certificates

6.2.3.

Certificate Authorities (CAs)

6.2.3.1.

6.2.3.1.1.

6.2.3.1.2.

Intermediate CAs

6.2.3.1.3.

Subordinate CAs

6.2.3.2.

Role and Responsibilities

6.2.3.2.1.

Identity Verification

6.2.3.2.2.

Certificate Issuance

6.2.3.2.3.

Certificate Management

6.2.3.3.

Certificate Issuance Process

6.2.3.3.1.

Certificate Request

6.2.3.3.2.

Identity Verification

6.2.3.3.3.

Certificate Generation

6.2.3.3.4.

Certificate Distribution

6.2.4.

Certificate Revocation

6.2.4.1.

Revocation Reasons

6.2.4.1.1.

6.2.4.1.2.

6.2.4.1.3.

Affiliation Changed

6.2.4.1.4.

6.2.4.2.

Certificate Revocation Lists (CRLs)

6.2.4.2.1.

6.2.4.2.2.

CRL Distribution

6.2.4.2.3.

6.2.4.3.

Online Certificate Status Protocol (OCSP)

6.2.4.3.1.

OCSP Request/Response

6.2.4.3.2.

Real-time Status Checking

6.2.4.3.3.

6.2.5.

6.2.5.1.

Hierarchical Trust Model

6.2.5.2.

Web of Trust Model

6.2.5.3.

Hybrid Trust Models

6.3.

Entity Authentication

6.3.1.

Authentication Factors

6.3.1.1.

Something You Know

6.3.1.2.

Something You Have

6.3.1.3.

Something You Are

6.3.2.

Authentication Protocols

6.3.2.1.

Challenge-Response Protocols

6.3.2.1.1.

Nonce-based Challenges

6.3.2.1.2.

Timestamp-based Protocols

6.3.2.2.

Mutual Authentication

6.3.2.2.1.

Bidirectional Verification

6.3.2.2.2.

Protocol Examples

6.3.2.3.

One-Way Authentication

6.3.2.3.1.

Unidirectional Verification

6.3.2.3.2.

6.3.3.

6.3.3.1.

Kerberos Architecture

6.3.3.1.1.

Authentication Server

6.3.3.1.2.

Ticket Granting Server

6.3.3.1.3.

Service Servers

6.3.3.2.

Kerberos Protocol Overview

6.3.3.2.1.

Initial Authentication

6.3.3.2.2.

Ticket Granting

6.3.3.2.3.

6.3.3.3.

Ticket Granting System

6.3.3.3.1.

Ticket Structure

6.3.3.3.2.

Ticket Lifetime

6.3.3.3.3.

6.3.3.4.

Security Features

6.3.3.4.1.

Mutual Authentication

6.3.3.4.2.

6.3.3.4.3.

Replay Protection

6.3.3.5.

Kerberos Versions

6.3.3.5.1.

6.3.3.5.2.

6.3.3.5.3.

Security Improvements

Previous

5. Cryptographic Hash Functions and Message Authentication

Go to top

Next

7. Network Security Applications