Lecture 9: Integrity and Authentication + Key Management

• Slides
• Playlist (length: 58:28)

Is AES-EMAC a hash function?

(True/False) AES-EMAC is a hash function if the key is kept private

False. It would no longer be a hash function since, by definition, a hash function is public

HMAC

(True/False) The underlying hash function must be collision resistant for the security of HMAC to hold

True

Digital Signatures

If Verify(PK, m, Sign(SK, m)) always outputted 1, a digital signature scheme would still satisfy correctness. Which other property would fail? How?

Security would fail as it’s now trivial to find a forgery (literally anything will work)

RSA Signature Scheme

(True/False) The modulus n must be a prime number

False. By construction, N is a composite number made up of two primes

RSA Signature Scheme Security

In order for the RSA signature scheme to be secure, it is sufficient for the modulus n to be kept secret

False. n is public - the factorization of n must be kept secret.

Intro to Key Management

Take some time to think of some solutions on your own before moving on!

Trusted Directory

Let's say the TD includes Bob's name in it's response, but puts the name outside of the signature. What attack can a MiTM now perform?

The attacker can register with the TD and get a signature for their own key, and spoof a response to Alice where they simply give their own public key, the signature of that key, along with Bob’s name. We need the name to be in the signature since then the attacker can’t spoof it.

Updating the Trusted Directory

(True/False) It is secure for Alice to use the same random nonce to request keys for multiple users.

True. Since the signature contains the name of the user, we just need the nonces to be non-repeating for each specific user. It doesn’t matter if another user has the same nonce