[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 334
  • Last Modified:

why a user of a public key system must use separate key pairs for digital signature and identification?

Is the following Answer correct ?



Answer:
If Bob wants to use a public key system he needs separate key pairs for digital signature and identification or the system is insecure. If one key pair is used for digital signature and identification an attacker can pretend they want a check on identity. The attacker can send a random number for Bob to encrypt with his private key that is generated by computing the hash of the document, when Bob encrypts this with his private key he is in fact signing the document.


(IMHO digital signature does provide identification, we do not need to use another key pair).
0
emmanuel_
Asked:
emmanuel_
  • 5
  • 5
  • 2
2 Solutions
 
ahoffmannCommented:
> The attacker can send a random number for Bob to encrypt with his private key ..
There is no way to prevent such brute force attacks, hence it doesn't matter if you use two key pairs or signature and identification or just one 'cause such a brute force attack can be run against the identification system too.
It's just a matter of time and resources ...
0
 
emmanuel_Author Commented:
(This question come up at in the exam at the University and the above answer was the Official one).




Do you think that both the answer and the question are correct? yes/no

I will highly appreciate if you could comment your answer more, maybe with striking example(s) (that wil act as an objective proof for me that the answer of the Uni is or is not correct).




Thank you very much in advance.

{Please do take you time. I want a crystal clear answer cause I have been thinking about this topic for a long time (I have concluded that " digital signature does provide identification and we do not need to use another key pair"). I want to write them a letter but before that I must be 100% sure -with your help- for what I am writing}.

0
 
NopiusCommented:
I aggree with provided question and answer. Read the link below.

http://theworld.com/~dtd/sign_encrypt/sign_encrypt7.html

Suggested scenario is described in chapter 1.1
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 
NopiusCommented:
Also that's a good source of PKI weaknesses: http://theworld.com/~cme/html/spki.html#dsig
0
 
ahoffmannCommented:
Nopius, I don't see what the S&E vs. E&S problem (see your link chapter 1.1) has to do with the question,
could you please enlighten me.
0
 
NopiusCommented:
Ok. May be not everyting from that URLs clarify the question,  I've started from that links and found papers, mention 'single signature' problem, but with the words.

Let's start from the top. What is the difference between identification and signing?
emmanuel_ says 'IMHO digital signature does provide identification, we do not need to use another key pair'. That's correct.
BUT. The question was about 'signing' vs. 'identification'.
From that point I see:
-  signing as 'public message signing' for identifying you as a writer (as an origin of that message);
- identification as 'identification against some private service' for authenticating you as a legatime user of that  service.
Do you see the difference? If yes, I proceed.

Now look to cryptography from human's point of view. Where digital signature means exactly the same as your, man, signature.
Anyone may ask you to sign anything.
Suppose now, you are using the same signature (the same private key file) for every public message.
Some one writes you: 'hey, I don't beleave it's you, please sign that "BC123..." (1024 bit message follows ) message, so I could check if it's you' . Now you are signing that message without any mind and send it back.  

Do you see security flaw now? If no, I  proceed.

That was attacker,  who asked you to sing that message. It's him, who was asked to sign exactly the same message by the private server, so the server could identify it's you. And he will respond to that server with exactly the same answer, so server will think it's you, who has signed that challenge.

I know, there are different authentication schemes, but this schema is also possible.
Some of these schemas also include random numbers inside that encrypted message, which I need to decrypt and increment, then encrypt and send back.
But now we are talking about signing as a mean to provide identification, not about encryption as a mean to provide privacy :-)

I hope now it's clear.
0
 
ahoffmannCommented:
> Do you see the difference? If yes, I proceed.
yes, hence my first comment

> Do you see security flaw now? If no, I  proceed.
no, signing is done with the privat/secret key, you need the public key for verification but the privat key does not get passed anywhere

> .. so the server could identify it's you.
no, see previous comment
for authentication/identification I need to pass the secret key (or a preshared key, or a session key based on my secret key)
I guess we do not discuss how the secret key is passed to the server here (subject to sniffing etc.).
0
 
NopiusCommented:
> no, signing is done with the privat/secret key, you need the public key for verification but the privat key does not get passed anywhere
Exactly. That's why signing used for identification. But you didn't grasp the whole picture.

When you sign a message you think your signature is used for your identification. You think signing is safe. You don't think about disclosure of private data (your private key) when are signing a message, and yes, signing is safe for that. But you may be asked to sign some message (not yours) just for your 'identification' . Then that signed message may be used to authenticate somebody as you against some external service. This scenario is possible and probability that you sign message by someone's request is high. May be not you, I know you are paranoid in security, but your collegues :-)

Thats the reason why you should use one private/public key pair for public messages (emails) signing and encrypting. And the other for authentication against some private services (suppose for SSL authentication on corporate Web site).

Even usual man signature has the same weakness.
When you sign your letters you ensure reader that this sheet is really yours.
When you sign a contract you read it twice before signing, because signature in a contract is more importent as a mean of identification.
When you sign a title page of the book or give an autograph you don't think it's very importent and you do it easy. If someone gives you some abracadabra  a and asks you for your authograph below, you may sign it. You don't think that this abracadabra is a key for contract for 10 billion dollars. All the same with digital signatures. In a usual human life you also may one signature for contracts or identification documents and the other for public affairs.


0
 
ahoffmannCommented:
> When you sign a message you think your signature is used for your identification.
no
hence
> But you didn't grasp the whole picture.
I guess I got the picture ;-)

> .. I know you are paranoid in security,
yes ;-)

> You don't think about disclosure of private data (your private key) when are signing a message
what's the problem here? If I sign something, there is no disclosure of *my* privat key.
If you're talking about the example described in your link, that's something different, comparable to phishing.

> But you may be asked to sign some message (not yours) just for your 'identification' .
ok, I need to trap into that phish ..

> That's the reason why you should use one private/public key pair for public messages (emails) signing and encrypting. And the other for authentication against some private services (suppose for SSL authentication on corporate Web site).
hmm, what has this to do with the phishing trap (see above)? Signing my own data (message, whatever) is different than signing data given to me.
I guess this difference is the "missing picture" you impute to me.

Hope this (paranoid) discussion helps the questioner too.
0
 
emmanuel_Author Commented:
(Thanks for your postings).

 Please follow the link :http://www.e-greenstar.com/SSL/SSL-how.htm
and read paragraphs:

1-USING PUBLIC KEY CRYPTOGRAPHY FOR AUTHENTICATION
2-BUT WAIT, THER'S MORE
3-GETTING CLOSER

how do you link this with Nopius' last comment (05/18/2006 04:13PM PDT).

I will appreciate your answer (but please focus one the main question - see top).

Thanks in advance for your expertise and patience.

 
0
 
ahoffmannCommented:
emmanuel, from your link:
> Unless you know exactly what you are encrypting,

that's exacrly what was discussed before: don't trap into phishing
In such cases you have to use different keys. Or better: a unique onetime-key for encrypring unknown messages.

Back to the link (SSL), with SSL you don't have this dragon, just the the doc to the end, then tell us what your problem is.
0
 
NopiusCommented:
ahoffman, I agree, may be it's a kind of phishing.

The difference is:
- with phishing you dislclose your account id/password to an attacker
- with signing/encrypting you don't disclose your private key

May be as a result of that difference  everybody are afraid of suspisious internet links posted by email, and dont' hesitate when encrypting and signing public messages :-)

emmanuel, what about your link, it's a classic man-in-the-middle attack.
It's not what I'm talking about. For definition of the man-in-the-middle attack, read http://en.wikipedia.org/wiki/Man_in_the_middle_attack
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 5
  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now