UNIT III DIGITAL SIGNATURE AND AUTHENTICATION

Digital Signature and Authentication Schemes :Digital signature-Digital

Signature Schemes and their Variants- Digital Signature Standards-
Authentication: Overview- Requirements Protocols - Applications -
Kerberos -X.509 Directory Services 83.

DIGITAL SIGNATURE:

A digital signature is a mathematical technique used to validate the authenticity and integrity
of a digital document, message or software. It's the digital equivalent of a handwritten
signature or stamped seal, but it offers far more inherent security. A digital signature is
intended to solve the problem of tampering and impersonation in digital communications.

Digital signatures can provide evidence of origin, identity and status of electronic documents,
transactions or digital messages. Signers can also use them to acknowledge informed consent.
In many countries, including the U.S., digital signatures are considered legally binding in the
same way as traditional handwritten document signatures.

How do digital signatures work?

Digital signatures are based on public key cryptography, also known as asymmetric
cryptography. Using a public key algorithm -- such as Rivest-Shamir-Adleman, or RSA --
two keys are generated, creating a mathematically linked pair of keys: one private and one
public.

Digital signatures work through public key cryptography's two mutually authenticating
cryptographic keys. For encryption and decryption, the person who creates the digital
signature uses a private key to encrypt signature-related data. The only way to decrypt that
data is with the signer's public key.

If the recipient can't open the document with the signer's public key, that indicates there's a
problem with the document or the signature. This is how digital signatures are authenticated.

Digital certificates, also called public key certificates, are used to verify that the public key
belongs to the issuer. Digital certificates contain the public key, information about its owner,
expiration dates and the digital signature of the certificate's issuer. Digital certificates are
issued by trusted third-party certificate authorities (CAs), such as Docu Sign or Global Sign,
for example. The party sending the document and the person signing it must agree to use a
given CA.

Digital signature technology requires all parties trust that the person who creates the signature
image has kept the private key secret. If someone else has access to the private signing key,
that party could create fraudulent digital signatures in the name of the private key holder.

What are the benefits of digital signatures?

Digital signatures offer the following benefits:

 Security. Security capabilities are embedded in digital signatures to ensure a legal

document isn't altered and signatures are legitimate. Security features include asymmetric
cryptography, personal identification numbers (PINs), checksums and cyclic redundancy
checks (CRCs), as well as CA and trust service provider (TSP) validation.

 Timestamping. This provides the date and time of a digital signature and is useful when
timing is critical, such as for stock trades, lottery ticket issuance and legal proceedings.

 Globally accepted and legally compliant. The public key infrastructure (PKI) standard
ensures vendor-generated keys are made and stored securely. With digital signatures
becoming an international standard, more countries are accepting them as legally binding.

 Time savings. Digital signatures simplify the time-consuming processes of physical

document signing, storage and exchange, enabling businesses to quickly access and sign
documents.

 Cost savings. Organizations can go paperless and save money previously spent on the
physical resources, time, personnel and office space used to manage and transport
documents.

 Positive environmental effects. Reducing paper use also cuts down on the physical waste
generated by paper and the negative environmental impact of transporting paper
documents.
 Traceability. Digital signatures create an audit trail that makes internal record-keeping
easier for businesses. With everything recorded and stored digitally, there are fewer
opportunities for a manual signee or record-keeper to make a mistake or misplace
something.
How do you create a digital signature?

To create a digital signature, signing software -- such as an email program -- is used to

provide a one-way hash of the electronic data to be signed.

A hash is a fixed-length string of letters and numbers generated by an algorithm. The digital
signature creator's private key is used to encrypt the hash. The encrypted hash -- along with
other information, such as the hashing algorithm -- is the digital signature.

The reason for encrypting the hash instead of the entire message or document is because a
hash function can convert an arbitrary input into a fixed-length value, which is usually much
shorter. This saves time, as hashing is much faster than signing.

The value of a hash is unique to the hashed data. Any change in the data -- even a
modification to a single character -- results in a different value. This attribute enables others
to use the signer's public key to decrypt the hash to validate the integrity of the data.

If the decrypted hash matches a second computed hash of the same data, it proves that the
data hasn't changed since it was signed. But, if the two hashes don't match, the data has either
been tampered with in some way and is compromised or the signature was created with a
private key that doesn't correspond to the public key presented by the signer. This signals an
issue with authentication.
  The first step would be for you to type out the message or ready the file you want to
send. Your private key would work as the stamp for this file. It could be a code or a
password. Then you press send and the email reaches ABC Office via the internet.
 In the second step, the ABC Office would receive your file and verify your signature
using your public key. They will then be able to access the encrypted file.
 The final step would require the ABC Office to use the private key that you’ve shared,
to reveal whatever file you’ve mailed them. If the recipient doesn’t have your private
key, they won’t be able to access the information in the document.

A digital signature can be used with any kind of message, whether or not it's encrypted,
simply so the receiver can be sure of the sender's identity and that the message arrived intact.
Digital signatures make it difficult for the signer to deny having signed something, as the
digital signature is unique to both the document and the signer and it binds them together.
This property is called nonrepudiation.

The digital certificate is the electronic document that contains the digital signature of the
issuing CA. It's what binds together a public key with an identity and can be used to verify
that a public key belongs to a particular person or entity. Most modern email programs
support the use of digital signatures and digital certificates, making it easy to sign any
outgoing emails and validate digitally signed incoming messages.

Digital signatures are also used extensively to provide proof of authenticity, data integrity and
nonrepudiation of communications and transactions conducted over the internet.
Classes and types of digital signatures

There are three different classes of digital signature certificates (DSCs) as follows:

 Class 1. This type of DSC can't be used for legal business documents, as they're validated
based only on an email ID and username. Class 1 signatures provide a basic level of
security and are used in environments with a low risk of data compromise.

 Class 2. These DSCs are often used for electronic filing (e-filing) of tax documents,
including income tax returns and goods and services tax returns. Class 2 digital signatures
authenticate a signer's identity against a pre-verified database. Class 2 digital signatures
are used in environments where the risks and consequences of data compromise are
moderate.

 Class 3. The highest level of digital signatures, Class 3 signatures require people or
organizations to present in front of a CA to prove their identity before signing. Class 3
digital signatures are used for e-auctions, e-tendering, e-ticketing and court filings, as well
as in other environments where threats to data or the consequences of a security failure are
high.
Uses for digital signatures

Digital signature tools and services are commonly used in contract-heavy industries,
including the following:

 Government. The U.S. Government Publishing Office publishes electronic versions of

budgets, public and private laws, and congressional bills with digital signatures.
Governments worldwide use digital signatures for processing tax returns, verifying
business-to-government transactions, ratifying laws and managing contracts. Most
government entities must adhere to strict laws, regulations and standards when using
digital signatures. Many governments and corporations also use smart cards to identify
their citizens and employees. These are physical cards with an embedded chip that
contains a digital signature that provides the cardholder access to an institution's systems
or physical buildings.

 Healthcare. Digital signatures are used in the healthcare industry to improve the
efficiency of treatment and administrative processes, strengthen data security, e-prescribe
and process hospital admissions. The use of digital signatures in healthcare must comply
with the Health Insurance Portability and Accountability Act of 1996.
 Manufacturing. Manufacturing companies use digital signatures to speed up processes,
including product design, quality assurance, manufacturing enhancements, marketing and
sales. The use of digital signatures in manufacturing is governed by the International
Organization for Standardization and the National Institute of Standards and
Technology Digital Manufacturing Certificate.

 Financial services. The U.S. financial sector uses digital signatures for contracts,
paperless banking, loan processing, insurance documentation and mortgages. This heavily
regulated sector uses digital signatures, paying careful attention to the regulations and
guidance put forth by the Electronic Signatures in Global and National Commerce Act (E-
Sign Act), state Uniform Electronic Transactions Act regulations, the Consumer Financial
Protection Bureau and the Federal Financial Institutions Examination Council.

 Cryptocurrencies. Bitcoin and other cryptocurrencies use digital signatures to

authenticate the blockchain. They're also used to manage transaction data associated with
cryptocurrency and as a way for users to show ownership of currency or their participation
in a transaction.

 Non-fungible tokens (NFTs). Digital signatures are used with digital assets -- such as
artwork, music and videos -- to secure and trace these types of NFTs anywhere on the
blockchain.

Digital signature security:

Security is the main benefit of using digital signatures. Security features and methods used in
digital signatures include the following:

 PINs, passwords and codes. These are used to authenticate and verify a signer's identity
and approve their signature. Email, username and password are the most common methods
used.

 Asymmetric cryptography. This employs a public key algorithm that includes private
and public key encryption and authentication.

 Checksum. This long string of letters and numbers is used to determine the authenticity of
transmitted data. A checksum is the result of running a cryptographic hash function on a
piece of data. The value of the original checksum file is compared against the checksum
 value of the calculated file to detect errors or changes. A checksum acts like a data
fingerprint.

 CRC. A type of checksum, this error-detecting code and verification feature is used in
digital networks and storage devices to detect changes to raw data.

 CA validation. CAs issue digital signatures and act as trusted third parties by accepting,
authenticating, issuing and maintaining digital certificates. The use of CAs helps avoid the
creation of fake digital certificates.

 TSP validation. This person or legal entity validates a digital signature on a company's
behalf and offers signature validation reports.
Digital signature attacks

Possible attacks on digital signatures include the following:

 Chosen-message attack. The attacker either obtains the victim's public key or tricks the
victim into digitally signing a document they don't intend to sign.

 Known-message attack. The attacker obtains messages the victim sent and a key that
enables the attacker to forge the victim's signature on documents.

 Key-only attack. The attacker only has access to the victim's public key and can re-create
the victim's signature to digitally sign documents or messages that the victim doesn't
intend to sign.
Digital signature tools and vendors

There are numerous e-signature tools and technologies on the market, including the
following:

 Adobe Acrobat Sign is a cloud-based service that's designed to provide secure, legal e-
signatures across all device types. Adobe Acrobat Sign integrates with existing
applications, including Microsoft Office and Dropbox.

 DocuSign standards-based services ensure e-signatures are compliant with existing

regulations. Services include Express Signature for basic global transactions and EU
Qualified Signature, which complies with EU standards.

 Dropbox Sign helps users prepare, send, sign and track documents. Features of the tool
include embedded signing, custom branding and embedded templates. Dropbox Sign also
integrates with applications such as Microsoft Word, Slack and Box.
 GlobalSign provides a host of management, integration and automation tools to
implement PKI across enterprise environments.

 PandaDoc provides e-signature software that helps users upload, send and collect
payments for documents. Users can also track document status and receive notifications
when someone opens, views, comments on or signs a document.

 ReadySign from Onit provides users with customizable templates and forms for e-
signatures. Software features include bulk sending, notifications, reminders, custom
signatures and document management with role-based permissions.

 Signeasy offers an e-signing service of the same name to businesses and individuals, as
well as application programming interfaces for developers.

 SignNow, which is part of AirSlate Business Cloud, provides businesses with a PDF
signing tool.

Digital signature schemes:

Elgamal digital signature scheme:

Before examining the NIST Digital Signature Algorithm, it will be helpful to understand
the Elgamal and Schnorr signature schemes. Recall from Chapter 10, that the
Elgamal encryption scheme is designed to enable encryption by a user’s public key
with decryption by the user’s private key. The Elgamal signature scheme involves
the use of the private key for digital signature generation and the public key for
digital signature verification [ELGA84, ELGA85].
Before proceeding, we need a result from number theory. Recall from Chapter 2
that for a prime number q, if a is a primitive root of q, then
a, a2, c, aq-1
are distinct (mod q). It can be shown that, if a is a primitive root of q, then
1. For any integer m, am K 1 (mod q) if and only if m K 0 (mod q - 1).
2. For any integers, i, j, ai K aj (mod q) if and only if i K j (mod q - 1).
As with Elgamal encryption, the global elements of Elgamal digital signature
are a prime number q and a, which is a primitive root of q. User A generates
a private/public key pair as follows.
1. Generate a random integer XA, such that 1 6 XA 6 q - 1.
2. Compute YA = aXA mod q.
3. A’s private key is XA; A’s pubic key is {q, a, YA}.
To sign a message M, user A first computes the hash m = H(M), such that
m is an integer in the range 0 … m … q - 1. A then forms a digital signature as
follows.
1. Choose a random integer K such that 1 … K … q - 1 and gcd(K, q - 1) = 1.
That is, K is relatively prime to q - 1.
2. Compute S1 = aK mod q. Note that this is the same as the computation of C1
for Elgamal encryption.
3. Compute K-1 mod (q - 1). That is, compute the inverse of K modulo q - 1.
4. Compute S2 = K-1(m - XAS1) mod (q - 1).
5. The signature consists of the pair (S1, S2).

Any user B can verify the signature as follows.

1. Compute V1 = am mod q.
2. Compute V2 = (YA)S1(S1)S2 mod q.
The signature is valid if V1 = V2. Let us demonstrate that this is so. Assume
that the equality is true. Then we have
am mod q = (YA)S1(S1)S2 mod q assume V1 = V2
am mod q = aXAS1aKS2 mod q substituting for YA and S1
am-XAS1 mod q = aKS2 mod q rearranging terms
m - XAS1 K KS2 mod (q - 1) property of primitive roots
m - XAS1 K KK-1 (m - XAS1) mod (q - 1) substituting for S2
For example, let us start with the prime field GF(19); that is, q = 19. It has
primitive roots {2, 3, 10, 13, 14, 15}, as shown in Table 2.7. We choose a = 10.
Alice generates a key pair as follows:
1. Alice chooses XA = 16.
2. Then YA = aXA mod q = a16 mod 19 = 4.
3. Alice’s private key is 16; Alice’s pubic key is {q, a, YA} = {19, 10, 4}.
Suppose Alice wants to sign a message with hash value m = 14.
1. Alice chooses K = 5, which is relatively prime to q - 1 = 18.
2. S1 = aK mod q = 105 mod 19 = 3 (see Table 2.7).
3. K-1 mod (q - 1) = 5-1 mod 18 = 11.
4. S2 = K-1 (m - XAS1) mod (q - 1) = 11 (14 - (16)(3)) mod 18 = -374
mod 18 = 4.
Bob can verify the signature as follows.
1. V1 = am mod q = 1014 mod 19 = 16.
2. V2 = (YA)S1(S1)S2 mod q = (43)(34) mod 19 = 5184 mod 19 = 16.
Thus, the signature is valid because V1 = V2.

schnorr digital signature scheme:

As with the Elgamal digital signature scheme, the Schnorr signature scheme is
based on discrete logarithms [SCHN89, SCHN91]. The Schnorr scheme minimizes
the message-dependent amount of computation required to generate a signature.
The main work for signature generation does not depend on the message and can
be done during the idle time of the processor. The message-dependent part of the
signature generation requires multiplying a 2n-bit integer with an n-bit integer.
The scheme is based on using a prime modulus p, with p - 1 having a prime
factor q of appropriate size; that is, p - 1 K 0 (mod q). Typically, we use p ≈ 21024
and q ≈ 2160. Thus, p is a 1024-bit number, and q is a 160-bit number, which is also
the length of the SHA-1 hash value.

The first part of this scheme is the generation of a private/public key pair,
which consists of the following steps.
1. Choose primes p and q, such that q is a prime factor of p - 1.
2. Choose an integer a, such that aq = 1 mod p. The values a, p, and q comprise a
global public key that can be common to a group of users.
3. Choose a random integer s with 0 6 s 6 q. This is the user’s private key.
4. Calculate v = a-s mod p. This is the user’s public key.
A user with private key s and public key v generates a signature as follows.
1. Choose a random integer r with 0 6 r 6 q and compute x = ar mod p. This
computation is a preprocessing stage independent of the message M to be
signed.
2. Concatenate the message with x and hash the result to compute the value e:
e = H(M} x)
3. Compute y = (r + se) mod q. The signature consists of the pair (e, y).
Any other user can verify the signature as follows.
1. Compute x′ = ayve mod p.
2. Verify that e = H (M} x′).
To see that the verification works, observe that
x′ K ayve K aya-se K ay-se K ar K x (mod p)
Hence, H (M} x′) = H (M} x).

NIST Digital Signature Algorithm:

The National Institute of Standards and Technology (NIST) has published

Federal Information Processing Standard FIPS 186, known as the Digital

Signature Algorithm (DSA). The DSA makes use of the Secure Hash Algorithm

(SHA) described in Chapter 12. The DSA was originally proposed in 1991 and

revised in 1993 in response to public feedback concerning the security of the

scheme. There was a further minor revision in 1996. In 2000, an expanded version

of the standard was issued as FIPS 186-2, subsequently updated to FIPS 186-3 in

2009, and FIPS 186-4 in 2013. This latest version also incorporates digital signature

algorithms based on RSA and on elliptic curve cryptography. In this section,

we discuss DSA.

The DSA Approach:

The DSA uses an algorithm that is designed to provide only the digital signature

function. Unlike RSA, it cannot be used for encryption or key exchange.

Nevertheless, it is a public-key technique.

contrasts the DSA approach for generating digital signatures to

that used with RSA. In the RSA approach, the message to be signed is input to a
hash function that produces a secure hash code of fixed length. This hash code is
then encrypted using the sender’s private key to form the signature. Both the message
and the signature are then transmitted. The recipient takes the message and
produces a hash code. The recipient also decrypts the signature using the sender’s
public key. If the calculated hash code matches the decrypted signature, the signature
is accepted as valid. Because only the sender knows the private key, only the
sender could have produced a valid signature.
The DSA approach also makes use of a hash function. The hash code is provided
as input to a signature function along with a random number k generated for
this particular signature. The signature function also depends on the sender’s private
key (PRa) and a set of parameters known to a group of communicating principals.
We can consider this set to constitute a global public key (PUG).1 The result is a
signature consisting of two components, labeled s and r.
At the receiving end, the hash code of the incoming message is generated. The
hash code and the signature are inputs to a verification function. The verification
function also depends on the global public key as well as the sender’s public key
(PUa), which is paired with the sender’s private key. The output of the verification
function is a value that is equal to the signature component r if the signature is valid.
The signature function is such that only the sender, with knowledge of the private
key, could have produced the valid signature.
We turn now to the details of the algorithm.

The Digital Signature Algorithm:

DSA is based on the difficulty of computing discrete logarithms (see Chapter 2)
and is based on schemes originally presented by Elgamal [ELGA85] and Schnorr
[SCHN91].
Figure 13.3 summarizes the algorithm. There are three parameters that are
public and can be common to a group of users. An N-bit prime number q is chosen.
Next, a prime number p is selected with a length between 512 and 1024 bits such
that q divides (p - 1). Finally, g is chosen to be of the form h(p-1)/q mod p, where h
is an integer between 1 and (p - 1) with the restriction that g must be greater
than 1.2 Thus, the global public-key components of DSA are the same as in the
Schnorr signature scheme.
With these parameters in hand, each user selects a private key and generates
a public key. The private key x must be a number from 1 to (q - 1) and should
be chosen randomly or pseudorandomly. The public key is calculated from the
private key as y = gx mod p. The calculation of y given x is relatively straightforward.
However, given the public key y, it is believed to be computationally
infeasible to determine x, which is the discrete logarithm of y to the base g, mod p

The signature of a message M consists of the pair of numbers r and s, which are
functions of the public key components (p, q, g), the user’s private key (x), the hash
code of the message H(M), and an additional integer k that should be generated
randomly or pseudorandomly and be unique for each signing.
Let M, r′, and s′ be the received versions of M, r, and s, respectively.
Verification is performed using the formulas shown in Figure 13.3. The receiver
generates a quantity v that is a function of the public key components, the sender’s
public key, the hash code of the incoming message, and the received versions of r
and s. If this quantity matches the r component of the signature, then the signature
is validated.

The structure of the algorithm, as revealed in Figure 13.4, is quite interesting.

Note that the test at the end is on the value r, which does not depend on the message
at all. Instead, r is a function of k and the three global public-key components.
The multiplicative inverse of k (mod q) is passed to a function that also has as inputs
the message hash code and the user’s private key. The structure of this function is
such that the receiver can recover r using the incoming message and signature, the
public key of the user, and the global public key. It is certainly not obvious from
Figure 13.3 or Figure 13.4 that such a scheme would work. A proof is provided in
Appendix K.
Given the difficulty of taking discrete logarithms, it is infeasible for an
opponent to recover k from r or to recover x from s.
Another point worth noting is that the only computationally demanding
task in signature generation is the exponential calculation gk mod p. Because this
value does not depend on the message to be signed, it can be computed ahead of
time. Indeed, a user could precalculate a number of values of r to be used to sign
documents as needed. The only other somewhat demanding task is the determination
of a multiplicative inverse, k-1. Again, a number of these values can be
precalculated.

Elliptic Curve Digital Signature Algorithm:

As was mentioned, the 2009 version of FIPS 186 includes a new digital signature
technique based on elliptic curve cryptography, known as the Elliptic Curve Digital
Signature Algorithm (ECDSA). ECDSA is enjoying increasing acceptance due
to the efficiency advantage of elliptic curve cryptography, which yields security
comparable to that of other schemes with a smaller key bit length.
First we give a brief overview of the process involved in ECDSA. In essence,
four elements are involved.
1. All those participating in the digital signature scheme use the same global domain
parameters, which define an elliptic curve and a point of origin on the curve.
2. A signer must first generate a public, private key pair. For the private key, the
signer selects a random or pseudorandom number. Using that random number
and the point of origin, the signer computes another point on the elliptic curve.
This is the signer’s public key.
3. A hash value is generated for the message to be signed. Using the private
key, the domain parameters, and the hash value, a signature is generated. The
signature consists of two integers, r and s.
4. To verify the signature, the verifier uses as input the signer’s public key, the
domain parameters, and the integer s. The output is a value v that is compared
to r. The signature is verified if v = r.
Let us examine each of these four elements in turn.

Global Domain Parameters

Recall from Chapter 10 that two families of elliptic curves are used in cryptographic
applications: prime curves over Zp and binary curves over GF(2m). For ECDSA,
prime curves are used. The global domain parameters for ECDSA are the following:
q a prime number
a, b integers that specify the elliptic curve equation defined over Zq with the
equation y2 = x3 + ax + b
G a base point represented by G = (xg, yg) on the elliptic curve equation
n order of point G; that is, n is the smallest positive integer such that
nG = O. This is also the number of points on the curve.
Key Generation
Each signer must generate a pair of keys, one private and one public. The signer,
let us call him Bob, generates the two keys using the following steps:
1. Select a random integer d, d ∈ [1, n - 1]
2. Compute Q = dG. This is a point in Eq(a, b)
3. Bob’s public key is Q and private key is d.

Digital Signature Generation and Authentication

With the public domain parameters and a private key in hand, Bob generates
a digital signature of 320 bytes for message m using the following steps:
1. Select a random or pseudorandom integer k, k ∈ [1, n - 1]
2. Compute point P = (x, y) = kG and r = x mod n. If r = 0 then goto step 1
3. Compute t = k-1 mod n
4. Compute e = H(m), where H is one of the SHA-2 or SHA-3 hash functions.
5. Compute s = k-1(e + dr) mod n. If s = O then goto step 1
6. The signature of message m is the pair (r, s).
Alice knows the public domain parameters and Bob’s public key. Alice is
presented with Bob’s message and digital signature and verifies the signature using
the following steps:
1. Verify that r and s are integers in the range 1 through n - 1
2. Using SHA, compute the 160-bit hash value e = H(m)
3. Compute w = s-1 mod n
4. Compute u1 = ew and u2 = rw
5. Compute the point X = (x1, y1) = u1G + u2Q
6. If X = O, reject the signature else compute v = x1 mod n
7. Accept Bob’s signature if and only if v = r
process is valid as follows. If the message received by Alice is in fact signed by
Bob, then
s = k-1(e + dr) mod n
Then
k = s-1(e + dr) mod n
k = (s-1e + s-1dr) mod n
k = (we + wdr) mod n
k = (u1 + u2d) mod n
Now consider that
u1G + u2Q = u1G + u2dG = (u1 + u2d)G = kG

In step 6 of the verification process, we have v = x1 mod n, where point

X = (x1, y1) = u1G + u2Q. Thus we see that v = r since r = x mod n and x is the x
coordinate of the point kG and we have already seen that u1G + u2Q = kG.

RSA-PSS Digital Signature Algorithm:

In addition to the NIST Digital Signature Algorithm and ECDSA, the 2009 version
of FIPS 186 also includes several techniques based on RSA, all of which were developed
by RSA Laboratories and are in wide use. A worked-out example, using RSA,
is available at this book’s Web site.
In this section, we discuss the RSA Probabilistic Signature Scheme (RSA-PSS),
which is the latest of the RSA schemes and the one that RSA Laboratories recommends
as the most secure of the RSA schemes.
Because the RSA-based schemes are widely deployed in many applications,
including financial applications, there has been great interest in demonstrating that
such schemes are secure. The three main RSA signature schemes differ mainly in
the padding format the signature generation operation employs to embed the hash
value into a message representative, and in how the signature verification operation
determines that the hash value and the message representative are consistent.
For all of the schemes developed prior to PSS, it has not been possible to develop
a mathematical proof that the signature scheme is as secure as the underlying RSA
encryption/decryption primitive [KALI01]. The PSS approach was first proposed by
Bellare and Rogaway [BELL96c, BELL98]. This approach, unlike the other RSAbased
schemes, introduces a randomization process that enables the security of the
method to be shown to be closely related to the security of the RSA algorithm itself.
This makes RSA-PSS more desirable as the choice for RSA-based digital signature
applications.
Mask Generation Function
Before explaining the RSA-PSS operation, we need to describe the mask generation
function (MGF) used as a building block. MGF(X, maskLen) is a pseudorandom
function that has as input parameters a bit string X of any length and the
desired length L in octets of the output. MGFs are typically based on a secure
cryptographic hash function such as SHA-1. An MGF based on a hash function is
intended to be a cryptographically secure way of generating a message digest, or
hash, of variable length based on an underlying cryptographic hash function that
produces a fixed-length output.
The MGF function used in the current specification for RSA-PSS is MGF1,
with the following parameters:
Options Hash hash function with output hLen octets
Input X octet string to be masked
maskLen length in octets of the mask
Output mask an octet string of length maskLen
MGF1 is defined as follows:
1. Initialize variables.
T = empty string
k = <maskLen/hLen= - 1
2. Calculate intermediate values.
for counter = 0 to k
Represent counter as a 32-bit string C
T = T } Hash(X } C)
3. Output results.
mask = the leading maskLen octets of T
In essence, MGF1 does the following. If the length of the desired output is
equal to the length of the hash value (maskLen = hLen), then the output is the
hash of the input value X concatenated with a 32-bit counter value of 0. If maskLen
is greater than hLen, the MGF1 keeps iterating by hashing X concatenated with the
counter and appending that to the current string T. So that the output is
Hash (X} 0) } Hash(X} 1)} c }Hash(X} k)
This is repeated until the length of T is greater than or equal to maskLen, at which
point the output is the first maskLen octets of T.
The Signing Operation
MESSAGE ENCODING The first stage in generating an RSA-PSS signature of a message
M is to generate from M a fixed-length message digest, called an encoded message
(EM). Figure 13.6 illustrates this process. We define the following parameters and
functions:
Options Hash hash function with output hLen octets. The current
preferred alternative is SHA-1, which produces a 20-octet
hash value.
MGF mask generation function. The current specification calls
for MGF1.
sLen length in octets of the salt. Typically sLen = hLen, which
for the current version is 20 octets.
Input M message to be encoded for signing.
emBits This value is one less than the length in bits of the RSA
modulus n.
Output EM encoded message. This is the message digest that will be
encrypted to form the digital signature.
Parameters emLen length of EM in octets = <emBits/8= .
padding1 hexadecimal string 00 00 00 00 00 00 00 00; that is, a string
of 64 zero bits.
padding2 hexadecimal string of 00 octets with a length
(emLen - sLen - hLen - 2) octets, followed by the
hexadecimal octet with value 01.
salt a pseudorandom number.
bc the hexadecimal value BC.
The encoding process consists of the following steps.
1. Generate the hash value of M: mHash = Hash(M)
2. Generate a pseudorandom octet string salt and form block M′ = padding1 }
mHash} salt
3. Generate the hash value of M′: H = Hash(M′)
4. Form data block DB = padding2 } salt
5. Calculate the MGF value of H: dbMask = MGF(H, emLen - hLen - 1)
6. Calculate maskedDB = DB ⊕dbMsk
7. Set the leftmost 8emLen - emBits bits of the leftmost octet in maskedDB to 0
8. EM = maskedDB }H} 0xbc
We make several comments about the complex nature of this message
digest algorithm. All of the RSA-based standardized digital signature schemes
involve appending one or more constants (e.g., padding1 and padding2) in the
process of forming the message digest. The objective is to make it more difficult
for an adversary to find another message that maps to the same message digest
as a given message or to find two messages that map to the same message digest.
RSA-PSS also incorporates a pseudorandom number, namely the salt. Because the
salt changes with every use, signing the same message twice using the same private
key will yield two different signatures. This is an added measure of security.
FORMING THE SIGNATURE We now show how the signature is formed by a signer
with private key {d, n} and public key {e, n} (see Figure 9.5). Treat the octet string
EM as an unsigned, nonnegative binary integer m. The signature s is formed by
encrypting m as follows:
s = md mod n
Let k be the length in octets of the RSA modulus n. For example if the key size
for RSA is 2048 bits, then k = 2048/8 = 256. Then convert the signature value s
into the octet string S of length k octets.
Signature Verification
DECRYPTION For signature verification, treat the signature S as an unsigned,
nonnegative binary integer s. The message digest m is recovered by decrypting s as
follows:
m = se mod n
Then, convert the message representative m to an encoded message EM of
length emLen = <(modBits - 1)/8= octets, where modBits is the length in bits of
the RSA modulus n.
EM VERIFICATION EM verification can be described as follows:
Options Hash hash function with output hLen octets.
MGF mask generation function.
sLen length in octets of the salt.
Input M message to be verified.
EM the octet string representing the decrypted signature,
with length emLen = <emBits/8=.
emBits This value is one less than the length in bits of the RSA
modulus n.
Parameters padding1 hexadecimal string 00 00 00 00 00 00 00 00; that is,
a string of 64 zero bits.
padding2 hexadecimal string of 00 octets with a length
(emLen - sLen - hLen - 2) octets, followed by the
hexadecimal octet with value 01.
1. Generate the hash value of M: mHash = Hash(M)
2. If emLen 6 hLen + sLen + 2, output “inconsistent” and stop
3. If the rightmost octet of EM does not have hexadecimal value BC, output
“ inconsistent” and stop
4. Let maskedDB be the leftmost emLen - hLen - 1 octets of EM, and let H be
the next hLen octets
5. If the leftmost 8emLen - emBits bits of the leftmost octet in maskedDB are
not all equal to zero, output “inconsistent” and stop
6. Calculate dbMask = MGF (H, emLen - hLen - 1)
7. Calculate DB = maskedDB ⊕dbMsk
8. Set the leftmost 8emLen - emBits bits of the leftmost octet in DB to zero
9. If the leftmost (emLen - hLen - sLen - 1) octets of DB are not equal to
padding2, output “inconsistent” and stop
10. Let salt be the last sLen octets of DB
11. Form block M′ = padding1 }mHash} salt
12. Generate the hash value of M′: H′ = Hash(M′)
13. If H = H′, output “consistent.” Otherwise, output “inconsistent”
Figure 13.7 illustrates the process. The shaded boxes labeled H and H′ correspond,
respectively, to the value contained in the decrypted signature and the
value generated from the message M associated with the signature. The remaining
three shaded areas contain values generated from the decrypted signature and compared
to known constants. We can now see more clearly the different roles played
by the constants and the pseudorandom value salt, all of which are embedded in the

EM generated by the signer. The constants are known to the verifier, so that the
computed constants can be compared to the known constants as an additional check
that the signature is valid (in addition to comparing H and H′). The salt results in a
different signature every time a given message is signed with the same private key.
The verifier does not know the value of the salt and does not attempt a comparison.
Thus, the salt plays a similar role to the pseudorandom variable k in the NIST DSA
and in ECDSA. In both of those schemes, k is a pseudorandom number generated by
the signer, resulting in different signatures from multiple signings of the same message
with the same private key. A verifier does not and need not know the value of k.

Digital Signature Standard (DSS)

As we have studied, signature is a way of authenticating the data coming from a trusted
individual. Similarly, digital signature is a way of authenticating a digital data coming from
a trusted source. Digital Signature Standard (DSS) is a Federal Information Processing
Standard(FIPS) which defines algorithms that are used to generate digital signatures with
the help of Secure Hash Algorithm(SHA) for the authentication of electronic documents.
DSS only provides us with the digital signature function and not with any encryption or key
exchanging strategies.

Sender Side : In DSS Approach, a hash code is generated out of the message and following
inputs are given to the signature function –
1. The hash code.
2. The random number ‘k’ generated for that particular signature.
3. The private key of the sender i.e., PR(a).
4. A global public key(which is a set of parameters for the communicating principles) i.e.,
PU(g).
These input to the function will provide us with the output signature containing two
components – ‘s’ and ‘r’. Therefore, the original message concatenated with the signature is
sent to the receiver. Receiver Side : At the receiver end, verification of the sender is done.
The hash code of the sent message is generated. There is a verification function which takes
the following inputs –
1. The hash code generated by the receiver.
2. Signature components ‘s’ and ‘r’.
3. Public key of the sender.
4. Global public key.
The output of the verification function is compared with the signature component ‘r’. Both
the values will match if the sent signature is valid because only the sender with the help of
it private key can generate a valid signature.
Benefits of advanced signature:
1.A computerized signature gives better security in the exchange. Any unapproved
individual can’t do fakeness in exchanges.
2.You can undoubtedly follow the situation with the archives on which the computerized
mark is applied.
3.High velocity up record conveyance.
4.It is 100 percent lawful it is given by the public authority approved ensuring authority.
5.In the event that you have marked a report carefully, you can’t deny it.
6.In this mark, When a record is get marked, date and time are consequently stepped on it.
7.It is preposterous to expect to duplicate or change the report marked carefully.
8.ID of the individual that signs.
9.Disposal of the chance of committing misrepresentation by a sham.

Authentication:
Authentication is the process of verifying the identity of a user or information. User
authentication is the process of verifying the identity of a user when that user logs in to a
computer system.
There are different types of authentication systems which are: –
1. Single-Factor authentication: – This was the first method of security that was developed.
On this authentication system, the user has to enter the username and the password to
confirm whether that user is logging in or not. Now if the username or password is wrong,
then the user will not be allowed to log in or access the system.
Advantage of the Single-Factor Authentication System: –
 It is a very simple to use and straightforward system.
 it is not at all costly.
 The user does not need any huge technical skills.
The disadvantage of the Single-Factor Authentication
 It is not at all password secure. It will depend on the strength of the password entered by
the user.
 The protection level in Single-Factor Authentication is much low.
2. Two-factor Authentication: – In this authentication system, the user has to give a
username, password, and other information. There are various types of authentication
systems that are used by the user for securing the system. Some of them are: – wireless
tokens and virtual tokens. OTP and more.
Advantages of the Two-Factor Authentication
 The Two-Factor Authentication System provides better security than the Single-factor
Authentication system.
 The productivity and flexibility increase in the two-factor authentication system.
 Two-Factor Authentication prevents the loss of trust.
Disadvantages of Two-Factor Authentication
 It is time-consuming.
3. Multi-Factor authentication system,: – In this type of authentication, more than one
factor of authentication is needed. This gives better security to the user. Any type of
keylogger or phishing attack will not be possible in a Multi-Factor Authentication system.
This assures the user, that the information will not get stolen from them.
The advantage of the Multi-Factor Authentication System are: –
 No risk of security.
 No information could get stolen.
 No risk of any key-logger activity.
 No risk of any data getting captured.
The disadvantage of the Multi-Factor Authentication System are: –
 It is time-consuming.
 it can rely on third parties. The main objective of authentication is to allow authorized
users to access the computer and to deny access to unauthorized users. Operating
Systems generally identify/authenticates users using the following 3 ways: Passwords,
Physical identification, and Biometrics. These are explained as following below.
1. Passwords: Password verification is the most popular and commonly used
authentication technique. A password is a secret text that is supposed to be known
only to a user. In a password-based system, each user is assigned a valid username
and password by the system administrator. The system stores all usernames and
Passwords. When a user logs in, their user name and password are verified by
comparing them with the stored login name and password. If the contents are the
same then the user is allowed to access the system otherwise it is rejected.
2. Physical Identification: This technique includes machine-readable badges(symbols),
cards, or smart cards. In some companies, badges are required for employees to gain
access to the organization’s gate. In many systems, identification is combined with
the use of a password i.e the user must insert the card and then supply his /her
password. This kind of authentication is commonly used with ATMs. Smart cards can
enhance this scheme by keeping the user password within the card itself. This allows
authentication without the storage of passwords in the computer system. The loss of
such a card can be dangerous.
3. Biometrics: This method of authentication is based on the unique biological
characteristics of each user such as fingerprints, voice or face recognition, signatures,
and eyes.
4. A scanner or other devices to gather the necessary data about the user.
5. Software to convert the data into a form that can be compared and stored.
6. A database that stores information for all authorized users.
7. Facial Characteristics – Humans are differentiated on the basis of facial
characteristics such as eyes, nose, lips, eyebrows, and chin shape.
8. Fingerprints – Fingerprints are believed to be unique across the entire human
population.
9. Hand Geometry – Hand geometry systems identify features of the hand that includes
the shape, length, and width of fingers.
10. Retinal pattern – It is concerned with the detailed structure of the eye.
11. Signature – Every individual has a unique style of handwriting, and this feature is
reflected in the signatures of a person.
12. Voice – This method records the frequency pattern of the voice of an individual
speaker.
Authentication Requirements:
Authentication Requirements In the context of communications across a network, the
following attacks can be identified:

1. Disclosure: Release of message contents to any person or process not possessing the
appropriate cryptographic key.

2. Traffic analysis: Discovery of the pattern of traffic between parties. In a

connectionoriented application, the frequency and duration of connections could be
determined. In either a connection-oriented or connectionless environment, the number and
length of messages between parties could be determined.

3. Masquerade: Insertion of messages into the network from a fraudulent source. This
includes the creation of messages by an opponent that are purported to come from an
authorized entity. Also included are fraudulent acknowledgments of message receipt or
nonreceipt by someone other than the message recipient.

4. Content Modification: Changes to the contents of a message, including insertion,

deletion, transposition, or modification.

5. Sequence modification: Any modification to a sequence of messages between parties,

including insertion, deletion, and reordering.

6. Timing modification: Delay or replay of messages. In a connection-orientated application,

an entire session or sequence of messages could be a replay of some previous valid session,
or individual messages in the sequence could be delayed or replayed.

7. Repudiation: Denial of receipt of message by destination or denial of transmission of

message by source.

Message authentication is a procedure to verify that received messages come from the
alleged source and have not been altered. Message authentication may also verify sequencing
and timeliness.

A digital signature is an authentication technique that also includes measures to counter

repudiation by either source or destination. Any message authentication or digital signature
mechanism can be viewed as having fundamentally two levels.

At the lower level, there must be some sort of function that Authentication Requirements
produces an authenticator: a value to be used to authenticate a message. This lowerlevel
function is then used as primitive in a higher-level authentication protocol that enables a
receiver to verify the authenticity of a message. This section is concerned with the types of
functions that may be used to produce an authenticator. These functions may be grouped into
three classes, as follows:

1. Message Encryption: The ciphertext of the entire message serves as its authenticator.
 2. Message Authentication Code1 (MAC): A public function of the message and a secret
key that produces a fixed length value that serves as the authenticator.

3. Hash Functions: A public function that maps a message of any length into a fixed length
hash value, which serves as the authenticator. We will mainly be concerned with the last class
of function however it must be noted that hash functions and MACs are very similar except
that a hash code doesn’t require a secret key. With regard to the first class, this can be seen to
provide authentication by virtue of the fact that only the sender and receiver know the key.
Therefore the message could only have come from the sender. However there is also the
problem that the plaintext message should be recognisable as plaintext message (for example
if it was some sort of digitised X-rays it mightn’t be).

Authentication applications:
Authentication keeps invalid users out of databases, networks, and other resources. These
types of authentication use factors, a category of credential for verification, to confirm user
identity. Here are just a few authentication methods.

Single-Factor / Primary Authentication:

Historically the most common form of authentication, Single-Factor Authentication, is also

the least secure, as it only requires one factor to gain full system access. It could be a
username and password, pin-number or another simple code. While user-friendly, Single-
Factor authenticated systems are relatively easy to infiltrate by phishing, key logging, or mere
guessing. As there is no other authentication gate to get through, this approach is highly
vulnerable to attack.

Two-Factor Authentication (2FA):

 By adding a second factor for verification, two-factor authentication reinforces

security efforts. It is an added layer that essentially double-checks that a user is, in
reality, the user they’re attempting to log in as—making it much harder to break. With
this method, users enter their primary authentication credentials (like the
username/password mentioned above) and then must input a secondary piece of
identifying information.
 The secondary factor is usually more difficult, as it often requires something the valid
user would have access to, unrelated to the given system. Possible secondary factors
are a one-time password from an authenticator app, a phone number, or device that
can receive a push notification or SMS code, or a biometric like fingerprint (Touch
ID) or facial (Face ID) or voice recognition.
 2FA significantly minimizes the risk of system or resource compromise, as it’s
unlikely an invalid user would know or have access to both authentication factors.
While two-factor authentication is now more widely adopted for this reason, it does
 cause some user inconvenience, which is still something to consider in
implementation.

Single Sign-On (SSO):

 With SSO, users only have to log in to one application and, in doing so, gain access to
many other applications. This method is more convenient for users, as it removes the
obligation to retain multiple sets of credentials and creates a more seamless
experience during operative sessions.
 Organizations can accomplish this by identifying a central domain (most ideally, an
IAM system) and then creating secure SSO links between resources. This process
allows domain-monitored user authentication and, with single sign-off, can ensure
that when valid users end their session, they successfully log out of all linked
resources and applications.

Multi-Factor Authentication (MFA):

 Multi-factor authentication is a high-assurance method, as it uses more system-

irrelevant factors to legitimize users. Like 2FA, MFA uses factors like biometrics,
device-based confirmation, additional passwords, and even location or behavior-based
information (e.g., keystroke pattern or typing speed) to confirm user identity.
However, the difference is that while 2FA always utilizes only two factors, MFA
could use two or three, with the ability to vary between sessions, adding an elusive
element for invalid users.
What are the most common authentication protocols?
 Authentication protocols are the designated rules for interaction and verification that
endpoints (laptops, desktops, phones, servers, etc.) or systems use to communicate.
For as many different applications that users need access to, there are just as many
standards and protocols. Selecting the right authentication protocol for your
organization is essential for ensuring secure operations and use compatibility. Here
are a few of the most commonly used authentication protocols.

Password Authentication Protocol (PAP):

While common, PAP is the least secure protocol for validating users, due mostly to its lack of
encryption. It is essentially a routine log in process that requires a username and password
combination to access a given system, which validates the provided credentials. It’s now
most often used as a last option when communicating between a server and desktop or remote
device.

Challenge Handshake Authentication Protocol (CHAP):

CHAP is an identity verification protocol that verifies a user to a given network with a higher
standard of encryption using a three-way exchange of a “secret.” First, the local router sends
a “challenge” to the remote host, which then sends a response with an MD5 hash function.
The router matches against its expected response (hash value), and depending on whether the
router determines a match, it establishes an authenticated connection—the “handshake”—or
denies access. It is inherently more secure than PAP, as the router can send a challenge at any
point during a session, and PAP only operates on the initial authentication approval.

Extensible Authentication Protocol (EAP):

This protocol supports many types of authentication, from one-time passwords to smart cards.
When used for wireless communications, EAP is the highest level of security as it allows a
given access point and remote device to perform mutual authentication with built-in
encryption. It connects users to the access point that requests credentials, confirms identity
via an authentication server, and then makes another request for an additional form of user
identification to again confirm via the server—completing the process with all messages
transmitted, encrypted.

Kerberos:

What is Kerberos Authentication?

It is a network authentication protocol that uses third-party authorization for validating user
profiles. It also employs symmetric key cryptography for plain-text encryption and cipher-
text decryption. The keys in cryptography consist of a secret key that shares confidential
information between two or more objects.

In short, it helps in maintaining the privacy of an organization. Now, since you have
understood what Kerberos is, you might be thinking why Kerberos. There are various
authorization protocols but Kerberos is an improved version among all. It really becomes
difficult for cybercriminals to break into the Kerberos authentication system. There will be
flaws in an organization that need to be managed by using Kerberos for defending itself from
cybercriminals. The tool is used by popular operating systems such as Windows, UNIX,
Linux, etc. With the use of the Kerberos authentication system, the internet has become a
more secure place.
Parameters of Kerberos:

There are three main parameters that are used in Kerberos. They are:

1. Client
2. Server
3. Key Distribution Center (KDC)

These three components act as a third-party authentication service.

It uses cryptography for maintaining mutual privacy by preventing the loss of packets while
transferring over the network.

Further, in this blog, we will try to understand how Kerberos works.

What is Kerberos used for?

Nowadays, Kerberos is used in every industry for maintaining a secure system to prevent
cybercrimes. The authentication protocols of it depend on regular auditing and various
authentication features. The two major goals of Kerberos are security and authentication.

Kerberos is used in email delivery systems, text messages, NFS, signaling, POSIX
authentication, and much more. It is also used in various networking protocols, such as
SMTP, POP, HTTP, etc. Further, it is used in client or server applications and in the
components of different operating systems to make them secure.

Kerberos working:

We have already discussed in the previous sections about Kerberos being an authentication
protocol. It has proved to be one of the essential components of client or server applications.
It is also used in various fields for network security and providing mutual authentication. In
this section, we will discuss how Kerberos works. For that, first, we need to know about
Kerberos’s components.
Components of Kerberos:

Kerberos mainly provides two services. They are:

 Authentication service
 Ticket-granting service

For providing these services, Kerberos uses its various components. Further, let us discuss the
following principal components that are used for authentication:

1. Client

The client helps to initiate a service request for communicating with the user.

2. Server

All the services that are required by the user are hosted by the server.

3. Authentication Server (AS)

As the name suggests, AS is used for the authentication of the client and the server. AS
assigns a ticket through Ticket Granting Ticket (TGT) to the client. The assigned ticket
ensures the authentication of the client to other servers.

4. Key Distribution Center (KDC)

There are three parts to the Kerberos authentication service:

 Database
 Ticket Granting Server (TGS)
 Authentication Server (AS)
These parts reside in a single unit known as the Key Distribution Center.

5. Ticket Granting Server (TGS):

This server provides a service to assign tickets to the user as a unique key for authentication.

There are unique keys that are used by the authentication server and the TGS for both clients
and servers. Now, let us look at the cryptographic secret keys that are used for authentication:

 Client or User Secret Key: It is the hash of the password set by the user that acts as
the client or user secret key.
 TGS Secret Key: It is the secret key that helps in deciding TGS.
 Server Secret Key: It helps to determine the server that provides the services.

Architecture of Kerberos:
The following steps are involved in the Kerberos workflow:

Step 1: Initially, there is an authentication request from the client. The user requests TGS
from the authentication server.

Step 2: After the client’s request, the client data is validated by the KDC. The authentication
server verifies the client and the TGS from the database. The authentication server then
generates a cryptographic key (SK1) after checking both values and implementing the hash of
the password. The authentication server also computes a session key. This session key uses
the secret key of the client (SK2) for encryption.

Step 3: The authentication server then creates a ticket that consists of the ID, network
address, secret key, and lifetime of the client.

Step 4: The decryption of the message is then performed by the client by using the client’s
secret key.

Step 5: Now, the client demands entrance into the server by using TGS. The TGS creates a
ticket that acts as an authenticator here.

Step 6: Another ticket is generated by KDC for the file server. Then, the TGS decrypts the
ticket for obtaining the secret key initiated by the client. It checks the network address and ID
by decrypting the authenticator. If the client ID and the network address match successfully,
then KDC shares a service key with the client and the server.

Step 7: The client utilizes the file ticket for authentication. The message is decrypted by
using SK1 to obtain SK2. Again, the TGS generates a new ticket to send to the target server.

Step 8: Here, the target server decrypts the file ticket by using the secret key. After that, the
server performs checks on the client details by decrypting SK2. The target server also checks
the validity of the ticket. Finally, when all of the client’s encrypted data is decrypted and
verified, the server authenticates the client to use the services.

Kerberos Limitations:

 Each network service must be modified individually for use with Kerberos
 It doesn’t work well in a timeshare environment
 Secured Kerberos Server
 Requires an always-on Kerberos server
 Stores all passwords are encrypted with a single key
 Assumes workstations are secure
 May result in cascading loss of trust.
 Scalability

Advantages of Kerberos Authentication:

1. Enhanced security

Authorization from third parties, multiple secret keys, and cryptography make Kerberos one
of the most reliable authentication protocols in the industry. When using Kerberos, passwords
for the users are never sent through the network. They are sent in an encrypted form and the
hidden keys move through the device. It becomes impossible to collect enough data to
impersonate a customer or service, even if someone is recording conversations.

2. Access control

It is a key part of the businesses of the day. The protocol enables the best access control. With
the help of this protocol, a business gets a single point for upholding safety protocols and
keeping login records.

3. Transparency and auditability

Transparent and accurate logs are important for auditing processes and inquiries. It clarifies
who was calling for what and at what moment for maintaining transparency.

4. Shared authentication

It allows users and service systems to authenticate each other. Users and server systems can
understand that they are communicating with valid partners at each stage of the
authentication process.

5. Limited-lifetime ticket

All tickets have serial numbers and lifelong data in the Kerberos model. Admins can monitor
the authorization time of the users. Short ticket lifetimes prove to be beneficial for avoiding
brute-force and repeat attacks.

6. Scalability

Several tech companies, including Apple, Microsoft, and Sun, have implemented the
Kerberos authentication system. This level of acceptance speaks volumes about the capability
of Kerberos to keep up with the needs of large companies.
7. Reusable authentications

The authentication of Kerberos is reusable and robust. Users need to verify devices with
Kerberos only once. They can verify network services for the lifespan of the ticket without
having to re-enter personal information.

X.509 Directory Services:

X.509 is a digital certificate that is built on top of a widely trusted standard known as ITU
or International Telecommunication Union X.509 standard, in which the format of PKI
certificates is defined. X.509 digital certificate is a certificate-based authentication security
framework that can be used for providing secure transaction processing and private
information. These are primarily used for handling the security and identity in computer
networking and internet-based communications.
Working of X.509 Authentication Service Certificate:
The core of the X.509 authentication service is the public key certificate connected to each
user. These user certificates are assumed to be produced by some trusted certification
authority and positioned in the directory by the user or the certified authority. These
directory servers are only used for providing an effortless reachable location for all users so
that they can acquire certificates. X.509 standard is built on an IDL known as ASN.1. With
the help of Abstract Syntax Notation, the X.509 certificate format uses an associated public
and private key pair for encrypting and decrypting a message.
Once an X.509 certificate is provided to a user by the certified authority, that certificate is
attached to it like an identity card. The chances of someone stealing it or losing it are less,
unlike other unsecured passwords. With the help of this analogy, it is easier to imagine how
this authentication works: the certificate is basically presented like an identity at the
resource that requires authentication.
Format of X.509 Authentication Service Certificate:

Generally, the certificate includes the elements given below:

 Version number: It defines the X.509 version that concerns the certificate.
 Serial number: It is the unique number that the certified authority issues.
 Signature Algorithm Identifier: This is the algorithm that is used for signing the
certificate.
 Issuer name: Tells about the X.500 name of the certified authority which signed and
created the certificate.
 Period of Validity: It defines the period for which the certificate is valid.
 Subject Name: Tells about the name of the user to whom this certificate has been
issued.
 Subject’s public key information: It defines the subject’s public key along with an
identifier of the algorithm for which this key is supposed to be used.
 Extension block: This field contains additional standard information.
 Signature: This field contains the hash code of all other fields which is encrypted by
the certified authority private key.

Applications of X.509 Authentication Service Certificate:

Many protocols depend on X.509 and it has many applications, some of them are given
below:
 Document signing and Digital signature
 Web server security with the help of Transport Layer Security (TLS)/Secure Sockets
Layer (SSL) certificates
 Email certificates
 Code signing
 Secure Shell Protocol (SSH) keys
 Digital Identities