Time
5 hours 49 minutes
Difficulty
Intermediate
CEU/CPE
6

Video Transcription

00:01
Hello, everybody. And welcome to the I t security. Absolute number 24 digital signatures. My name is Alejandro Gonna, And I'll be constructive for today's session.
00:12
The learning objectivity is to understand and be able to identify the main concepts of digital signatures.
00:20
Well, here we have again. Bala now is in here. You know your works. It's,
00:31
um And this time we're ready. Copper confidentiality and integrity.
00:37
But we haven't covered the non repudiation a term that we, you know, talk about at the beginning of this module.
00:45
Um, just cryptography over. Oh,
00:49
so we need to cover that, and we will cover that with digital signatures. So again, we go to the beginning off talking about us asymmetric algorithms,
01:00
which is, you know, Bob here has
01:03
pull the key
01:04
and his private key
01:07
and all these right here has
01:11
her pulling key.
01:14
Her bribe key.
01:17
Um, and you know, it seems we're trying Thio again. Bob is trying to say hello,
01:26
two
01:27
to Wallace
01:30
and we were trying to cover Thio concepts right now, which is integrity
01:40
and non repudiation and saying we're trying to cover that
01:45
on. We already said that to cover in charity. We need to use hashes
01:52
and she covered now repudiation. We need to use asymmetric
02:01
Argh rhythms.
02:08
And she did that first. You know, I started by two to create a digital signature. We first start by passing the, uh,
02:19
clear text message. True. And our two hash algorithms. So we have right here we have. Or Shah
02:29
2 56
02:30
We passed that to create, I don't know, a easy one to treat. This is our hash value. And to guarantee the non repudiation, what do you think? What do you think we can do?
02:46
Remember that when we said that we went into guarantee confidentiality with, you know, a cement truck Keys will encrypt with Alice's public key so she can be printed with her own private key.
03:05
But this time we're trying to guarantee non repudiation. None. Come. We're not trying to guarantee confidentiality. So it seems we're trying to guarantee non repudiation, which means that the sender cannot deny haven't send the message.
03:21
And the only thing that book should have kept a private is his product key. So in this case, we will in Crete,
03:30
the data will buffs prep Binky,
03:34
but did I hear you saying over the strain. But what about confidentiality is at the end, If buffs and Crips this hush value with his private key, anyone around the world will be able to decrypt it because box public is published in an FTP server
03:53
or is bullish in an http server or whatever
03:55
is publicly known. And yeah, that's the idea. The value that was generated from encrypting the hash bother you,
04:03
which would be ex white
04:05
Zee Ah,
04:08
234
04:10
Um
04:12
can be decrypted that anybody you know. And that's the point. We need to guarantee that
04:18
the number of radiation, which means that bucket not denied having a shine in this case, we whipped the message. So whether we send to Ali's to go, you know, to complete the digital signature
04:32
concept. So we sent this value
04:36
and we sent also the clear Text Valley.
04:40
So now always has the X y Z shoot report and the hello message. So what is? You know what those out others needs to do right now. So all these since it has the
04:55
X y Z a 234 message, it needs to decrypt it with box pulling key.
05:02
So it takes bucks, pull leaky
05:06
and dig grips the message
05:10
on And it should have the A B C 12 tree, which is the hash. Remember, we encrypt the Hash Valley with bugs property. So now we passed the encrypted body to Bubs publicly to get the hash Bali. And since, uh,
05:29
all these also has
05:30
they Hello,
05:32
Message. She now needs to pass it through the same algorithm, which in this case, is
05:40
Thio shot 2 56 And he has to be. It has to give me the same value,
05:47
which is right here and also right here.
05:49
And now that I have this, I know that it gives me a B C 12 tree. I cannot trust that through things that
06:00
the message was sent by Bob because I was able to decrypt the message with box Polic E. But now I can also see or trust that the message wasn't modified in the transit, meaning that I can guaranteed integrity off the message. So this the concepts are provided by the digital signature
06:18
integrity and now repudiation
06:26
weapon concepts are provided by detail signatures well aside, just said sincerely and a repudiation of the two concepts that are provided, but digital signatures
06:36
name one symmetric algorithm used in digital signatures. Well, as you can imagine, there's not. We cannot use symmetric algorithms in digital signatures because we will be able to guarantee the non repudiation part. Remember that for symmetric algorithms,
06:55
the same key is used at both sides of the communication. Both both both
07:00
Ali's above, will be using the same keys that there's no way to know above actually sent the Cheon crypt, the message or Alice encrypted or anyone else else's told the key and wasn't cryptic messages in name off one of these two centers. So
07:16
that's why we don't use symmetric algorithms in digital signatures. We just use asymmetric algorithms.
07:24
Could you provide confidentiality by using only digital signatures? Well, the answer is no, we don't are. We're not looking to provide confidentiality. When we were talking about digital signatures where we're looking to provide its integrity on now, repudiation
07:42
in today's brief lecture would talk about the main concept of digital signatures.
07:49
Then again, uh, Phipps publication is or go to when we talk about cryptography. I already said this in previous models, but, uh,
08:00
all of the all of the links that Cupid here, uh, or I could give you. You know, books and references are our materials to any other publications or notes.
08:11
They all go to the Phipps publication on this is the standard that most off the end of the business outside use to deprecate to continue using to brew, to see what algorithms to use in order to be, you know, really secure.
08:30
And you can also you can even certified your dirt. Your code
08:33
or your service is with this publication. So this is their go to material. When we talk about cryptography,
08:41
the next video, we'll wrap up all the previous cryptographic concepts on Explain how there are used in a public infrastructure, also known as P K I.
08:52
Well, that's it for today, folks. I home your dirty video and talk to you soon.

Up Next

IoT Security

This IoT Security training is designed to help IT professionals strengthen their knowledge about the Internet of Things (IoT) and the security platforms related to it. You’ll also be able to identify the security, privacy and safety concerns related to the implementation of an IoT infrastructure.

Instructed By

Instructor Profile Image
Alejandro Guinea
CERT Regional Director
Instructor