Geri Dön

Sayısal imza sistemlerinin incelenmesi

Digital signature schemes

  1. Tez No: 83016
  2. Yazar: GANIME BETÜL ASLAN
  3. Danışmanlar: DOÇ. DR. MEHMET BÜLENT ÖRENCİK
  4. Tez Türü: Yüksek Lisans
  5. Konular: Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve Kontrol, Computer Engineering and Computer Science and Control
  6. Anahtar Kelimeler: Belirtilmemiş.
  7. Yıl: 1999
  8. Dil: Türkçe
  9. Üniversite: İstanbul Teknik Üniversitesi
  10. Enstitü: Fen Bilimleri Enstitüsü
  11. Ana Bilim Dalı: Bilgisayar Mühendisliği Ana Bilim Dalı
  12. Bilim Dalı: Belirtilmemiş.
  13. Sayfa Sayısı: 117

Özet

SAYISAL İMZA SİSTEMLERİNİN İNCELENMESİ ÖZET Bilgisayarlar artık günlük hayatın vazgeçilmez bir parçası haline gelmiştir. Özellikle bilgisayar ağlarının gelişmesi sayesinde uzaktaki bir bilgisayarın çalışması yerel bir makineden kontrol edilebilmekte, dahası bilgisayarların tamamen şeffaf bir şekilde haberleşebilmesi kullanıcıların dünyanın dört bir yanındaki bilgiye kolayca ulaşabilmesini mümkün kılmaktadır. Kullanıcılar yalnızca parmak uçlarını kullanarak yerlerinden dahi kalkmadan başka kıtalardaki kullanıcılara metin, ses ya da görüntü içeren mesajlar gönderebilmekte, iş bağlantıları kurabilmekte, elektronik ticaretin yaygınlaşması sayesinde, binlerce kilometre uzaktaki bir mağazadan alışveriş yapabilmektedirler. Ancak bu bilgisayardan bilgisayara iletişim yeteneği, güvenlik sorununu da beraberinde getirmektedir. Bir kullanıcı, bilgisayar ağına katılmak için kullanıcı adı ve şifresini girerken, internet üzerinden alışveriş yapmak için kredi kartı numarasını kullanırken ya da herhangi bir dokümanı elektronik posta ile gönderirken, mesajlarının yetkisiz kişiler tarafından dinlenmesi, gizli bilgilerinin çalınması hatta mesajları üzerinde değişiklikler yapılması tehlikesi ile karşı karşıyadır. Dahası hükümetler, askeri kuruluşlar, bankalar ve özel şirketler, elektronik ortamda çok büyük miktarda veri saklamaktadırlar. Ağ üzerinden erişen yetkisiz kişilerin, bu bilgilere, okuma ya da değiştirme amacıyla erişmesinin önlenmesi son derece ciddi bir problem haline gelmiştir. Burada ele alınması gereken birkaç nokta vardır. Bunlardan birincisi bilginin yetkisiz kişiler tarafından görülmesinin engellenmesi, yani gizliliktir. İkincisi, daha az yaygın olarak bilinen ama gizlilik kadar önemli olan asıllama, yani bilginin kaynağının doğrulanması problemidir. Buna ek olarak veri bütünlüğünün korunması, yani veri üzerinde değişiklik yapılmasının engellenmesi, verinin gönderiliş zamanının belirlenmesi vs. de önemli kaygılar arasındadır. İşte bu noktada askeri amaçlarla binlerce yıldır, ilkel bir şekilde de olsa kullanılan kriptografi devreye girmektedir. Düşük maliyetli donanımın gelişmesiyle, önceleri çok pahalı olan kriptografik yöntemler bilgisayar terminalleri ve uzaktan ödeme sistemlerinde kullanım alanı bulmuştur. Kriptografi, yukarıda sözü edilen birinci probleme şifreleme teknikleri ile çözüm bulmaktadır. İkinci sorunun çözümünde ise sayısal imzalar kullanılmaktadır. Bu çalışma sayısal imza sistemlerinin genel bir incelemesini yapmaktadır. Öncelikle, anlamaya yardımcı olması açısından sayılar teorisi hakkında kısa bir özet verilmiştir. Üçüncü ve dördüncü bölümlerde sayısal imza sistemlerinin yardımcı öğelerinden olan asal sayı üretimi ve çırpma fonksiyonları ele alınmıştır. Beşinci ve altıncı bölümlerde sayısal imza sistemlerinin tanımı ve bir sınıflandırması IXyapılmış, ardından en yaygın olarak kullanılan sayısal imza sistemleri detaylı olarak tanıtılmıştır. Yedinci bölüm, geleneksel imza sistemlerinin bazı uygulamalarda yetersiz kalması sonucu geliştirilen, ek işlevli sayısal imza mekanizmalarına ayrılmıştır. Son bölümde ise, altıncı bölümde tanıtılan sayısal imza mekanizmalarından DSA'nın C++ dilinde yapılan bir uygulaması tanıtılmıştır. Uygulama, SHA çırpma fonksiyonunu da içermektedir.

Özet (Çeviri)

DIGITAL SIGNATURE SCHEMES SUMMARY Computers have become an integral part of our everyday life. The vast array of computer networks allows one to control a remote computer from a local machine. Furthermore, the transparent communication capability made it possible to access information in various parts of the world. By using only their fingertips, without even getting up from their seat, users can send messages containing text, audio or video; establish business contacts and with the ever increasing use of electronic commerce, can buy goods from shops that are thousands of kilometres away. But this computer to computer communication capability brings about the security problem. When a user enters his user name and password to log on to a computer network, when a client types his credit card number to buy something over the internet or when he sends a document through electronic mail, he faces the danger of unauthorized access or even modification of his data. What is worse, governments, military organizations, banks and private companies keep enormous amounts of data in electronic form. It has become a serious concern to prevent unautorized network access to these data. Here there are several points to consider. The first one is the problem of privacy; preventing unauthorized extraction of data. The second, less known problem is that of authentication; the validation of the source of data. Also there are the problems of protecting data integrity and time stamping. At this point, comes into stage an art that has been used for thousand of years for military purposes: Cryptography. With the development of cheap hardware, cryptographic devices found application areas in computer terminals and remote payment systems. The first problem mentioned above is solved with the encryption technique of cryptography. To solve the second problem, digital signatures are used. Digital signatures, along with public key cryptography are first introduced in a paper by Whitfield Diffie and Martin Hellman (1976). Until then secret key cryptography had been in use in cryptographic systems and the transmission of the secret key between the communicating parties was a great problem. The use of a secret and a corresponding public key allowed for secure communication between two parties that had never met before. Also, the concept of a public key that is known to everybody made it possible to use digital signatures that could be verified by everyone to authenticate the source of a message. Here, a definition of a digital signature will be appropriate. A digital signature is a number that is dependent on the message signed and on a number called“secret key”that is known only to the signer. XIIn the definition above, the point to be noted is that while real world signatures are the same for every message, a signer's signature changes according to the message signed. Apart from that, digital signatures are digital counterparts of real world signatures. In order for digital signatures to be real counterparts of handwritten signatures, they should provide some services. These are: authentication, data integrity, non- repudiation and unforgeability. The most important feature of digital signatures is the ability to identify the source of the message. Second feature is the ability to ensure data integrity. Because a signature is dependent on the message being signed, when the message changes (someone injects to or deletes something from the message) the signature will not be verified and will be rejected. Especially the use of hash functions provides an“avalanche effect”so that even a change of only one bit in the message causes a drastic change in the resulting signature. The third feature is non-repudiation which is concerned with providing evidence to a third party (a judge) that a party participated in a transaction, and thereby protect other parties in the transaction against false denials of participation. Last but not least, digital signatures should be unforgeable, that is noone other that the legitimate signer should generate the same signature for a particular message. Digital signature schemes are comprised of a signature generation and a signature verification procedure. The inputs of the signature generation procedure are the message to be signed (or the message digest) and the secret key of the signer. The verification procedure which is carried out by the signer, uses the public key which corresponds to the secret key of the signer as its input. In some digital signature schemes the original message is also used as the input to the verification procedure. Digital signatures can be divided into two categories according to whether the original message is used as input to the verification algorithm. Digital signature schemes with appendix require the original message as input to the verification algorithm.These schemes rely on cryptographic hash funtions. Digital signature schemes with message recovery do not require the original message as input to the verification algorithm. In this case the original message is recovered from the signature itself. In practice, this feature is of use for short messages. After the public key cryptography and digital signature concepts are introduced in Diffie and Hellman's article, several attempts were made to find practical public key and digital signature systems, depending on the difficulty of solving some problems. Among the first techniques introduced was RSA system (1978) which is named after the inventors: Ronald Rivest, Adi Shamir, Leonard Adleman. This system depends on the difficulty of factoring large integers. RSA system could be used for both public key encryption and digital signatures. RSA is one of the most largely used xiicryptographic systems and is patented by many large computer industry companies. RSA system is an example of a digital signature scheme with message recovery. It is mostly used to encrypt the secret key that is used in a symmetric encryption system. The second best known system is that of Taher EIGamal's (1985). This system depends on the discrete logarithm problem. EIGamal system, like RSA can be used for both encryption and digital signatures. This system is an example of a digital signature scheme with appendix. EIGamal system employs a hash function to generate a digest of the original message. After the original EIGamal system was introduced, several attempts were made to generalize the scheme. Among these are the Schnorr's system. Another well known system is the Digital Signature Algorithm. This system has been adopted as a standard by NIST (National Institute of Science and Technology) of the United States of America. This system is based on EIGamal's algorithm. The standard also requires a hash algorithm called Secure Hash Algorihtm to be used in generating a message digest. The conventional digital signature schemes mentioned above are not adequate for some special applications. In view of this fact, digital signature schemes with added functionality have been developed. Among these new types of signature schemes are Fail-Stop Signatures, Blind Signatures and Undeniable Signatures. We know that unforgeability of conventional digital signatures is necessarily based on complexity theoretic assumptions. If an adversary has unlimited computing power, breaking most secure digital signature schemes will be a comparatively easy task. Fail-stop signatures schemes improve upon this: they, too rely on assumptions; but if the underlying assumption is broken, this can be proved by the signer. In this way, the signer would be relieved from the responsibility for this signature. After the scheme is broken, security parameters can be increased or the scheme could be stopped. A second type of scheme with additional properties is Blind Signature Schemes. First introduced by David Chaum, these schemes are essentially a protocol between a sender and a signer. The basic idea is this: A sends a message to B, which A does not want B to see, and B signs and returns the result to A. The best use of such a scheme would be anonymous electronic cash applications. In such applications, the use of conventional signature schemes will allow the bank to trace a customer's spendings. But if a blind signature scheme is used, the bank does not know anything about the money it signs other than that, that particular money belongs to a particular customer. A second possible use of blind signatures is electronic voting applications. Undeniable signature schemes are distinct from conventional digital signatures in the sense that, the signature verification protocol requires the cooperation of the signer. We know that, non-repudiation is one of the main sources of attractiveness of digital signatures. But in some cases this property is not desirable. An example of such a case is that of a signature binding parties to a confidential agreement. In this case limiting the ability of third parties to verify the validity of a signature is an important goal. But these schemes should not give up on the property of non- repudiation. There are other schemes with added functionally. Among these we can count Group xiiiSignatures, Identity-based Schemes, Designated Confirmer Signatures and Unconditionally Secure Digital Signatures. Here is an outline of the topics discussed in this study: First of all, a short mathematical background is supplied. In the third and fourth chapters, complementary components of digital signature systems; prime number generation and hash functions are presented. In the fifth and sixth chapters, digital signatures are defined, a classification is given and the most commonly known digital signature schemes are presented. Seventh chapter is dedicated to schemes with additional functionality. In the last chapter, an implementation of the Digital Signature Algorithm is given. The code is written in C++. The application makes use of the Secure Hash Algorithm that is required in the standart. xiv

Benzer Tezler

  1. Tez No

    781767

    Contribution a la recherche d'un cadre juridique pour un droit international de laconcurrence plus efficace

    Daha etkin bir uluslararası rekabet için hukuki çerçeve arayışı

    ALİ CENK KESKİN

    Doktora

    Fransızca

    Fransızca

    2009

    HukukGalatasaray Üniversitesi

    Kamu Hukuku Ana Bilim Dalı

    PROF. DR. JEAN MARC SOREL

    PROF. DR. HALİL ERCÜMENT ERDEM

  2. Tez No

    152167

    Use of artificial immune systems for network intrusion detection

    Yapay bağışıklık sistemlerinin ağ saldırılarının tespiti için kullanımı

    ORHAN BIYIKLIOĞLU

    Yüksek Lisans

    İngilizce

    İngilizce

    2004

    Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve Kontrolİstanbul Teknik Üniversitesi

    Bilgisayar Mühendisliği Ana Bilim Dalı

    PROF.DR. BÜLENT ÖRENCİK

  3. Tez No

    558831

    Quantum-resistant multivariate quadratic systems and digital signatures

    Kuantum-dayanıklı çok değişkenli iki bilinmeyenli sistemler ve sayısal imzalar

    ESEN ALTUNDAĞ

    Yüksek Lisans

    İngilizce

    İngilizce

    2019

    MatematikOrta Doğu Teknik Üniversitesi

    Kriptografi Ana Bilim Dalı

    DOÇ. DR. MURAT CENK

  4. Tez No

    356102

    Metal madenciliğinde yeraltı açıklıklarının tahkimatı ve nümerik yöntemler ile analizi

    Support of underground openings in metal mining and analysis with numerical methods

    HÜSEYİN SERHAT MAMAT

    Yüksek Lisans

    Türkçe

    Türkçe

    2014

    Maden Mühendisliği ve Madencilikİstanbul Teknik Üniversitesi

    Maden Mühendisliği Ana Bilim Dalı

    YRD. DOÇ. DR. CÜNEYT ATİLLA ÖZTÜRK

  5. Tez No

    670861

    Hybrid deep multi-criteria recommender system model

    Hibrit derin çok kriterli öneri sistemi modeli

    ABDULRAHMAN ALNAHHAS

    Yüksek Lisans

    İngilizce

    İngilizce

    2021

    Endüstri ve Endüstri Mühendisliğiİstanbul Teknik Üniversitesi

    Endüstri Mühendisliği Ana Bilim Dalı

    PROF. DR. YUSUF İLKER TOPCU

Geri Dön