Digital Signatures and Suppress-Replay Attacks

Digital signatures are seen as the most important development in public-key cryptography. Sun Developer Network states, “A digital signature is a string of bits that is computed from some data (the data being “signed”) and the private key of an entity. The signature can be used to verify that the data came from the entity and was not modified in transit” (The Java Tutorial, n.d.). Digital signatures should have the properties of author verification, verification of the date and time of the signature, authenticate the contents at the time of the signature, as well as be verifiable by a third party in order to resolve disputes. Based on these properties, there are several requirements for a digital signature. The first of these requirements is that the signature must be a bit pattern that depends on the message being signed. The next requirement is declared in order to prevent forgery and denial. It states that the signature must use some information that is unique to the sender. The third requirement is that it must be fairly easy to generate the digital signature. Being relatively easy to recognize and verify the digital signature is another requirement. The fifth requirement states that it must be computationally infeasible to forge a digital signature, either by constructing a new message for an existing digital signature or by constructing a fraudulent digital signature for a given message. The last requirement is that it must be practical to store a copy of the digital signature. Many approaches for the implementation of digital signatures have been proposed, and they fall into the direct and arbitrated digital signature approaches (Stallings, 2003).

The direct digital signature involves only communication between the source and destination parties, and the arbitrated digital signature schemes include the use of an arbitrator. The direct digital signature is created by encrypting the entire message or a hash code of the message with the sender’s private key. Further confidentiality can be provided by encrypting the message in its entirety and adding signature using either the receiver’s public key or a secret key shared between the sender and receiver. One weakness in the direct signature scheme is that a sender can later deny having sent a message. Another weakness is the threat of a private key being stole and sending a message using the signature. Both weaknesses are the primary reason for the arbitrated digital signature scheme. In arbitrated scheme, a sender’s message must first go through an arbiter that runs a series of tests to check the origin and content before it is sent to the receiver. Because the arbiter plays such a crucial role, the sender and receiver must have a significant amount of trust in this arbitrator. This trust in the arbiter ensures the sender that no one can forge his signature and assures the receiver that the sender cannot disown his signature (Stallings, 2003).

The issue of replay attacks is a main concern when dealing with mutual authentication when both parties are confirming the other’s identity and exchanging session keys. The primary issues with mutual authentication lies in the key exchange: confidentiality and timelines. Timelines are susceptible to replay attacks that disrupt operations by presenting parties with messages that appear genuine but are not. One type of replay attack is suppress-reply attack that can occur in the Denning protocol. The Denning protocol uses a timestamps to increase security. The issue here revolves around the reliance on clocks that are synchronized throughout the network. It is stated, “…that the distributed clocks can become unsynchronized as a result of sabotage on or faults in the clocks or the synchronization mechanism” (Stallings, 2003 p. 387). Li Gong states, “…the recipient remains vulnerable to accepting the message as a current one, even after the sender has detected its clock error and resynchronized the clock, unless the postdated message has meanwhile been somehow invalidated,” which is unlikely. If the clock of the sender is ahead of the receivers and the message is intercepted, the opponent can replay the message when the timestamp becomes current. This type of attack is known as suppress-replay attack.

In order to address the concern of suppress-replay attack, an improved protocol was presented. Here are the detailed steps.

1. “A initiates the authentication exchange by generating a nonce, Na, and sending that plus its identifier to B in plaintext. This nonce will be returned to A in an encrypted message that includes the session key, assuring A of its timelines.

2. B alerts the KDC that a session key is needed. Its message to the KDC includes its identifier and a nonce, Nb. This nonce will be returned to B in an encrypted message that includes the session key, assuring B of its timeliness. B’s message to the KDC also includes a block encrypted with the secret key shared by B and the KDC. This block is used to instruct the KDC to issue credentials to A; the block specifies the intended recipient of the credentials, a suggested expiration time for the credentials, and the nonce received from A.

3. The KDC passes on to A B’s nonce and a block encrypted with the secret key by A for subsequent authentications, as will be seen. The KDC also sends A a block encrypted with the secret key shared by A and the KDC. This block verifies that B has received A’s initial message (IDB) and that this is a timely message and not a replay (Na), and it provides A with a session key (KS) and the time limit on its use (Tb).

4. A transmits the ticket to B, together with the B’s nonce, the latter encrypted with the session key. The ticket provides B with the secret key that is used to decrypt EKS[Nb] to recover the nonce. The fact that B’s nonce is encrypted with the session key authenticates that the message came from A and is not a replay” (Stallings, 2003 pgs. 387-388).

This protocol is not vulnerable to suppress-replay attacks due to the fact that the nonces the recipient will choose in the future are unpredictable to the sender (Gong, n.d.).

In conclusion, digital signatures are seen as the most important development in public-key cryptography and include direct and arbitrated digital signature approaches. The direct digital signature involves only communication between the source and destination parties, and the arbitrated digital signature schemes include the use of an arbitrator. Suppress-replay attacks can occur if the clock of the sender is ahead of the receivers and the message is intercepted. This allows the opponent to replay the message when the timestamp becomes current. This issue is overcome by the implementation of a protocol that uses timestamps that do not require synchronized clocks because the receiver B checks only self-generated timestamps (Stallings, 2003).

Works Cited
Gong, Li (n.d.). A Security Risk of Depending on Synchronized Clocks. ORA Corporation and Cornell University. Retrieved November 5, 2005, from

Stallings, William. (2003). Cryptography and Network Security: Principles and Practices. New Jersey: Pearson Education, Inc.

The Java Tutorial (n.d.). Sun Developer Network. Retrieved November 5, 2005, from

Digital Reputations and What to Do About Them

Until recently, the key to kicking open a door for a job interview was the resume. There are innumerable books that are ‘how-to’ guidelines for resume writing; how to lead with skills, not experience, how to make your dynamic personality jump off the page; how to in fact keep it to one page – the mantra of the resume professional.

While you’ve been busy shoehorning your experience onto one lousy sheet of printer paper (no cheating with legal size) another important issue has emerged for job candidates. That is the use of the Internet as an investigatory tool for human resources departments considering job candidates. The Web is so all-encompassing, so much a social interaction tool and so thorough a resource of public documents that it has become all-intrusive as well.

Running web searches on the names of job applicants has become a standard practice for hiring managers. conducted a survey of hiring managers which showed that one in four used the Internet to run searches on job applicants. That ratio isn’t going to get any smaller.

What to do about it? What many job applicants are finding is that it’s the odd embarrassment rather than some truly deprecatory fact that sandbags them through a web search. A twenty-something with an MBA looking to break into a financial consulting firm will turn up in a college photo taken at a frat party eight or ten years ago. That may be enough to send the recruiter elsewhere.

Young people who are making active use of MySpace and YouTube today are going to be the serious young professionals on the hunt for employment in a few short years. Those pages on the social interaction sites have a way of living on, even if the originator has long ago ceased to participate and taken down his or her page. The material on those sites is freely traded among members and may well end up on other web sites outside the membership servers.

The goal, then, is to remove material on the Internet that may be potentially embarrassing or harmful. Because the Internet is the last great free marketplace, naturally a number of for-profit services have sprung up online to help you polish your digital persona. These services provide a number of functions that will help you with any potential online embarrassments and work to keep your online image clean.

What has become apparent is that even if you delete material you no longer wish to be public – as with MySpace – it often lives on in other places. A number of methods have been developed by the professional online image polishers to help with the issue.

When approached by a client, one image-cleaning firm will run an extensive online search and present the client with what they found. If there is material that the client wishes to eradicate, the company will contact the operator of the web site and ask that it be removed. If the answer is no, the next call is to the staff attorney.

Another company recommends counteracting any potential negative material by building a positive online profile and driving it to the top of the search process. For a fee, they will build a positive web site for a client and go through the necessary machinations with the search engines to get that web site at the top of the search. This particular company charges a low monthly fee to maintain their client’s clean image.

Get Up, Stand Up, and Reach for Your Goals in Life With Self-Help Books

If you feel down and out and you think you are just going around in circles with your career, there are two things that you can do. One is you can just grab a rusty razor and slit your wrist or you can stop focusing on your problems and start thinking about solutions. Seriously, instead of contemplating about things on how you can escape your problems in life, you can think of the possibilities that can opt for to get yourself off the pit. One of the most popular and effective ways that you can take to help you make your life more successful is by reading books on success.

But before you come to that, it is important to understand what success is in the first place. The meaning of success is dependent on how people view it. But no matter what, it is safe to say that success is attained when a person reaches his goals in life. It is important to establish that first before proceeding to the rest of this piece.

For some people, reading self help books online may sound corny but you really cannot judge the book by its cover until you read it. Reading online success books and other personal development reading materials induces an effect on the reader’s desire. Studies show that a sense of optimism is boosted by motivational resource materials. Remember that many great thinkers like Newton, Nietzsche, and Marx have been greatly influenced by the tomes that they have read before they became great thinkers. The good thing nowadays is you do not have rack your brains in the public library for volumes of printed stuffs. With the advent of the Internet, research has become an easy job compared to previous centuries so there is no reason for you not to read online books on success.

Another great thing about online success books is they help you focus on your goals and channel your energy to the present instead of useless nostalgia on past glories. Reading digital books on success helps you set fresh goals in life. In fact, you will have something to look forward to in the future. Since, a lot of critically-acclaimed books on success are told by successful individuals themselves, you will see a glimmer of hope even on your darkest days. After all, most successful individuals have had gone through bad times before becoming what they are now. Books on success let you know that there are always better things waiting for you in the future as long as you believe in your capabilities.

Reading good books on success also make you focus on the positive side of your life even if all that you see are negative. You will actually feel good about yourself once you have been enlightened by the lessons and wisdom that you will get from books on success. Apart from this, these type of books work effectively in grounding yourself back in the reality of your current situation.

Indeed, books on success have been very helpful to many people over the past years. If you want to attract positive vibes in life and accomplish your goals, try reading these books today and see the difference these will bring to your life. http://vampire.gamunity