Cryptography

Server-based signatures

In cryptography, server-based signatures are digital signatures in which a publicly available server participates in the signature creation process. This is in contrast to conventional digital signatures that are based on public-key cryptography and public-key infrastructure. With that, they assume that signers use their personal trusted computing bases for generating signatures without any communication with servers. Four different classes of server based signatures have been proposed: 1. Lamport One-Time Signatures. Proposed in 1979 by Leslie Lamport. Lamport one-time signatures are based on cryptographic hash functions. For signing a message, the signer just sends a list of hash values (outputs of a hash function) to a publishing server and therefore the signature process is very fast, though the size of the signature is many times larger, compared to ordinary public-key signature schemes. 2. On-line/off-line Digital Signatures. First proposed in 1989 by Even, Goldreich and Micali in order to speed up the signature creation procedure, which is usually much more time-consuming than verification. In case of RSA, it may be one thousand times slower than verification. On-line/off-line digital signatures are created in two phases. The first phase is performed off-line, possibly even before the message to be signed is known. The second (message-dependent) phase is performed on-line and involves communication with a server. In the first (off-line) phase, the signer uses a conventional public-key digital signature scheme to sign a public key of the Lamport one-time signature scheme. In the second phase, a message is signed by using the Lamport signature scheme. Some later works have improved the efficiency of the original solution by Even et al. 3. Server-Supported Signatures (SSS). Proposed in 1996 by Asokan, Tsudik and Waidner in order to delegate the use of time-consuming operations of asymmetric cryptography from clients (ordinary users) to a server. For ordinary users, the use of asymmetric cryptography is limited to signature verification, i.e. there is no pre-computation phase like in the case of on-line/off-line signatures. The main motivation was the use of low-performance mobile devices for creating digital signatures, considering that such devices could be too slow for creating ordinary public-key digital signatures, such as RSA. Clients use hash chain based authentication to send their messages to a signature server in an authenticated way and the server then creates a digital signature by using an ordinary public-key digital signature scheme. In SSS, signature servers are not assumed to be Trusted Third Parties (TTPs) because the transcript of the hash chain authentication phase can be used for non repudiation purposes. In SSS, servers cannot create signatures in the name of their clients. 4. Delegate Servers (DS). Proposed in 2002 by Perrin, Bruns, Moreh and Olkin in order to reduce the problems and costs related to individual private keys. In their solution, clients (ordinary users) delegate their private cryptographic operations to a Delegation Server (DS). Users authenticate to DS and request to sign messages on their behalf by using the server's own private key. The main motivation behind DS was that private keys are difficult for ordinary users to use and easy for attackers to abuse. Private keys are not memorable like passwords or derivable from persons like biometrics, and cannot be entered from keyboards like passwords. Private keys are mostly stored as files in computers or on smart-cards, that may be stolen by attackers and abuse off-line. In 2003, Buldas and Saarepera proposed a two-level architecture of delegation servers that addresses the trust issue by replacing trust with threshold trust via the use of threshold cryptosystems. (Wikipedia).

Video thumbnail

2.3 Password Based Login Process

From playlist Internet Security for Beginners by Dr. Christoph Meinel

Video thumbnail

Certificates And Signatures - Applied Cryptography

This video is part of an online course, Applied Cryptography. Check out the course here: https://www.udacity.com/course/cs387.

From playlist Applied Cryptography

Video thumbnail

1.10 Digitale Signaturen

From playlist Sichere Email mit Dr. Christoph Meinel

Video thumbnail

Certificates And Signatures Solution - Applied Cryptography

This video is part of an online course, Applied Cryptography. Check out the course here: https://www.udacity.com/course/cs387.

From playlist Applied Cryptography

Video thumbnail

Signature Validation - Applied Cryptography

This video is part of an online course, Applied Cryptography. Check out the course here: https://www.udacity.com/course/cs387.

From playlist Applied Cryptography

Video thumbnail

Digital Signatures: Part 1

Fundamental concepts of Digital Signatures are discussed. ElGamal and Schnorr Digital Signature schemes are analyzed. Digital signature standard is presented.

From playlist Network Security

Video thumbnail

SSH Authentication - Applied Cryptography

This video is part of an online course, Applied Cryptography. Check out the course here: https://www.udacity.com/course/cs387.

From playlist Applied Cryptography

Video thumbnail

2.10 Excursion Hash Functions

From playlist Internet Security for Beginners by Dr. Christoph Meinel

Video thumbnail

Cybersecurity for beginners | Network Security Practical Course

In this complete #cybersecurity course you will learn everything you need in order to understand cyber security in depth. You will learn all the terminology related to cyber #security. Which is very crucial in the field of IT security. You will explore about #network security and will see

From playlist Network Security

Video thumbnail

OWASP AppSec EU 2013: RESTful security

For more information and to download the video visit: http://bit.ly/appseceu13 Playlist OWASP AppSec EU 2013: http://bit.ly/plappseceu13 Speaker: Erlend Oftedal REST services are quickly gaining in popularity due to their simplified nature compared to SOAP-driven web services. But while

From playlist OWASP AppSec EU 2013

Video thumbnail

Token Authentication for Java Applications

In this presentation, Les will demystify HTTP Authentication and explain how the Next Big Thing - Token Authentication - can be used to secure web applications on the JVM, REST APIs, and 'unsafe' clients while supporting security best practices and even improving your application's perform

From playlist Software Development Lectures

Video thumbnail

Certificates - Applied Cryptography

This video is part of an online course, Applied Cryptography. Check out the course here: https://www.udacity.com/course/cs387.

From playlist Applied Cryptography

Video thumbnail

DjangoCon 2014- JSON Web Tokens

By, José Padilla When it comes to implementing authentication on web apps, one solution you’ll definitely hear about first are cookies. Cookie-based authentication uses a server side cookies to authenticate the user on every request. A solution you’ll probably not hear as often is token-b

From playlist DjangoCon 2014

Video thumbnail

0108 [ C++/React/Python ] server/client authentication

This is #108 in my series of live (Twitch) coding streams. This stream I implemented a basic public-key authentication mechanism so that administrators are required to authenticate by providing a valid signature to a randomly-generated challenge string. https://tinyurl.com/y9az4ufb -

From playlist Excalibur

Video thumbnail

🔥Cryptography And Network Security Full Course 2022 | Cryptography | Network Security | Simplilearn

🔥Free Cyber Security Course With Completion Certificate: https://www.simplilearn.com/learn-cyber-security-basics-skillup?utm_campaign=CryptographyNetworkSecurityFC4Aug22&utm_medium=DescriptionFirstFold&utm_source=youtube This video on the Cryptography and network security full course will

From playlist Simplilearn Live

Video thumbnail

NOTACON 7: Defense In-Depth: Penetration starts with a Lack of System Hardening

Speaker: Steve Erdman Looking at the exploits and malware that have been discovered and unleashed over the last decade, we will dive into how individuals and companies could have been better prepared for the breaches that happened. We will go over how simple hardening techniques could hav

From playlist Notacon 7

Video thumbnail

7. Catena: Efficient Non-equivocation via Bitcoin

MIT MAS.S62 Cryptocurrency Engineering and Design, Spring 2018 Instructor: Alin Tomescu View the complete course: https://ocw.mit.edu/MAS-S62S18 YouTube Playlist: https://www.youtube.com/playlist?list=PLUl4u3cNGP61KHzhg3JIJdK08JLSlcLId This session covers OP_RETURN and Catena. License: C

From playlist MIT MAS.S62 Cryptocurrency Engineering and Design, Spring 2018

Video thumbnail

DEFCON 13: On the Current State of Remote Active OS Fingerprinting

Speaker: Ofir Arkin, CTO and Co-Founder, Insightix Active operating system fingerprinting is a technology, which uses stimulus (sends packets) in order to provoke a reaction from network elements. The implementations of active scanning will monitor the network for a response to be, or no

From playlist DEFCON 13

Video thumbnail

Cyber Security Week Day - 1 |Cryptography Full Course | Cryptography & Network Security| Simplilearn

🔥Advanced Executive Program In Cybersecurity: https://www.simplilearn.com/pgp-advanced-executive-program-in-cyber-security 🔥Caltech Cybersecurity Bootcamp(US Only): https://www.simplilearn.com/cybersecurity-bootcamp This video on Cryptography full course will acquaint you with cryptograph

From playlist Simplilearn Live

Video thumbnail

TLS Record Protocol - Applied Cryptography

This video is part of an online course, Applied Cryptography. Check out the course here: https://www.udacity.com/course/cs387.

From playlist Applied Cryptography

Related pages

Trusted third party | Shimon Even | Digital signature | Threshold cryptosystem | Hash chain | Lamport signature | Public-key cryptography | Cryptography | Non-repudiation