Digital Signature Standard DSS

Hashing data is one method used to ensure that data has not been tampered with. Hashing involves taking a variable length of data and producing a fixed output. A HASH is defined as a one-way mathematical summary of a message (data) such that the hash value cannot be easily reconstructed into the original message.

DSS is a mechanism that protects data from an undetected change while traversing the network. DSS verifies the identity of the person sending the data just as you verify your signature to a bank manager.

For example, consider routing updates sent from one router to another as clear text; they are clearly visible to network sniffers or probes. Hashing and DSS can ensure that the routing updates are unreadable, except to the protected sources.

Figure 5-9 displays the DSS signature generation that ensures data is protected from an unsecured device. Cisco IOS Router R1 is configured to send all routing updates using a hash function.

Figure 5-9 DSS Signature Generation

Router R1

Figure 5-9 DSS Signature Generation

Router R1

Router R2 Neighboring router receives IP routing updates.

Routing updates are prone to network sniffers. By hashing the routing updates, as shown in Figure 5-9, the routing networks exchanged between Cisco IOS routers can be protected from unsecured devices.

The steps to ensure that network routing updates (in Figure 5-9) are secure follow: Step 1 Router R1 hashes the routing update. (Cisco IOS routers can use MD5). Step 2 R1 encrypts the hashed routing update using its own private key. Step 3 R1 appends the routing update with the DSS. Step 4 The DSS is verified by neighboring router, R2.

Step 5 R2 decrypts the DSS using R1's own public key and obtains the hash that was originally generated by R1.

Step 6 R2 compares the hash received from R1 with the hash it just generated. If they are the same, the routing update is assured legitimate and was not modified by any network intruder.

0 0

Post a comment