Académique Documents
Professionnel Documents
Culture Documents
Seminar Report
On
DIGITAL SIGNATURE
In partial fulfillment of requirements for the degree of
Bachelor of Technology In Computer Engineering
Department of Computer science and Engineering CHANDRAVATI GROUP OF INSTITUTIONS BHARATPUR 321001
Submitted By
SURABHI AGRAWAL
Submitted To
Ms. POOJA SONI
09ECHCS053
(Seminar Head).
ACKNOWLEDGEMENT
I would like to pay a great thanks to my institution and a special one to my seminar head Ms. Pooja Soni without whose extent support, I would never have been able to complete my seminar report. I would also like to pay on record a sincere thanks to Almighty, my parents, my family and my friends who have helped me a lot to get the matter.
2 Digital Signature
PAGE INDEX
Topic
ABSTRACT 1. 2. 3. 4. 5. 6. 7. 8. 9. Introduction What is Digital Signature Why and where Digital Signature used Act of Digital Signature Difference in Conventional and Digital Signature Paper V/s Digital Signature Classes, Deliverables, Contents How Digital Signature works Signing and Verification 9.1 Signing Ceremony 9.2 Verification Ceremon 10.Form 16 and Digital Signature Saral eSign 11.Security Services in Digital Signature 12.Attacks on Digital Signature 12.1 Attack Types 12.2 Forgery Types 13.Security Considerations Risks not Mitigated 14.Advantages and Disadvantages 15.Conclusion BIBLIOGRAPHY
Page No.
5 6 7 9 10 13 14 15 17 19
21 22 23
24 25 26 27
3 Digital Signature
FIGURE INDEX
Figure
1. Figure 1.1- Cryptography 2. Figure 2.1- Private Key 3. Figure 2.2- Digital Signature Structure 4. Figure 4.1- IDRBT Certificate 5. Figure 6.1- Paper Signature 6. Figure 6.2- Digital Signature 7. Figure 8.1- Way of Signing Messages 8. Figure 9.1- Signing of Document 9. Figure 9.2- Verification of Document 10.Figure 11.1- Non Repudiation Mechanism
Page No.
6 7 8 11 14 14 17 19 20 22
4 Digital Signature
Abstract
Scope
i. ii. iii. iv. A Digital Signature is an XDS document (changed from June public comment version) There are four Use Cases considered for this year. Vendor must provide signature mechanism for XDS Submissions Possibility to use digital signatures without having an XDS registry. Approach is determined by other domain-specific groups (e-Prescribing, eReferral)
Out of Scope
i. ii. iii. iv. Certificate management. Standards and implementations are available Focus begins with signing, not encryption. Partial Document Signature
5 Digital Signature
1. Introduction
Cryptography is one best technology that has made giant effect in protecting data and information in recent years. It is the science of securing your information by means of a code. Cryptography provides an encryption for the data and information that passes via single/multiple channels. This is done to keep the data from any external or third party influence. Digital signature is one of the kinds of encrypting your signature that is specific to you and saves it from forgery of any kind A digital signature or e-signature for short is an electronic signature that can be utilized to authenticate the identity of the sender of a message or the signer of a document
Fig1.1- Cryptography
6 Digital Signature
A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real. This indeed is so commonly observed now in internet transactions A digital signature can be used with any kind of message, transactions and the like, whether it is encrypted or not, simply so that the receiver can be sure of the senders identity and that the message arrived intact. Hash value of a message when encrypted with the private key of a person is his digital signature on that e-Document Digital Signature of a person therefore varies from document to document thus ensuring authenticity of each word of that document. As the public key of the signer is known, anybody can verify the message and the digital signature.
Concepts
A 1024 bits number is a very big number much bigger than the total number of electrons in whole world. Trillions of Trillions of pairs of numbers exist in this range with each pair having following property A message encrypted with one element of the pair can be decrypted ONLY by the other element of the same pair. Two numbers of a pair are called keys, the Public Key & the Private Key. User himself generates his own key pair on his computer.
7 Digital Signature
Any message irrespective of its length can be compressed or abridged uniquely into a smaller length message called the Digest or the Hash. Smallest change in the message will change the Hash value.
Fig2.2- Digital Signature Structure Each individual generates his own key pair [Public key known to everyone & Private Key only to the owner] Private Key Used for making digital signature Public Key Used to verify the digital signature
The signing and the verifying ceremony are done with the help of suitable algorithms.
8 Digital Signature
What type of Document need DIGITAL SIGNATURE? The main purposes for using a digital signature include:
a) Signer verification: By placing a digital signature on any kind of document, especially one that requires it, shows the one who signed it is real and accepts responsibility for the signed document as being real and legal.
b) Authentication: A digital signature will also authenticate the document as being real and valid. It will prove to the executioner that the information contained on the document is valid and can be put in action.
9 Digital Signature
The Information Technology Act, 2000 provides for the use of Digital Signatures on the documents submitted in electronic form. Under the provision of IT Act, 2000, the office of Controller of Certifying Authorities (CCA) appoints the Certifying Authorities (CA) by issuing Certificates for the same. These CA will issue the Digital Signature to the End Users Directly or through the Registration Authorities (RA) /Local Registration Authorities (LRA). It must be obtained from an ISO 17090 compliant Certificate Authority Including the role extension for the signers role in the healthcare profession For purposes of signature verification, the signers certificate (public key portion) must be available Test certificates can be obtained without rigorous identification requirements for the purpose of the Connection. For test certificates contact lori.fourquet@sbcglobal.net
10 Digital Signature
Certification Agencies
The Certification Agencies available in India are: Tata Consultancy Services Ltd. National Informatics Centre Institute for Development & Research in Banking Technology (IDRBT) MTNL Customs & Central Excise (CBEC) Code Solutions Ltd., (A division of Gujarat Narmada Valley Fertilizers Company Ltd.) SafeScrypt from Sify Communications E Mudhra
IDRBT Certificate
11 Digital Signature
Trust Path
Controller is the Root certifying authority responsible for regulating Certifying Authorities (CAs) Controller certifies the association of CA with his public key Certifying Authority (CA) is the trusted authority responsible for creating or certifying identities. CA certifies the association of an individual with his public key
Role of Controller
Controller of Certifying Authorities as the Root Authority certifies the technologies, infrastructure and practices of all the Certifying Authorities licensed to issue Digital Signature Certificates.
12 Digital Signature
A conventional signature is included in the document; it is part of the document. But when we sign a document digitally, we send the signature as a separate document. These are the various major differences:i.
Verification Method
For a conventional signature, when the recipient receives a document, she compares the signature on the document with the signature on file. For a digital signature, the recipient receives the message and the signature. The recipient needs to apply a verification technique to the combination of the message and the signature to verify the authenticity.
ii.
Relationship
For a conventional signature, there is normally a one-to-many relationship between a signature and documents. For a digital signature, there is a one-to-one relationship between a signature and a message.
iii.
Duplicity
In conventional signature, a copy of the signed document can be distinguished from the original one on file. In digital signature, there is no such distinction unless there is a factor of time on the document.
13 Digital Signature
Parameter
Paper
Electronic
Authenticity
May be forged
Cannot be copied
Integrity
Non-repudiation
V/s
Fig6.1- Paper Sign Fig6.2- Digital Signature
14 Digital Signature
iii.
Class 2: Issued to both business personal and private individuals. This class of certificates confirms the information provided by the subscriber. Class 3: Issued to Individuals as well as Organizations. This class of certificate is used in the E-commerce application wherein high assurances of the certificates are required. This certificate is issued to an individual only on their personal appearance before the CA.
iv.
Deliverables
The Digital Signature is provided with the following deliverables. i. ii. iii. iv. USB Token: Digital Signature allotted to the user . Password: Password required accessing the Digital Signature. Driver Software: Software required installing the Digital Signature in the system. Interface Software: Software which enables the user to embed the Digital Signature with the document.
Note: Only one document can be attached with the Digital Signature at a time.
15 Digital Signature
Contents
A digital signature typically contains: i. ii. iii. iv. v. vi. Owner's public key The Owner's name Expiration date of the public key The Name of the issuer (the CA that issued the Digital ID) Serial number of the digital signature, and The digital signature of the issuer.
16 Digital Signature
Assume you were going to send the draft of a certain contract to your lawyer in another town. You want to give your lawyer the assurance that it was unchanged from what you sent and that it is really from you. Here then would be the process: 1. You copy-and-paste the contract (its a short one!) into an e-mail note. 2. Using special software, you obtain a message hash (mathematical summary) of the contract. 3. You then use a private key that you have previously obtained from a publicprivate key authority to encrypt the hash. 4. The encrypted hash becomes your digital signature of the message. (Note that it will be different each time you send a message.)
Signed Messages
17 Digital Signature
There may be three patterns possible for digital signature i. ii. iii. Digital Signatures are numbers Same Length 40 digits They are document content dependent
18 Digital Signature
Hash Function
Asymmetric Algo
Explanation
In order to create a digitally signed documents the signing application: i. ii. Creates a digest of the document to be signed Creates a cryptographic hash of the digest using the private key of the signer Attaches the hash to the original document.
iii.
19 Digital Signature
Equal?
Signed Document
Signature
Explanation
Begin with the signed document plus the signature, apply the algorithm using the public key of the signer that you may obtain from the signature, and you should end up with the same hash as the one that the signer created with their private key.
20 Digital Signature
10.
Under the provision of IT Act, 2000 the digitally signed Form 16 has the same validity as of the physically signed form so as TDS Certificates issued under Income Tax Act. Further, Circular No. 2/2007 dated 21/5/2007 from the Income Tax Dept clarifies, "The Central Board of Direct Taxes have, therefore, in exercise of powers under section 119 of the Income-tax Act, 1961, decided for the proper administration of this Act to allow the deductors, at their option, in respect of the tax to be deducted at source from income chargeable under the head "Salaries" to use their digital signatures to authenticate the certificates of deduction of tax at source in Form 16.
Saral eSign
Saral e Sign is software developed to digitally sign Form 16 through the digital Signature of the user. User should have a valid Digital Signature issued by any of the Certifying Authorities licensed under CCA. Process flow of Saral eSign: i. ii. iii. Picks the data from the software (Saral TDS/SPP) with TDS certificate prepared in Excel format. Convert the Excel certificate to PDF and apply Digital signature to all PDF files, with one time authentication. Display all the Certificates generated.
21 Digital Signature
11.
Digital Signature provides many security services such as message confidentiality, message authentication, message integrity, and nonrepudiation. A digital signature can directly provide the last three but for message confidentiality we still need encryption/decryption mechanism. These security mechanisms are discussed as follows:-
i.
Message Authentication
A secure digital signature scheme, like a secure conventional signature can provide message authentication. ii.
Message Integrity
The integrity of the message is preserved even if we sign the whole message because we cannot get the same signature if the message is changed.
iii.
Nonrepudiation
iv.
Confidentiality:
Digital signature does not provide privacy. If there is a need for privacy, another layer of encryption/decryption must be applied.
22 Digital Signature
12.
There are certain attacks and forgeries associated with the Digital Signature.These are discussed as below.
23 Digital Signature
Digital Signatures help mitigate risk for the following attacks: i. ii. In the storage or transmission of documents, characteristics of clinician orders reflected in the prescription could be modified. In the storage or transmission of documents, characteristics of countersigned clinician orders reflected in the prescription could be modified. A forged prescription could be introduced.
iii.
24 Digital Signature
Advantages
i. Imposter prevention: By using digital signatures you are actually eliminating the possibility of committing fraud by an imposter signing the document. Since the digital signature cannot be altered, this makes forging the signature impossible. Message integrity: By having a digital signature you are in fact showing and simply proving the document to be valid. You are assuring the recipient that the document is free from forgery or false information. Legal requirements: Using a digital signature satisfies some type of legal requirement for the document in question. A digital signature takes care of any formal legal aspect of executing the document.
ii.
iii.
Disadvantage
The disadvantages of using digital signatures involve the primary avenue for any business: money. This is because the business may have to spend more money than usual to work with digital signatures including buying certificates from certification authorities and getting the verification software.
25 Digital Signature
15. CONCLUSION
Digital signatures are an essential breakthrough in the spheres of cryptography. Wherever there is a smart card the use of a digital signature almost becomes indispensable. A digital signature is very unique and is one very effective means of safeguarding your transaction concerns. Digital signature is a very effective way of securing all your financial transactions so that you will experience more convenience in terms of doing various business and money matters. This way you will not worry and go with the problems of the traditional transactions that use signatures.
26 Digital Signature
REFERENCES
[1] IHE Web sites: www.ihe.net [2] Technical Frameworks, Supplements Fill in relevant supplements and frameworks [3] Non-Technical Brochures: Calls for Participation IHE Fact Sheet and FAQ IHE Integration Profiles: Guidelines for Buyers IHE Connect-a-thon Results Vendor Products Integration Statements
27 Digital Signature