Vous êtes sur la page 1sur 31

DIGITAL

SIGNATURE

Digital Signatures
Adigital signatureordigital signature
schemeis a mathematical scheme for
demonstrating the authenticity of a
digital message or document.
A digital signature can be used with any
kind of message, whether it is encrypted
or not, simply so that the receiver can be
sure of the sender's identity and that the
message arrived intact.

Contents

Need of Digital Signatures


Electronic Records
Various Methods of Employing Digital Signatures
Digital Signature using Keyed Hash function
Public Key Infrastructure
Public Key Cryptography
Private Key Protection
Digital Signature Process Illustrated
Certification Process
Uses of Digital Signatures
Paper signatures VS Digital Signatures
Future Scenario

Why Digital Signatures?


To provide Authenticity,
Integrity and Nonrepudiation to electronic
documents
To use the Internet as the
safe and secure medium for
e-Commerce and eGovernance

Electronic Record
1. Very easy to make copies
2. Very fast distribution
3. Easy archiving and retrieval
4. Copies are as good as original
5. Easily modifiable
6. Environmental Friendly

Because of 4 & 5 together, these lack authenticity

Digital Signatures
My name is Barack Obama

efcc61c1c03db8d8ea8569545c073c814a0ed755
My place of birth is Delhi..

fe1188eecd44ee23e13c4b6655edc8cd5cdb6f25
I am an Indian.

0e6d7d56c4520756f59235b6ae981cdb5f9820a0
I am a CFA Charter holder.

ea0ae29b3b2c20fc018aaca45c3746a057b893e7
I am an idiot.

01f1d8abd9c2e6130870842055d97d315dff1ea3
These are digital signatures of same person on different documents

Digital Signatures are numbers


Same Length 40 digits
They are document content dependent

Various methods of employing


Digital Signature: Using Keyed Hash function
Using asymmetric key Cipher

Digital Signature using Keyed Hash Function


What is a hash algorithm?
A hash function is a math equation that uses text
(such as an e-mail message) to create a code called a
message digest. Examples of well-known hash
functions are MD4, MD5, and SHS.
It must be infeasible to find:
Text that hashes to a given value. That is, if you
know the message digest, you should not be able to
figure out the message.
Two distinct
messages
that hash to
the same value.
What
is a message
digest?
A message digest is the results you get when you run
text (such as an e-mail message) through a hash
algorithm. A message digest concisely represents a
longer message or document. You can think of a
message digest as the "digital fingerprint" of a larger

Public Key Infrastructure (PKI)


Some Trusted Agency is required which
certifies the association of an individual
with the key pair.
Certifying Authority (CA)
This association is done by issuing a
certificate to the user by the CA
Public key certificate (PKC)
All public key certificates are digitally
signed by the CA

The components of PKI


Encryption using Public Key & secret
key
-Hybrid Approach
Digital Signature Process
Transporting Encryption Keys
Digital Certificates
Message Decryption and Verification

Public Key
Infrastructure
Meeting legal Requirement
-Privacy: Only intended recipient can read
the files
-Integrity: Guarantees files are unaltered
during
transmission
-Authentication: Ensures that parties
involved are
who they claim to be
-Non-repudation: Prevents individuals from

Public key Cryptography


Public-key cryptography involves
the use of asymmetric key
algorithms.
Asymmetric key algorithms used
to create a mathematically
related key pair.
A secret Private key and a
published Public key.
Protects the confidentiality and
integrity of a message.
The message is Encrypted using
the Public key, which can only be
Decrypted using the Private key.

Private key protection

The Private key


generated is to be
protected and kept
secret. The responsibility
of the secrecy of the key
lies with the owner.

The key is secured using


PIN Protected soft
token
Smart Cards
Hardware Tokens

PIN protected soft


tokens

The Private key is encrypted


and kept on the Hard Disk in
a file, this file is password
protected.
This forms the lowest level
of security in protecting the
key, as
The key is highly
reachable.
PIN can be easily known
or cracked.
Soft tokens are also not
preferred because
The key becomes static
and machine dependent.
The key is in known file
format.

Smart Cards

The Private key is generated


in the crypto module
residing in the smart card.
The key is kept in the
memory of the smart card.
The key is highly secured as
it doesnt leave the card, the
message digest is sent
inside the card for signing,
and the signatures leave the
card.
The card gives mobility to
the key and signing can be
done on any system. (Having
smart card reader)

Hardware Tokens

They are similar to smart


cards in functionality as

Key is generated inside the


token.
Key is highly secured as it
doesnt leave the token.
Highly portable.
Machine Independent.

iKEY is one of the most


commonly used token as it
doesnt need a special
reader and can be
connected to the system
using USB port.

Digital Signature Process


Illustrated

Message

The Hash
Algorithm creates
a unique abstract
of the message

Message

Hash Function

Digital Signature
Private key of
sender Encrypts
Digest

Message Digest

160 bit
Value

Digital Signature
Encrypted Digest
Becomes Digital
Signature

The Encryption Process


One-time
Symmetric key
Encrypts Message
And Signature

Encrypted
Message &
Signature

Message

Encrypted
Message &
Signature
Encrypted
One Time Key

Digital Signature

Receivers
Public Key
Encrypts One-

Message Decryption and


Verification Process
Encrypted
Message &
Signature
Encrypted
One Time Key

Second
Message Digest
Produced

Message Digest 2

Encrypted
Message &
Signature
Receivers Private Key
Decrypts one-time
Symmetric key

One time Symmetric


Key Decrypts Message
Signature Decrypted with
& Digital Signature
Public key of the sender
and original Digest
extracted
Decrypted Message
hashed a second
time

Hash Function

Message

Message Digest

Original Digest
compared to second
Digest for identical
Match to confirm

Message Digest

Digital Signature

PKI Applications
E-mail with customers, partners and
Employees
e-Commerce including data exchange
and financial transactions.
Digital contract including loans,
leases and Mortgages.
Remote Access to corporate
databases.

Block Diagrams of Certification


Process
3

Certificate
Authority
CA

Repository
Dbase

Receiving
Party

Subscriber
4

Digital Certificate
An electronic document issued by a
certifying authority to establish a
merchants identity.
Certificate authority:
A trusted entity that issues and revokes
public key certificates and manages key
pairs
Authorities like VeriSign, Cybertrust,
Postal Services, TCS, MTNL and many
more.

X.509 Digital Certificate


Version

Validity period

Serial number

User Public Key

Signature
algorithm ID

User unique
identifier

Issuer name

Digital
signature

User name

Digital Certificate Class


Class1:
Quickest and simplest to issue.
Contains minimum checks on users
background.
Only name, address and e-mail id are check.
Can be compared with a library card.

Class2:
Checks for information like real name, UIN and
DOB.
They require proof of physical address, locale
and e-mail id.
Can be compared with a credit card.

Digital Certificate Class


Class3:

Strongest type.
Can be compared with driving license
To get them you need to prove who you are
and you are responsible.
Used for sensitive transactions like loan
acquisition online.

Class4:

They are most thorough.


In addition to class3 they check the users
position at work.

Uses of digital
signatures
1. Authentication.
2. Integrity .
Additional security precautions:1. Putting the private key on a smart
card.
2. Using smart card readers with a
separate keyboard.
3. Other smart card designs.
4. Using digital signatures only with
trusted applications.

Paper signatures v/s Digital


Signatures
Parameter

V/s

Paper

Electronic

Authenticity

May be forged

Can not be copied

Integrity

Signature
independent of the
document

Signature depends
on the contents of
the document

Nonrepudiation

a.
b.

Handwriting a.
expert needed
Error prone
b.

Any
computer user
Error free

FUTURE SCENARIO
Digital encryption of data is useful during
storage and retrieval of medical history of
patients involved in e-Health programs.
The growth of e-commerce and the recent
enactment of the Electronic Signatures in
Global and National Commerce Act (E-Sign
Act) has opened a new frontier.
With this constant development key
management is becoming an issue.
Advancements in HotJava and JavaPlugin
based technologies will maintain fluidity
and flexibility in key management.