Digital Signature
Digital Signature
Digital Signature
org
CONTENTS
INTRODUCTION WHY DIGITAL SIGNATURE WHAT IS DIGITAL SIGNATURE APPROACHES DIRECT DIGITAL SIGNATURE ARBITRATED DIGITAL SIGNATURE THE DIGITAL SIGNATURE STANDARD THE ALGORITHM DIGITAL SIGNATURE GENERATION DIGITAL SIGNATURE VERIFICATION THE RISKS INVOLVED IN MESSAGE TRANSMISSION SECURITY REQUIREMENT FOR MESSAGE TRANSMISSION SECURITY PURPOSE OF DIGITAL SIGNATURE CONCLUSION REFERENCES
www.Uandistar.org
www.Uandistar.org
INTRODUCTION
Digital signature is a sort of Cryptography. Cryptography means keeping communications private. It is a practical art of converting messages or data into a different form, such that no one read them without having access to the key. The message may be converted using a code (in which case each character or group of characters is substituted by an alternative one), or cipher (in which case the message as a whole is converted, rather than individual characters). It deals with encryption, decryption and authentication. There are two types of Cryptography1.Secret key or Symmetric Cryptography 2. Public key or Asymmetric Cryptography In Symmetric Cryptography the sender and receiver of a message know and use the same secret key to encrypt the message, and the receiver uses same key to decrypt the message. Asymmetric (or public key) Cryptography involves two related keys, one of which only the owner knows (the 'private key') and the other which anyone can know (the 'public key'). The advantages of Asymmetric Cryptography are that: Only one party needs to know the private key. The knowledge of the public key by a third party does not compromise security of message transmission. The most important development from the work on public key cryptography is Digital Signature.
www.Uandistar.org
www.Uandistar.org
Properties :
It must verify the author and the date and time of signature . It must authenticate the contents at the time of signature. It must be verifiable by third parties,to resolve disputes. Thus the digital function includes the authentication function.
www.Uandistar.org
www.Uandistar.org
Requirements :
On the basis of these prpperties ,we can formulate the following reqirements for a digital signature: The signature must be a bit pattern that depends on the message of being signed. The signature must use some information uniqe to sender ,to prevent both forgery and denial. It must be relatively easy to produce the digital signature . It must be relatively easy to recognize and verify the digital signature. It must be computationally infeasible to forge a digital signature ,either by constructing a new massage for an existing digital signature or by constructing a fraudulent digital signature for a given message. It must be practical to return a copy of the digital signature in storage. A secure hash function ,embedded in a scheme such as that of figure satifies these reqirements.
www.Uandistar.org
www.Uandistar.org
Digital signatures are based on mathematical algorithms. These require the signature holder to have two keys (one private and the public) for signing and verification .A verifiable trustworthy entity called certification authority creates and distributes signatures. A digital signature is a cryptographic means through which many of these may be verified. The digital signature of a document is a piece of information based on both the document and the signers private key. It is typically created through the use of a hash function and a private signing function (encrypting with the signers private key). Digital Signatures and hand written signatures both rely on the fact that it is very hard to find two people with the same signature. People use public key cryptography to compute digital signatures by associating something unique with each person. When public-key cryptography is used to encrypt a message, the sender encrypts the message with the public key of the intended recipient. When public -key cryptography is used to calculate a digital signature, the sender encrypts the digital fingerprint of the document with his or her own private key. Anyone with access to the public key of the signer may verify the signature. In practice, public-key algorithms are often too inefficient for signing long documents. To save time, digital signature protocols use a cryptographic digest, which is a one-way hash of the document. The hash is signed instead of the document itself. Both the hashing and digital signature algorithms are agreed upon beforehand. Here is a summary of the process:
1.
2. The hash is encrypted with the private key, thereby signing the document. 3. The document and the signed hash are transmitted. 4. The recipient produces a one-way hash of the document.
5. Using the digital signature algorithm, the recipient decrypts the signed hash with the sender's public key. If the signed hash matches the recipient's hash, the signature is valid and the document is intact.
www.Uandistar.org
www.Uandistar.org
There is a potential problem with this type of digital signature. Alice not only signed the message she intended to but also signed all other messages that happen to hash to the same message digest. When two messages hash to the same message digest it is called a collision; the collision-free properties of hash functions are a necessary security requirement for most digital signature schemes. A hash function is secure if it is very time consuming, if at all possible, to figure out the original message given its digest. However, there is an attack called the birthday attack that relies on the fact that it is easier to find two messages that hash to the same value than to find a message that hashes to a particular value. Its name arises from the fact that for a group of 23 or more people the probability that two or more people share the same birthday is better than 50%. When software (code) is associated with publishers unique signature, distributing software on the Internet is no longer an anonymous activity. Digital signatures ensure accountability, just as a manufacturers brand name does on packaged software. If an organization or individual wants to use the Internet to distribute software, they should be willing to take responsibility for that software. This is based on the premise that accountability is a deterrent to the distribution of harmful code.
APPROACHES
A variety of approaches have been proposed for digital signature function. These approaches fall into two categories: Direct approach Arbitrated approach
www.Uandistar.org
www.Uandistar.org
A direct digital signature involves only the communication parties (source and destination). It is assumed that the destination knows the public key of the source. A digital signature may be formed by encrypting the entire message with the senders private key or by encrypting the hash code of the message with the senders private key. Confidentiality can be provided by further encrypting the entire message plus signature with either the receivers public key or a shared secret key. It is important to perform the signature function first and then an outer confidentiality function. In case of dispute some third party must view the message and signature. If the signature is calculated on an encrypted message, the third party also needs access to the decryption key to read the original message. All direct schemes described so far have a common flaw: The validity of the scheme depends on the security of the senders private key. If a sender later wishes to deny sending a particular message, he can claim that the private key was lost or stolen and that someone else forged his signature. Administrative controls relating to the security of private keys can be employed to thwart or at least weaken this ploy. One example is to require every signed message to include a timestamp (date and time) and to require prompt reporting to compromise keys by a central authority. Another threat is that the private key might be stolen from sender X at time T. The opponent can then send a message signed with Xs signature and stamped with a time before or equal to T.
www.Uandistar.org
www.Uandistar.org
Digital signatures require the use of public-key cryptography .If you are going to sign something, digitally, you need to obtain both a public key and a private key. The private key is something you keep entirely to yourself. You sign the document using your private keywhich is really just a kind of code-then you give the person (the merchant of the website where you bought something or the bank lending your money to buy a house) who needs to verify your signature your corresponding public key. He uses your public key to make sure you are who you say you are. The public key and private key are related, but only mathematically, so knowing your private key. In fact, its nearly impossible to figure out your private key from your public key. The sender accomplishes the process of creating a digital signature. The receiver of the digital signature performs the verification of the digital signature.
www.Uandistar.org
www.Uandistar.org
The National Institute of Standards and Technology has published Federal Information processing standards Publications (FIPS PUBS), known as digital signature standard. The DSS makes use of the Secure Hash Algorithm (SHA) and present a new digital signature technique called the Digital Signature Algorithm (DSA) appropriate for applications requiring a digital rather than written signature. The DSA digital signature is a pair of large numbers represented in a computer as strings of binary digits. The digital signature is computed using a set of rules (i.e., the DSA) and a set of parameters such that the identity of the signatory and integrity of the data can be verified. The DSA provides the capability to generate and verify signatures. Signature generation makes use of a private key to generate a digital signature. Signature Verification makes use of a public key, which corresponds to, but is not the same as, the private key. Each user possesses a private and public key pair. Public keys are assumed signatures for stored as well as transmitted data. Anyone can verify the signature of a user by employing that user's public key. Signature generation can be performed only by the possessor of the user's private key. A hash function is used in the signature generation process to obtain a condensed version of data, called a message digest (see Figure 1). The message digest is then input to the DSA to generate the digital signature. The digital signature is sent to the intended verifier along with the signed data (often called the message). The verifier of the message and signature verifies the signature by using the sender's public key. The same hash function must also be used in the verification process. The hash function is specified in a separate standard, the Secure Hash Standard (SHS), FIPS 180. Similar procedures may be used to generate and verify signatures for stored as well as transmitted data.
www.Uandistar.org
www.Uandistar.org
The DSA authenticates the integrity of the signed data and the identity of the signatory. The DSA may also be used in proving to a third party that data was actually signed by the generator of the signature. The DSA is intended for use in electronic mail, electronic funds transfer, electronic data exchange, software distribution, data storage, and other applications which require data integrity assurance and data origin authentication. The DSA may be implemented in software, firmware, hardware, or any combination thereof. NIST is developing a validation program to test implementations for conformance to this standard.
www.Uandistar.org
www.Uandistar.org
THE ALGORITHM:
The digital signature algorithm is as follows:
64 2. q = a prime divisor of p - 1, where 2159 < q < 2160 3. g = h(p-1)/q mod p, where h is any integer with 1 < h < p - 1 such that h (p-1)/q mod P>1 (g has order q mod p)
www.Uandistar.org
www.Uandistar.org
www.Uandistar.org
www.Uandistar.org
Mathematically
The signature of a message M is the pair of numbers r and s computed according to the equations below: r = (gk mod p) mod q and s = (k-1(SHA(M) + xr)) mod q. In the above, k-1 is the multiplicative inverse of k, mod q; i.e., (k-1 k) mod q = 1 and 0 < k-1 < q. M is a message to be signed and the value of SHA (M) is a 160-bit string output by the Secure Hash Algorithm specified in FIPS 180. For use in computing s, this string must be converted to an integer. As an option, one may wish to check if r = 0 or s = 0. If either r = 0 or s = 0, a new value of k should be generated and the signature should be recalculated (it is extremely unlikely that r = 0 or s = 0 if signatures are generated properly). The signature is transmitted along with the message to the verifier.
SIGNATURE VERIFICATION:
Prior to verifying the signature in a signed message, p, q and g plus the sender's public key and identity are made available to the verifier in an authenticated manner. Let M', r' and s' be the received versions of M, r, and s, respectively, and let y be the public key of the signatory. To verifier first checks to see that 0 < r' < q and 0 < s' < q; if either condition is violated the signature shall be rejected. If these two conditions are satisfied, the verifier computes w = (s')-1 mod q u1 = ((SHA(M')w) mod q u2 = ((r')w) mod q v = (((g)ul (y)u2) mod p) mod q.
www.Uandistar.org
www.Uandistar.org
If v = r', then the signature is verified and the verifier can have high confidence that the received message was sent by the party holding the secret key x corresponding to y. For a proof that v = r' when M' = M, r' = r, and s' = s If v does not equal r', then the message may have been modified, the message may have been incorrectly signed by the signatory, or the message may have been signed by an impostor. The message should be considered invalid.
LEMMA. Let p and q be primes so that q divides p - 1, h a positive integer less than p, and g = h(p-1)/q mod p. Then gq mod p = 1, and if m mod q = n mod q, then gm mod p = gn mod p. Proof: We have gq mod p = (h(p- 1)/q mod p)q mod p = h(p-1) mod p =1 by Fermat's Little Theorem. Now let m mod q = n mod q, i.e., m = n + kq for some integer k. Then gm mod p = gn+kq mod p = (gn gkq) mod p = ((gn mod p) (gq mod p)k) mod p = gn mod p since gq mod p = 1. We are now ready to prove the main result.
www.Uandistar.org
www.Uandistar.org
THEOREM. If M' = M, r' = r, and s' = s in the signature verification, then v = r'. Proof: We have w = (s')-1 mod q = s-1 mod q u1 = ((SHA(M'))w) mod q = ((SHA(M))w) mod q u2 = ((r')w) mod q = (rw) mod q. Now y = gx mod p, so that by the lemma, v = ((gu1 yu2) mod p) mod q = ((gSHA(M)w yrw) mod p) mod q = ((gSHA(M)w gxrw) mod p) mod q = ((g(SHA(M)+xr)w) mod p) mod q. Also s = (k-1(SHA(M) + xr)) mod q. Hence w = (k(SHA(M) + xr)-1) mod q (SHA(M) + xr)w mod q = k mod q. Thus by the lemma, v = (gk mod p) mod q =r = r'.
www.Uandistar.org
www.Uandistar.org
No observer can access the contents of the message; and No observer can identify the sender and receiver.
The term 'confidentiality' is used by computer scientists who specialize in security matters. This is most unfortunate, because the term has an entirely different meaning within commerce generally, which derives from the law of confidence. For this reason, the alternative term 'message content security' is used in this Module.
The message has not been changed or lost during transmission; The message has not been prevented from reaching the recipient; and The message has not reached the recipient twice.
The sender can be sure that the message reaches the intended recipient, and only the intended recipient; and The recipient can be sure that the message came from the sender and not an imposter. The act by an imposter of sending such a message is referred to as 'spoofing'.
www.Uandistar.org
www.Uandistar.org
The sender cannot credibly deny that the message was sent by them; and The recipient cannot credibly deny that the message was received by them.
Signer authentication :
If public and private keys are associated with an identified signer, the digital signature attributes the message to the signer. The digital signature cannot be forged, unless the signer loses control of the private key.
Message authentication :
Digital signature identifies the signed message with far greater certainty and precision than paper signatures. Verification reveals any tempering since the comparison of hash result shows whether the message is the same as when signed.
Non-repudiation :
Creating a digital signature requires the signer to use his private key. This alters the signer that he is consummating a transaction with legal consequences, decreasing the chances of litigation later on.
www.Uandistar.org
www.Uandistar.org
Integrity :
Digital signature creation and verification processes provide a high level of assurance that the digital signature is that of the signer. Compared to tedious and labor intensive paper methods, such as checking signature cards, digital signatures yield a high degree of assurance without adding resources for processing.
AN EXAMPLE
Bob
Bob has been given two keys. One of Bobs keys is called a Public key,the other is called a Private key.
Bob's Co-workers:
www.Uandistar.org
www.Uandistar.org
Anyone can get Bob's Public Key, but Bob keeps his Private Key to himself Pat Doug Susan
Bobs Public key is available to anyone who needs it, but he keeps his Private key to himself.Keys are used to encrypt information. Encrypting information means "scrambling it up", so that only a person with the appropriate key can make it readable again.Either one of Bob's two keys can encrypt data, and the other key can decrypt that data. Susan (shown below) can encrypt a message using Bobs Public key. Bob uses his Private key to decrypt the message. Any of Bob's coworkers might have access to the message Susan encrypted, but without Bob's Private Key, the data is worthless.
Susan
"Hey Bob, how about lunch at Taco Bell. I hear they have free refills!"
Bob
"Hey Bob, how about lunch at Taco Bell. I hear they have free refills!"
With his private key and the right software,Bob can put digital signatures ondocuments and other data. A digital signature is a stamp Bob places on the data which is unique to Bob, and is very www.Uandistar.org
www.Uandistar.org difficult to forge. In addition, the signature assures that any changes made to the data that has been signed can not go undetected.
To sign a document, Bob's software will crunch down the data into just a few lines by a process called "hashing". These few lines are called a message digest. (It is not possible to change a message digest back into the original data from which it was created.)
Bob's software then encrypts the message digest with his private key. The result is the digital signature.
www.Uandistar.org
www.Uandistar.org
Finally, Bob's software appends the digital signature to document. All of the data that was hashed has been signed.
www.Uandistar.org
www.Uandistar.org
www.Uandistar.org
First, Pats software decrypts the signature (using Bobs public key) changing it back into a message digest. If this worked, then it proves that Bob signed the document, because only Bob has his private key. Pats software then hashes the document data into a message digest. If the message digest is the same as the message digest created when the signature was decrypted, then Pat knows that the signed data has not been changed.
Plot complication...
Doug (our disgruntled employee) wishes to deceive Pat. Doug makes sure that Pat receives a signed message and a public key that appears to belong to Bob. Unbeknownst to Pat, Doug deceitfully sent a key pair he created using Bobs name. Short of receiving Bobs public key from him in person, how can Pat be sure that Bobs public key is authentic?
It just so happens that Susan works at the companys certificate authority center. Susan can create a digital certificate for Bob simply by signing Bobs public key as well as some information about Bob.
Bob Info: Name Department Cubical Number Certificate Info: Expiration Date Serial Number Bobs Public Key:
www.Uandistar.org
www.Uandistar.org
Now Bobs co-workers can check Bobs trusted certificate to make sure that his public key truly belongs to him. In fact, no one at Bobs company accepts a signature for which there does not exist a certificate generated by Susan. This gives Susan the power to revoke signatures if private keys are compromised, or no longer needed. There are even more widely accepted certificate authorities that certify Susan. Lets say that Bob sends a signed document to Pat. To verify the signature on the document, Pats software first uses Susans (the certificate authoritys) public key to check the signature on Bobs certificate. Successful de-encryption of the certificate proves that Susan created it. After the certificate is de-encrypted, Pats software can check if Bob is in good standing with the certificate authority and that all of the certificate information concerning Bobs identity has not been altered. Pats software then takes Bobs public key from the certificate and uses it to check Bobs signature. If Bobs public key de-encrypts the signature successfully, then Pat is assured that the signature was created using Bobs private key, for Susan has certified the matching public key. And of course, if the signature is valid, then we know that Doug didnt try to change the signed content. Although these steps may sound complicated, they are all handled behind the scenes by Pats userfriendly software. To verify a signature, Pat need only click on it.
www.Uandistar.org
www.Uandistar.org
CONCLUSION
Digital signatures are difficult to understand. Digital signatures will be championed by many players that the public distrusts, including national security agencies, law enforcement agencies, and consumer marketing companies. Digital signatures will inevitably be associated with cards. Digital signatures will inevitably be associated with biometric identifiers. As a result, it appears that digital technology is rapidly becoming pervasive, the public not find this comforting. They will demand explicit privacy protections, far more substantial than the weak and patchy regime that is presently in place. The protections are also quite inadequate, though promising in some respects. Successful implementation of digital signatures will require far more attention to privacy issues by policy-makers and business interests.
REFERENCES
www.Uandistar.org
www.Uandistar.org
Computer network by Andrew S. Tanenbaum Cryptography and Network security by William Stallings www.google.com www.yahoo.com www.amazon.com
www.Uandistar.org
www.Uandistar.org
www.Uandistar.org