Digital Signatures
- 1. 1 Department of Information Science and Engineering M S Ramaiah Institute of Technology (Autonomous Institute, Affiliated to VTU) Bangalore-560054 Digital Signatures (Eg. VeriSign) A presentation submitted to M S Ramaiah Institute of Technology An Autonomous Institute, Affiliated to Visvesvaraya Technological University, Belgaum in partial fulfillment of 5th Sem Under DATA COMMUNICATIONS Submitted by Suneel N P(1MS13IS114) Suman Raj K(1MS14IS417) under the guidance of Dr. Mydhili K. Nair
- 2. DIGITAL SIGNATURES (EG. VERISIGN) Suneel N Pramodh - 1MS13IS114 Suman Raj K - 1MS14IS417
- 3. The What: • A digital signature, the digital equivalent of a handwritten signature or a stamped seal, is a mathematical scheme for demonstrating the authenticity of a digital message or documents. • Digital signature schemes, in the sense used here, are cryptographically based, and must be implemented properly to be effective. • Digital signatures can also provide non-repudiation, meaning that the signer cannot successfully claim they did not sign a message, while also claiming their private key remains secret; further, some non- repudiation schemes offer a time stamp for the digital signature, so that even if the private key is exposed, the signature is valid.
- 4. • Digitally signed messages may be anything representable as a bitstring: examples include electronic mail, contracts, or a message sent via some other cryptographic protocol. Properly implemented digital signatures are more difficult to forge than the handwritten type. • A digital signature scheme typically consists of three algorithms: 1. A key generation algorithm that selects a private key uniformly at random from a set of possible private keys.The algorithm outputs the private key and a corresponding public key. 2. A signing algorithm that, given a message and a private key, produces a signature. 3. A signature verifying algorithm that, given the message, public key and signature, either accepts or rejects the message's claim to authenticity.
- 5. Two main properties that are required are: 1. The authenticity of a signature generated from a fixed message and fixed private key can be verified by using the corresponding public key. 2. It should be computationally infeasible to generate a valid signature for a party without knowing that party's private key. A digital signature is an authentication mechanism that enables the creator of the message to attach a code that acts as a signature.
- 6. The How: • As we know digital signatures use asymmetric cryptography, or public-key cryptography. • It is a class of cryptographic protocols based on algorithms that require two separate keys, one of which is secret (or private) and one of which is public. • Using a public-key algorithm such as RSA algorithm (named after scientists Ronald Rivest, Adi Shamir, and Len Adleman), one can generate two keys that are mathematically linked. • To create a digital signature, signing software (such as an email program) creates a one- way hash of the electronic data to be signed. • The private key is then used to encrypt the hash, the encrypted hash, along with other information such as hashing algorithm, is the digital signature.
- 7. The reason for encrypting the hash instead of the entire message or document is because: 1. For efficiency:The signature will be much shorter and thus save time since hashing is generally much faster than signing in practice. 2. For compatibility: Messages are typically bit strings, but some signature schemes operate on other domains (such as, in the case of RSA, numbers modulo a composite number N). A hash function can be used to convert an arbitrary input into the proper format. 3. For integrity: Without the hash function, the text "to be signed" may have to be split (separated) in blocks small enough for the signature scheme to act on them directly. However, the receiver of the signed blocks is not able to recognize if all the blocks are present and in the appropriate order.
- 8. • The value of the hash is unique to the hashed data. Any change in the data, even changing or deleting a single character, results in a different value.This attribute enables others to validate the integrity of the data by using the signer's public key to decrypt the hash. • If the decrypted hash matches a second computed hash of the same data, it proves that the data hasn't changed since it was signed. • If the two hashes don't match, the data has either been tampered with in some way or the signature was created with a private key that doesn't correspond to the public key presented by the signer.
- 10. Some digital signature algorithms that are used: 1. RSA-based signature schemes, such as RSA-PSS 2. DSA and its elliptic curve variant ECDSA 3. ElGamal signature scheme as the predecessor to DSA, and variants Schnorr signature and Pointcheval–Stern signature algorithm 4. Rabin signature algorithm 5. Pairing-based schemes such as BLS 6. Signatures with efficient protocols - are signature schemes that facilitate efficient cryptographic protocols such as zero-knowledge proofs or secure computation. A public key certificate (also known as a digital certificate) which is an electronic document used to prove ownership of a public key in public-key infrastructure scheme.
- 11. • The certificate includes information about the key, information about its owner's identity, and the digital signature of an entity that has verified the certificate's contents are correct. • If the signature is valid, and the person examining the certificate trusts the signer, then they know they can use that key to communicate with its owner. Certificates can be created for Unix-based servers with tools such as OpenSSL's "ca" command or SuSE's gensslcert.These may be used to issue unmanaged certificates, certification authority (CA) certificates for managing other certificates, and user or computer certificate requests to be signed by the CA, as well as a number of other certificate related functions.
- 12. • Each web site (banking, merchant, e-commerce, etc.) is issued a public key and a private key.The public key allows consumers or users to encrypt their transactions using SSL (secure socket layer) technology.The private key allows authorized users of the web site to receive information sent using the public key. • This double-handshake system assures consumers that their transaction is secure and that only authorized representatives of the recipient's company have access to the information (like credit card numbers or bank information) they've sent. Some industries have established common interoperability standards for the use of digital signatures between members of the industry and with regulators. • These include the Automotive Network Exchange for the automobile industry and the SAFE-BioPharma Association for the healthcare industry.
- 13. These certificates are provided by certificate authority organization and the most widely trusted and largest organization isVeriSign, Inc. The web site with VeriSign stamp can be trusted completely as the authentication unit is now owned by security software giant, Symantec.
- 14. The Why: • A valid digital signature gives a recipient reason to believe that the message was created by a known sender, that the sender cannot deny having sent the message, and that the message was not altered in transit. • Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery or tampering. • It helps in finding out websites that are trust-able in providing a secure and proper transaction between the sender, server and receiver. • It also helps in determining whether a website indulges in phishing or another illegal activities, even though they may have the image of the “VeriSign Secured”, it’ll be just that, an image (this post is an example, it doesn't have any viable digital certificate but has the image), as we have seen that forgery of digital signatures is very difficult and almost non-existent. • It provides users, clients, etc. with safe and secure website/s and transactions within that/those website/s.