- DIGITAL SIGNATURES - EXPLANATION, IMPLEMENTATION, SERVICES AND FUTURE
- Digital Signatures - Explanation, Implementation, Services And Future
- How Do Digital Signatures Work?
- Implementation and Public Key Infrastructure (PKI)
- Specific Types for Specific Applications
- PKI service Case Study
- Reference List
Computer Network Security
DIGITAL SIGNATURES - EXPLANATION, IMPLEMENTATION, SERVICES AND FUTURE
We sign (handwritten) whenever we do any non-trivial transaction, communication or deal. A signature serves as a proof of a document, and the informed consent of the person or organization represented by the person to the contents of the document. Now, with advancing technology, societies all over the world are going electronic for more and more routine tasks. Also, products, services and documents no longer have to physical to be considered of value and significance e.g. music downloads, movie rentals on Internet, legal documents and government notices sent by email, etc. How do we manage the trust, and protect the vulnerable party in a digital world? This paper explores such a technology - digital signatures and will look into its technical implementation, supporting infrastructure, designing, service providers, and future possibilities.
Digital Signatures - Explanation, Implementation, Services And Future
Any non-trivial exchange of goods, services or an agreement requires (handwritten) signatures on a document on which terms of the deal are written e.g. sales receipt, employee contract, etc. A signature serves as a proof of a document, and the informed consent of the person or organization represented by that person to the contents of the document. This protects the other party if challenged, as this document will prove that the particular party (authentication) approved and the signing party cannot deny (non-repudiation) having done so. In other words, a signature is used to bind signatory to the document (www.tutorialspoint.com, 2016).
Now, with advancing technology, societies all over the world are going electronic for more and more routine tasks. Also, products, services and documents no longer have to physical to be considered of value and significance. How do we manage the trust, and protect the interests of the person who requires authentication and non-repudiation from the other party? This paper explores such a technology - digital signatures, and will look into its technical implementation, supporting infrastructure, designing, service providers and future possibilities.
How Do Digital Signatures Work?
Digital signatures are a technique based on mathematics which serve the same purpose for digital assets (documents, files, etc) that a handwritten signature on paper serves. Digital signatures are based on cryptography. Cryptography is the science of sending messages in a secret form, so that only the intended recipient can read it (Mollin, 2001). Now, cryptography is of two types - symmetric and asymmetric. In symmetric, a single key is generated for a pair of communicating parties and that single key is used to encrypt (make the data unintelligible) as well as decrypt (convert it back into the original message). This option per se suffers from the difficulty of securely transmitting the secret keys themselves. The other alternative is asymmetric, in which a person has two keys - one public (to the malicious user also), and one private (only known to the owner). Now any message intended for the eyes of a person is encrypted with his public key. Only the associated private key can decrypt the message.
Digital signatures are based on asymmetric cryptography. The person signing uses his private key to encrypt the message (Emudhradigital.com, n.d.), which as per the ironclad guarantees of the algorithm and the extremely high complexities of breaking it, ensure that only the signatory's public key can decrypt the message. Thus, identity is ensured this way. As per Corporation (1999), now this facility may be utilized in any of the four combinations along with encryption. However, as per Paar (2014), real-life applications want to do both, signing and encrypting.
Implementation and Public Key Infrastructure (PKI)
With the help of algorithm, we can provably link public and private keys but generation of these pairs is a trivial process in commonly available software. This still leaves the question of identity unanswered. Here, services of Public Key Infrastructure (PKI) are utilized. They are like telephone directories of a person and his public encryption key. Thus, the trust has to be put into PKI that a particular public key belongs to a particular person. It must be noted that the algorithm itself does not care or require PKI - files can always be encrypted using a private key and decrypted using the associated public key. However, there will be no guarantee as to the entity owning this public (and the private) key. PKI is a set of roles, policies and procedures to manage public-key encryption. This is implemented using Digital Certificates (e.g. green padlock in Web browsers on banking and ecommerce sites can be clicked to view the digital certificate details). A digital certificate vouches that a particular public encryption key belongs to a particular entity and takes on the responsibility for verifying the legal details on the authority issuing it. As per Rouse (2013), digital certificates can also be referred to as a public key certificate.
PKI is implemented using Certificate Authority (CA), Registration Authority (RA), certificate database and certificate store. CA is the root or top-most authority which stores, issues and signs the digital certificates. The responsibility for verifying the identity is delegated to RA. Thus, every entity (person, organization, computer, etc) which wants to digitally sign a file will have a secret private key (known only to them) and distributed and widely-known public key.
Another component of digital signature is hashing algorithms. A hashing algorithm takes in arbitrary amounts of input to produce a unique fixed-length string. This generated string is called hash value, hash code or digest. Now, the quality of a hashing algorithm depends inversely on the probability of collisions in has value i.e. more than input resulting in same hash value. Also, these algorithms are effectively one-way i.e. computing the hash from input is computationally easy, but the reverse is impossible. In other words, hashing is an irreversible process. Examples of hashing algorithms include MD5, SHA1, etc.
Now, for digital signing and to uphold the security services of message integrity (if file is tampered, then the digital signature verification will fail), a hash of the file is generated, and this hash (and not the complete file) is signed with the private key of the signatory. Then, the combination of the file and the signature may be encrypted (so as to maintain confidentiality) and sent to the receiver. The receiver can decrypt the package, get the file and verify the signature using the public key of the signatory and the result will confirm if this file is sent by the signatory and has not been modified en route.
Specific Types for Specific Applications
There are four classes of digital signature (certificates), which start from zero i.e. Class 0, Class 1, Class 2 and Class 3. As per Cca.gov.in (2013), Class 0 is for demonstration purposes only, Class 1 will guarantee the name and email address, Class 2 will guarantee that information of the entity does not conflict with information in other public databases. Class 3 takes on the highest assurance levels and mandatorily require in-person verification of the user for whom the certificate is to be issued for.
It can be observed that the rigor of evaluation increases with the class, and so does the costs and paperwork required. To justify costs with benefits, industry has come to use different classes for different uses. For non-commercial applications where proof of identity is not required Class 1 is used. Class 2 is used where proof of identity based on validation in various databases is sufficient e.g. income tax, value added tax, registering companies, etc. Class 3 is used for participating in tenders process online and covers aspects like contract download, supplier registration, submission of bid document.
PKI service Case Study
As detailed earlier, digital signatures are plain algorithms and mathematics, which per se have little utility in real-world applications. To bring in the trust factor as to the owner of any public key, services of a PKI have to be used. There are many service providers available like Microsoft Certificate Services, Symnatec Managed PKI Services, Entrust, Thales e-Security, etc. Microsoft Certificate Services is a Windows operating system service that is used in conjunction with SSL (Secure Sockets Layer) technology to protect sensitive data on Web servers and Internet. As per Stanek, (2001), this PKI infrastructure is mainly used to manage digital certificates for Web servers. The service can be configured to the role of either of enterprise root CA, enterprise subordinate CA, stand-alone root CA, or stand-along subordinate CA. Also, once a machine has been set up as either of these four, then the computer name or domain membership cannot be changed. It often uses asymmetric cryptography keys in addition to symmetric cryptography keys for session.
Technologies may change, but people do not (Atwood, 2004). It is expected that the ever-increasing digitization of the world along with the incentives for malicious users to hack, digital signature technologies will keep up the pace. Couple of noteworthy areas of research include reducing costs for signature and encryption combined rather than doing both separately (Zheng, 1997), improving the algorithm's complexity trade-offs (Naccache et al., 1995), etc.
Trust is both a human liability and a requirement. On one hand trust allows to bypass a whole lot of procedures, but on the other hand the lack of trust and the inherent possibility of scam require that security services like authenticity, non-repudiation, message integrity, etc be maintained. These terms may have modern mathematical connotations, but they have existed from the beginning. Paper-signature also offers the same facility. But, with modern digital tools and practices, paper signature is just out-of-league and will probably end up bottlenecking the speed of digital progress. Thus, digital signatures as a technology is important and here to stay.
Place Order For A Top Grade Assignment Now
We have some amazing discount offers running for the studentsPlace Your Order
Atwood, J. (2004). Recommended Reading for Developers. [online] Blog.codinghorror.com. Available at: https://blog.codinghorror.com/recommended-reading-for-developers/ [Accessed 13 Dec. 2016].
Corporation, B. (1999). Tech Note #35: How Encryption and Digital Signatures Work. [online] Tatanka.com. Available at: http://www.tatanka.com/bionic_buffalo/original/archive/document/technote/tn0035.html [Accessed 12 Dec. 2016].
www.tutorialspoint.com. (2016). Cryptography Digital signatures. [online] Available at: https://www.tutorialspoint.com/cryptography/cryptography_digital_signatures.htm [Accessed 12 Dec. 2016].
Mollin, R. (2001). An introduction to cryptography. 1st ed. Boca Raton: Chapman & Hall/CRC.
Naccache, D., M'RaÏhi, D., Vaudenay, S. and Raphaeli, D. (1995). Can D.S.A. be improved? — Complexity trade-offs with the digital signature standard —. Advances in Cryptology — EUROCRYPT'94, [online] pp.77-85. Available at: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.140.7266&rep=rep1&type=pdf [Accessed 13 Dec. 2016].
Emudhradigital.com. (n.d.). Official Website of eMudhra Limited - Digital Certificate: Buy Digital Signature Online. [online] Available at: https://www.emudhradigital.com/ [Accessed 12 Dec. 2016].
Paar, C. (2014). Lecture 18: Digital Signatures and Security Services by Christof Paar. [online] YouTube. Available at: https://www.youtube.com/watch?v=jbBe4AS5pk0&lc=z124fdmyhob1zlumy22jvvmgbknhvvmtp.1469807997261592 [Accessed 13 Dec. 2016].
Rouse, M. (2013). What is digital certificate? - Definition from WhatIs.com. [online] SearchSecurity. Available at: http://searchsecurity.techtarget.com/definition/digital-certificate [Accessed 13 Dec. 2016].
Stanek, W. (2001). Microsoft Windows 2000 and IIS 5.0 administrator's pocket consultant. 1st ed. Redmond, Wash.: Microsoft Press.
Cca.gov.in. (2013). What are the different classes of Digital Signature Certificates?. [online] Available at: http://www.cca.gov.in/cca/?q=node/45 [Accessed 13 Dec. 2016].
Zheng, Y., 1997, August. Digital signcryption or how to achieve cost (signature & encryption)? cost (signature)+ cost (encryption). In Annual International Cryptology Conference (pp. 165-179). Springer Berlin Heidelberg.