100 Hours ITT Course Unit 12

Digital Signature

100hrs Information Technology Training

Board of Studies, ICAI

Learning Objectives
Signature and the Law What is Digital Signature Technology How Digital Signature Technology works? Public Key Certificates What is Digital Certificates? Challenges and opportunities

100hrs Information Technology Training

Board of Studies, ICAI

Introduction to Digital Signature

In simple term, signature recognizes any mark made with the intention of authenticating the marked document.

100hrs Information Technology Training

Board of Studies, ICAI

Signature and the Law

A signature is a handwritten depiction or someones name, nickname or even a simple x that a person writes on documents as proof of identity and intent. Signing the document save the following general purpose.

Evidence describes identification of the signature with signed document.

Ceremony describes the legal significance of the signers act and there by helps prevent inconsiderable engagements

100hrs Information Technology Training

Board of Studies, ICAI

Signature and the Law

Approval describes the signers approval of authorization of writing that has legal effect.

Efficiency and logisticsdescribes the sense of clarity and finality to the transaction.

100hrs Information Technology Training

Board of Studies, ICAI

Signature Attributes
Signer Authentication A signature identifies the person and authorizes the message. Document Authentication - A signature identifies what is signed without detection and even marking the impracticable to falsify. Signature and Document Authentication is known a s n o n r e p u d i a t i o n s e r v i c e . A non-repudiation service provides assurance of the origin or delivery of data in order to protect the sender against false denial by the recipient that the d a t a h a s
100hrs Information Technology Training Board of Studies, ICAI

Signature Attributes
been received, or to protect the recipient against false denial by the sender that the data has been sent. Affirmative Act: - define the ceremonial and approval functions or a signature. Efficiency: - describes the authentication process with the least possible expenditure of resources.

100hrs Information Technology Training

Board of Studies, ICAI

What is Digital Signature Technology?

Definition of Digital Signature
A Digital Signature or Digital Signature Scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document". Digital Signatures are commonly used for software distribution, financial transaction, and in other cases where it is important to detect forgery and tempering.
100hrs Information Technology Training Board of Studies, ICAI

What is Digital Signature Technology?

A Public Key Cryptography employs an algorithm using two different but mathematically related Keys one for creating a digital signature or transforming data into a seemingly unintelligible form, and another key for verifying a digital signature or returning the message to its o r i g i n a l f o r m . A Cryptography is a study of hiding or securing information. A cryptography refers to encryption which is the process of converting ordinary information (Plaintext) into unintelligible i.e. cipher text. Decryption is the reverse in other words, moving from the unintelligible cipher text back to plaintext.
100hrs Information Technology Training Board of Studies, ICAI

What is Digital Signature Technology?

A public key cryptography uses 2 Algorithm Asymmetric key algorithm Symmetric key algorithm In asymmetric key algorithm, the key used to encrypt a message is not the same as key used to decrypt it which is known of public and private keys. In symmetric key algorithm, a single secret key shared by sender and receiver is used for both encryption and d e c r y p t i o n .

100hrs Information Technology Training

Board of Studies, ICAI

What is Digital Signature Technology?

Benefits of Digital Signatures
Authentication :Digital signatures can be used to authenticate the source of messages. When ownership of a digital signature secret key is bound to a specific user, a valid signature shows that the message was sent by that user.

Integrity :The sender and receiver of a message may have a need for confidence that the message has not been altered during transmission. However, if a message is digitally signed, any change in the message will invalidate the signature.

100hrs Information Technology Training

Board of Studies, ICAI

What is Digital Signature Technology?

Drawbacks of Digital Signature
Association of Digital Signature and Trusted Time Stamping Non Repudiation WYSIWYS

100hrs Information Technology Training

Board of Studies, ICAI

What is Digital Signature Technology?

Digital Signature Process

100hrs Information Technology Training

Board of Studies, ICAI

What is Digital Signature Technology?

Generating messages digest (hash result) Using Public Key to encrypt hash result Result of the encryption: digital signature Sender sends message, digital signature and certificate to receiver Receiver wants to check Integrity Generating hash result, compare it to the senders hash result and decrypting the message with the senders public key Authenticity Can be checked by means of the certificate Board of Studies, ICAI 100hrs Information Technology Training

What is Digital Signature Technology?

100hrs Information Technology Training

Board of Studies, ICAI

What is Digital Signature Technology?

A hash is any well defined procedure of mathematical function which converts a large, possibly variable - sized amount of data into a small datum, usually single integer that may serve as an index to an array. The values returned by the hash function are called hash values.

A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed size bit string the hash value, such that an accidental change to the data will change the hash value. The data to be encoded is often called the message d i g e s t o r s i m p l y d i g e s t .
100hrs Information Technology Training Board of Studies, ICAI

What is Digital Signature Technology?

Public Key Certificate
A public key certificate is an electronic document which user a digital signature to bind together a public key with an identity. Information such as the name of a person or an organization, their address, and so fourth. PKI (Public key Infra structure) is the mechanism - the organization, people, and machinery needed to support public key cryptography.

100hrs Information Technology Training

Board of Studies, ICAI

What is Digital Signature Technology?

Public Key Certificate
3 approaches to setting the trust are : Certificate Authorities (CAs), Web of Trust (WoT), And simple
Web of trust is a concept used in compatible systems to establish the authenticity of the binding between a public key and a user. A Certificate Authority (CA) is an entity that issues digital certificates for use by other parties. A trusted third party (TTP) is an entity, which facilitates interaction between two parties who both trust the t h i r d p a r t y .

100hrs Information Technology Training

Board of Studies, ICAI

What is Digital Signature Technology?

What is Digital Certificate?
Digital Certificate are the electronic counterparts to driver licenses, passports and membership cards. Contents of Digital Certificates a. Serial no. b. Subject c. Signature algorithm d. Issuer e. Valid-form f . Valid-to g. Key usage h. Public key i. Thumbprint algorithm j. Thumbprint
100hrs Information Technology Training Board of Studies, ICAI

What is Digital Signature Technology?

Uses of Digital Certificate
Email E-Commerce EFT Group ware And many more

Type of Digital Certificates

Server certificates Developer certificates Personal certificates

100hrs Information Technology Training

Board of Studies, ICAI

What is Digital Signature Technology?

Server certificates enables web servers to operate in a secure mode. It allows website visitors to safely transfer their personal information like credit cards and bank account information.

Developer certificates authenticate software and assure the user while downloading the software f r o m t h e I n t e r n e t . Personal certificates are used by individual when they exchange message with other users or online services. It allows to validate a website visitors identity and even restrict their access to certain p o r t i o n s o f t h e w e b s i t e .
100hrs Information Technology Training Board of Studies, ICAI

What is Digital Signature Technology?

Digital certificates and digital signing of an e-mail message

Message is captured. Hash value of the message is calculated. Sender's private key is retrieved from the sender's digital certificate. Hash value is encrypted with the sender's private key.
100hrs Information Technology Training Board of Studies, ICAI

What is Digital Signature Technology?

Encrypted hash value is appended to the message as a digital signature. Message is sent.

Digital certificates and verifying a digital signature of an e-mail message

100hrs Information Technology Training

Board of Studies, ICAI

What is Digital Signature Technology?

Message is received. Digital signature containing encrypted hash value is retrieved from the message. Message is retrieved. Sender's public key is retrieved from the sender's digital certificate. Encrypted hash value is decrypted with the sender's public key. Decrypted hash value is compared against the hash value produced on receipt. If the values match, the message is valid.
100hrs Information Technology Training Board of Studies, ICAI

Hash value of the message is calculated.

What is Digital Signature Technology?

Challenges and opportunities to digital signature

The cost consists of

Institutional overhead Subscriber and relying party costs

Advantages
Minimizing the risk of dealing with imposters Message integrity Formal legal requirement High degree of information security
100hrs Information Technology Training Board of Studies, ICAI

Thank You

100hrs Information Technology Training

Board of Studies, ICAI