This document discusses digital signatures, including what they are, how they work, and why they are important. Digital signatures use public key cryptography to authenticate the identity of the sender and ensure the integrity of digital messages or documents. They generate a unique hash of the data, encrypt it with the sender's private key, and attach it to the message along with other information. Anyone can then decrypt the hash using the sender's public key and verify that the data has not been altered since it was signed. Digital signatures help ensure secure online transactions and determine whether websites can be trusted.
Digital Signatures Provide Security and Trust in Online Transactions
1. 1
Department of Information Science and Engineering
M S Ramaiah Institute of Technology
(Autonomous Institute, Affiliated to VTU)
Bangalore-560054
Digital Signatures (Eg. VeriSign)
A presentation submitted to
M S Ramaiah Institute of Technology
An Autonomous Institute, Affiliated to
Visvesvaraya Technological University, Belgaum
in partial fulfillment of 5th Sem Under
DATA COMMUNICATIONS
Submitted by
Suman Raj K(1MS14IS417)
Suneel N P(1MS13IS114)
under the guidance of
Dr. Mydhili K. Nair
3. The What:
• A digital signature, the digital equivalent of a handwritten signature or
a stamped seal, is a mathematical scheme for demonstrating the
authenticity of a digital message or documents.
• Digital signature schemes, in the sense used here, are cryptographically
based, and must be implemented properly to be effective.
• Digital signatures can also provide non-repudiation, meaning that the
signer cannot successfully claim they did not sign a message, while also
claiming their private key remains secret; further, some non-
repudiation schemes offer a time stamp for the digital signature, so
that even if the private key is exposed, the signature is valid.
4. • Digitally signed messages may be anything representable as a bitstring: examples
include electronic mail, contracts, or a message sent via some other cryptographic
protocol. Properly implemented digital signatures are more difficult to forge than the
handwritten type.
• A digital signature scheme typically consists of three algorithms:
1. A key generation algorithm that selects a private key uniformly at random from a set
of possible private keys.The algorithm outputs the private key and a corresponding
public key.
2. A signing algorithm that, given a message and a private key, produces a signature.
3. A signature verifying algorithm that, given the message, public key and signature,
either accepts or rejects the message's claim to authenticity.
5. Two main properties that are required are:
1. The authenticity of a signature generated from a fixed message and
fixed private key can be verified by using the corresponding public
key.
2. It should be computationally infeasible to generate a valid signature
for a party without knowing that party's private key. A digital
signature is an authentication mechanism that enables the creator
of the message to attach a code that acts as a signature.
6. The How:
• As we know digital signatures use asymmetric cryptography, or public-key
cryptography.
• It is a class of cryptographic protocols based on algorithms that require two separate
keys, one of which is secret (or private) and one of which is public.
• Using a public-key algorithm such as RSA algorithm (named after scientists Ronald
Rivest, Adi Shamir, and Len Adleman), one can generate two keys that are
mathematically linked.
• To create a digital signature, signing software (such as an email program) creates a one-
way hash of the electronic data to be signed.
• The private key is then used to encrypt the hash, the encrypted hash, along with other
information such as hashing algorithm, is the digital signature.
7. The reason for encrypting the hash instead of the entire message or document is because:
1. For efficiency:The signature will be much shorter and thus save time since hashing is
generally much faster than signing in practice.
2. For compatibility: Messages are typically bit strings, but some signature schemes operate
on other domains (such as, in the case of RSA, numbers modulo a composite number N). A
hash function can be used to convert an arbitrary input into the proper format.
3. For integrity: Without the hash function, the text "to be signed" may have to be split
(separated) in blocks small enough for the signature scheme to act on them directly.
However, the receiver of the signed blocks is not able to recognize if all the blocks are
present and in the appropriate order.
8. • The value of the hash is unique to the hashed data. Any change in the data, even
changing or deleting a single character, results in a different value.This attribute
enables others to validate the integrity of the data by using the signer's public key to
decrypt the hash.
• If the decrypted hash matches a second computed hash of the same data, it proves
that the data hasn't changed since it was signed.
• If the two hashes don't match, the data has either been tampered with in some way
or the signature was created with a private key that doesn't correspond to the public
key presented by the signer.
9.
10. Some digital signature algorithms that are used:
1. RSA-based signature schemes, such as RSA-PSS
2. DSA and its elliptic curve variant ECDSA
3. ElGamal signature scheme as the predecessor to DSA, and variants Schnorr signature
and Pointcheval–Stern signature algorithm
4. Rabin signature algorithm
5. Pairing-based schemes such as BLS
6. Signatures with efficient protocols - are signature schemes that facilitate efficient
cryptographic protocols such as zero-knowledge proofs or secure computation.
A public key certificate (also known as a digital certificate) which is an electronic
document used to prove ownership of a public key in public-key infrastructure scheme.
11. • The certificate includes information about the key, information about its owner's
identity, and the digital signature of an entity that has verified the certificate's
contents are correct.
• If the signature is valid, and the person examining the certificate trusts the signer,
then they know they can use that key to communicate with its owner.
Certificates can be created for Unix-based servers with tools such as
OpenSSL's "ca" command or SuSE's gensslcert.These may be used to issue
unmanaged certificates, certification authority (CA) certificates for managing other
certificates, and user or computer certificate requests to be signed by the CA, as well
as a number of other certificate related functions.
12. • Each web site (banking, merchant, e-commerce, etc.) is issued a public key and
a private key.The public key allows consumers or users to encrypt their
transactions using SSL (secure socket layer) technology.The private key allows
authorized users of the web site to receive information sent using the public
key.
• This double-handshake system assures consumers that their transaction is
secure and that only authorized representatives of the recipient's company
have access to the information (like credit card numbers or bank information)
they've sent. Some industries have established common interoperability
standards for the use of digital signatures between members of the industry
and with regulators.
• These include the Automotive Network Exchange for the automobile industry
and the SAFE-BioPharma Association for the healthcare industry.
13. These certificates are provided by certificate authority
organization and the most widely trusted and largest organization isVeriSign, Inc.
The web site with VeriSign stamp can be trusted completely as the authentication
unit is now owned by security software giant, Symantec.
14. The Why:
• A valid digital signature gives a recipient reason to believe that the message was created by a
known sender, that the sender cannot deny having sent the message, and that the message
was not altered in transit.
• Digital signatures are commonly used for software distribution, financial transactions, and in
other cases where it is important to detect forgery or tampering.
• It helps in finding out websites that are trust-able in providing a secure and proper transaction
between the sender, server and receiver.
• It also helps in determining whether a website indulges in phishing or another illegal activities,
even though they may have the image of the “VeriSign Secured”, it’ll be just that, an image
(this post is an example, it doesn't have any viable digital certificate but has the image), as we
have seen that forgery of digital signatures is very difficult and almost non-existent.
• It provides users, clients, etc. with safe and secure website/s and transactions within
that/those website/s.