Introduction to Digital Signature Introduction - Signature • A person signs a document to show that it is originated him/her or was approved by him/her. • A signature is proof to the recipient that the document comes from the current entity. • When a customer signs a cheque, the bank needs to be sure that the cheque issued by that customer and nobody else. • A signature on a document, when verified, is a sign of authentication – the document is authentic. Signature… • When Alice sends a message to Bob, Bob needs to check the authenticity of the sender; he needs to be sure that the message comes from Alice and not Eve. Bob can ask Alice to sign the message electronically. • An electronic signature can prove the authenticity of Alice as the sender of the message and this type of signature as a digital signature. Comparison Conventional Signature Vs Digital Signature Inclusion • A conventional signature is included in the document; it is part of the document. When we write a cheque, the signature is on the cheque; it is not a separate document. • But, when we sign a document digitally, we send the signature as a separate document. The sender sends two documents: the message and the signature. • The recipient receives both documents and verifies that the signature belongs to the supposed sender. If this is proven, the message is kept; otherwise, it is rejected. Verification Method • For a conventional signature, when the recipient receives a document, she compares the signature document on the document with the signature on file. • If they are the same, the document is authentic. The recipient needs to have a copy of this signature on file for comparison. • For a digital signature, the recipient receives the message and the signature. A copy of the signature is not stored anywhere. Verification Method… • The recipient needs to apply a verification technique to the combination of the message and the signature to verify the authenticity. Relationship • For a conventional signature, there is normally a one-to-many relationship between a signature and documents. A person uses the same signature to sign many documents. • For a digital signature, there is a one-to-one relationship between a signature and a message. Each message has its own signature. • The signature of one message cannot be used in another message. Each message needs a new signature. Duplicity • In conventional signature, a copy of the signed document can be distinguished from the original one on file. • In digital signature, there is no such distinction unless there is a factor of time (such as timestamp) on the document. • Eg. suppose Alice sends a document instructing Bob to pay Eve. If Eve intercepts the document and the signature, she can replay it later to get money again from Bob. Case Study How to validate digital signature in aadhaar card? • Aadhaar Card Download… • You can open the website eaadhaar.uidai.gov.in. After entering in E-Aadhaar website you can see the Validate Option. • You will get the signature validation status window, click on ‘Signature Properties’. • Click on ‘Show Certificate.’ • Verify that there is a certification path named ‘CCA India 2011’. This identifies CCA India as the owner of the digital certificate that has been used when signing the document. How to validate digital signature in aadhaar card? • Mark the certification path named ‘CCA India 2011’, click the ‘Trust’ tab and then ‘Add to Trusted Identities’. • Answer ‘OK’ to any security question that follows. • Check(√) the field for ‘Use this certificate as a trusted root’ and click ‘OK’ twice to close this and the next window. • Click ‘Validate Signature’ to execute the validation. How to Add Digital Signature into PDF Document Add Digital Signature into PDF Document 1. Choose Document Menu > Digital Signature Add Digital Signature into PDF Document • or click Digital Signature Document Toolbar. Button in the 2. Select a PFX file with digital signature. 3. The Create Digital Signature to Document dialog box comes up: • Select a File: Select a PFX file with digital signature. • Enter Password: The password for the digital ID. • Allow Multiple Signatures: If checked, the signature and all the other content will be added as a new revision thus not invalidating existing signatures. • Keystore Type: The specified keystore type. pkcs12 is the most common type. • Keystore Provider: Sets the Cryptographic Service Provider that will sign the document. Leave it empty for pkcs12 type. • Signed Type: The mode can be Self signed (Adobe.PPKLite) , VeriSign plug-in (VeriSign.PPKVS) and Windows Certificate Security (Adobe.PPKMS). • Certification Level: The certification level can be NOT_CERTIFIED, CERTIFIED_NO_CHANGES_ALLOWED, CERTIFIED_FORM_FILLING and CERTIFIED_FORM_FILLING_AND_ANNOTATIONS. • • • • Reason: Sets the signing reason. Location: Sets the signing location. Contact: Sets the signing contact. Appearance: – Visible: Sets the signature to be visible on the Position of the selected Page. – Page Number: Select the page number for the digital signature. – Appearance: There are 4 Options: Description Only, Signer Name and Description, Signature Image and Description, and Signature Image only. – Let/Right/Top/Bottom: The position for the digital signature. – Use Signature Image: Set the signature image if the Appearance option is Signature Image and Description – Use Background Image: Set the background image. Leave it blank if no background image. – Background Image Scale: Set the scaling to be applied to the background image. Digital Signature - Process • The sender uses a signing algorithm to sign the message. The message and the signature are sent to the receiver. The receiver receives the message and the signature and applies the verifying algorithm to the combination. If the result is true, the message is accepted; otherwise, it is rejected. Need for Keys • A digital signature needs a public-key system. The signer signs with her private key; the verifier verifies with the signer’s public key. Need for Keys… • Note that when a document is signed, anyone, including Bob, can verify it because everyone has access to Alice’s public key. • Alice must not use her public key to sign the document because then anyone could forge her signature. • Can we use a secret (symmetric) key to both sign and verify a signature? Contd… 1. A secret key is known by only two entities (User A and User B). So if User A needs to sign another document and send it to User C, she needs to use another secret key. 2. Creating a secret key for a session involves authentication, which uses a digital signature. 3. User B could use the secret key between himself and User A, sign a document, send it to User C, and pretend that it came from User A. A cryptosystem uses the private and public keys of the receiver: a digital signature uses the private and public keys of the sender. Signing the Digest Services • We discussed several security services including message confidentiality, message authentication, message integrity, and nonrepudiation. • A digital signature can directly provide the last three; for message confidentiality we still need encryption/decryption. Topics discussed in this section: Message Authentication Message Integrity Nonrepudiation Confidentiality Message Authentication • A secure digital signature scheme, like a secure conventional signature can provide message authentication. A digital signature provides message authentication. Message Integrity • The integrity of the message is preserved even if we sign the whole message because we cannot get the same signature if the message is changed. A digital signature provides message integrity. Nonrepudiation Nonrepudiation can be provided using a trusted party. Confidentiality A digital signature does not provide privacy. If there is a need for privacy, another layer of encryption/decryption must be applied. Attacks On Digital Signature • This section describes some attacks on digital signatures and defines the types of forgery. • Attack Types – Key-Only Attack – Known-Message Attack – Chosen-Message Attack • Forgery Types – Existential Forgery – Selective Forgery Digital Signature Schemes RSA Digital Signature Scheme ElGamal Digital Signature Scheme Schnorr Digital Signature Scheme Digital Signature Standard (DSS) Elliptic Curve Digital Signature Scheme RSA Digital Signature Scheme General idea behind the RSA digital signature scheme Key Generation Key generation in the RSA digital signature scheme is exactly the same as key generation in the RSA. Alice chooses two primes p and q and calculates n p q . Alice calculates (n) ( p 1)( q 1). • She then chooses e, the public exponent, and calculates d, the private exponent such that e d 1 mod (n) • Alice keeps d; she publicly announces n and e. In the RSA digital signature scheme, d is private; e and n are public. Signing and Verifying RSA digital signature scheme RSA Signature on the Message Digest When the digest is signed instead of the message itself, the susceptibility of the RSA digital signature scheme depends on the strength of the hash algorithm. ElGamal Digital Signature Scheme General idea behind the ElGamal digital signature scheme Key Generation • The key generation procedure here is exactly the same as the one used in the cryptosystem. In ElGamal digital signature scheme, (e1, e2, p) is Alice’s public key; d is her private key. Verifying and Signing ElGamal digital signature scheme Signing • Alice can sign the digest of a message to any entity, including Bob. – Alice chooses a secret random number r. Note that although public and private keys can be used repeatedly. Alice needs a new r each time she signs a new message. – Alice calculates the first signature . – Alice calculates the second signature – Alice sends M, S1, and S2 to Bob. Verifying • An entity, such as Bob, receives M, S1, and S2, which can be verifies as follows: – – – – – Bob checks to see if 0 < S1 < p Bob checks to see if 0 < S2 < p-1 Bob calculates V1 = e1M mod p Bob calculates V2 = e2S1 × S1S2 mod p If V1 is congruent to V2, the message is accepted; otherwise, it is rejected. Prove the verification using e2 = e1d and S1 = e1r. Schnorr Digital Signature Scheme General idea behind the Schnorr digital signature scheme Key Generation 1) 2) 3) 4) Alice selects a prime p, which is usually 1024 bits in length. Alice selects another prime q. Alice chooses e1 to be the qth root of 1 modulo p. Alice chooses an integer, d, as her private key. 5) Alice calculates e2 = e1d mod p. 6) Alice’s public key is (e1, e2, p, q); her private key is (d). In the Schnorr digital signature scheme, Alice’s public key is (e1, e2, p, q); her private key (d). Signing and Verifying Schnorr digital signature scheme Contd… Signing 1. Alice chooses a random number r. 2. Alice calculates S1 = h(M|e1r mod p). 3. Alice calculates S2 = r + d × S1 mod q. 4. Alice sends M, S1, and S2. Verifying Message 1. Bob calculates V = h (M | e1S2 e2−S1 mod p). 2. If S1 is congruent to V modulo p, the message is accepted; Digital Signature Standard (DSS) General idea behind DSS scheme Contd… Key Generation. 1) Alice chooses primes p and q. 2) Alice uses <Zp*, × > and <Zq*, ×>. 3) Alice creates e1 to be the qth root of 1 modulo p. 4) Alice chooses d and calculates e2 = e1d. 5) Alice’s public key is (e1, e2, p, q); her private key is (d). Verifying and Signing DSS scheme Contd… DSS Versus RSA Computation of DSS signatures is faster than computation of RSA signatures when using the same p. DSS Versus ElGamal DSS signatures are smaller than ElGamal signatures because q is smaller than p. Elliptic Curve Digital Signature Scheme General idea behind the ECDSS scheme Key Generation Key generation follows these steps: 1) Alice chooses an elliptic curve Ep(a, b). 2) Alice chooses another prime q the private key d. 3) Alice chooses e1(…, …), a point on the curve. 4) Alice calculates e2(…, …) = d × e1(…, …). 5) Alice’s public key is (a, b, p, q, e1, e2); her private key is d. Signing and Verifying The ECDSS scheme Variations and Applications Time Stamped Signatures Sometimes a signed document needs to be time stamped to prevent it from being replayed by an adversary. This is called time-stamped digital signature scheme. Blind Signatures Sometimes we have a document that we want to get signed without revealing the contents of the document to the signer.