Uploaded by muthukumar

Introduction to Digital Signature

advertisement
Introduction to
Digital Signature
Introduction - Signature
• A person signs a document to show that it is
originated him/her or was approved by him/her.
• A signature is proof to the recipient that the
document comes from the current entity.
• When a customer signs a cheque, the bank needs
to be sure that the cheque issued by that customer
and nobody else.
• A signature on a document, when verified, is a
sign of authentication – the document is authentic.
Signature…
• When Alice sends a message to Bob, Bob needs to
check the authenticity of the sender; he needs to be
sure that the message comes from Alice and not
Eve. Bob can ask Alice to sign the message
electronically.
• An electronic signature can prove the authenticity
of Alice as the sender of the message and this type
of signature as a digital signature.
Comparison
Conventional Signature Vs Digital Signature
Inclusion
• A conventional signature is included in the
document; it is part of the document. When we
write a cheque, the signature is on the cheque; it is
not a separate document.
• But, when we sign a document digitally, we send
the signature as a separate document. The sender
sends two documents: the message and the
signature.
• The recipient receives both documents and verifies
that the signature belongs to the supposed sender.
If this is proven, the message is kept; otherwise, it
is rejected.
Verification Method
• For a conventional signature, when the recipient
receives a document, she compares the signature
document on the document with the signature on
file.
• If they are the same, the document is authentic.
The recipient needs to have a copy of this signature
on file for comparison.
• For a digital signature, the recipient receives the
message and the signature. A copy of the signature
is not stored anywhere.
Verification Method…
• The recipient needs to apply a verification
technique to the combination of the message and
the signature to verify the authenticity.
Relationship
• For a conventional signature, there is normally a
one-to-many relationship between a signature and
documents. A person uses the same signature to
sign many documents.
• For a digital signature, there is a one-to-one
relationship between a signature and a message.
Each message has its own signature.
• The signature of one message cannot be used in
another message. Each message needs a new
signature.
Duplicity
• In conventional signature, a copy of the signed
document can be distinguished from the original
one on file.
• In digital signature, there is no such distinction
unless there is a factor of time (such as timestamp)
on the document.
• Eg. suppose Alice sends a document instructing
Bob to pay Eve. If Eve intercepts the document
and the signature, she can replay it later to get
money again from Bob.
Case Study
How to validate digital signature in
aadhaar card?
• Aadhaar Card Download…
• You can open the website eaadhaar.uidai.gov.in.
After entering in E-Aadhaar website you can see
the Validate Option.
• You will get the signature validation status
window, click on ‘Signature Properties’.
• Click on ‘Show Certificate.’
• Verify that there is a certification path named
‘CCA India 2011’. This identifies CCA India as
the owner of the digital certificate that has been
used when signing the document.
How to validate digital signature in
aadhaar card?
• Mark the certification path named ‘CCA India
2011’, click the ‘Trust’ tab and then ‘Add to
Trusted Identities’.
• Answer ‘OK’ to any security question that
follows.
• Check(√) the field for ‘Use this certificate as a
trusted root’ and click ‘OK’ twice to close this
and the next window.
• Click ‘Validate Signature’ to execute the
validation.
How to Add Digital Signature into
PDF Document
Add Digital Signature into PDF
Document
1. Choose Document Menu > Digital Signature
Add Digital Signature into PDF
Document
• or click Digital Signature
Document Toolbar.
Button in the
2. Select a PFX file with digital signature.
3. The Create Digital Signature to Document dialog
box comes up:
• Select a File: Select a PFX file with digital signature.
• Enter Password: The password for the digital ID.
• Allow Multiple Signatures: If checked, the signature and all the other
content will be added as a new revision thus not invalidating existing
signatures.
• Keystore Type: The specified keystore type. pkcs12 is the most
common type.
• Keystore Provider: Sets the Cryptographic Service Provider that will
sign the document. Leave it empty for pkcs12 type.
• Signed Type: The mode can be Self signed (Adobe.PPKLite) , VeriSign
plug-in (VeriSign.PPKVS) and Windows Certificate Security
(Adobe.PPKMS).
• Certification Level: The certification level can be NOT_CERTIFIED,
CERTIFIED_NO_CHANGES_ALLOWED,
CERTIFIED_FORM_FILLING and
CERTIFIED_FORM_FILLING_AND_ANNOTATIONS.
•
•
•
•
Reason: Sets the signing reason.
Location: Sets the signing location.
Contact: Sets the signing contact.
Appearance:
– Visible: Sets the signature to be visible on the Position of the
selected Page.
– Page Number: Select the page number for the digital signature.
– Appearance: There are 4 Options: Description Only, Signer Name
and Description, Signature Image and Description, and Signature
Image only.
– Let/Right/Top/Bottom: The position for the digital signature.
– Use Signature Image: Set the signature image if the Appearance
option is Signature Image and Description
– Use Background Image: Set the background image. Leave it blank
if no background image.
– Background Image Scale: Set the scaling to be applied to the
background image.
Digital Signature - Process
• The sender uses a signing algorithm to sign the
message. The message and the signature are sent to
the receiver. The receiver receives the message and
the signature and applies the verifying algorithm to
the combination. If the result is true, the message
is accepted; otherwise, it is rejected.
Need for Keys
• A digital signature needs a public-key system.
The signer signs with her private key; the
verifier verifies with the signer’s public key.
Need for Keys…
• Note that when a document is signed, anyone,
including Bob, can verify it because everyone has
access to Alice’s public key.
• Alice must not use her public key to sign the
document because then anyone could forge her
signature.
• Can we use a secret (symmetric) key to both sign
and verify a signature?
Contd…
1. A secret key is known by only two entities (User
A and User B). So if User A needs to sign another
document and send it to User C, she needs to use
another secret key.
2. Creating a secret key for a session involves
authentication, which uses a digital signature.
3. User B could use the secret key between himself
and User A, sign a document, send it to User C,
and pretend that it came from User A.
A cryptosystem uses the private and public keys of
the receiver: a digital signature uses the private
and public keys of the sender.
Signing the Digest
Services
• We discussed several security services including
message confidentiality, message authentication,
message integrity, and nonrepudiation.
• A digital signature can directly provide the last
three; for message confidentiality we still need
encryption/decryption.
Topics discussed in this section:
 Message Authentication
 Message Integrity
 Nonrepudiation
 Confidentiality
Message Authentication
• A secure digital signature scheme, like a secure
conventional signature can provide message
authentication.
A digital signature provides message authentication.
Message Integrity
• The integrity of the message is preserved even if
we sign the whole message because we cannot get
the same signature if the message is changed.
A digital signature provides message integrity.
Nonrepudiation
Nonrepudiation can be provided using a trusted
party.
Confidentiality
A digital signature does not provide privacy.
If there is a need for privacy, another layer of
encryption/decryption must be applied.
Attacks On Digital Signature
• This section describes some attacks on digital
signatures and defines the types of forgery.
• Attack Types
– Key-Only Attack
– Known-Message Attack
– Chosen-Message Attack
• Forgery Types
– Existential Forgery
– Selective Forgery
Digital Signature Schemes





RSA Digital Signature Scheme
ElGamal Digital Signature Scheme
Schnorr Digital Signature Scheme
Digital Signature Standard (DSS)
Elliptic Curve Digital Signature Scheme
RSA Digital Signature Scheme
General idea behind the RSA digital signature scheme
Key Generation
 Key generation in the RSA digital signature scheme is
exactly the same as key generation in the RSA.
 Alice chooses two primes p and q and calculates
n  p  q . Alice calculates  (n)  ( p  1)( q  1).
• She then chooses e, the public exponent, and
calculates d, the private exponent such that
e  d  1 mod  (n)
• Alice keeps d; she publicly announces n and e.
In the RSA digital signature scheme, d is private;
e and n are public.
Signing and Verifying
RSA digital signature scheme
RSA Signature on the Message Digest
When the digest is signed instead of the message
itself, the susceptibility of the RSA digital signature
scheme depends on the strength of the hash
algorithm.
ElGamal Digital Signature Scheme
General idea behind the ElGamal digital signature
scheme
Key Generation
• The key generation procedure here is exactly
the same as the one used in the cryptosystem.
In ElGamal digital signature scheme, (e1, e2, p) is
Alice’s public key; d is her private key.
Verifying and Signing
ElGamal digital signature scheme
Signing
• Alice can sign the digest of a message to any entity,
including Bob.
– Alice chooses a secret random number r. Note that
although public and private keys can be used
repeatedly. Alice needs a new r each time she signs a
new message.
– Alice calculates the first signature
.
– Alice calculates the second signature
– Alice sends M, S1, and S2 to Bob.
Verifying
• An entity, such as Bob, receives M, S1, and S2, which
can be verifies as follows:
–
–
–
–
–
Bob checks to see if 0 < S1 < p
Bob checks to see if 0 < S2 < p-1
Bob calculates V1 = e1M mod p
Bob calculates V2 = e2S1 × S1S2 mod p
If V1 is congruent to V2, the message is accepted;
otherwise, it is rejected. Prove the verification using
e2 = e1d and S1 = e1r.
Schnorr Digital Signature Scheme
General idea behind the Schnorr digital signature scheme
Key Generation
1)
2)
3)
4)
Alice selects a prime p, which is usually 1024 bits in length.
Alice selects another prime q.
Alice chooses e1 to be the qth root of 1 modulo p.
Alice chooses an integer, d, as her private key.
5) Alice calculates e2 = e1d mod p.
6) Alice’s public key is (e1, e2, p, q); her private key is (d).
In the Schnorr digital signature scheme, Alice’s
public key is (e1, e2, p, q); her private key (d).
Signing and Verifying
Schnorr digital signature scheme
Contd…
Signing
1. Alice chooses a random number r.
2. Alice calculates S1 = h(M|e1r mod p).
3. Alice calculates S2 = r + d × S1 mod q.
4. Alice sends M, S1, and S2.
Verifying Message
1. Bob calculates V = h (M | e1S2 e2−S1 mod p).
2. If S1 is congruent to V modulo p, the message is
accepted;
Digital Signature Standard (DSS)
General idea behind DSS scheme
Contd…
Key Generation.
1) Alice chooses primes p and q.
2) Alice uses <Zp*, × > and <Zq*, ×>.
3) Alice creates e1 to be the qth root of 1 modulo p.
4) Alice chooses d and calculates e2 = e1d.
5) Alice’s public key is (e1, e2, p, q); her private key is (d).
Verifying and Signing
DSS scheme
Contd…
DSS Versus RSA
Computation of DSS signatures is faster than
computation of RSA signatures when using the same p.
DSS Versus ElGamal
DSS signatures are smaller than ElGamal signatures
because q is smaller than p.
Elliptic Curve Digital Signature
Scheme
General idea behind the ECDSS scheme
Key Generation
Key generation follows these steps:
1) Alice chooses an elliptic curve Ep(a, b).
2) Alice chooses another prime q the private key d.
3) Alice chooses e1(…, …), a point on the curve.
4) Alice calculates e2(…, …) = d × e1(…, …).
5) Alice’s public key is (a, b, p, q, e1, e2); her private key
is d.
Signing and Verifying
The ECDSS scheme
Variations and Applications
Time Stamped Signatures
Sometimes a signed document needs to be time stamped to
prevent it from being replayed by an adversary. This is
called time-stamped digital signature scheme.
Blind Signatures
Sometimes we have a document that we want to get signed
without revealing the contents of the document to the
signer.
Download