CSY3023 | Internet and Computer Security | Technical Paper DIGITAL SIGNATURES: AN IN DEPTH ANALYSIS 1. ABSTRACT In a network such as Internet, one of the most important security concerns is the integrity of data. Data integrity in its simplest form refers to the assurance of message originality as it is transferred from the sender to receiver. When any message is transferred in the internet, it has to pass through a series of network links such as routers before it actually reaches the recipient. These network links may contain insecure adversary paths through which the message has to be passed. It is in these non-secure paths, that the data is likely to be tampered in which case; the recipient gets a modified data from the adversary party instead of the original message from the authentic sender. Digital Signatures are one of the most fundamental cryptographic primitives which are used for the secure and authentic communication between two or more parties. They are the mathematical schemes which demonstrate the authenticity of any digital information or document thereby giving the receiver a valid reason to believe that the message was sent by an authentic sender and was not tampered or altered in transit. So basically speaking, the paper will discuss an overview of digital signature, how it is created, what are the technologies involved, demonstration of ways of using this technology to validate the identity of the user and why is used in the first place discussing some of its major advantages over non-secure communication. 2. INTRODUCTION Digital Signatures in many aspects are similar to hand-written signatures the difference being that the digital ones are cryptographically based and cannot easily be forged once they are properly implemented. Apart from this, one of the key features of digital signatures is the non-repudiation – meaning the signer cannot successfully claim that he/she did not sign the message. It is a form of asymmetric cryptography and involves two algorithms with a pair of public and private key. The first algorithm is used for signing with the sender's private or secret key and the other algorithm is used to verify the signature using the corresponding public key. The end result of this process is what digital signature is all about. Precisely speaking, the input of digital signatures is called Rajesh Agrawal | 09289557 Page | 1 CSY3023 | Internet and Computer Security | Technical Paper “message”, and this message can be anything from a letter to a large legal contract paper. The digital signature in all cases follows a scheme which involves three algorithms – key generation algorithm (randomly produces a public/private key pair), signing algorithm (combining signing key and input to create signature) and signature verifying algorithm (used to either accept or reject the signature). Before moving on to the actual working of digital signature process, an overall understanding of digital signature, why is in necessary and the technologies involved in very necessary. So let us focus on the overall background and importance of digital signatures. 3. WHY DIGITAL SIGNATURES? As discussed above, digital signatures are used for secure data communication and protecting the integrity of message sent between two or more users. Basically, digital signatures provide three basic functions for any data transfer – Authentication, Authorization and Verification of Data Integrity. Let us briefly discuss how the use of digital signature provides these functionalities and protection: AUTHENTICATION: When any message is sent across the network, it contains information about the entity sending the message. This is where the authenticity of the message comes into play. The use of digital signatures provides us a mechanism to authenticate the source and sender of the message. A valid signature reflects that the message was sent by a specific user having the ownership of the digital signature secret key. Thus, digitally signed documents securely identify the author of the document through this attribute. AUTHORIZATION: The authentication attribute of digital signatures provides a basis for the authorization process. This is more vivid when digital signatures are used to secure documents and its permissions. Once an application knows the identity of a subject, it may then specify what set of operations and commands that sender may execute. Digital signatures can be also used in Digital Rights Management (DRM) scheme such that Rajesh Agrawal | 09289557 Page | 2 CSY3023 | Internet and Computer Security | Technical Paper author can decide who is allowed to read, modify or print the document. VERIFICATION OF DATA INTEGRITY: When a document or message is transferred from sender to receiver, it may either be corrupted by broken file transfer or by malicious intent of adversary parties in the pathway. In order to prevent this, digital signatures comprise of checksums and hashes to check the integrity of the message sent across. When a digital signature is attached to any file, it contains a hash value which is discussed later in the paper. If the document is altered before reaching the intended recipient, the document will generate a different hash value which confirms that the document is altered and corrupted. On the other hand, if the has value generated at the receiving end exactly matches the value in digital signature, the document is believed to be unaltered. Apart from these basic attributes, digital signature also provides non-repudiation, security and accountability. The figure below illustrates the benefits of using digital signatures. Figure 1: Benefits of Digital Signature 4. TECHNOLOGIES OF DIGITAL SIGNATURE Digitally signing any message or document involves a combination of three core technologies – Hashing Algorithms, Encryption Algorithms and Public Key Certificates. In order to understand how digital signatures actually work, it is very important to Rajesh Agrawal | 09289557 Page | 3 CSY3023 | Internet and Computer Security | Technical Paper understand these technologies separately. Let us discuss each of these technologies and how they comprise to form a digital signature together: 4.1 HASHING ALGORITHMS A hash algorithm takes an input and returns a fixed length string which is called hash value, hash sum, message digest of simply hashes. It is a means of turning data into a relatively small number of strings that then may act as a fingerprint of the larger document of data. Hash algorithms provide a basis for the confirmation of data integrity in security attributes such as Digital Signatures. The figure below shows how hashing works: Figure 2: Hash Functions The figure above demonstrates that even a small change in the input results to a vast change in its hash sum. This is referred to as the Avalanche Effect. Two of the most widely used hashing algorithms are – MD5 and SHA-1 which are briefly discussed below: MD5 (Message-Digest Algorithm 5) MD5 is a widely used cryptographic hash function providing integrity checks in various security applications. MD5 is a 128-bit hash value and is expressed as a 32 digit hexadecimal number. MD5 was designed by Ronald Rivest of MIT as a series of Rajesh Agrawal | 09289557 Page | 4 CSY3023 | Internet and Computer Security | Technical Paper message digest algorithms. The most common purpose of MD5 digest is to provide an assurance that a document or message transmission was intact without any alterations. Usually file server provides a pre-computed MD5 checksum in order to compare the MD5 checksum after downloading the file. UNIX operating systems usually have inbuilt MD5 checksum utilities whereas Windows users have to use a third party application. The following demonstrate any ASCII input and the corresponding hash: md5(“The University of Northampton”) =0dbad3fd321f01264eb2cb83d8200f90 md5(“The University of Northampton.”) =2d640fc9049c9cca034df69328de7c7b The above example shows that even a small change in the ASCII input (adding a period) produces an altogether different hash. This is called the “Avalanche Effect”. SHA-1 (Secure Hash Algorithm 1) Similar to MD5 hash algorithm, SHA-1 generates a fixed length digital representation (message digest) from an input document or message of any size. SHA hash functions were designed by National Security Agency (NSA) and published by the NIST as a standard. SHA-1 hash produces a hash that is 160 bits long (whereas MD5 produces 128 bits hash). SHA-1 is deployed by a wide range of security applications and protocols such as SSL, PGP, SSH, S/MIME, IPSec and TLS. The following is an example of SHA-1 digest: sha1(“The University of Northampton”) =2ad2fe849d1cad2e573baa692ed9fb867c00b8b4 sha1(“University of Northampton”) =c2407f4352e0062e0c88feebb216311e9b57a603 Rajesh Agrawal | 09289557 Page | 5 CSY3023 | Internet and Computer Security | Technical Paper Thus, both MD5 and SHA-1 are hash functions used actively in the digital signatures process. The major functions and attributes of these hash functions are: Easy to compute and difficult to reverse Difficult to find two input values resulting in same hash (such cases is called “collision”) Hash values can be stored separately or as a part of digital signature Same hash function is used to compute hash for a received document and the computed hash is compared with the saved hash to prove its integrity. 4.2 ENCRYPTION ALGORITHMS Encryption refers to transforming the original text or message into non-readable format by applying a function to the original message. The original message is called “plain text” and the transformed message is called “cipher text”. Recovery of plain text from the cipher text is only possible with a correct key. This process of recovering the original text is called decryption. There are basically two types of encryption algorithms – Symmetric and Asymmetric. Let us briefly looks what these two encryption algorithms are: SYMMETRIC ALGORITHM In symmetric algorithm, same key is used both for encryption and decryption. Both the sender and receiver share a common key and key distribution and management is an issue in this type of encryption scheme. ASSYMETRIC ALGORITHM Asymmetric algorithm involves two keys – public and private for encryption and decryption as opposed to the symmetric algorithm which uses only one for both the tasks. It is often referred to as Public Key Cryptography where a sender encrypts the message using a key called private key and then in the receiving end, the receiver decrypts the message using the public key pair. In this method, the private key is known only by the owner whereas as public key is known by everyone and is distributed via public channels. Rajesh Agrawal | 09289557 Page | 6 CSY3023 | Internet and Computer Security | Technical Paper ALGORITHMS FOR PUBLIC KEY CRYPTOGRAPHY – RSA AND DSA RSA: RSA is an algorithm for public key cryptography and is one of the first algorithms suitable for both signing as well as encryption. RSA is said to be secure due to its long cryptographic keys and the use of up to date implementations. Based on the fact that RSA is a public key cryptography algorithm, it employs two keys – public and private keys to encrypt and decrypt messages. If a user A wants to communicate with another user B, then user A sends his public key to user B keeping his private key with himself. While user B now can encrypt a message using user A's public key and send it back to user A. Now in the decrypting end, user A can decrypt the message sent by user B using his privately owned key. Thus, only the owner of the private key can decrypt the message. This is how encryption works with RSA. RSA can not only be used in encryption, but also in signing the messages. Following are the processed involved in signing message with RSA: The sender first produces a hash value of the message. The same is followed in the decrypting end as well. The hash value is attached to the message as a digital signature. In the receiving end, signature is decrypted to get the hash value. Resulting hash value is compared with message's actual hash value to make sure they match. Identical hash values confirm the integrity of message while different hash value depicts that the message have been tampered on the way. DSA: Digital Signal Algorithm is for signature only and not for encryption. DSA is a public key algorithm in which the secret key operates on message hash generated by SHA-1. In order to verify the signature, one has to re-compute the hash from original message, decrypt the signature and then compare the results. The key size for DSA is variable from 512 to 1024 bits. Signature creation in DSA roughly takes same time as the RSA, but the Rajesh Agrawal | 09289557 Page | 7 CSY3023 | Internet and Computer Security | Technical Paper verification of signature with DSA takes a lot of time compared to RSA, Since verification of signature is frequently done than creation, RSA is a more preferred public key algorithm. 4.3 PUBLIC KEY CERTIFICATES Public key certificate or digital certificate is an electronic document and uses digital signature to bind together a public key with an identity – name of a person, organization, address, email details and others. This certificate is used to verify that a public key belongs to an individual and not others. In a PKI scheme, the signature will be of a certificate authority (CA) whereas in a web of trust scheme, the signature belongs to the user (self signed certificate which is demonstrated later in paper). For UNIX based systems, these certificates can be created using a tool called OpenSSL which is a built-in package in UNIX systems. Similarly, Microsoft Windows 2003 contains CA for the creation of digital certificates. Both these instances produce selfsigned certificates without any validation from Certificate Authorities such as VeriSign. A typical digital certificate contains the following information: Serial Number: Uniquely identifies the certificate. Subject: The person or entity identified. Signature Algorithm: The algorithm used to create signature. Issuer: Subject who verified the information and issued the certificate. Valid From and Valid To: Date that certificate is valid from and expiration date. Key Usage: Purpose of the public key. Public Key: Public key to encrypt the message to the named subject. Thumbprint Algorithms: The algorithm used to hash the certificate. Thumbprint: The hash value to ensure the certificate integrity. The standard digital certificate format is ITU-T X.509. An X.509 certificate binds a public key to a Distinguished Name. Primarily, there are three different interests associated with digital certificates – the requesting party, the issuing party and the Rajesh Agrawal | 09289557 Page | 8 CSY3023 | Internet and Computer Security | Technical Paper verifying party. The table below clarifies the type of certificate and its requesting, issuing and verifying parties: Types of Requesting Party Issuing Party Verifying Party Certificates The person or any Identity other user concerned Accreditation Authorization The government agency A qualified member The of profession A customer wishing to access a resource appropriate Anyone undertaking an identity check professional A user of the services body offered by the member The resource owner The resource owner Having described what digital signature is why it is necessary and the technologies involved in creating a digital signature, it is time now to explore the working process of digital signatures. Digital signature process involves two core stages, signing the document or message on one hand and verification of the signed message on the other. Once we understand the working of digital signatures, the actual signing process of an open office document by creating the public/private key using Open SSL will be demonstrated later in the paper. 5. WORKING PROCESS OF DIGITAL SIGNATURES The working of digital signature is explained on the basis of the Figure 2 below. As we can see, the digital signature process in divided into blocks – signing and verification. First of all for the signing process, a hash value of the document to be signed is generated either by using MD5 or SHA-1 as discussed earlier. This hash value (also called fingerprint of the document) is then encrypted using the private key of the signer which results to an output of what is called a “signed fingerprint”. This signed fingerprint along with the signer's public key and a digital certificate (provided by CA or self-signed) are aggregated together to form a digital signature. This signature when attached to the original document or message gives us a digitally signed document as seen in the figure below. This is where the signing process completes. Rajesh Agrawal | 09289557 Page | 9 CSY3023 | Internet and Computer Security | Technical Paper Now on the receiving end, the verification process of the digitally signed document takes place. The hash value or fingerprint of the signed document is once again calculated in the receiving end. Since the document is digitally signed, it will also have its precomputed hash value. Both these hash values – the one calculated in the receiving end and other from digital signature are compared to each other. If both these fingerprints exactly match one another, then the digital signature is said to be valid which means no any alterations had been performed in the document on the way. While if the fingerprints did not match one another, the digital signature is considered invalid and the document thus received cannot be trusted because some modifications might have been applied to the document upon its transfer process. Figure 3: Signing and Verification of Digital Signature Process Rajesh Agrawal | 09289557 Page | 10 CSY3023 | Internet and Computer Security | Technical Paper 6. SELF-SIGNED DIGITAL CERTIFICATE As mentioned earlier, we will now create a self-signed certificate by using a package called Open SSL under Linux platform. For this, we need to have openssl package installed in the system.Following steps were involved in creating a self-signed certificate: STEP 1: First of all, a random private key was generated using openssl and was saved in a file called CSY3023.key. The command used to generate the key is: tekrajesh@tekrajesh-laptop:~$openssl genrsa -des3 1024 > CSY3023.key This resulted in an output as below where the pass phrase was prompted and thus an RSA key was generated. Generating RSA private key, 1024 bit long modulus ..........++++++ .........................++++++ e is 65537 (0x10001) Enter pass phrase: Verifying - Enter pass phrase: A key is then generated in the home folder called CSY3023.key which is a private key. STEP 2: Now the certificate is created using the key file generated above in the step 1. The certificate thus generated is an X.509 certificate which is valid for 365 days. The following command was entered: tekrajesh@tekrajesh-laptop:~$openssl req -new -key ./CSY3023.key -x509 -days 365 > CSY3023.pem After entering the above command, a series of information is requested in order to create the certificate. Here is what we entered: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Rajesh Agrawal | 09289557 Page | 11 CSY3023 | Internet and Computer Security | Technical Paper Country Name (2 letter code) [AU]:UK State or Province Name (full name) [Some-State]:Northamptonshire Locality Name (eg, city) []:Northampton Organization Name (eg, company) [Internet Widgits Pty Ltd]:The University of Northampton Organizational Unit Name (eg, section) []:School of Science and Technology Common Name (eg, YOUR name) []:Rajesh Agrawal (09289557) STEP 3: Finally a PKCS12 compatible certificate containing the above private key and certificate is created using the following command which gave us a certificate file called 'CSY3023.p12”. tekrajesh@tekrajesh-laptop:~$openssl pkcs12 -export > CSY3023.p12 -name "SelfSigned Digital Certificate" -inkey CSY3023.key -in CSY3023.pem This creates a self signed certificate called CSY3023 which is readily usable to sign any documents and can even be imported to browsers such as Mozilla Firefox. Figure above shows how the certificate looks like in Firefox after it has been imported. Rajesh Agrawal | 09289557 Page | 12 CSY3023 | Internet and Computer Security | Technical Paper 7. DIGITAL SIGNATURE IMPLEMENTATION IN OPENOFFICE.ORG After the digital certificate is created by following the above mentioned steps, we would digitally sign an OpenOffice.org word document and discuss the security aspects it provides to the document. First of all, the document file was signed using the following steps: From File menu, “Digital Signatures” was selected and “Add” was clicked on the dialogue box that appeared. The appropriate certificate was selected and attached to the document. Once the signature was attached to the file, a red seal appeared on the status bar as shown in the figure below, which confirmed that the document was digitally signed using the self-signed certificate. Rajesh Agrawal | 09289557 Page | 13 CSY3023 | Internet and Computer Security | Technical Paper In order to view the digital signature on the document, the red seal on status bar was double clicked which brought up the digital signature information. The red seal indicates that the document has not been altered in any way. Modifying the signed document removed the seal from the status bar which meant that the signature is removed. In addition to this, saving the modified document also removed all the existing signatures on the document. In this way, digital signature was implemented by making use of a self-signed certificate with openssl. The use of digital signature not only provided identity of the author but also ensured data integrity by removing the signature in response to any message alterations. Rajesh Agrawal | 09289557 Page | 14 CSY3023 | Internet and Computer Security | Technical Paper 8. DIGITAL SIGNATURE AND PRIOR REQUIREMENTS The above working shows how digital signature can protect the author's identification and ensure the data integrity of the document. But there are some prior requirements for successful implementation of digital requirements. Some of the major requirements drawn through my research on this paper are listed below: Use of quality algorithms is a must for secure digital signatures. This is because there are some public-key algorithms which are insecure as practical attacks against them had been uncovered. RSA is one of the most secure algorithms in this case as it is used both to encrypt and sign the message. The private key generated needs to be secret. If any adversary or third party gets access to this key, that party can produce a perfect digital signature of whatever possible. So the most important thing is to safeguard the private key. The distribution of public key must be done in such a manner that public key must clearly state whom it belongs to. This is commonly done using the public key infrastructure and the public key user association is attested by an operator of PKI called the Certificate Authority. The user and their software must carry out the signature protocol properly. 9. DIGITAL SIGNATURE USES ENCRYPTION TECHNIQUE BUT ARE NOT USED TO ENCRYPT In my paper above, I have described much about digital signatures, its usage, technologies involved, and some encryption algorithms used in it. The reader might have an impression that by digitally signing a message or document, the message itself becomes encrypted. But what I would want to make clear is that, although digital signatures use encryption algorithms but they are not actually used to encrypt the signed document. Although public key is used for encryption, but the purpose of digital signature is not an encrypted document. This is because: You might want to sign some document digitally but want everyone to be able to read it. Such documents include birth certificate, driving license, university degree and others. These documents if encrypted won't be in plain text and cannot be viewed by Rajesh Agrawal | 09289557 Page | 15 CSY3023 | Internet and Computer Security | Technical Paper others. So digital signatures are used in documents just to identify the owner and verify that the documents are not forged. Engaging in an encrypted conversation does not mean that one wants to encrypt all the messages in legal sense. For e.g, you might have a general conversation with Ford regarding buying a car, but this doesn't mean at all that you signed a legal contract with the dealer. This is the reason that separate private keys should be used for encryption and signing. If for reason a signed document needs to be encrypted, encryption must be used on top of signing process. 10. CONCLUSION: Digital signatures are designed to perform broadly the same purposes (identification of individuals or role-holders, integrity of digital objects and non-repudiation of action) as traditional signatures rather than to look like traditional hand-written signatures. In fact they have more in common with seals than with traditional signatures. A written signature is evidence that the person acted on the document, while a digital signature is evidence that a private key from the signer acted upon the document. The major conclusion we can draw from the digital signature analysis is that, the use of digital signatures in any applications or documents will not prevent fraud from being attempted, but they will prevent attempted fraud from succeeding by giving the application/document an ability to detect fraudulent transactions. The other thing that can be concluded is that digital certificates are more effective as mechanisms for attaching permissions to digital signatures instead of names or identities. The use of digital signatures has been increasingly used in most of the digital communication seen these days due to the viable platform of authentication and assurance of data integrity it delivers. All these properties aggregated lead to uses of digital signatures not as a vehicle for identity but as complete mechanisms representing a trust relationship on which the entire age of digital communication is dependent on. Rajesh Agrawal | 09289557 Page | 16 CSY3023 | Internet and Computer Security | Technical Paper 11. REFERENCES 1. CGI Group Inc. (2004) Public Key Encryption and Digital Signature [online]. Available from: http://www.cgi.com/cgi/pdf/cgi_whpr_35_pki_e.pdf [Accessed: 8th February 2010] 2. Curry, I. (2001) An Introduction to Cryptography and Digital Signature [online]. Available from: http://www.entrust.com/resources/pdf/cryptointro.pdf [Accessed: 5th February 2010] 3. Gladman, B. (1999) Digital Signatures, Certificates and Electronic Commerce. [online]. Available from: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.41.5957&rep=rep1&type=pdf [Accessed: 4th February 2010] 4. Blair, E. (2003) An Introduction to Digital Signatures: policy and process [online]. Available from: http://www.janet.ac.uk/documents/publications/technical-guides/gn-dspolicy.pdf [Accessed: 8th February 2010] 5. Popov, D. (2007) Digital Signatures for documents and email. LINUXUSER. 1 (74), pp.84-86. 6. Mao, W. (2004) Modern Cryptography: Theory & Practice. 1st ed. New Jersey: Prentice Hall Professional. 7. Lysyanskaya, A. (2002) Signature Schemes and Applications to Cryptographic Protocol Design. Ph.D. Thesis, Massachusetts Institute of Technology. Rajesh Agrawal | 09289557 Page | 17 CSY3023 | Internet and Computer Security | Technical Paper APPENDIX: GLOSSARY TERMS Asymmetric Cryptography DEFINITION Two Keys: Private Key for decryption and signing and Public keys for encryption and validating signatures. Knowledge of public key will not reveal the private key. An authority that creates and signs Digital Certificates for one or more users. CA Usually CAs forms a hierarchy. The top of this hierarchy is called the root CA. Data Integrity Digest Assures documents authenticity; any changes made to the content of the document will invalidate the signature. Used in the process of creating a Digital Signature, a Digest is a unique digital representation or "fingerprint" of the signed data. Similar to a passport identifying a trusted a person (or entity such as application, etc.). Digital Certificate the Digital Certificate is issued by a CA and is used to ensure Digital Certificate authenticity of Public keys belonging to users. A Digital Certificate prevents a hacker from claiming they are someone else thanks to the CA which issued the certificates after ensuring the authenticity of Public keys belonging to users. Digital Signature (sometimes referred to as Advanced Electronic Signatures) takes the concept of the traditional paper-based signature Digital Signature into the digital realm, by adding a digital "fingerprint" as a signature to a document. This "fingerprint" is unique to both the document and the signer. A mathematical process that converts a message (e.g., a document) into a unique "message digest" that represents the original message. A hash function Hashing will not produce the same message digest from two different inputs. A hash is a one-way function, making it infeasible to reverse the process to determine the original message from the "message digest". Rajesh Agrawal | 09289557 Page | 18 CSY3023 | Internet and Computer Security | Technical Paper Key Pair The public and private key generated for a user Non-Repudiation Avoid denial of transaction PKCS#12 PKI A Public-key cryptography Standard published by RSA Laboratories defining a format for storing or transporting a user's private keys, certificates, etc. Public Key Infrastructure. The combination of standards, protocols and software that support Digital Signatures and Encryption. The secret key in a PKI system, used to validate incoming messages and sign Private Key outgoing ones. A Private Key is always paired with its Public Key during those key generations. The publicly available key in a PKI system, used to encrypt messages Public Key bound for its owner and to validate signatures made by its owner. A Public Key is always paired with its Private Key during those key generations. A card, typically the same size as a credit card that contains a built-in Smart Card microprocessor and memory. In traditional PKI systems, Smart Cards are used to store user's Private Keys and in some cases, also perform the Hashing. A X.509 standard for Digital International Telecommunication Certificates Union) used from in the ITU many PKI implementations. Rajesh Agrawal | 09289557 Page | 19