Professional Documents
Culture Documents
1. Introduction. 2. Basic Requirements. 2.1. Private Key. 2.2. Public Key. 2.3. Digital Signature Certificate. 3. Digital Signature Algorithm. 3.1. Signature Generation. 3.2. Signature Verification. 3.3. Secure Hash Algorithm. 4. DSA parameters. 4.1. Specification of parameters. 4.2. Generation of parameters. 4.3. Signature Generation. 4.4. Signature Verification. 5. Example. 6. Applications of Digital Signature. 7. Drawbacks of using digital signature. 8. Legal Aspects of Digital Signature. 8.1. Secure Digital Signature. 8.2. Rules for Certifying Authority. 9. Appendix. 9.1. Proof for Signature Verification. 10. Bibliography. ..5 ..6
..8
.11
.20 .22
1. INTRODUCTION
The authenticity of many legal, financial, and other documents is determined by the presence or absence of an authorized handwritten signature. The recipient of the signed document can verify the claimed identity of the sender using the signature. Also, if the sender later repudiates the contents of the document, then recipient can use the signature to prove the validity of the document. With the computerized message systems replacing the physical transport of paper and ink documents, an effective solution for authentication of the electronic data is necessary. Various methods have been devised to solve this problem, but the use of digital signature is definitely the best solution amongst them. A digital signature is nothing but an attachment to any piece of electronic information, which represents the content of the document and the identity of the originator of that document uniquely. The digital signature is intended for use in electronic mail, electronic funds transfer, electronic data interchange, software distribution, data storage, and other applications which require data integrity assurance and data origin authentication. When a message is received, the recipient may desire to verify that the message has not been altered in transit. Furthermore, the recipient may wish to be certain of the originator's identity. Both of these services can be provided by the digital signature. A digital signature is an electronic analogue of a written signature in that the digital signature can be used in proving to the recipient or a third party that the message was, in fact, signed by the originator. Digital signatures may also be generated for stored data and programs so that the integrity of the data and programs may be verified at any later time. Although there are various approaches to implement the digital signature, this report discusses the Digital Signature Standard. It specifies the Digital Signature Algorithm (DSA) which is appropriate for applications requiring a digital rather than written signature. The DSA is considered as the standard procedure to generate and verify digital signatures. A DSA digital signature is a pair of large numbers represented in a computer as strings of binary digits. The first section of this report deals with the basic requirements for using the digital signature. The next sections contain detailed explanation of the process of generation and verification of the digital signature. In addition to this the applications of the digital Signature are also discussed. The report also focuses on some legal aspects of digital signature, with reference to the Information Technology Act. The use of digital signature has been illustrated with an example in a practical scenario.
This report is an attempt to make the readers familiar with the concepts related to the digital signature and give them an idea of usefulness of a digital signature in the world of electronic information exchange.
2. BASIC REQUIREMENTS
Any individual who wishes to use the digital signature must have a unique private key for generation of the signature. The recipients who receive digitally signed messages must have the public key, corresponding to the private key used for the generation of the digital signature, for verification of the signature. Also the recipients must obtain the digital signature certificate which acts as a proof of the association between the public key and the private key. Once all these requirements are satisfied, then only the subscriber can use the digital signature.
Figure 2.1
public key can just verify the message received from the sender. Any person who digitally signs his messages must distribute the public key to the recipients of his messages, so that they can verify the validity of these messages.
Figure 2.3.1
Figure 3.1.1 The above diagram shows the process of Digital Signature Generation. It consists of following steps:1. The user of Digital Signature can use this facility optionally. So if he chooses to send the message without a signature, then the message is directly send to the other end. But, if he wishes to digitally sign the message, then he is asked for the Private Key by the digital signature Generation system. 2. A Secure Hash Algorithm (SHA) is used in the signature generation process to obtain a condensed version of message, called a message digest. The SHA is such that it generates different message digest for each different message. In other words, no two messages have the same message digest. 3. The DSA sign unit accepts the message digest from the SHA and the private key from the user. Then a digital signature is generated as a function of both, the private key and the message digest. Number of other parameters called as DSA parameters, are also used in this process. These parameters are discussed in details in the next section.
5
4. Once a signature is generated, it is attached to the original message. Then this message is send to the other end.
Figure 3.2.1 The above diagram shows the process of Digital Signature Verification. It consists of following steps:1. A user can receive messages from different senders. Some of them may be using a digital signature and some may not. If a message is not digitally signed then the user accepts it without any verification. But in case of digitally signed message, he can verify the message with the help of public key corresponding to the sender. 2. The received message is fed to the SHA for generation of the message digest. The SHA used by the receiver must be same as that used by the sender. So, if the message content remains unaltered during the transport, then SHA will generate the same message digest. 3. The DSA verify unit accepts the message digest from the SHA and the public key from the receiver. Using the DSA parameters, public key, message digest the received digital signature is verified. If the signature gets verified, then integrity of the message as well as the identity of sender is confirmed. But if it doesnt get verified, then either the message has been corrupted during the transport or the private key used is not matching with the public key. In either case the message is considered invalid and should be rejected by the receiver.
Figure 3.3.1 The SHA is called secure because it is computationally infeasible to find a message which corresponds to a given message digest, or to find two different messages which produce the same message digest. Any change to a message in transit will, with very high probability, result in a different message digest, and the signature will fail to verify.
4. DSA PARAMETERS
4.1. Specification of parameters.
The DSA (Digital Signature Algorithm) makes use of the following parameters: 1. p is a prime number, where 2L-1 < p < 2L for 512 <= L <= 1024 and L a multiple of 64. 2. q is a prime divisor of p - 1, where 2159 < q < 2160 . 3. g = h(p-1)/q mod p, where h is any integer with 1 < h < p - 1 such that h(p-1)/q mod p > 1 (g has order q mod p)
4. x = a randomly generated integer with 0 < x < q 5. y = gx mod p 6. k = a randomly or generated integer with 0 < k < q The integers p, q, g can be public and they can be common to a group of users. A user's private and public keys are x and y, respectively. They are normally fixed for a period of time. Parameters x and k are used for signature generation only, and must be kept secret. Parameter k must be regenerated for each signature.
5. EXAMPLE
In order to integrate all the above concepts related to the digital signature, we consider a practical scenario as an example. Suppose there is a XYZ company, which is a client of ABC consultancy. XYZ seeks advice from ABC in the company matters. They used to communicate with each other through letters for many years. Now, with the computerization of XYZ, they decide to use electronic media for information exchange. Since the information exchanged by the two parties is of professional importance, they decide to use some authentication protocol, so that reliable communication is possible. The representatives from ABC and XYZ conduct a meeting and decide the use of digital signature, as a means of authentic message transport. To establish the digital signature system they perform the following actions, 1. Each party contacts the authority responsible for allocating the private and public key. By paying the required amount, each of them gets a unique key pair. 2. Then each of them makes an application to the Certifying Authority for getting the Digital Signature Certificate for the public key of other party. 3. The Certifying authority asks the applicants to produce the private key corresponding to the public key, to be listed in the digital signature certificate, i.e. for ABC to obtain certificate for the public key of XYZ, it should ask XYZ to produce its private key and public key before the concerned Certifying Authority. 4. The Certifying Authority verifies the functioning of the key pair i.e. they are capable of generation and verification of digital signature. 5. On confirming the working of key pair, it issues a Digital Signature Certificate to the applicant. 6. Now the company XYZ has the Certificate, which lists the public key of ABC. While ABC has the Certificate, which lists the public key of XYZ. 7. They install the software necessary for generation and verification of each others digital signature. This software must be same for both the parties, so that they use the same hashing algorithm.
10
8. With this set-up they are ready to use the digital signature with their messages. Each party can sign the messages by using the private key and the recipient party can verify these messages using the corresponding public key, listed on the digital signature certificate. To understand how this system behaves in different circumstances we consider number of cases of usage of this system. CASE 1: Company XYZ needs an advice from ABC consultancy regarding the financial strategy of the company. So, it creates a message addressed to ABC and attaches the digital signature to the message using the correct private key. ABC receives the message from XYZ, and it applies the public key of XYZ to the message. Suppose the message gets verified. Conclusion: Since the message got verified, ABC is assured that the message was sent by XYZ and the content of that message is intact since it was sent by XYZ. CASE 2: On receiving the above message, ABC decides to send an advice to XYZ. So, ABC writes a message addressed to XYZ and uses its private key to generate the digital signature. On receiving this message XYZ applies the corresponding public key and verifies the message. It finds that the signature gets verified. Conclusion: Verification of the message is an indication of the authenticity of the sender and integrity of the data. Thus XYZ can safely assume that it has an unmodified message from ABC only, and no one else. CASE 3: Suppose company XYZ takes action according the advice given by ABC consultancy and XYZ has to suffer a major financial loss due this action. XYZ holds ABC responsible for the loss and wants to take legal action against ABC. Thus XYZ files a case in the court, accusing ABC for giving wrong advice and demands compensation for the loss suffered. The consultancy ABC denies giving such advice to XYZ. The court asks XYZ to prove their claim against ABC. Then XYZ produces the copy of message received from ABC and the Digital signature certificate, which lists the public key of ABC. It shows that the signature on the message gets verified by ABCs public key, so that message was indeed sent by ABC. The court accepts the claim of XYZ and orders ABC to give compensation to XYZ. Conclusion: A digital signature can be used to prove the identity of the sender to a third party. CASE 4:
11
A company LMN is a business rival of XYZ and it knows about the communication of XYZ with consultancy ABC. So LMN sends a fake message, containing a false advice, to XYZ pretending to be ABC. On receiving this message, XYZ verifies it with the public key of ABC. It finds that the signature doesnt get verified. So, it rejects the message considering it as invalid. Thus it is saved from getting wrong advice. Conclusion: Any message not signed by the proper private key will not get verified by the public key corresponding to the correct private key. CASE 5: Failing to mislead XYZ, LMN now decides to use some different method. By some means LMN manages to modify the content of a message send by ABC to XYZ. When XYZ receives the message and verifies it with the public key, it finds that message is invalid. Thus it rejects the advice. So again XYZ is safeguarded from the attempt to intrude into the communication. XYZ immediately informs ABC about the rejection of the message and asks them to resend the message. Conclusion: Although the proper private key is used to generate message, if the message content gets modified, then the message digest generated at the receiver end is different, due to which the signature will never get verified. CASE 6: With the failure of one more attempt to misinform the company XYZ, LMN decides to steal the private key from ABC and somehow it succeeds in obtaining it. LMN writes a message to XYZ in the disguise of ABC and digitally signs the message using the stolen key. On receiving the message, XYZ verifies the digital signature and finds it to be a valid one. Thus it accepts the advice and acts accordingly. Following the wrong advice it suffers loss and XYZ accuses ABC for the loss. The court finding the valid signature accepts the claim of XYZ and ABC is asked to give compensation. Conclusion: Security of the private key is responsibility of the key holder. If the key is lost, then the key owner will be responsible for the damage made using the key. On the Basis of all the above cases we can conclude that a Digital Signature can protect the subscribers from any attempts of forgery, provided that the private key is kept in a secure manner. Also this system is considered valid in the legal matters. So using digital signature is definitely an excellent option for preserving the integrity of data and authenticity of the user identity.
12
before generating the message digest, the message should be encrypted. Then the digital signature is generated and attached to the message. At the receiving end after verification of signature, the message is decrypted to recover the original message. 5. Software Distribution. Software developers often distribute their software using some electronic media, for example, the internet. In this case, in order to ensure that the software remains unmodified and its source is genuine, Digital Signature can be used. The developer signs the software and the users verify the signature before using it. If signature gets verified, then only the users can be sure about the validity of that software.
14
6. Although digital signature provides authenticity, it does not ensure secrecy of the data. To provide the secrecy, some other technique such as encryption and decryption needs to be used.
Provided further that, no application shall be rejected unless the applicant has been given a reasonable opportunity of showing cause against the proposed rejection.
9. APPENDIX
9.1. Proof of Signature Verification.
The purpose of this appendix is to show that if M' = M, r' = r and s' = s in the signature verification, then v = r'. Where, M is the sent message, the pair of numbers r and s is signature of the message M. M' is the received message, r' and s' is the received signature. Before proving the final result, we state and prove following lemma. Lemma: Let p and q be primes so that q divides p 1, h a positive integer less than p, and g = h (p-1)/q mod p. Then g q mod p = 1, and if m mod q = n mod q, then g m mod p = g n mod p. Proof: We have, g q mod p = (h (p- 1)/ q mod p) q mod p
17
Now let m mod q = n mod q, i.e., m = n + k.q for some integer k. Then g m mod p = g
(n+k.q)
mod p
= (g n .g k.q) mod p = ((g n mod p) . (g q mod p) k) mod p = g n mod p Since, g q mod p = 1. We are now ready to prove the main result.
THEOREM: If M' = M, r' = r, and s' = s in the signature verification, then v = r'. Proof: We have, w = ( s' ) -1 mod q = s-1 mod q u1 = ( ( SHA(M') ) w ) mod q = ( (SHA(M) ) w ) mod q u2 = ( r' . w ) mod q = ( r . w ) mod q. Now y = g x mod p, So that by the lemma, v = ( ( g u1 y u2 ) mod p ) mod q = ( ( g SHA(M) . w . y r . w ) mod p) mod q = ( ( g SHA(M) . w . g x .r. w ) mod p) mod q = ( ( g ( SHA(M)+x.r ) . w ) mod p ) mod q. Also,
18
s = ( k-1( SHA(M) + x.r ) ) mod q. Hence, w = ( k . ( SHA(M) + x.r )-1 ) mod q ( SHA(M) + x.r ) .w mod q = k mod q. Thus by the lemma, v = (gk mod p) mod q = r = r'. Hence the theorem is proved.
10. BIBLIOGRAPHY
10.1. Books.
1. Computer Networks Third Edition, by Andrew S. Tanenbaum, PHI. 2. Internet Security Second Edition, by Derek Atkins.
3. Secure Hash Algorithm, http://www.itl.nist.gov/fipspubs/fip180-1.html . 4. Digital Signature Standard, http://www.itl.nist.gov/fipspubs/fip186.html . 5. Information Technology Act 2000, India,
19
20