You are on page 1of 11

International Research Journal of Computer Science (IRJCS) ISSN: 2393-9842

Issue 11, Volume 4 (November 2017) www.irjcs.com

DIGITAL SIGNATURE & ENCRYPTION IMPLEMENTATION


FOR INCREASING AUTHENTICATION, INTEGRITY,
SECURITY AND DATA NON-REPUDIATION
Ida Nurhaida
Computer Science Faculty
Universitas Mercu Buana, Jakarta 11650, Indonesia
ida.nurhaida@mercubuana.ac.id
Desi Ramayanti
Computer Science Faculty
Universitas Mercu Buana,Jakarta 11650, Indonesia
desi.ramayanti@mercubuana.ac.id
Rhema Riesaputra
Computer Science Faculty
Universitas Mercu Buana,Jakarta 11650, Indonesia
rhema@riesaputra.info
Manuscript History
Number: IRJCS/RS/Vol.04/Issue11/NVCS10080
DOI: 10.26562/IRJCS.2017.NVCS10080
Received: 08, October 2017
Final Correction: 23, October 2017
Final Accepted: 02, November 2017
Published: November 2017
Citation:Nurhaida, I., Ramayanti, D. & Riesaputra, R. (2017). DIGITAL SIGNATURE & ENCRYPTION IMPLEMENTATION
FOR INCREASING AUTHENTICATION, INTEGRITY, SECURITY AND DATA NON-REPUDIATION. IRJCS:: International
Research Journal of Computer Science, Volume IV, 04-14. doi: 10.26562/IRJCS.2017.NVCS10080
Editor: Dr.A.Arul L.S, Chief Editor, IRJCS, AM Publications, India
Copyright: 2017 This is an open access article distributed under the terms of the Creative Commons Attribution
License, Which Permits unrestricted use, distribution, and reproduction in any medium, provided the original
author and source are credited
Abstract A digital signature is a method that serves to improve the integrity, authenticity, non-repudiation,
and confidentiality of digital data in transmission. This paper discusses digital signature and encryption
functions for data communication. In this study, implementing the data transmission is done by email using
digital signatures and encryption functionality on Open PGP. In the end, this research resulted that the function
of the digital signature and encryption can be implemented effectively in the process of sending data/
information via email.
Keywords Digital Signature, Email, Integrity, Authenticity, non-repudiation.

I. INTRODUCTION
E-mail or electronic mail is one of information technology that widely used by the business/employee in
communication activities. As it grows, the email not only as an additional component to communicate but also
has become a crucial requirement in business development itself [1][2]. Email is often incorporated as personal
data as well as the company in the communication business. During the process of sending an email, while the
destination address is correct, then the email will not lead problem in the future. However, the problem will
occur when email is sent to the wrong address and accepted by the unauthorized recipient. On the other hand, it
also needed the system that could verify if the parties are not responsible for any changes of email content while
the sender does not know about it [3]. This condition will arise a problem and misunderstanding between the
sender and the recipient.
________________________________________________________________________________________________
IRJCS: Impact Factor Value SJIF: Innospace, Morocco (2016): 4.281
Indexcopernicus: (ICV 2015): 79.58
2014- 17, IRJCS- All Rights Reserved Page -4
International Research Journal of Computer Science (IRJCS) ISSN: 2393-9842
Issue 11, Volume 4 (November 2017) www.irjcs.com

Digital Signature is a system that can be used to prevent the problem of email sending process. In this process,
the Digital Signature can perform the function of authentication, integrity, and non-repudiation for checking
email content [4]. Digital Signature is expected to prevent an error while sending the document via email and can
execute a verification process. Furthermore, the email can be categorized as a correct or legitimate email. The
implementation of Digital Signature including an encryption function that can protect the data, so that the
content of the data will not be able to understand by unauthorized parties [5]. Therefore, there is a requirement
of a system that can integrate the implementation of digital signature and encryption in the process of sending
data via email. The digital signature will increase the security of email users regarding the legitimacy or validity
of the receiving data [6]. On the other hand, the public awareness about the importance of an email
communication must be improved. The transaction has to be maintained according to validity and safety process
of sending data/information via email [4]. The user can understand regarding how the digital signature is
working and the process of its integrity to the client email application. The objectives of this study are:
1. To perform analysis and to demonstrate that the use of digital signature can improve the authentication,
integrity, security, and non-repudiation of data that is sent by email
2. To implement the data encryption for protecting content from the unauthorized user.
The organization of this paper is as follows. Section II presents the research methodology. Section III discuss the
research methodology. Section III describes the topology design of implementation and testing. Section IV
discusses the findings. This paper is closed by a conclusion in Section V.

II. FUNDAMENTAL THEORY


Information security has become a critical issue. Various steps have been taken to improve and develop the level
of security [7]. The research method used refers to the framework that can be seen in Figure 1.

Figure 1. Research methodology


A. Cryptography
Cryptography is a method of storing and transmitting data or information in a form that can only be read or
processed by those who are entitled [7]. One of the purposes of using cryptographic techniques is to hide
information from unauthorized parties to know the contents of the information [8]. Cryptography has been widely
used to secure information. This research uses a cryptographic algorithm for data security on e-Passport [9]. This
research performs a modular multiplication method comparison on the RSA algorithm for keys of 1024 bits long.
Feizi et al. [10] use cryptographic algorithms to serve as a major component of information security in the form of
block and data flow cipher. Analysis of Simon cipher block is done through algorithm simulation on FPGA.
B. Symmetric Key
The symmetric key is a cryptographic method that uses the same key as the encryption and decryption process
[11][12]. Each encryption method, either symmetric or asymmetric, has an identical algorithm between sender
and receiver of data/ information. This algorithm is combined with symmetric keys to perform the encryption
process and decryption on a data/ information.In Figure 2, we can see the transformation process from the
plaintext, into a random and unreadable encryption format (ciphertext) until the decryption process is performed
by a symmetric key method:
C. Asymmetric Key
Public Key Cryptography is a method that uses asymmetric keys as an encryption method, which is utilized for an
authentication process on Digital Signature. Public key cryptography uses two certificate key pairs that are private
key and a public key. Both of the key are created using asymmetric key algorithm [13].

________________________________________________________________________________________________
IRJCS: Impact Factor Value SJIF: Innospace, Morocco (2016): 4.281
Indexcopernicus: (ICV 2015): 79.58
2014- 17, IRJCS- All Rights Reserved Page -5
International Research Journal of Computer Science (IRJCS) ISSN: 2393-9842
Issue 11, Volume 4 (November 2017) www.irjcs.com

Secret Key = X

Plaintext Encryption Ciphertext Decryption Plaintext

Figure 2. Symmetric Key


The key pair is a unity that has a connection with each other. The data/information encrypted using private key
can only be decrypted by using the public key pair, and vice versa. If a document is encrypted using a public key,
then it can only be decrypted by using its private key pair. Figure 3 is a transformation of plaintext, into a random
and unreadable encryption format (ciphertext). Furthermore, the decryption process is done by the asymmetric
key method.

Public Key = X Private Key = X

Plaintext Encryption Ciphertext Decryption Plaintext

Private Key = X Public Key = X

Figure 3. Asymmetric Key


An example of an asymmetric key algorithm used to create two keys both private key and public key. They serves
as key in the encryption and decryption process as follows ([14], [15]):
For example, the value of p = 5 and q = 21, then:
n = p * q = 5 * 21 = 105
(n) = (p - 1) * (q - 1) = 4 * 20 = 80
Select one of prime number from the equation 1 < e < (n) , from example, we choose e = 7
d = 5 ((5 * 7) mod 80) = 5(35 mod 80) = 5*35 = 175
The generated key as public key and private key are paired and known as asymmetric keys
Public key (e, n) = (7, 105)
Private key (d, n) = (175, 105)
Another example of using asymmetric keys in the encryption and decryption process at a certain value can be
seen below:
Encryption on m = 17 is c = 177mod 105 = 38
Decryption on c = 38 is m = 38175 mod 105 = 17
D. Hash Function
The hash function is a function that takes a string of variable-length message and returns a fixed length value
called a hash value [16]. The characteristics of one-way Hash function, namely:
1. The H function can be applied to any size of data block.
2. H produces a value with fixed-length.
3. H(x) easily calculated for each value of x which is given.
4. For each h which is produced, it is impossible to return an x value such that H (x) = h. That is why the H
function is said to be a one-way Hash function.
________________________________________________________________________________________________
IRJCS: Impact Factor Value SJIF: Innospace, Morocco (2016): 4.281
Indexcopernicus: (ICV 2015): 79.58
2014- 17, IRJCS- All Rights Reserved Page -6
International Research Journal of Computer Science (IRJCS) ISSN: 2393-9842
Issue 11, Volume 4 (November 2017) www.irjcs.com

5. For each x which is given, it is impossible to find yx so that H(y)=H(x).


6. It is impossible to find x and y pairs so that H(x) = H(y).
Illustration of Hash function can be seen in Figure 4 below:

hi H M i , hi 1

Mi
hi 1
One way Hash Function
hi
Figure 4. Hash Function
E. Digital Signature
Digital Signature is applied to authentication functions, integrity checking, and non-repudiation functions on data
or document. Digital Signature created in the cryptographic values that depend on message and message sender.
Some functions of Digital Signature are as follows:
a. Provides Integrity checking process
Data integrity is related to securing of unauthorized data changes. For maintaining data integrity, the system must
have the ability to detect data manipulation by unauthorized parties, including insertion, deletion, and another
data submission into actual data.
b. Provide Authentication process
Authentication relates to identification/ recognition, both in the system and the information itself. Two parties
who communicate with each other must introduce each other. The information transmitted over the channel must
be authenticated, the contents of the data, the delivery time, and so on.
c. Provide non-repudiation process
Non-repudiation is an attempt to prevent any denial of the transmission/creation of any information by the
sender. In the data sending process using Digital Signature, the encryption method is only in the data
hash/Message Digest which is intended to authentication processing for the sender. Here is an overview of the
process, and the basic concepts of Digital Signature [17][18]. Figure 5 shows a public key exchange illustration. If
User A and User B want to exchange keys and communicate, then:
a. User A and User B create two keys
User A creates two keys, public key Kpublic [User A] and a private key Kprivate [User A]
User B creates two keys, public key Kpublic[User B] and a private key Kprivate[User B]
b. They communicate each other to exchange the key
User A and User B exchange public keys each other. User B gets Kpublic[User A] from User A, and User
A gets Kpublic [User B] from User B.
User A encrypts Message Digest P to User B with function C = E(P, Kprivate[User A])
User A sends the C data to User B
User B receives C from User A and open the text-light with the function P = D(C, Kpublic[User A])
The same process occurs when User B is going to sending a message to User A:
User B encrypt Message Digest P to User A with function C = E(P, Kprivate[User B])
User A receives C from User B and opens the Message Digest data with function:
P = D(C, Kpublic[User B])
The Digital Signature is performed in data/document through several steps as follows:
a. A hash function is used on data to be sent based on the Hashing / Message algorithm. The result in Message
Digest or a Hashing value to the data to be sent.
b. Message Digest is encrypted using the private key and generates data called Digital Signature.
c. Each data submission which accompanied by Digital Signature to ensure that the data is valid and no one to
make changes without the consent of the data sender (called integrity).

________________________________________________________________________________________________
IRJCS: Impact Factor Value SJIF: Innospace, Morocco (2016): 4.281
Indexcopernicus: (ICV 2015): 79.58
2014- 17, IRJCS- All Rights Reserved Page -7
International Research Journal of Computer Science (IRJCS) ISSN: 2393-9842
Issue 11, Volume 4 (November 2017) www.irjcs.com

Figure 5. Public Key Exchange Process


Digital Signature Process Verification Digital Signature Process

Data Data Data


Digital Digital
Signature Signature

Hash Sender Private Key Digital Hash


Signature
Encryption Sender Public Key
Algorithm
Encryption
Algorithm

Message Message
Digest Digest
Message
Digest

The sender data is Are they have same


not authenticated No
value?

Yes

The sender data is


authenticated

Figure 6. Digital Signature Process


The verification process is doing by the recipient of data to ensure that the data is completely valid and correctly
transmitted by the authorized sender. After the data/document arrives at the destination, the recipient will do the
Digital Signature verification process by decrypting using the public key. It will ensure that the authorized sender
correctly sends the received data.
a. The recipient decrypts the data/documents sent and matches the result with the Message Digest (data Hash)
from the sender (integrity process).
b. After the data decryption process, the Message Digest is matched by comparing the Message Digest data to
the authentic using the same Hash algorithm.
c. If there is conformity, then the data is valid. Whereas if there is no match on the value of Hash (Message
Digest), then the data is not valid.
In the data sending process using Digital Signature, the encryption method is only on data Hash /Message Digest
for authentication process.
________________________________________________________________________________________________
IRJCS: Impact Factor Value SJIF: Innospace, Morocco (2016): 4.281
Indexcopernicus: (ICV 2015): 79.58
2014- 17, IRJCS- All Rights Reserved Page -8
International Research Journal of Computer Science (IRJCS) ISSN: 2393-9842
Issue 11, Volume 4 (November 2017) www.irjcs.com

Digital Signature combines the Hash function to checking data integrity and encryption functions using public key
cryptography for the authentication process. Figure 6 illustrates the formation process and digital signature
verification.
F. Encryption Function in Data Delivery Process
The use of encryption in the data delivery process is doing for the following purposes [19] :
a. Preventing from sniffing, or the existence of data tapping during the data transmission process which affects
the existence of data during the transmission process/data.
b. Improving data security if the data is on the parties who are not entitled. The process will perform if there is
an error found in data delivery due to human error.
Figure 7 illustrates the encryption and decryption process by using asymmetric encryption. This process can be
described in the following:
1. Public key exchanges are performed as outlined in the previous chapter.
If User A and User B want to exchange keys and communicate, then:
User A and User B exchange public-keys with each other. User B gets Kpublic[User A] from User A, and
User A gets Kpublic[User B] from User B.
User A encrypts data to be transmitted P to User B with function
C = E(P, Kpublic[User B])
User A is sending the C data to User B
User B receives C from User A and open the text-light with the function P = D(C, Kprivate[User B])
2. The same thing happens when User B is going to sending a message to User A:
User B encrypt Message Digest P to User A with function:
C = E(P, Kpublic[User A])
User A receives C from User B and open Message Digest data with function:
P = D(C, Kprivate[User A])

Encryption Process Decryption Process

Data Receiver Public Key Receiver Publi c Key Data


Cipher text Cipher text (Plain text)
(Plain text)
Encryption Encryption
Algorithm Algorithm

Figure 7. Encryption and Decryption Process


III. DESIGN IMPLEMENTATION AND TESTING TOPOLOGY
Problems that exist in the process of sending data by email without digitally sign and encryption process follows:
1. There is no authenticating process at sender site so that it can lead a problem to the existence of fraud
identity to the email sender (email spoofing).
2. Integrity checking of the document/data is not available. It means there is a potential change of the data
tacitly or unnoticed by both parties either the sender or the recipient.
3. Non-repudiation process becomes difficult to prove due to the lack of audit trail. This process will determine
the validation email of sender's data
The sending and receiving data process through email has no authentication process, integrity checking, data
encryption process, and prevention of denial of data sent by data sender (non-repudiation). Figure 8 shows the
proses the sending and receiving data process through email with the following process:
1. User A sends the data through email to User B using SMTP (Simple Mail Transfer Protocol) port 25 and uses
Google Mail Server as an intermediary.
2. Likewise, User B sends the data through email to User A using SMTP (Simple Mail Transfer Protocol) port
25. Google Mail Server as an intermediary as well.
3. User A and User B retrieve email content using IMAP (Internet Messaging Access Protocol) port 993.
________________________________________________________________________________________________
IRJCS: Impact Factor Value SJIF: Innospace, Morocco (2016): 4.281
Indexcopernicus: (ICV 2015): 79.58
2014- 17, IRJCS- All Rights Reserved Page -9
International Research Journal of Computer Science (IRJCS) ISSN: 2393-9842
Issue 11, Volume 4 (November 2017) www.irjcs.com

Figure 8. Email delivery terminology


The topology design for the experimental scenario can be seen in Figure 9. There are 3 (three) email users and 1
(one) email spoofer which is divided based on some functions as follows:
a. HOST A (xyz@gmail.com)

Figure 9. Implementation Topology


HOST A employ google mail server as MTA (mail transfer agent) and MDA (mail delivery agent), while Open PGP
is applied to perform digital signature and encryption functions. HOST A will send data/information via email
without digital signatures and encryption to HOST C. Furthermore, HOST A will send data/information via email
using a digital signature and encryption functionality to HOST B.
________________________________________________________________________________________________
IRJCS: Impact Factor Value SJIF: Innospace, Morocco (2016): 4.281
Indexcopernicus: (ICV 2015): 79.58
2014- 17, IRJCS- All Rights Reserved Page -10
International Research Journal of Computer Science (IRJCS) ISSN: 2393-9842
Issue 11, Volume 4 (November 2017) www.irjcs.com

b. HOST B (rhema@riesaputra.info)
HOST B uses google mail server as MTA and MDA, while Open PGP act to perform digital signature and encryption
function. HOST B will deliver data/information via email using a digital signature and encryption functionality to
HOST A.
c. HOST C (abc@yahoo.com)
HOST C uses yahoo mail server as MTA and MDA without digital signature and encryption functions. HOST C is
used for acceptance process email testing from HOST A. Those emails are encrypted using a digital signature.
d. HOST X (fake identity for xyz@gmail.com)
HOST X employs as fake email sender in Android for email spoofing or email address identity fraud. HOST X will
try to transmit data/information to HOST B while HOST A faked email addresses without the use of digital
signatures and encryption.
For the test environment in this research, several preparatory steps are taken to implement, and testing process
in the following:
1. Implementation preparation stage
Several steps should be prepared namely: Create a new email account, enable IMAP protocol for withdrawal
the email content, installation process of gpg4win-2.1.0, add-on installation process, and installation process
Enigmail-1.4.6-sm + tb.xpi to access email by using a software program related to e-mail content delivery,
receipt of email content, digital signatures, and encryption
2. Implementation and Function Testing Stage
Implementation and testing run on the overall function of data/information transmission through email, and
the digital signature on the transfer of data/information.
3. Test Result Analysis
This stage we conduct analysis results of the implementation and testing function that has been done so that it
can be concluded that a comprehensive review of case studies carried out.
IV. RESULTS AND DISCUSSION
The test results analysis based on design implementation topology is as follows:
a. In the case of sending email without digital signatures and encryption, it is hard to identify the origin of
recipient email message. The contents of email cannot be ascertained according to its validity because it cannot
be verified. Furthermore, it cannot be ensured the confidentiality of the email contents because it is not
encrypted during the sending process (Figure 10).
From: xyz@gmail.com Sender email (HOST X)

To: rhema@riesaputra.info Receipt email (HOST B)


Message-ID: <1122906176.1.1392477533843.JavaMail.javamailuser@localhost>
Subject email including Data/
Subject: Bonus Transfer information sent by HOST X
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_0_1122470856.1392477533734"
X-Sent-Thru: : FakeMail Sender 1.0 for Android
Sender email is doubtful, however it
X-IMPORTANT-NOTICE: : The real sender of this message might be different cannot be verified
------=_Part_0_1122470856.1392477533734
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Data/information content that sent by
Hi bro, mama minta pulsa, tolong kirim pulsa 1jt buat si mama... HOST X
------=_Part_0_1122470856.1392477533734--
Figure 10. The result of receiving Host X email to Host B

________________________________________________________________________________________________
IRJCS: Impact Factor Value SJIF: Innospace, Morocco (2016): 4.281
Indexcopernicus: (ICV 2015): 79.58
2014- 17, IRJCS- All Rights Reserved Page -11
International Research Journal of Computer Science (IRJCS) ISSN: 2393-9842
Issue 11, Volume 4 (November 2017) www.irjcs.com

b. For the sending process of data/information through email which is using digital signature and encryption, the
data transmitted remained safe and kept confidentially. This process is performed in the case of incorrect of
the recipient address. For example, email delivery error from Host A to Host C. The contents of the email
cannot be read by the recipient of the email (Host C) which is not entitled to receive it (Figure 11).
c. It can be proved that the process of sending data/information by email which uses digital signature and
encryption have particularly the ability to make the process of digitally sign and encryption processes.
Furthermore, the recipient can do the verification and decryption process on the email content which is
received. The test result can be seen in Figure 12.
From Rhema.Riesaputra Sat Feb 15 18:22:49 2016

X-Apparently-To: abc@yahoo.com via 98.139.211.222; Sat, 15 Feb 2016 Recipient Address (HOST C)
18:22:54 -0800

Return-Path: <xyz@gmail.com> Sender Address (HOST A)


Received-SPF: pass (domain of gmail.com designates 209.85.160.54 as permitted
sender)

cnlwdGVkLmFzYwNhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0DAzI-
X-YMailISG: 8gdi9vMWLDvSOsTAUHc1iY1rgivNTr..7QX.5kAyfZ2.1.X4
k6WEBi3KY.djmpQR1SUyMVDQtYMT._GgBM7hpfWLmUpvLGMLRpX2BpLjYE51
KaCBtapJvgaEtos3_VjLVBqg1OstjaxvvoCT1Joa7ATGKNw.pZnSDc1BTA7D
8Id6bHjjH5yOvqVwyRUhOnXrGAPpB9WuAMODB4kucG3RbL6VTwRMnj6drgkh
IJ3dfk.hwmyvNDExw2ERtzFd7Cznaxwn6irR_UVdQgRWZJ.IV5_6W4TrcpWu
.YHgedDtcjkIzdXGm1egNocCxiBRoVg0GZYt8RAPRmJCks9AKnhwN0m53oEY
DTU4s0b29d8.XfnwKkOwTFJdx1Q3rmHnr58LqwWxCqZa8WeRJ3r8HcgVX0v0
0tEiTNvrne8fNZtXFSEkPH0nmARFCVS4YOCxHbVc8fEzSinjkyXuQ1yyyPWH
M3E9x3wSPPbxJqw9TxSukPYwKdmX3ERru9c2xMi3dVW5DToAQoOxBSLS78N6
yC4Se7qAACSDAdfLQz62_IQ7Bca57r77HAKrCZnlvB_d0fskAMJyfDkgqhDx
zzbr4PBMHeFSA3p.IGRwxKUVAUeTohZbpV5XD528fJc9hqLGoyoZkuzt.10y
vw_rvs6bHR21mjK2SpP1TzZW6DbE8PjwGt1vVPVWOBe6OLYRxVGVsJUVLNJ9
Rk0Vj4PNhzE.XqCwX1aZIgunMbz3yfZ0XH092XAANsUpDT4y5cjhJ12wOz96
HOST A sent an encrypted email
DT9U3C0R3aq2_M6rbZK0tCNWhOd9VLlBVDpQywa7I7u9Zo6IiiQNsPMuxxLw
eZm9fSC0HqQ.AFfleSzphnRSmt6vRD12po0xL.FHpySB01m7LMkDG9ip5bBM
bWrwtfcaAcBezyQcO2T3NCiUKNLSjZ6R7y0R8.jkoCDRq3J4.w4rQKRViG5G
7vzc.maNqkLxNLTVwX2aCH6m2_VqGdk4M_JffdiTSeH_KYw4LrCfJ6M8p6eY
vKI.faFZGM_XcaZfSB7T9TCUKhNHHR9nNtOlu.uejxPY__YPvJSr6fLrex9h
Sw20MAh2AfQeu64Oc.jDPrrFWpjqlRPSuu3QRbOKZkrl3ZEafL19yrd4.Yr5
LX_8xHeg447.TDusgGeQ37vFWsTUgT4SwMTQS9SHNPfPXqeo3I5Ffv7oeQj0
wKY4euYVrAc4uAD48lNOasvWpZYeQ12OjnI7nCfscxcKKXXtxQt88Pc7zswY
.ViPLVMTYdykueVAJXoU5ZBaFiS.IlDJSD3Wxh.nCkXyMxa60rKfAA9MyqLV
cP.p136HdzYC317f64rptVa_Npnesr8gblKrCFeSWR47o24Sea3c.zkXwLAP
HZpFoPW6jkQ4ww5uAK1f4B.TIsOmkm2oQdQTrd38ZGTJ0Yy4mk.hvsAH2q1r
GHRZcKFquBTNVLPFtwsjo4OlfNrBiM.nZGjm36jAWMXqEtSzMH_ia1aAgFML
7AQ9o_dyeLBaswxUyGJg8rIk.uysECXm4KuiMz22W_Aurhyi9HfgHbJZO8IY
02X4qIvYmCIGq7kQCSfmzj3f7RpvGG_nBJUL.bY-

Received: by mail-pb0-f54.google.com with SMTP id uo5so13844460pbc.41


for <abc@yahoo.com>; Sat, 15 Feb 2016 18:22:53 -0800 (PST)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;


d=gmail.com; s=20120113;
h=message-id:date:from:user-agent:mime-version:to:subject
:content-type;
bh=TGyU/F7c97Ipvnbpmc8Y9/UP+MK+G29ueUQJxi/RqQY=;

b=geUtHafTx95geaEXKyOzYSWY4scW5GHBtLPe0fFbGqdheqwZ+2JhoapZGKNCWnY18h Encrypted email from HOST A can


vuFVeQyd1E0oZP5f7R+A/ not be verified
rip4MCA7ekxEf9PPQOyURA9TFXHUCnqxt3E9xunek4E+ioM
kBn6jAB3X9shHgu7uNRy23oKtCJyd+W6QoE2Cuwx2zPA/3CxjRyA48SlqUiFdftXBU05
4tWMPo+715Pchez7ImOQxKUnD0NbJ8I8464xx6xIP/
keLLTRloMuFvPW+WFuzH68Jzvo
WpnsdRMi0aT+DrhmeD7/w4JRM7C2sj3qpwpzlxWDl2HOR/
eS4tCyerJZ+5piSUFDMhvr
9pJQ==
Figure 11. The result of email sent from HOST A to HOST C
V. CONCLUSIONS
This conclusion is taken based on the test results analysis that has been obtained. The conclusions that can be
drawn from this research are:
1. The data/information delivery through email without digital signatures and encryption is vulnerable to the
threat. From the test results can be seen that any email sender address can be falsified easily (email spoofing).
Furthermore, it is hard to verify the process because it required additional software to conduct the
examination and identification process. The method of sending data by email using digital signature
technology can improve alertness of the email recipient to check the integrity of email sender.
2. The application of digital signature technology and Open PGP encryption on the email is ideal for the delivery
of corporate data, and personal/private were deemed important, confidential, or which is included in sensitive
data/information. Certificate key both the private key and public key must be stored securely and not be given
to other parties outside the relevant requirements.
________________________________________________________________________________________________
IRJCS: Impact Factor Value SJIF: Innospace, Morocco (2016): 4.281
Indexcopernicus: (ICV 2015): 79.58
2014- 17, IRJCS- All Rights Reserved Page -12
International Research Journal of Computer Science (IRJCS) ISSN: 2393-9842
Issue 11, Volume 4 (November 2017) www.irjcs.com

Suggestion
As for suggestions and to improve the function of digital signature and encryption technology related to this case
study, can be described as follows:
1. It is recommended to determine the time/expiration period on each key certificates are created and
transmitted. The period key certificate can be adjusted to the needs how long the delivery of communications
data/information via email will be done.
2. The additional applications for digital signature and email encryption such as Open PGP applications should
not be downloaded from unreliable sources. Verify with the checksum method to see if the application is
obtained from a trusted source. Verify the checksum method to determine whether the application is obtained
from reliable sources.

Delivered-To: rhema@riesaputra.info Recipient email (HOST B)

Return-Path: <xyz@gmail.com> Sender email (HOST A)

spf=pass (google.com: domain of rhema.riesaputra@gmail.com designates


2607:f8b0:400e:c03::22e as permitted sender) smtp.mail=xyz@gmail.com;
The email contained authenticate
dkim=pass header.i=@gmail.com; data/information
dmarc=pass (p=NONE dis=NONE) header.from=gmail.com
Received: by mail-pa0-f46.google.com with SMTP id rd3so13525960pab.19
for <rhema@riesaputra.info>; Sat, 15 Feb 2016 09:02:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=message-id:date:from:user-agent:mime-version:to:subject
:content-type;
bh=JM7wjomoLU2Zf1ZK1fDhSgo79J8hOUunWn+StwxdgL4=;

b=qHdYbj1nvQ4rGdgoVDuyZR7FQO8QcrSsiag83kv1VWXxh6Z+PCLUBwMGVXFadbjQSN
zT5IhtgZSCjYNX3J/p6KHTxpEAZS0fmYDqCU8oh45wAEZ40yIiWp9vDXGe0xX2fNlJ3m
q09UYGuTta+qojsdcai80wz6jL7S8ZMjTr69Sft2teczlgMwNQ9eC8JmaJuvq53PMQ5x Digital Signature
InSjtTDEkX9x3V3kVMAYFQjiyQjwCB4B1kivRbHAGoYgEE7TxSU4EJR4uiQa/ggTz6jN
YJbjNPSy04/5OxttHm+dh6AVNyEm6/8f9VBTlYghkJXS9I/zyOJTNrTknBSkvSUDysPG
+OhA==
X-Received: by 10.68.112.164 with SMTP id ir4mr16079439pbb.153.1392483775384;
Sat, 15 Feb 2016 09:02:55 -0800 (PST)
Return-Path: <rhema.riesaputra@gmail.com>
Received: from [127.0.0.1] ([203.176.181.60])
by mx.google.com with ESMTPSA id qq5sm28760033pbb.24.2014.02.15.09.02.53
for <rhema@riesaputra.info>
(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
Sat, 15 Feb 2016 09:02:54 -0800 (PST)
Message-ID: <52FF9DB8.30800@gmail.com>
Date: Sun, 16 Feb 2016 00:02:48 +0700
From: "Rhema.Riesaputra" <rhema.riesaputra@gmail.com>
Information concerning Mail User
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Agent HOST A
Thunderbird/17.0.8
Information about Subject Email that
Subject: Bonus Transfer sent by HOST A
X-Enigmail-Version: 1.5.2 Add-On Information according to Mail
User Agent HOST A
This is an OpenPGP/MIME encrypted message (RFC 4880 and 3156)
--OWQkRscQI5glTBhEi0bKs2QqhaP1sKEbI
Content-Type: application/pgp-encrypted
Content-Description: PGP/MIME version identification

-----BEGIN PGP MESSAGE-----


Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

hQELAwHK4MrK5+PgAQf4wgZ0fmGpHSk1+grv/Lgc2LKhy+633eJTaQwcA2ciZb0T
dHd/5sDWlV+5iDkwmy7EGAB8YUM+zF3xLe4OAIeidu+qoImk1Ks+GmuoMVZeZWFp
Jp4F/hBx1jmmgBrWGsh8xxsw0nMELLHyQvnalNM5EUPMxwU0lTIHkKoKjq5UXLKb
L/qUyJF3izIAaoG0VvU0vg3ZdeHY/f6cSl2YOYHl1G5C3ZGRnizbEsaylVC0fekR
/1knXoCbzVIx07PNAsO6Ld/R2OAKDt36z/Rzdfawu1T/2lnF7fKo9vU091yA2CLL
sErObyGwNZ1VkveuNSFAw+QOZ0tNtrOJi1pU6iczhQEMA6jIyC1aVcTcAQf/aaZt
b9APb3umRqQxX6q9YzqvHheDR9O0RqgvL+hDPPWvL5QYjwn0rOQgcTlC0sEISgR1
Wx6QD/c2fNvTNYqpKgZnG3xSzcP7AxBZEjh62Rg9jkaiqYEU7s1k/oKIxvqtvr+7 The example of encrypted data/
XJ4azMT25Rx2evhNNg5iJyb7XwY2OkAJIRF10qU8lcNA0fHFERBuUcCYsEiO+m2W information that sent by HOST A
UGpPATFxrRv2JM6lg4joaaHDv96QZG1iUW+W3PO9ajoI6SqbwDzIJzaZ8rmTU1KU using application Open PGP
Mkq3/j+LaQkpbcFkMtdvfSLd1I1w/LDqhIz69U4R63d0YWxThMfunC1dUA2olSHI
yR+/VthcFzFk6GgrcdLpAaLhyhOHB4YIGtDZHjpuESZ01WkzxCCr8WSF0/I26qgu
fOUv/xtOl4xeIgBi4aB5g5pCkocpUrJV5M/n9J9erKrwryorOFiY8sg77MEPBftf
KX5YAqpfmHaRdWp240+FxSUXkezRwMvQzq5gc5R0AmwUKPIVdIzIW2IbBHOFwq08
ECIKWIXntjboC7zIiINj6NjbMesjkgVXRkgC+iH+RvAeg7AVaI8Xr3vbiYYfHb58
PxMs0Z3xVJQ1hEYqL8Yov6spdIkEHHmpK7LA8HBVqqNBkiuALRG+lF3jjmJvaHdJ
v8OohUGm8j27wILAZUtXGMb9iSgPp9hnQFG3jqdwLpuh9kBSZliC+JnpNoY1aRWR
DMKfeYEV6rk0qfNsRNuvH5yZuHfEk7ckATl84n/7Y3FdHRa8w7UOzf7GfQ2etwEH
/VmmyZnmtC1e8WFlhK/wHbH0mQrTzduceoI/iT4n3hnEZ3YO68QJTWW+BRrxXFXE
Z2FC2f6YFuR/muv00FLTHV8GvQlFD600JVYWTym+m4lvhrZPOaircWErKLbqxkvQ
BaDlBAuQtW07jdZVpdUI+Jp9J6xuh8ufchGrb0YVfL3GFJIQC4xRYlYK9ba11XDW
wzYWi/7Do3kLYeYcNKqgYpxDwn4Tv9+hv//5hT4/gUZ7T+Iq8AiZzSwQXTN4GYta
ztiP8foI7dcNgTbEPDptey9ch3mYvOtvE5lJbWZ2t+CDMf01eZ0kSc5ppFE/Gcii
b0wvgcudUndZ6TP68x5IpaZe7pK5gqzfFvg1zBuampDgrsXNyJPQahwz
=mJzV
-----END PGP MESSAGE-----

Figure 12. Email data Host A goes to Host B

________________________________________________________________________________________________
IRJCS: Impact Factor Value SJIF: Innospace, Morocco (2016): 4.281
Indexcopernicus: (ICV 2015): 79.58
2014- 17, IRJCS- All Rights Reserved Page -13
International Research Journal of Computer Science (IRJCS) ISSN: 2393-9842
Issue 11, Volume 4 (November 2017) www.irjcs.com

REFERENCES

1. Danielle S. Agnew and K. Hill, EMAIL ETIQUETTE RECOMMENDATION FOR TODAYS BUSINESS STUDENT, in
Academies International Conference, 2009.
2. A. Adriansyah and Kasmad Ariansyah, APLIKASI SHORT MESSAGE SERVICE (SMS)DAN EMAIL SEBAGAI
MEDIAKOMUNIKASI DATA DALAM SISTEM PEMANTAUAN SUHU, Bul. Pos dan Telekomunikasi., vol. 9, no. 2,
2011.
3. Lijun Liao and Jorg Schwenk, Secure Emails in XML Format Using Web Services, in Web Services, 2007.
ECOWS 07. Fifth European Conference on, 2007.
4. S. Koppula and J. Muthukuru, Secure Digital Signature Scheme Based on Elliptic Curves for Internet of Things,
Int. J. Electr. Comput. Eng., vol. 6, no. 3, pp. 10021010, 2016.
5. Yoshiaki Shiraishi, M. Mohri, and Hitoshi Miyazaki, A Three-Party Optimistic Certified Email Protocol Using
Verifiably Encrypted Signature Scheme for Line Topology, in Cyber Security and Cloud Computing (CSCloud),
2015 IEEE 2nd International Conference on, 2016.
6. M. A. Sadikin and R. W. Wardhani, IMPLEMENTATION OF RSA 2048-BIT AND AES 256-BIT WITH DIGITAL
SIGNATURE FOR SECURE ELECTRONIC, Commun. Inf. Technol. J., vol. 10, no. 2, pp. 6369, 2016.
7. Eric Conrad, S. Misenar, and J. Feldman, CISSP Study Guide. Syngress, 2010.
8. Rafik Hamza, A novel pseudo random sequence generator for image-cryptographic applications, J. Inf. Secur.
Appl., vol. 35, pp. 119127, 2017.
9. S. Sharma and Harshali Zodpe, Implementation of cryptography algorithm for E-passport security, in
International Conference on Inventive Computation Technologies (ICICT), 2016.
10.[10] S. Feizi, A. Ahmadi, and Ali Nemati, A hardware implementation of Simon cryptography algorithm, in
International Conference on Computer and Knowledge Engineering (ICCKE), 2014, 2014. S. Harris, ALL IN ONE
CISSP. Mc Graw Hill, 2008.
11.A. Wahab, R. B. Bahaweres, A. Mudrik, Muhaemin, and R. Sarno, Performance analysis of VoIP client with
integrated encryption module, in Communications, Signal Processing, and their Applications (ICCSPA), 2013
1st International Conference on, 2013.
12.A. Roy and S. Karforma, A Survey on Digital Signatures and Its Applications, J. Comput. Inf. Technol., vol. 3,
2012.
13.E. F. Yakhya, Penerapan Algoritma Kriptografi Kunci Publik untuk Repository Organisasi, no. Bandung,
Institut Teknologi Bandung, Jl Ganesha, 2013.
14.RSA Algorithm. H. Bidgoli, Handbook of Information Security, Key Concepts, Infrastructure, Standards, and
Protocols. John Wiley & Sons, Inc, 2012.
15.X. Weihua, An Digital Signature Method Applied for Distributed Rending Submit System, in IEEE ICIS, 2017.
16.H. K. B. Ponnapalli and A. Saxena, A Digital Signature Architecture for Web Apps, IT Prof., no. April, pp. 4249,
2013.
17.Y. A. N. Xu, M. Wang, H. Zhong, J. I. E. Cui, L. U. Liu, and V. N. L. Franqueira, Verifiable Public Key Encryption
Scheme With Equality Test in 5G Networks, IEEE Access, vol. 5, 2017.

________________________________________________________________________________________________
IRJCS: Impact Factor Value SJIF: Innospace, Morocco (2016): 4.281
Indexcopernicus: (ICV 2015): 79.58
2014- 17, IRJCS- All Rights Reserved Page -14