Digital Signatures

CONTENTS

1. ABSTRACT

2. INTRODUCTION

3. DESIGN PRINCIPLES & EXPLANATION

3.1. MODULES

3.2. MODULE DESCRIPTIOIN

4. PROJECT DICTIONARY

4.1. DATAFLOW DIAGRAMS

5. FORMS & REPORTS

5.1. I/O SAMPLES

6. BIBILIOGRAPHY
1. ABSTRACT
The security of information available to an organization was
primarily provided through physical and administrative means. For
example, rugged file cabinets with a combination lock were used for
storing sensitive documents and personnel screening procedures were
employed during the hiring process. With the introduction of the
computer, the need for automated tools for protecting files and other
information stored on the computer became evident.
This is especially the case for a shared system and the need is
even more acute for a network. Computer networks were primarily
used by university researches for sending e-mail, and by corporate
employees for sharing printers. Under these conditions, security was
not given much attention. Today, since the world is going global, and
trillions of data are transferred daily across networks, security is
looming on the horizon as a potentially massive problem. The generic
name for the collection of tools designed to protect data and to thwart
hackers is Computer Security.
In the project titled “Digital Signatures” security is ensured in
the Messaging System of an organization. In this application, if an
employee wishes to send confidential information to another employee
connected through the intranet of their organization, he first signs the
message and then sends it to the recipient. He signs the message
using Digital Signatures. The person who receives the message
validates the sender and if the message is from an authorized
employee, he reads the message. The above operation is performed
using Digital Signature Algorithm (DSA). This application makes
sure that the security services Authentication, Secrecy, Integrity,
and Non-repudiation are provided to the user. Therefore, intruders
cannot gain access to classified information.
 2. INTRODUCTION
Scope
The project is confined to the intranet in an organization. This
application makes sure that security services such as secrecy,
authentication, integrity and non-repudiation are provided to the
communicating parties.
Objective
This project has been developed keeping in view the security
features that need to be implemented in the networks following the
fulfillment of these objectives:

• To develop an application that deals with the security threats

that arise in the network.
• To enable the end-users as well as the organizations come out
with a safe messaging communication without any threats from
intruders or unauthorized people.
• To deal with the four inter-related areas of network security
namely Secrecy, Authentication, Non-repudiation and Integrity.
Project Overview
This application makes use of Digital Signature Algorithm
(DSA) along with a hash function. The hash code is provided as input
to a signature function along with a random number generated for this
particular signature. The signature function also depends on the
sender’s private key and a set of parameters known to a group of
communicating principals. This set constitutes a global public key. The
result is a signature consisting of two components.
 At the receiving end, verification is performed. The receiver
generates a quantity that is a function of the public-key components,
the sender’s public key, and the hash code of the incoming message.
If this quantity matches with one of the components of the signature,
then the signature is validated.
This application makes sure that the security services
Authentication, Secrecy, Integrity, and Non-repudiation are provided
to the user.

• This application allows to keep the information out of the hands

of unauthorized persons. This is called Secrecy.

• It also deals with determining whom a person is communicating

with before revealing sensitive information or entering a business deal.
This is called Authentication.

• Non-repudiation deals with proving that a particular message

was sent by a particular person in case he denies it later.

• Integrity makes sure whether a particular message has been

modified or something has been added to it.
 The project mainly deals with maintenance of the above
mentioned security services thereby allowing the users as well as the
network organizations to keep track of intrusions and thus enhancing
the security services.

Existing system
These days almost all organizations around the globe use a
messaging system to transfer data among their employees through
their exclusive intranet. But the security provided is not of high
standards. More and more unauthorized people are gaining access to
confidential data.
 Disadvantages:
• The validity of sender is not known.
• The sender may deny sending a message that he/she has
actually sent and similarly the receiver may deny the receipt that
he/she has actually received.
• Unauthorized people can gain access to classified data.
• Intruders can modify the messages or the receiver himself may
modify the message and claim that the sender has sent it.
Proposed system
The system will provide the following security services:
Confidentiality:
Confidentiality is the protection of transmitted data from passive
attacks. With respect to the release of message contents, several
levels of protection can be identified. The broadest service protects all
user data transmitted between two users over a period of time. For
example, if a virtual circuit is set up between two systems, this broad
protection would prevent the release of any user data transmitted over
the virtual circuit. Narrower forms of this service can also be defined,
including the protection of a single message or even specific fields
within a message. These refinements are less useful than the broad
approach and may even be more complex and expensive to
implement. The other aspect of confidentiality is the protection of
traffic flow from analysis. This requires that an attacker not be able to
observe the source and destination, frequency, length, or other
characteristics of the traffic on a communications facility.
Authentication:
The authentication service is concerned with assuring that a
communication is authentic. In the case of a single message, such as a
warning or alarm signal, the function of the authentication service is to
assure the recipient that the message is from the source that it claims
to be from. In the case of an ongoing interaction, such as the
connection of a terminal to a host, two aspects are involved. First, at
the time of connection initiation, the service assures that the two
entities are authentic (i.e. that each is the entity that it claims to be).
Second, the service must assure that the connection is not interfered
with in such a way that a third party can masquerade as one of the
two legitimate parties for the purposes of unauthorized transmission or
reception.
Integrity:
Integrity basically means ensuring that the data messages are
not modified. An integrity service that deals with a stream of
messages assures that messages are received as sent, with no
duplication, insertion, modification, reordering or replays. The
destruction of data is also covered under this service. Thus the
integrity service addresses both message modification and denial of
service.
Non-repudiation:
Non-repudiation prevents either sender or receiver from denying
a transmitted message. Thus, when a message is sent, the receiver
can prove that the message was in fact sent by the alleged sender.
Similarly, when a message is received, the sender can prove that the
message was in fact received by the alleged receiver.
DIGITAL SIGNATURES

Message authentication protects two parties who exchange

messages from any third party. However, it does not protect the two
parties against each other. Several forms of disputes between the two
parties are possible.

For example, suppose that A sends an authenticated message to

B. Consider the following disputes that could arise:

1. B may forge a different message and claim that it came from A.

B would simply have to create a message and append an
authentication code using the key that A and B share.

2. A may deny sending the message. Because it is possible for B to

forge a message, there is no way to prove that A did in fact send
the message.

The most attractive solution to this problem is the Digital Signature.

The Digital Signature is analogous to the handwritten signature. It
must have the following properties:

• It must be able to verify the author and the date and time of the
signature.

• It must be able to authenticate the contents at the time of the

signature.

• The signature must be verified by third parties, to resolve disputes.

Thus, the digital signature function includes the authentication
function.

Based on the above properties, the following requirements can

be formulated for the digital signatures:

• The signature must be a bit pattern that depends on the

message being signed.

• The signature must use some information unique to the

sender, to prevent both forgery and denial.

• It must be relatively easy to produce the digital signature.

• It must be relatively easy to recognize and verify the digital

signature.

• It must be computationally infeasible to forge a digital

signature, either by constructing a new message for an existing
digital signature or by constructing a fraudulent digital signature for
a given message.

• It must be practical to retain a copy of the digital signature in

storage.

A secure hash function, embedded properly in a scheme satisfies these

requirements.

There are two approaches to implement digital signatures:

• DSS approach

• RSA approach
 The Digital Signature Standard (DSS) makes use of the
Secure Hash Algorithm (SHA) to present a new digital signature
technique, the Digital Signature Algorithm (DSA).It uses an
algorithm that is designed to provide only the digital signature
function. Unlike RSA, it cannot be used for encryption or Key
exchange. Nevertheless, it is a public-key technique.

RSA Approach

In the RSA approach, the message to be signed is input to a

hash function that produces a secure hash code of fixed length. This
hash code is then encrypted using the sender’s private key to form the
signature. Both the message and the signature are then transmitted.
The recipient takes the message and produces a hash code. The
recipient also decrypts the signature using the sender’s public key. If
the calculated hash code matches the decrypted signature, the
signature is accepted as valid. Because only the sender knows the
private key, only the sender could have produced a valid signature.
where

M = Message

H = Hash Function

E = Message Digest at the Sender’s side

D = Message Digest at the Receiver’s side

KRa = Sender’s Private Key

KUa = Sender’s Public Key

DSS Approach

The Digital Signature Standard approach also makes use of a

hash function. The hash code is provided as input to a signature
function along with a random number generated for this particular
signature. The signature function also depends on the sender’s private
key and a set of parameters known to a group of communicating
principals. This set constitutes a global public key. The result is a
signature consisting of two components.

where

M = Message

H = Hash Function
KRa = Sender’s Private Key

KUa = Sender’s Public Key

KUG = Group Public Key

r, s = Signature

k = Random Number

Sig = Signature Function

Ver = Verification Function

Disadvantage of RSA over DSA

RSA does not use a hash function, it encrypts the message. The
length of the encrypted code is same as that of the original message
which leads to 100% overhead. This implies more processor overload
and increase in processing time.
DSA uses a hash function which takes large amounts of data and
gives a fixed length message digest. This implies less overhead. Hence
DSA is preferred over RSA for Digital Signatures.

SECURE HASH ALGORITHM (SHA-1)

This application makes use of the Secure Hash Algorithm (SHA-

1).The SHA-1 algorithm takes as input a message with a maximum
length of less than 264 bits and produces as output a 160-bit message
digest. The input is processed in 512-bit blocks.
The processing consists of the following steps:

Step 1 : Appending padding bits

The message is padded so that its length is congruent to 448
modulo 512 (length = 448 mod 512). Padding is always
added, even if the message is already of the desired length.
Thus, the number of padding bits is in the range of 1 to 512.
The padding consists of a single 1-bit followed by the
necessary number of 0-bits.

Step 2 : Append Length.

A block of 64 bits is appended to the message. This block is
treated as an unsigned 64-bit integer (most significant byte
first) and contains the length of the original message (before
the padding).

Step 3 : Initialize MD buffer.

A 160-bit buffer is used to hold intermediate and final results
of the hash function. The buffer can be represented as five
32-bit registers ( A, B, C, D, E ). These registers are
initialized to the following 32-bit integers (hexadecimal
values):

A = 67452301
B = EFCDAB89
C = 98BADCFE
D = 10325476
E = C3D2E1F0
 These values are stored in big-endian format, which is the
most significant byte of a word in the low-address byte
position. As 32-bit strings, the initialization values (in
hexadecimal values) :

word A = 67 45 23 01
word B = EF CD AB 89
word C = 98 BA DC FE
word D = 10 32 54 76
word E = C3 D2 E1 F0

Step 4 : Process message in 512-bit (16-word ) blocks.

The heart of the algorithm is a module that consists of four
rounds of processing of 20 steps each. The four rounds have
a similar structure, but each uses a different primitive logical
function, which we refer to as f1, f2, f3, and f4.
Each round takes as input the current 512-bit block being
processed (Yq) and the 160-bit buffer value ABCDE and
updates the contents of the buffer. Each round also makes
use of an additive constant Kt, where 0 <= t <= 79 indicates
one of the 80 steps across four rounds. In fact, only four
distinct constants are used.
The output of the fourth round (eightieth step) is added to the
input to the first round (CVq ) to produce CVq+1. The addition
is done independently for each of the five words in the buffer
with each of the corresponding words in CVq, using addition
modulo 232.
Step 5 : Output.
After all L 512-bit blocks have been processed, the output from
the Lth stage is the 160-bit message digest.

The behavior of SHA-1 is as follows:

CV0 = IV
CVq+1 = SUM32( CVq, ABCDEq )
MD = CVL

where

IV = initial value of the ABCDE buffer, defined in step

3.

ABCDEq = the output of the last round of processing of the

qth message block

L = the number of blocks in the message ( including

padding and length fields )

SUM32 = Addition modulo 232 performed separately on each

word of the pair of inputs

MD = final message digest value

Each of the 80 rounds is of the form

A,B,C,D,E  (E + f(t,B,C,D) + S5(A) + Wt +Kt ), A ,S30(B), C, D)

where

A, B, C, D, E = the five words of the buffer

t = step number; 0 <= t <= 79

f(t,B,C,D)= primitive logical function for step t

Sk = circular left sift (rotation) of the 32-bit argument

by k bits

Wt = a 32-bit word derived from the current 512-bit

input block

Kt = an additive constant; four distinct values are used,

as defined previously

+ = addition modulo 232

SHA-1, requiring fewer than 269 operations (a brute force search would
require 280.)

One iteration
within the SHA-1
compression
function. A, B, C, D
and E are 32-bit
words of the state; F is a nonlinear function that varies; Sk denotes a
left bit rotation by k places; k varies for each operation. denotes
addition modulo 232. Kt is a constant.

Single step in SHA

3. DESIGN PRINCIPLES & EXPLANATION

3.1. MODULES

The DSA has two modules:

1. Signing on the sender’s side
 2. Verifying on the receiver’s side
The DSA is based on the difficulty of computing discrete
logarithms. There are three parameters that are public and can be
common to a group of users. A 160-bit prime number q is chosen.
Next, a prime number p is selected with a length between 512 and
1024 bits such that q divides (p-1). Finally, g is chosen to be of the
(p-1)/q
form h mod p, where h is an integer between 1 and (p-1) with
the restriction that g must be greater than 1.
With these numbers in hand, each user selects s private key and
generates a public key. The private key x must be a number from 1 to
(q-1) and should be chosen randomly or pseudorandomly. The public
key is calculated from the private key as y=gxmodp. The calculation
of y given x is relatively straightforward. However, given the public
key y, it is believed to be computationally infeasible to determine x,
which is the discrete logarithm of y to the base g, mod p.

3.2. MODULE DESCRIPTIOIN

Signing
To create a signature, a user calculates two quantities, r and s,
that are functions of the public key components ( p, q, g ), the user’s
private key (x), the hash code of the message, H(M), and an
additional integer k that should be generated randomly or
pseudorandomly and be unique for each signing.

s = f1 ( H(M) , k , x , r , q ) = ( k-1( H(M) + xr ) ) mod q

r = f2 ( k , p , q , g ) = ( gk mod p) mod q
Verifying
At the receiving end, verification is performed. The receiver
generates a quality v that is a function of the public-key components,
the sender’s public key, and the hash code of the incoming message.
If this quantity matches the r component of the signature, then the
signature is validated.
W = f3 ( s/ , q ) = (s/)-1 mod q
v = f4 (y , q , g , H(M/ ) , w , r/ )
= ( ( g (H(M/) w ) mod q y r/w mod q mod p ) mod q

It can be observed that the test at the end is on the value r,

which does not depend on the message at all. Instead, r is a function
of k and the three global public-key components. The multiplicative
inverse of k(mod p) is passed to a function that also has as inputs the
message hash code and the user’s private key. The structure of this
function is such that the receiver can recover r using the incoming
message and signature, the public key of the user, and the global
public key.
Global Public- Key Components

p prime number where 2L-1 < p < 2L for

512 < L < 1024 and L a multiple of 64;
i.e., bit length of between 512 and 1204
bits in increments of 64 bits.
q prime divisor of (p-1), where 2159 < q < 2160 ;
i.e., bit length of 160 bits
g = h(p-1)/q mod p,
where h is any integer with 1 < h < (p-1)
such that h(p-1)/q mod p > 1

User’s Private Key

x random or pseudorandom integer with 0 < x < q

 User’s Public Key

y = gx mod p

User’s Per-Message Secret Number

k = random or pseudorandom integer with 0 < k < q

Steps in DSA algorithm :

Key generation

• Choose a 160-bit prime q.

• Choose an L-bit prime p, such that p=qz+1 for some integer z
and such that 512 ≤ L ≤ 1024 and L is divisible by 64.
Choose h, where 1 < h < p − 1 such that g = hz mod p > 1.
• Choose x by some random method, where 0 < x < q.
• Calculate y = gx mod p.
 • Public key is (p, q, g, y). Private key is x.

Note that (p, q, g) can be shared between different users of the

system, if desired.

Signing

• Generate a random per message value k where 0 < k < q (this is

known as a nonce )
• Calculate r = (gk mod p) mod q
• Calculate s = (k-1(SHA-1(m) + x*r)) mod q, where SHA-1(m) is
the SHA-1 hash algorithm applied to the message m
• Recalculate the signature in the unlikely case that r=0 or s=0
• The signature is (r,s)

Verifying

• Reject the signature if either 0<r<q or 0<s<q is not satisfied.

• Calculate w = (s)-1 mod q
• Calculate u1 = (SHA-1(m)*w) mod q
• Calculate u2 = (r*w) mod q
• Calculate v = ((gu1*yu2) mod p) mod q
• The signature is valid if v = r

Correctness of the algorithm

The signature scheme is correct in the sense that the verifier will
always accept genuine signatures. This can be shown as follows:
From g = hz mod p follows gq ≡ hqz ≡ hp-1 ≡ 1 (mod p) by Fermat’s
Little Theorem. Since g>1 and q is prime it follows that g has order q.

The signer computes

s = k-1( SHA-1(M) + xr ) mod q

Thus

k = SHA-1(M)s-1 + xrs-1

= SHA-1(M)w + xrw (mod q)

Since g has order q we have

Finally, the correctness of DSA follows from

4. PROJECT DICTIONARY

4.1. DATAFLOW DIAGRAMS

Context Flow Diagrams (Level 0)

Signing

Verifying
Level 1

Signing

s = ( k-1( H(M) + xr ) ) mod q

r = ( gk mod p) mod q
Verifying

W = (s/)-1 mod q
V = ( ( g (H(M/) w ) mod q y r/w mod q mod p ) mod q
5. FORMS & REPORTS

5.1. I/O SAMPLES

Signing

1. User logs in
2. User selects the write option
3. Sender writes his message and encrypts it
4. Sender signs encrypted message
5. Sends to intended recipient
6. Sender gets an acknowledgement
7. He logs out
Verifying

1. The Receiver logs in

2. He selects the read option
3. He validates the sender
4. If the sender is a valid person, he reads the message
Testing

Test Case 1

1. An Unauthenticated user logs in

2. Since the user is not authorized, he cannot gain access
Test Case 2

1. Sender tries to send message to a non-existent person

2. He is unable to send his message in such a case
6. BIBILIOGRAPHY

1. CRYPTOGRAPHY AND NETWORK SECURITY

- William Stallings
2. SOFTWARE ENGINEERING
- Roger Pressman
3. JAVA COMPLETE REFERENCE
- Herbert Schildt
4. WEB SOURCES
http://en.wikipedia.org/wiki
http://forte.sun.com