A Study on the Utility of Digital Signatures in Real-World Applications
VerifiedAdded on 2019/09/19
|9
|2373
|75
Report
AI Summary
The assignment content discusses public key infrastructure (PKI) and digital signatures, emphasizing the importance of trust in maintaining security services such as authenticity, non-repudiation, and message integrity. The PKI infrastructure is used to manage digital certificates for Web servers, with Microsoft Certificate Services being a popular service provider. Future technologies may change, but digital signature technologies are expected to keep pace with increasing digitization and the need to maintain trust. Overall, digital signatures are an essential technology that will continue to play a crucial role in ensuring secure online transactions.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
<University>
DIGITAL SIGNATURES - EXPLANATION,
IMPLEMENTATION, SERVICES AND FUTURE
by
<Your Name>
13th December
2016
<Lecturer’s Name and Course Number>
<Your Name> <Your Student Number> 2016 1 of 9
DIGITAL SIGNATURES - EXPLANATION,
IMPLEMENTATION, SERVICES AND FUTURE
by
<Your Name>
13th December
2016
<Lecturer’s Name and Course Number>
<Your Name> <Your Student Number> 2016 1 of 9
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
We sign (handwritten) whenever we do any non-trivial transaction, communication or
deal. A signature serves as a proof of a document, and the informed consent of the
person or organization represented by the person to the contents of the document.
Now, with advancing technology, societies all over the world are going electronic for
more and more routine tasks. Also, products, services and documents no longer have
to physical to be considered of value and significance e.g. music downloads, movie
rentals on Internet, legal documents and government notices sent by email, etc. How
do we manage the trust, and protect the vulnerable party in a digital world? This paper
explores such a technology - digital signatures, and will look into its technical
implementation, supporting infrastructure, designing, service providers and future
possibilities.
<Your Name> <Your Student Number> 2016 2 of 9
deal. A signature serves as a proof of a document, and the informed consent of the
person or organization represented by the person to the contents of the document.
Now, with advancing technology, societies all over the world are going electronic for
more and more routine tasks. Also, products, services and documents no longer have
to physical to be considered of value and significance e.g. music downloads, movie
rentals on Internet, legal documents and government notices sent by email, etc. How
do we manage the trust, and protect the vulnerable party in a digital world? This paper
explores such a technology - digital signatures, and will look into its technical
implementation, supporting infrastructure, designing, service providers and future
possibilities.
<Your Name> <Your Student Number> 2016 2 of 9
Digital Signatures - Explanation, Implementation, Services And Future
Any non-trivial exchange of goods, services or an agreement requires (handwritten)
signatures on a document on which terms of the deal are written e.g. sales receipt,
employee contract, etc. A signature serves as a proof of a document, and the informed
consent of the person or organization represented by that person to the contents of the
document. This protects the other party if challenged, as this document will prove that
the particular party (authentication) approved and the signing party cannot deny (non-
repudiation) having done so. In other words, a signature is used to bind signatory to
the document (www.tutorialspoint.com, 2016).
Now, with advancing technology, societies all over the world are going electronic for
more and more routine tasks. Also, products, services and documents no longer have
to physical to be considered of value and significance. How do we manage the trust,
and protect the interests of the person who requires authentication and non-
repudiation from the other party? This paper explores such a technology - digital
signatures, and will look into its technical implementation, supporting infrastructure,
designing, service providers and future possibilities.
How Do Digital Signatures Work?
Digital signatures are a technique based on mathematics which serve the same
purpose for digital assets (documents, files, etc) that a handwritten signature on paper
serves. Digital signatures are based on cryptography. Cryptography is the science of
sending messages in a secret form, so that only the intended recipient can read it
(Mollin, 2001). Now, cryptography is of two types - symmetric and asymmetric. In
symmetric, a single key is generated for a pair of communicating parties and that
single key is used to encrypt (make the data unintelligible) as well as decrypt (convert
it back into the original message). This option per se suffers from the difficulty of
securely transmitting the secret keys themselves. The other alternative is asymmetric,
in which a person has two keys - one public (to the malicious user also), and one
private (only known to the owner). Now any message intended for the eyes of a
<Your Name> <Your Student Number> 2016 3 of 9
Any non-trivial exchange of goods, services or an agreement requires (handwritten)
signatures on a document on which terms of the deal are written e.g. sales receipt,
employee contract, etc. A signature serves as a proof of a document, and the informed
consent of the person or organization represented by that person to the contents of the
document. This protects the other party if challenged, as this document will prove that
the particular party (authentication) approved and the signing party cannot deny (non-
repudiation) having done so. In other words, a signature is used to bind signatory to
the document (www.tutorialspoint.com, 2016).
Now, with advancing technology, societies all over the world are going electronic for
more and more routine tasks. Also, products, services and documents no longer have
to physical to be considered of value and significance. How do we manage the trust,
and protect the interests of the person who requires authentication and non-
repudiation from the other party? This paper explores such a technology - digital
signatures, and will look into its technical implementation, supporting infrastructure,
designing, service providers and future possibilities.
How Do Digital Signatures Work?
Digital signatures are a technique based on mathematics which serve the same
purpose for digital assets (documents, files, etc) that a handwritten signature on paper
serves. Digital signatures are based on cryptography. Cryptography is the science of
sending messages in a secret form, so that only the intended recipient can read it
(Mollin, 2001). Now, cryptography is of two types - symmetric and asymmetric. In
symmetric, a single key is generated for a pair of communicating parties and that
single key is used to encrypt (make the data unintelligible) as well as decrypt (convert
it back into the original message). This option per se suffers from the difficulty of
securely transmitting the secret keys themselves. The other alternative is asymmetric,
in which a person has two keys - one public (to the malicious user also), and one
private (only known to the owner). Now any message intended for the eyes of a
<Your Name> <Your Student Number> 2016 3 of 9
person is encrypted with his public key. Only the associated private key can decrypt
the message.
Digital signatures are based on asymmetric cryptography. The person signing uses his
private key to encrypt the message (Emudhradigital.com, n.d.), which as per the
ironclad guarantees of the algorithm and the extremely high complexities of breaking
it, ensure that only the signatory's public key can decrypt the message. Thus, identity
is ensured this way. As per Corporation (1999), now this facility may be utilized in
any of the four combinations along with encryption. However, as per Paar (2014),
real-life applications want to do both, signing and encrypting.
Implementation and Public Key Infrastructure (PKI)
With the help of algorithm, we can provably link public and private keys but
generation of these pairs is a trivial process in commonly available software. This still
leaves the question of identity unanswered. Here, services of Public Key
Infrastructure (PKI) are utilized. They are like telephone directories of a person and
his public encryption key. Thus, the trust has to be put into PKI that a particular
public key belongs to a particular person. It must be noted that the algorithm itself
does not care or require PKI - files can always be encrypted using a private key and
decrypted using the associated public key. However, there will be no guarantee as to
the entity owning this public (and the private) key. PKI is a set of roles, policies and
procedures to manage public-key encryption. This is implemented using Digital
Certificates (e.g. green padlock in Web browsers on banking and ecommerce sites can
be clicked to view the digital certificate details). A digital certificate vouches that a
particular public encryption key belongs to a particular entity and takes on the
responsibility for verifying the legal details on the authority issuing it. As per Rouse
(2013), digital certificates can also be referred to as a public key certificate.
PKI is implemented using Certificate Authority (CA), Registration Authority (RA),
certificate database and certificate store. CA is the root or top-most authority which
stores, issues and signs the digital certificates. The responsibility for verifying the
identity is delegated to RA. Thus, every entity (person, organization, computer, etc)
<Your Name> <Your Student Number> 2016 4 of 9
the message.
Digital signatures are based on asymmetric cryptography. The person signing uses his
private key to encrypt the message (Emudhradigital.com, n.d.), which as per the
ironclad guarantees of the algorithm and the extremely high complexities of breaking
it, ensure that only the signatory's public key can decrypt the message. Thus, identity
is ensured this way. As per Corporation (1999), now this facility may be utilized in
any of the four combinations along with encryption. However, as per Paar (2014),
real-life applications want to do both, signing and encrypting.
Implementation and Public Key Infrastructure (PKI)
With the help of algorithm, we can provably link public and private keys but
generation of these pairs is a trivial process in commonly available software. This still
leaves the question of identity unanswered. Here, services of Public Key
Infrastructure (PKI) are utilized. They are like telephone directories of a person and
his public encryption key. Thus, the trust has to be put into PKI that a particular
public key belongs to a particular person. It must be noted that the algorithm itself
does not care or require PKI - files can always be encrypted using a private key and
decrypted using the associated public key. However, there will be no guarantee as to
the entity owning this public (and the private) key. PKI is a set of roles, policies and
procedures to manage public-key encryption. This is implemented using Digital
Certificates (e.g. green padlock in Web browsers on banking and ecommerce sites can
be clicked to view the digital certificate details). A digital certificate vouches that a
particular public encryption key belongs to a particular entity and takes on the
responsibility for verifying the legal details on the authority issuing it. As per Rouse
(2013), digital certificates can also be referred to as a public key certificate.
PKI is implemented using Certificate Authority (CA), Registration Authority (RA),
certificate database and certificate store. CA is the root or top-most authority which
stores, issues and signs the digital certificates. The responsibility for verifying the
identity is delegated to RA. Thus, every entity (person, organization, computer, etc)
<Your Name> <Your Student Number> 2016 4 of 9
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
which wants to digitally sign a file will have a secret private key (known only to
them) and distributed and widely-known public key.
Another component of digital signature is hashing algorithms. A hashing algorithm
takes in arbitrary amounts of input to produce a unique fixed-length string. This
generated string is called hash value, hash code or digest. Now, the quality of a
hashing algorithm depends inversely on the probability of collisions in has value i.e.
more than input resulting in same hash value. Also, these algorithms are effectively
one-way i.e. computing the hash from input is computationally easy, but the reverse is
impossible. In other words, hashing is an irreversible process. Examples of hashing
algorithms include MD5, SHA1, etc.
Now, for digital signing and to uphold the security services of message integrity (if
file is tampered, then the digital signature verification will fail), a hash of the file is
generated, and this hash (and not the complete file) is signed with the private key of
the signatory. Then, the combination of the file and the signature may be encrypted
(so as to maintain confidentiality) and sent to the receiver. The receiver can decrypt
the package, get the file and verify the signature using the public key of the signatory
and the result will confirm if this file is sent by the signatory and has not been
modified en route.
Specific Types for Specific Applications
There are four classes of digital signature (certificates), which start from zero i.e.
Class 0, Class 1, Class 2 and Class 3. As per Cca.gov.in (2013), Class 0 is for
demonstration purposes only, Class 1 will guarantee the name and email address,
Class 2 will guarantee that information of the entity does not conflict with information
in other public databases. Class 3 takes on the highest assurance levels and
mandatorily require in-person verification of the user for whom the certificate is to be
issued for.
It can be observed that the rigor of evaluation increases with the class, and so does the
costs and paperwork required. To justify costs with benefits, industry has come to use
<Your Name> <Your Student Number> 2016 5 of 9
them) and distributed and widely-known public key.
Another component of digital signature is hashing algorithms. A hashing algorithm
takes in arbitrary amounts of input to produce a unique fixed-length string. This
generated string is called hash value, hash code or digest. Now, the quality of a
hashing algorithm depends inversely on the probability of collisions in has value i.e.
more than input resulting in same hash value. Also, these algorithms are effectively
one-way i.e. computing the hash from input is computationally easy, but the reverse is
impossible. In other words, hashing is an irreversible process. Examples of hashing
algorithms include MD5, SHA1, etc.
Now, for digital signing and to uphold the security services of message integrity (if
file is tampered, then the digital signature verification will fail), a hash of the file is
generated, and this hash (and not the complete file) is signed with the private key of
the signatory. Then, the combination of the file and the signature may be encrypted
(so as to maintain confidentiality) and sent to the receiver. The receiver can decrypt
the package, get the file and verify the signature using the public key of the signatory
and the result will confirm if this file is sent by the signatory and has not been
modified en route.
Specific Types for Specific Applications
There are four classes of digital signature (certificates), which start from zero i.e.
Class 0, Class 1, Class 2 and Class 3. As per Cca.gov.in (2013), Class 0 is for
demonstration purposes only, Class 1 will guarantee the name and email address,
Class 2 will guarantee that information of the entity does not conflict with information
in other public databases. Class 3 takes on the highest assurance levels and
mandatorily require in-person verification of the user for whom the certificate is to be
issued for.
It can be observed that the rigor of evaluation increases with the class, and so does the
costs and paperwork required. To justify costs with benefits, industry has come to use
<Your Name> <Your Student Number> 2016 5 of 9
different classes for different uses. For non-commercial applications where proof of
identity is not required Class 1 is used. Class 2 is used where proof of identity based
on validation in various databases is sufficient e.g. income tax, value added tax,
registering companies, etc. Class 3 is used for participating in tenders process online
and covers aspects like contract download, supplier registration, submission of bid
document.
PKI service Case Study
As detailed earlier, digital signatures are plain algorithms and mathematics, which per
se have little utility in real-world applications. To bring in the trust factor as to the
owner of any public key, services of a PKI have to be used. There are many service
providers available like Microsoft Certificate Services, Symnatec Managed PKI
Services, Entrust, Thales e-Security, etc. Microsoft Certificate Services is a Windows
operating system service that is used in conjunction with SSL (Secure Sockets Layer)
technology to protect sensitive data on Web servers and Internet. As per Stanek,
(2001), this PKI infrastructure is mainly used to manage digital certificates for Web
servers. The service can be configured to the role of either of enterprise root CA,
enterprise subordinate CA, stand-alone root CA, or stand-along subordinate CA. Also,
once a machine has been set up as either of these four, then the computer name or
domain membership cannot be changed. It often uses asymmetric cryptography keys
in addition to symmetric cryptography keys for session.
Future
Technologies may change, but people do not (Atwood, 2004). It is expected that the
ever-increasing digitization of the world along with the incentives for malicious users
to hack, digital signature technologies will keep up the pace. Couple of noteworthy
areas of research include reducing costs for signature and encryption combined rather
than doing both separately (Zheng, 1997), improving the algorithm's complexity
trade-offs (Naccache et al., 1995), etc.
Conclusion
<Your Name> <Your Student Number> 2016 6 of 9
identity is not required Class 1 is used. Class 2 is used where proof of identity based
on validation in various databases is sufficient e.g. income tax, value added tax,
registering companies, etc. Class 3 is used for participating in tenders process online
and covers aspects like contract download, supplier registration, submission of bid
document.
PKI service Case Study
As detailed earlier, digital signatures are plain algorithms and mathematics, which per
se have little utility in real-world applications. To bring in the trust factor as to the
owner of any public key, services of a PKI have to be used. There are many service
providers available like Microsoft Certificate Services, Symnatec Managed PKI
Services, Entrust, Thales e-Security, etc. Microsoft Certificate Services is a Windows
operating system service that is used in conjunction with SSL (Secure Sockets Layer)
technology to protect sensitive data on Web servers and Internet. As per Stanek,
(2001), this PKI infrastructure is mainly used to manage digital certificates for Web
servers. The service can be configured to the role of either of enterprise root CA,
enterprise subordinate CA, stand-alone root CA, or stand-along subordinate CA. Also,
once a machine has been set up as either of these four, then the computer name or
domain membership cannot be changed. It often uses asymmetric cryptography keys
in addition to symmetric cryptography keys for session.
Future
Technologies may change, but people do not (Atwood, 2004). It is expected that the
ever-increasing digitization of the world along with the incentives for malicious users
to hack, digital signature technologies will keep up the pace. Couple of noteworthy
areas of research include reducing costs for signature and encryption combined rather
than doing both separately (Zheng, 1997), improving the algorithm's complexity
trade-offs (Naccache et al., 1995), etc.
Conclusion
<Your Name> <Your Student Number> 2016 6 of 9
Trust is both a human liability and a requirement. On one hand trust allows to bypass
a whole lot of procedures, but on the other hand the lack of trust and the inherent
possibility of scam require that security services like authenticity, non-repudiation,
message integrity, etc be maintained. These terms may have modern mathematical
connotations, but they have existed from the beginning. Paper-signature also offers
the same facility. But, with modern digital tools and practices, paper signature is just
out-of-league and will probably end up bottlenecking the speed of digital progress.
Thus, digital signatures as a technology is important and here to stay.
<Your Name> <Your Student Number> 2016 7 of 9
a whole lot of procedures, but on the other hand the lack of trust and the inherent
possibility of scam require that security services like authenticity, non-repudiation,
message integrity, etc be maintained. These terms may have modern mathematical
connotations, but they have existed from the beginning. Paper-signature also offers
the same facility. But, with modern digital tools and practices, paper signature is just
out-of-league and will probably end up bottlenecking the speed of digital progress.
Thus, digital signatures as a technology is important and here to stay.
<Your Name> <Your Student Number> 2016 7 of 9
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Reference List
Atwood, J. (2004). Recommended Reading for Developers. [online]
Blog.codinghorror.com. Available at:
https://blog.codinghorror.com/recommended-reading-for-developers/
[Accessed 13 Dec. 2016].
Corporation, B. (1999). Tech Note #35: How Encryption and Digital
Signatures Work. [online] Tatanka.com. Available at:
http://www.tatanka.com/bionic_buffalo/original/archive/document/technote/
tn0035.html [Accessed 12 Dec. 2016].
www.tutorialspoint.com. (2016). Cryptography Digital signatures. [online]
Available at:
https://www.tutorialspoint.com/cryptography/cryptography_digital_signatur
es.htm [Accessed 12 Dec. 2016].
Mollin, R. (2001). An introduction to cryptography. 1st ed. Boca Raton:
Chapman & Hall/CRC.
Naccache, D., M'RaÏhi, D., Vaudenay, S. and Raphaeli, D. (1995). Can D.S.A.
be improved? — Complexity trade-offs with the digital signature standard
—. Advances in Cryptology — EUROCRYPT'94, [online] pp.77-85.
Available at: http://citeseerx.ist.psu.edu/viewdoc/download?
doi=10.1.1.140.7266&rep=rep1&type=pdf [Accessed 13 Dec. 2016].
Emudhradigital.com. (n.d.). Official Website of eMudhra Limited - Digital
Certificate: Buy Digital Signature Online. [online] Available at:
https://www.emudhradigital.com/ [Accessed 12 Dec. 2016].
Paar, C. (2014). Lecture 18: Digital Signatures and Security Services by
Christof Paar. [online] YouTube. Available at:
https://www.youtube.com/watch?
<Your Name> <Your Student Number> 2016 8 of 9
Atwood, J. (2004). Recommended Reading for Developers. [online]
Blog.codinghorror.com. Available at:
https://blog.codinghorror.com/recommended-reading-for-developers/
[Accessed 13 Dec. 2016].
Corporation, B. (1999). Tech Note #35: How Encryption and Digital
Signatures Work. [online] Tatanka.com. Available at:
http://www.tatanka.com/bionic_buffalo/original/archive/document/technote/
tn0035.html [Accessed 12 Dec. 2016].
www.tutorialspoint.com. (2016). Cryptography Digital signatures. [online]
Available at:
https://www.tutorialspoint.com/cryptography/cryptography_digital_signatur
es.htm [Accessed 12 Dec. 2016].
Mollin, R. (2001). An introduction to cryptography. 1st ed. Boca Raton:
Chapman & Hall/CRC.
Naccache, D., M'RaÏhi, D., Vaudenay, S. and Raphaeli, D. (1995). Can D.S.A.
be improved? — Complexity trade-offs with the digital signature standard
—. Advances in Cryptology — EUROCRYPT'94, [online] pp.77-85.
Available at: http://citeseerx.ist.psu.edu/viewdoc/download?
doi=10.1.1.140.7266&rep=rep1&type=pdf [Accessed 13 Dec. 2016].
Emudhradigital.com. (n.d.). Official Website of eMudhra Limited - Digital
Certificate: Buy Digital Signature Online. [online] Available at:
https://www.emudhradigital.com/ [Accessed 12 Dec. 2016].
Paar, C. (2014). Lecture 18: Digital Signatures and Security Services by
Christof Paar. [online] YouTube. Available at:
https://www.youtube.com/watch?
<Your Name> <Your Student Number> 2016 8 of 9
v=jbBe4AS5pk0&lc=z124fdmyhob1zlumy22jvvmgbknhvvmtp.1469807997
261592 [Accessed 13 Dec. 2016].
Rouse, M. (2013). What is digital certificate? - Definition from WhatIs.com.
[online] SearchSecurity. Available at:
http://searchsecurity.techtarget.com/definition/digital-certificate [Accessed
13 Dec. 2016].
Stanek, W. (2001). Microsoft Windows 2000 and IIS 5.0 administrator's
pocket consultant. 1st ed. Redmond, Wash.: Microsoft Press.
Cca.gov.in. (2013). What are the different classes of Digital Signature
Certificates?. [online] Available at: http://www.cca.gov.in/cca/?q=node/45
[Accessed 13 Dec. 2016].
Zheng, Y., 1997, August. Digital signcryption or how to achieve cost
(signature & encryption)≪ cost (signature)+ cost (encryption). In Annual
International Cryptology Conference (pp. 165-179). Springer Berlin
Heidelberg.
<Your Name> <Your Student Number> 2016 9 of 9
261592 [Accessed 13 Dec. 2016].
Rouse, M. (2013). What is digital certificate? - Definition from WhatIs.com.
[online] SearchSecurity. Available at:
http://searchsecurity.techtarget.com/definition/digital-certificate [Accessed
13 Dec. 2016].
Stanek, W. (2001). Microsoft Windows 2000 and IIS 5.0 administrator's
pocket consultant. 1st ed. Redmond, Wash.: Microsoft Press.
Cca.gov.in. (2013). What are the different classes of Digital Signature
Certificates?. [online] Available at: http://www.cca.gov.in/cca/?q=node/45
[Accessed 13 Dec. 2016].
Zheng, Y., 1997, August. Digital signcryption or how to achieve cost
(signature & encryption)≪ cost (signature)+ cost (encryption). In Annual
International Cryptology Conference (pp. 165-179). Springer Berlin
Heidelberg.
<Your Name> <Your Student Number> 2016 9 of 9
1 out of 9
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.