11

Integrating digital signatures with Integrating digital signatures with relational database: Issues and relational database: Issues and

organizational implicationsorganizational implications

By Randal Reid, Gurpreet Dhillon. By Randal Reid, Gurpreet Dhillon. Journal of Database Management. Journal of Database Management.

June 2003June 2003

Presented By Presented By Madhavi KolluMadhavi Kollu

22

Agenda/Topics to be coveredAgenda/Topics to be covered

Encryption basicsEncryption basics Digital signature conceptsDigital signature concepts NormalizationNormalization Integration of Digital signatures Integration of Digital signatures

and Relational databasesand Relational databases ConclusionConclusion

33

EncryptionEncryption ProtectsProtects

The contents of a message The contents of a message Insure confidentialityInsure confidentiality

Encryptions Types.Encryptions Types. SymmetricSymmetric

• Single key is used Single key is used AsymmetricAsymmetric

• Two keys generated as a pairTwo keys generated as a pair Figure 1 shows an asymmetric encryptionFigure 1 shows an asymmetric encryption

44

Encryption(2Encryption(2))

55

Digital SignaturesDigital Signatures Ensures Ensures

Data integrity Data integrity AuthenticationAuthentication

Meets the E-sign act’s requirementsMeets the E-sign act’s requirements Figure 2 shows a digitally signed plain text Figure 2 shows a digitally signed plain text

message.message.

66

Digital Signatures(2)Digital Signatures(2)

77

Digital Signatures(3)Digital Signatures(3)

Integrity of the MessageIntegrity of the Message The data has not been modified since it was The data has not been modified since it was

signed.signed. Cryptographic hash functionsCryptographic hash functions

SHA-1 SHA-1 MD5MD5

88

Digital Signatures(4)Digital Signatures(4) The hash is encrypted using sender’s The hash is encrypted using sender’s

private key.private key. The receiver runs the same hash algorithm The receiver runs the same hash algorithm

against the plain text file.against the plain text file. The encrypted hash is decrypted using the The encrypted hash is decrypted using the

sender’s public key. The two hashes are sender’s public key. The two hashes are compared.compared.

Figure 3 depicts the Digital signature Figure 3 depicts the Digital signature processprocess

99

Digital Signatures(5)Digital Signatures(5)

1010

Digital Signatures(6)Digital Signatures(6)

Authentication of the senderAuthentication of the sender Proof of the originProof of the origin MethodologiesMethodologies

The PGP (pretty good privacy)The PGP (pretty good privacy)• Provides authentication through a web-of-trust Provides authentication through a web-of-trust

processprocess

X.509 structureX.509 structure• Based on a hierarchical model, one trusted Based on a hierarchical model, one trusted

endorser, root certificate authority endorser, root certificate authority

(Ex: www.verisign.com)(Ex: www.verisign.com)

1111

Digital Digital Signatures(7Signatures(7))

1212

NormalizationNormalization Prevents Prevents

Data redundancy Data redundancy Data inconsistencyData inconsistency

6 levels of normalizations are shown in 6 levels of normalizations are shown in Table 1.Table 1.

Figure 5 is an example of this process.Figure 5 is an example of this process.

1313

Normalization(2)Normalization(2)

1414

Normalization(3)Normalization(3)

1515

Integration of digital signatures and Integration of digital signatures and Relational databasesRelational databases

Two Models of IntegrationTwo Models of Integration Separated model Separated model Integrated modelIntegrated model

Separated modelSeparated model Manually transfers the data from the signed Manually transfers the data from the signed

document into the relational database.document into the relational database. Stored electronically for later retrieval.Stored electronically for later retrieval.

This model is shown in Figure 6.This model is shown in Figure 6.

1616

Integration of digital signatures and Integration of digital signatures and Relational databases(2)Relational databases(2)

1717

Integration of digital signatures and Integration of digital signatures and Relational databases(3)Relational databases(3)

Integrated modelIntegrated model The signed document is decomposed into The signed document is decomposed into

elements and placed into the relational data elements and placed into the relational data structure including the digital signature and the structure including the digital signature and the certificate chain portions of the document.certificate chain portions of the document.

To verify the transaction at a later point in time, To verify the transaction at a later point in time, the entire document is retrieved from the the entire document is retrieved from the relational data structures and reassembled into relational data structures and reassembled into its original form.its original form.

This model is shown in Figure 7.This model is shown in Figure 7.

1818

Integration of digital signatures and Integration of digital signatures and Relational databases(4)Relational databases(4)

1919

Comparing separate and integrated Comparing separate and integrated storage of signed documentsstorage of signed documents

Separate ModelSeparate Model AdvantagesAdvantages

InexpensiveInexpensive LimitationsLimitations

Redundancy and Redundancy and breakdown in the breakdown in the integrity of the integrity of the system.system.

High error rates.High error rates.

Integrated ModelIntegrated Model AdvantagesAdvantages

Better performance Better performance and data integrityand data integrity..

LimitationsLimitations Relatively high cost Relatively high cost Difficulty in the Difficulty in the

integration processintegration process

2020

XML digital signatureXML digital signature XML digital signature specification.XML digital signature specification.

((http://www.w3.org/signature/http://www.w3.org/signature/).). Advances in XML digital signatures Advances in XML digital signatures

incorporates confidentiality, authenticity, incorporates confidentiality, authenticity, data integrity and non repudiation.data integrity and non repudiation.

The format for an XML digital Signature is The format for an XML digital Signature is shown in Figure 8.shown in Figure 8.

2121

XML digital signature(2)XML digital signature(2)

2222

Discussion & ConclusionDiscussion & Conclusion Separated model is a low-cost, but the Separated model is a low-cost, but the

integrated model - provides better integrated model - provides better performance and data integrityperformance and data integrity

Available products such as DBsign from Available products such as DBsign from Gradkell Systems, Inc (Gradkell Systems, Inc (www.gradkell.comwww.gradkell.com))

Challenges from an organizational standpoint Challenges from an organizational standpoint in creating level of trustin creating level of trust

Proper planning, tools and controls in place Proper planning, tools and controls in place integration is achievableintegration is achievable

2323

QUESTIONS QUESTIONS ??? ???