Main Presentation( Digital Signature Certificates)

8/9/2019 Main Presentation( Digital Signature Certificates)

1/26

PRESENTED BY :

* ANKUSH MARMAT

* ARJITA JAIN

* EESHA SINGH

* HARSHIT SHARMA


2/26

INTRODUCTION

Adigital signature ordigital signature scheme is a type ofasymmetric cryptography used to simulate the security properties ofahandwritten signature on paper. Digital signature schemes consist ofatleast three algorithms: a keygeneration algorithm, a signaturealgorithm, and a verification algorithm. A signature provides

authentication ofa "message". Messages may be anything, fromelectronic mail to a contract, or even a message sent in a morecomplicated cryptographic protocol.

Digital signatures are often used to implement electronic signatures, abroader term that refers to any electronic data that carries the intent ofa signature, but not all electronic signatures use digital signatures. In

some countries, including the United States, and in the EuropeanUnion, electronic signatures have legal significance. However, lawsconcerning electronic signatures do not always make clear theirapplicability towards cryptographic digital signatures, leaving theirlegal importance somewhat unspecified


3/26

What is a Digital Signature Certificate

( DSC) ?

Digital Signature Certificate is your PASSPORT on theInternet used to:

Identify yourself

Help the software application to authenticate you and:

Help you to secure your data

Give legal sanctity to the transaction


4/26


5/26

Physical Signature / Digital

SignaturePhysical Signature Digital Signature

Physical Signature is just a

writing on paper

Digital Signature encompasses

crucial parameters of identification

Physical Signature can be

copied

It is IMPOSSIBLE to copy a

Digital signature

Physical Signature does not

give privacy to content

Digital Signature also enables

encryption and thus privacy

Physical Signature cannot

protect the content

Digital Signature protects the

content


6/26

DIGITAL SIGNATURE CERTIFICATES

y SIGN IN

yVERIFICATIONy ENCRYPTION

y DECRYPTION


7/26

Types of digital certificates

y Identity Certificates

yAccreditation CertificatesyAuthorisation & Permission Certificates


8/26

Identity Certificates

An Identity Certificate is one that contains a signature

verification key combined with sufficient information toidentify (hopefully uniquely) the keyholder. This type ofcertificate is much subtler than might first be imaginedand will be considered in more detail later.


9/26

Accreditation Certificates

This is a certificate that identifies the keyholder as a memberofaspecified group ororganisationwithout necessarily identifying

them. For example, such a certificate couldindicate that thekeyholder is a medical doctoror a lawyer. In manycircumstances, aparticular signature is needed to authorise atransaction but the identityofthe keyholder is not relevant. Forexample, pharmacists might need to ensure thatmedicalprescriptions are signed by doctors but they do not needto know the specific identities ofthe doctors involved.

Here the certificate states in effect that the keyholder, whoeverthey are, has permission to write medical prescriptions.

Accreditation certificates can also be viewed as authorisation (orpermission) certificates.


10/26

Authorisation & Permission

Certificates

In these forms ofcertificate, the certificate signing authoritydelegates some form ofauthority to the key being signed. For

example, a bank will issue an authorization certificate to itscustomers saying that the key in this certificate can be used toauthorize the withdrawal ofmoneyfrom account number271828.In banking an identity certificate might be used to set up anaccount but the authorisation certificate for the account will notitselfcontain identity data. To identify the ownerofa certificate

a bank will typically look up the link between account numbersand owners in its internal databases. Placing such information inan authorisation certificate is actually undesirable since it couldexpose the bank or its customers to additional risks.


11/26

Implementation ofDigital

Signature Using RSAAlgorithm

The RSA algorithm can be used for both public keyencryption and digital signatures. Its security is based on

the difficultyoffactoring large integers.Digital Certificates are implemented as per the followingphases:

1. Key Generation Algorithm.

2. Encryption.3. Decryption.4. Digital Signing.5. Signature Verification.


12/26

Diagramatic Representation


13/26

Practical Example


14/26

An Overview of how DigitalSignature Works

Let us consider a person named Bob whose has beengiven two keys. One ofBob's keys is called a Public

Key, the other is called a Private Key.


15/26

Anyone can get bobs Public

key, but Bobs keeps his

pri ate key to himself

Bob

(Bob's public key)

(Bob's private key)

Bob's Co-workers:

B C


16/26

"Hey Bob, how

about lunch at Taco

Bell. I hear they

have free refills!"

HNFmsEm6Un

BejhhyCGKOK

JUxhiygSBCEiC

0QYIh/Hn3xgiK

BcyLK1UcYiY

lxx2lCFHDC/A

HNFmsEm6Un

BejhhyCGKOK

JUxhiygSBCEiC0QYIh/Hn3xgiK

BcyLK1UcYiY

lxx2lCFHDC/A

"Hey Bob, how

about lunch at

Taco Bell. I hear

they have free

refills!"


17/26

With his private key and the right software, Bob can put digital signatures on

documents and other data. A digital signature is a "stamp" Bob places on thedata which is unique to Bob, and is very difficult to forge. In addition, the

signature assures that any changes made to the data that has been signed can

not go undetected.


18/26

To sign a document, Bob's software will crunch down the data into just a few

lines by a process called "hashing". These few lines are called a message digest.(It is not possible to change a message digest back into the original data from

which it was created.)

Bobs Software then encrypts the message digest with his

private key. The result is the digital signature


19/26

Finally, Bob's software appends the digital signature to document. Allof the data that was hashed has been signed.


20/26

Bob now passes the document on to Pat.

First, Pat's software decrypts the signature (using Bob's public key) changing it

back into a message digest. If this worked, then it proves that Bob signed the

document, because only Bob has his private key. Pat's software then hashes the

document data into a message digest. If the message digest is the same as the

message digest created when the signature was decrypted, then Pat knows that

the signed data has not been changed.

Plot complication...

Doug (our disgruntled employee) wishes to deceive Pat. Doug makes sure that Pat

receives a signed message and a public key that appears to belong to Bob.

Unbeknownst to Pat, Doug deceitfully sent a key pair he created using Bob's name.

Short of receiving Bob's public key from him in person, how can Pat be sure that

Bob's public key is authentic?


21/26

Benefits of digital signatures

Below are some common reasons for applying a digital signature to

communications:

Authentication

Although messages may often include information about the entitysending a message, that information may not be accurate. Digital

signatures can be used to authenticate the source of messages. When

ownership of a digital signature secret key is bound to a specific user, a

valid signature shows that the message was sent by that user. The

importance of high confidence in sender authenticity is especially obvious

in a financial context. For example, suppose a bank's branch office sends

instructions to the central office requesting a change in the balance of an

account. If the central office is not convinced that such a message is truly

sent from an authorized source, acting on such a request could be a grave

mistake.


22/26

Integrity

In many scenarios, the sender and receiver of a message may have a need

for confidence that the message has not been altered during transmission.

Although encryption hides the contents of a message, it may be possible tochange an encrypted message without understanding it. (Some encryption

algorithms, known as nonmalleable ones, prevent this, but others do not.)

However, if a message is digitally signed, any change in the message will

invalidate the signature. Furthermore, there is no efficient way to modify a

message and its signature to produce a new message with a valid

signature, because this is still considered to be computationally infeasibleby most cryptographic hash functions (see collision resistance).


23/26

Drawbacks of digital signatures

Despite their usefulness, digital signatures alone do not solve the

following problems:

Association of digital signatures and trusted time stamping

Digital signature algorithms and protocols do not inherently provide

certainty about the date and time at which the underlying document was

signed. The signer might have included a time stamp with the signature, or

the document itself might have a date mentioned on it. Regardless of the

document's contents, a reader cannot be certain the signer did not, forexample, backdate the date or time of the signature. Such misuse can be

made impracticable by using trusted time stamping in addition to digital

signatures.


24/26

Non-repudiation

In a cryptographic context, the word repudiation refers to any act ofdisclaiming responsibility for a message. A message's recipient may insist the

sender attach a signature in order to make later repudiation more difficult, since

the recipient can show the signed message to a third party (e.g., a court) to

reinforce a claim as to its signatories and integrity. However, loss of control over

a user's private key will mean that all digital signatures using that key, and so

ostensibly 'from' that user, are suspect. Nonetheless, a user cannot repudiate asigned message without repudiating their signature key. This is aggravated by

the fact there is no trusted time stamp, so new documents (after the key

compromise) cannot be separated from old ones, further complicating signature

key invalidation. Certificate authorities usually maintain a public repository of

public keys so the associated private key is certified and signatures cannot be

repudiated. Expired certificates are normally removed from the repository. It is a

matter for the security policy and the responsibility of the authority to keep old

certificates for a period of time if non-repudiation of data service is provided.


25/26

CONCLUSION

Adigitalsignature, is the result of encrypting some digital information

with a private key. Thus, a digital signature contains the information it is

attesting to (in encrypted form) and will be different for each different set

of information.

Within the field of public key cryptography encrypting information with a

private key is known as signing for one reason only; because use of the

private key to encrypt the information, rather than the public key,

facilitates the authentication of that information (as handwritten

signatures do), rather than the establishment of confidentiality (as

encrypting it with the recipient's public key would do).


26/26

Thank you

Date post:	30-May-2018
Category:	Documents
Upload:	eeshasingh
View:	213 times
Download:	0 times

Main Presentation( Digital Signature Certificates)

Documents