Date post: | 30-May-2018 |
Category: |
Documents |
Upload: | eeshasingh |
View: | 213 times |
Download: | 0 times |
of 26
8/9/2019 Main Presentation( Digital Signature Certificates)
1/26
PRESENTED BY :
* ANKUSH MARMAT
* ARJITA JAIN
* EESHA SINGH
* HARSHIT SHARMA
8/9/2019 Main Presentation( Digital Signature Certificates)
2/26
INTRODUCTION
Adigital signature ordigital signature scheme is a type ofasymmetric cryptography used to simulate the security properties ofahandwritten signature on paper. Digital signature schemes consist ofatleast three algorithms: a keygeneration algorithm, a signaturealgorithm, and a verification algorithm. A signature provides
authentication ofa "message". Messages may be anything, fromelectronic mail to a contract, or even a message sent in a morecomplicated cryptographic protocol.
Digital signatures are often used to implement electronic signatures, abroader term that refers to any electronic data that carries the intent ofa signature, but not all electronic signatures use digital signatures. In
some countries, including the United States, and in the EuropeanUnion, electronic signatures have legal significance. However, lawsconcerning electronic signatures do not always make clear theirapplicability towards cryptographic digital signatures, leaving theirlegal importance somewhat unspecified
8/9/2019 Main Presentation( Digital Signature Certificates)
3/26
What is a Digital Signature Certificate
( DSC) ?
Digital Signature Certificate is your PASSPORT on theInternet used to:
Identify yourself
Help the software application to authenticate you and:
Help you to secure your data
Give legal sanctity to the transaction
8/9/2019 Main Presentation( Digital Signature Certificates)
4/26
8/9/2019 Main Presentation( Digital Signature Certificates)
5/26
Physical Signature / Digital
SignaturePhysical Signature Digital Signature
Physical Signature is just a
writing on paper
Digital Signature encompasses
crucial parameters of identification
Physical Signature can be
copied
It is IMPOSSIBLE to copy a
Digital signature
Physical Signature does not
give privacy to content
Digital Signature also enables
encryption and thus privacy
Physical Signature cannot
protect the content
Digital Signature protects the
content
8/9/2019 Main Presentation( Digital Signature Certificates)
6/26
DIGITAL SIGNATURE CERTIFICATES
y SIGN IN
yVERIFICATIONy ENCRYPTION
y DECRYPTION
8/9/2019 Main Presentation( Digital Signature Certificates)
7/26
Types of digital certificates
y Identity Certificates
yAccreditation CertificatesyAuthorisation & Permission Certificates
8/9/2019 Main Presentation( Digital Signature Certificates)
8/26
Identity Certificates
An Identity Certificate is one that contains a signature
verification key combined with sufficient information toidentify (hopefully uniquely) the keyholder. This type ofcertificate is much subtler than might first be imaginedand will be considered in more detail later.
8/9/2019 Main Presentation( Digital Signature Certificates)
9/26
Accreditation Certificates
This is a certificate that identifies the keyholder as a memberofaspecified group ororganisationwithout necessarily identifying
them. For example, such a certificate couldindicate that thekeyholder is a medical doctoror a lawyer. In manycircumstances, aparticular signature is needed to authorise atransaction but the identityofthe keyholder is not relevant. Forexample, pharmacists might need to ensure thatmedicalprescriptions are signed by doctors but they do not needto know the specific identities ofthe doctors involved.
Here the certificate states in effect that the keyholder, whoeverthey are, has permission to write medical prescriptions.
Accreditation certificates can also be viewed as authorisation (orpermission) certificates.
8/9/2019 Main Presentation( Digital Signature Certificates)
10/26
Authorisation & Permission
Certificates
In these forms ofcertificate, the certificate signing authoritydelegates some form ofauthority to the key being signed. For
example, a bank will issue an authorization certificate to itscustomers saying that the key in this certificate can be used toauthorize the withdrawal ofmoneyfrom account number271828.In banking an identity certificate might be used to set up anaccount but the authorisation certificate for the account will notitselfcontain identity data. To identify the ownerofa certificate
a bank will typically look up the link between account numbersand owners in its internal databases. Placing such information inan authorisation certificate is actually undesirable since it couldexpose the bank or its customers to additional risks.
8/9/2019 Main Presentation( Digital Signature Certificates)
11/26
Implementation ofDigital
Signature Using RSAAlgorithm
The RSA algorithm can be used for both public keyencryption and digital signatures. Its security is based on
the difficultyoffactoring large integers.Digital Certificates are implemented as per the followingphases:
1. Key Generation Algorithm.
2. Encryption.3. Decryption.4. Digital Signing.5. Signature Verification.
8/9/2019 Main Presentation( Digital Signature Certificates)
12/26
Diagramatic Representation
8/9/2019 Main Presentation( Digital Signature Certificates)
13/26
Practical Example
8/9/2019 Main Presentation( Digital Signature Certificates)
14/26
An Overview of how DigitalSignature Works
Let us consider a person named Bob whose has beengiven two keys. One ofBob's keys is called a Public
Key, the other is called a Private Key.
8/9/2019 Main Presentation( Digital Signature Certificates)
15/26
Anyone can get bobs Public
key, but Bobs keeps his
pri ate key to himself
Bob
(Bob's public key)
(Bob's private key)
Bob's Co-workers:
B C
8/9/2019 Main Presentation( Digital Signature Certificates)
16/26
"Hey Bob, how
about lunch at Taco
Bell. I hear they
have free refills!"
HNFmsEm6Un
BejhhyCGKOK
JUxhiygSBCEiC
0QYIh/Hn3xgiK
BcyLK1UcYiY
lxx2lCFHDC/A
HNFmsEm6Un
BejhhyCGKOK
JUxhiygSBCEiC0QYIh/Hn3xgiK
BcyLK1UcYiY
lxx2lCFHDC/A
"Hey Bob, how
about lunch at
Taco Bell. I hear
they have free
refills!"
8/9/2019 Main Presentation( Digital Signature Certificates)
17/26
With his private key and the right software, Bob can put digital signatures on
documents and other data. A digital signature is a "stamp" Bob places on thedata which is unique to Bob, and is very difficult to forge. In addition, the
signature assures that any changes made to the data that has been signed can
not go undetected.
8/9/2019 Main Presentation( Digital Signature Certificates)
18/26
To sign a document, Bob's software will crunch down the data into just a few
lines by a process called "hashing". These few lines are called a message digest.(It is not possible to change a message digest back into the original data from
which it was created.)
Bobs Software then encrypts the message digest with his
private key. The result is the digital signature
8/9/2019 Main Presentation( Digital Signature Certificates)
19/26
Finally, Bob's software appends the digital signature to document. Allof the data that was hashed has been signed.
8/9/2019 Main Presentation( Digital Signature Certificates)
20/26
Bob now passes the document on to Pat.
First, Pat's software decrypts the signature (using Bob's public key) changing it
back into a message digest. If this worked, then it proves that Bob signed the
document, because only Bob has his private key. Pat's software then hashes the
document data into a message digest. If the message digest is the same as the
message digest created when the signature was decrypted, then Pat knows that
the signed data has not been changed.
Plot complication...
Doug (our disgruntled employee) wishes to deceive Pat. Doug makes sure that Pat
receives a signed message and a public key that appears to belong to Bob.
Unbeknownst to Pat, Doug deceitfully sent a key pair he created using Bob's name.
Short of receiving Bob's public key from him in person, how can Pat be sure that
Bob's public key is authentic?
8/9/2019 Main Presentation( Digital Signature Certificates)
21/26
Benefits of digital signatures
Below are some common reasons for applying a digital signature to
communications:
Authentication
Although messages may often include information about the entitysending a message, that information may not be accurate. Digital
signatures can be used to authenticate the source of messages. When
ownership of a digital signature secret key is bound to a specific user, a
valid signature shows that the message was sent by that user. The
importance of high confidence in sender authenticity is especially obvious
in a financial context. For example, suppose a bank's branch office sends
instructions to the central office requesting a change in the balance of an
account. If the central office is not convinced that such a message is truly
sent from an authorized source, acting on such a request could be a grave
mistake.
8/9/2019 Main Presentation( Digital Signature Certificates)
22/26
Integrity
In many scenarios, the sender and receiver of a message may have a need
for confidence that the message has not been altered during transmission.
Although encryption hides the contents of a message, it may be possible tochange an encrypted message without understanding it. (Some encryption
algorithms, known as nonmalleable ones, prevent this, but others do not.)
However, if a message is digitally signed, any change in the message will
invalidate the signature. Furthermore, there is no efficient way to modify a
message and its signature to produce a new message with a valid
signature, because this is still considered to be computationally infeasibleby most cryptographic hash functions (see collision resistance).
8/9/2019 Main Presentation( Digital Signature Certificates)
23/26
Drawbacks of digital signatures
Despite their usefulness, digital signatures alone do not solve the
following problems:
Association of digital signatures and trusted time stamping
Digital signature algorithms and protocols do not inherently provide
certainty about the date and time at which the underlying document was
signed. The signer might have included a time stamp with the signature, or
the document itself might have a date mentioned on it. Regardless of the
document's contents, a reader cannot be certain the signer did not, forexample, backdate the date or time of the signature. Such misuse can be
made impracticable by using trusted time stamping in addition to digital
signatures.
8/9/2019 Main Presentation( Digital Signature Certificates)
24/26
Non-repudiation
In a cryptographic context, the word repudiation refers to any act ofdisclaiming responsibility for a message. A message's recipient may insist the
sender attach a signature in order to make later repudiation more difficult, since
the recipient can show the signed message to a third party (e.g., a court) to
reinforce a claim as to its signatories and integrity. However, loss of control over
a user's private key will mean that all digital signatures using that key, and so
ostensibly 'from' that user, are suspect. Nonetheless, a user cannot repudiate asigned message without repudiating their signature key. This is aggravated by
the fact there is no trusted time stamp, so new documents (after the key
compromise) cannot be separated from old ones, further complicating signature
key invalidation. Certificate authorities usually maintain a public repository of
public keys so the associated private key is certified and signatures cannot be
repudiated. Expired certificates are normally removed from the repository. It is a
matter for the security policy and the responsibility of the authority to keep old
certificates for a period of time if non-repudiation of data service is provided.
8/9/2019 Main Presentation( Digital Signature Certificates)
25/26
CONCLUSION
Adigitalsignature, is the result of encrypting some digital information
with a private key. Thus, a digital signature contains the information it is
attesting to (in encrypted form) and will be different for each different set
of information.
Within the field of public key cryptography encrypting information with a
private key is known as signing for one reason only; because use of the
private key to encrypt the information, rather than the public key,
facilitates the authentication of that information (as handwritten
signatures do), rather than the establishment of confidentiality (as
encrypting it with the recipient's public key would do).
8/9/2019 Main Presentation( Digital Signature Certificates)
26/26
Thank you