Scribd
Upload
74 views21 pages

Information Security: Digital Signature

Digital signatures are cryptographic techniques that ensure the authenticity, integrity, and origin of digital data, functioning as electronic equivalents of handwritten signatures. They utilize public key cryptography, hashing functions, and digital certificates to verify identities and protect against tampering. The document also discusses the applications, types of attacks, and challenges associated with digital signatures.

Uploaded by

blalnader1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
74 views21 pages

Information Security: Digital Signature

Digital signatures are cryptographic techniques that ensure the authenticity, integrity, and origin of digital data, functioning as electronic equivalents of handwritten signatures. They utilize public key cryptography, hashing functions, and digital certificates to verify identities and protect against tampering. The document also discusses the applications, types of attacks, and challenges associated with digital signatures.

Uploaded by

blalnader1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Digital Signature

INFORMATION SECURITY Dr .Farid Ali


1- Symmetric & Asymmetric cryptography

Table of 2-Digital signature definition


contents
3- Key of features of digital signature

4- Basic requirements of digital signature

5- How digital signature works

6- digital signature applications

7- Types of digital signature attacks

8- Digital signature challenges


DIGITAL SIGNATURE

• Digital signatures are electronic equivalents of


handwritten signatures or stamped seals, offering
higher security by using mathematical algorithms to
confirm the sender's identity and the integrity of the
message.
• Is a cryptographic technique used to verify the
authenticity, integrity, and origin of digital data or
messages. It acts as a virtual fingerprint, ensuring that
the message or document has not been altered during
transmission and confirming the sender's identity.
1- Authentication

Key features of
digital
signature 2- Integrity

3-Non-Repudiation
1- Authentication
• The process of verifying the identity of a user or sender, ensuring

Key that the source of the message is legitimate.

features of 2- Integrity
• Ensures that the message remains unaltered during transmission
and is accurate, protecting it from unauthorized modifications..
digital
signature
3- Non-Repudiation
• Guarantees that a sender cannot deny the authenticity of their
signature on a document or message, providing proof of origin
and commitment.
Public key cryptography

Basic Hashing Function


requirements
in digital Certificate authority

signature
Digital certificate

Digital signature algorithms


Public key cryptography in digital signature:

• Is also known as asymmetric cryptography


• Each individual generates his own key pair, private and public keys.
• Private key :
– Only known by the owner/sender
– Used to create the digital signature
• Public key :
– It is known to everyone.
– Used to verify the digital signature.
Public key cryptography in digital signature:

Note :
In a cryptosystem (asymmetric encryption), the sender uses the receiver's public key to
encrypt the message. The receiver uses their private key to decrypt the message. This
ensures that only the intended recipient can read the message, providing confidentiality.

Note :
In a digital signature, the sender uses their private key to sign the message. The receiver uses
the sender's public key to verify the signature. This ensures authentication and integrity of the
message.
Hashing function in digital signature:

• A hashing function is a cryptographic algorithm that takes an input (such as a message or


document) and produces a fixed-length string of characters, called a hash or message digest.
This hash uniquely represents the data, ensuring its integrity. In the context of digital
signatures:
• Purpose: The hashing function is used to create a unique, fixed-length representation of the
original message. This ensures that even a small change in the message results in a completely
different hash value.
• Common Hashing Algorithms : (SHA-256 - SHA-3)
Digital certificate & Certificate authority
• Digital Certificate:
– Digital Identity that establishes your credentials when doing business or other transactions on the Web
– Issued by a Certifying Authority (CA)
– Contains your name, serial number, expiration dates, public key, signature of CA.

• Certificate Authority:
– Trusted Third Party.
– An organization which issues public key certificates.
– Assures the identity of the parties to whom it issues certificates.
– Maintains online access to the public key certificates issued.
Digital signature algorithms in digital signature

• A digital signature algorithms are cryptographic methods used to generate and verify the
digital signature.
Common algorithms include:
1. RSA (Rivest-Shamir-Adleman)
2. DSA (Digital Signature Algorithm)
3. ECDSA (Elliptic Curve Digital Signature Algorithm)
How digital signature works

• The use of digital signatures usually involves three processes, two performed by the sender
and the other by the receiver of the digital signature :
– Key Generation :
• A key pair (private key and public key) is generated.
– Digital Signature Creation :
• The process is performed by the sender of the message.
– Digital Signature Verification :
• The process is performed by the receiver of the message.
Key generation in digital signature
1- Select Cryptographic Algorithm:
• Choose an algorithm (e.g., RSA, DSA, ECDSA).

2- Generate Private Key:


• A random number is generated to create the private key.
• Kept secret by the owner.

3- Generate Private Key :


• The public key is mathematically derived from the private key
• Shared publicly for others to verify signatures
SENDER’S SIDE: DIGITAL SIGNATURE CREATION
1- Hash the Message:
The sender applies a hash function (e.g., SHA-256) to the original message, generating a unique
message digest.

2- Encrypt the Hash with the Sender's Private Key:


The sender encrypts the hash with their private key to create the digital signature.

3- Send the Message and Digital Signature:


The sender sends the original message along with the digital signature to the receiver.
RECEIVER’S SIDE: DIGITAL SIGNATURE VERIFICATION
1- Hash the Received Message:
The receiver applies the same hash function (e.g., SHA-256) to the received message to generate their
own message digest.

2- Decrypt the Digital Signature with the Sender's Public Key:


The receiver uses the sender’s public key to decrypt the digital signature , revealing the original
message digest created by the sender.

3- Compare the Hashes:


The receiver compares the newly generated hash with the decrypted hash.
- If they match, the message is authentic and intact.

-If they don't match, the message has been tampered with or the signature is invalid.
How digital
signature
works
signer verifier

How digital
signature
works
1- Data Storage
Applications 2- Electronic Funds Transfer

of digital
3- Software Distribution
4- Smart Cards

signature 5- Blind Signatures


6- Time Stamped Signature
7- Electronic Mail
1- Chosen-Message Attack
•Generic: The attacker (C) tricks the victim (A) into signing
unintended messages without needing A’s public key.

Types of •Direct: The attacker (C) uses A’s public key to replace

digital
original messages with altered ones while keeping A’s
signature unchanged.

signature 2- Known-Message Attack


•The attacker (C) uses previous signed messages and their

attacks signatures to analyze and forge A’s signature on new


documents, often using brute-force techniques.

3- Key-Only Attack
•The attacker (C) exploits the publicly available key of A to
recreate A’s signature and sign unauthorized messages,
compromising message authentication and non-repudiation.
1-Technology Dependency
• Vulnerable to cybercrimes like hacking; requires robust
systems with regular security updates.
Challenges
of digital
2-Complexity
• Difficult to set up and use, especially for non-technical

signatures
users and senior citizens, leading to potential errors.

3-Limited Acceptance
• Adoption is slow in developing countries like India due to
limited technological access.

You might also like