Authentication of electronic dealings
One of the most important issues in granting legal
recognition to electronic record or facilitating electronic
transactions the issue of authentication of electronic
record and transactions.
Authentication: whatis.com [searchSecurity, 2003a]
Defined as the process of determining whether someone
or something is in fact, who or what it is declared to be.
In private and public computer networks (including the
Internet), it is commonly done through the use of logon
Making sure “I am who I say I am”
Authentication factors are conditions, properties or
parameters that can be independently tested to confirm a
According to [Zwicky E, et al, 2000]:
Something you have
Something you know
�� Account number
Something you are:
�� Scans (iris, retina, face).
Authenticating oral agreements:
At first parties used to conduct oral agreements, and the
authenticity of such agreements was the between parties
The authentication process was through involved parties
when the met in course of their agreement and each one
recognize the other
The main difficulties of this method were:
Each party has no chance to transfer his interest to other
No way for independent party to verify what the parties
had agreed to except rely on the word of the parties
This mean in case of dispute between parties, oral
agreements has it obvious limitations.
Authenticating Written Agreements:
The relatively permanent nature of written word allowed
independent third party to examine the agreement and
make a judgement in respect to what is embodied.
This progress drags attention to two main issues.
First the authentication of parties of agreement,
Second authentication of the content of the agreement.
1-Regarding parties authentication:
This is done through signatures, there are three
important types of situation under which a handwritten
signature may take place:
The first type:
Is a situation where a specimen signature is carried by a
person on an authenticated document, it is then verified
by making the person signing in the presence of a verifier
who is going to compare it with the specimen.
Examples of this type are signing credit or debit card
charge slip, countersigning a traveller cheque and singing
and immigration form that gas to be presented along with
Verifications of this type are carried out by persons with
minimal training in signature verification, and rely upon
authenticity of the specimen signature.
No special security measure is used here other than
ability of human to decide if the two signatures belong to
the same person.
The second type:
Is the situation when the signed document is presented
and the signer is not present i.e. cheque, and here the
bank make sure if the supposed signer affix his signature
or not by comparing with specimen signature.
This type of verification requires more skill and training
since the singer has not affix his signature in presence of
the verifier, and there is situation where there is so slight
difference between signatures that could hardly be
The third type:
Is the situation where the supposed singer denies having
a affix his signature which is called repudiation.
To avoid or eliminate this situation the principal singer is
asked to sign in presence of a witness who is asked to
add his signature too.
Later if the principal singer repudiates his signature
(dispute) a service of handwritten experts may be
2-Regarding integrity of the singed document
This problem is different than signatures authenticity and
should be dealt with independently.
There are three major in preparation of an authenticated
The First is the production of the paper itself.
The Second is the printing of standard parts.
The Third is completion where various parties will print or
write cretin things and finally sign
Consider the example of a cheque, the paper is produced,
the cheque format is printed and finally someone fills out
the payee name, amount and other particular and then
signs. (in currency notes, stage 3 is absent).
Firstly the production of the paper:
Here certain measurements should be taken to make it
hard to others to duplicate.
Some of these are:
A-the paper may has certain chemical composition and
physical properties that can be verified in laboratories.
B-Inclusion of a watermark which an image created in the
paper itself. The verification in this case can be done by
ordinary people without any special equipment.
Secondly printing standard parts of a paper:
To prevent an unauthorized duplication some measures
exist such as:
A-Use of complex and intricate patterns
B-Deliberate introduction of small errors at various places
in the pattern.
C-Special printing effects like the use of holographic
D-Coating that will produce a colour if an attempt is made
for alteration, or ink that will run on contact with wide
Varity of solvents.
In order to duplicate such printing access to sophisticated
printing technology is required,
However, with developments in computer technology
duplication of simpler documents became within reach of
individuals, but complexity one (currency) still requires
Thirdly: document completion:
In this stage something is written or printed onto a
document, before it is finally signed.
Although the document may have been specially printed
on special paper, completion usually done using very
commonly used technology, like ordinary pens or
Insertion in empty spaces, the deletion of information and
replacing it with other information are expected risks.
Measures in these cases may be:
A-Make sure that empty space is struck off
B-using of writing or printing techniques that are hard to
erase or alter without being evident.
C-In general document should be formatted in such a way
that insertions are spotted easily.
laser printer technology is involve melting of a fine plastic
powder which is then fused to the paper, if the
temperature is not correct, it is relatively easy to remove
printing with sharp knife or by freezing techniques, then
replace the blank space by something else.
Authenticating Electronic Dealings:
It can be defined as: data in electronic form, which can
be used to identify the signature holder with respect to
the electronic record to which it is related, and serve to
signify approval of that electronic record.
Types of electronic signatures:
1-PIN and Password system:
It one of the earliest methodologies for individual signing
each use unique PIN or password.
This PIN or PW must be kept confidential and presented
when access is required to a service.
This type is not suitable for document authentication
because if it is affixed to a document it becomes known to
everybody and there will be no guarantee that it was affix
by authorized person.
It is suitable as an electronic signature only in the
circumstances where it is to be communicated to a trusted
verifier who will keep it confidential and grant access to
some service carry out some transaction based upon this
The typical use is then is authentication of human to a
machine, examples are the use of PIN to access an ATM
and the use of password to access a computer system.
Some times it is used by human verifier the use of credit
card number given over the phone, this method requires
that the verifier be trusted and the communication take
place over a secure channel. (other examples).
The disadvantages of PIN and PW systems:
Passwords Are Broken
“Passwords are the weakest of weakest links” – Bill Gates
• They can be guessed or “cracked”
– 3.8% of MySpace users’ passwords are single dictionary
–8% are single dictionary word+ the number“1”
–23% could be cracked in 30 minutes
• They are written down by users
• People use the same one everywhere
• They are never changed
• They can be phished
• People will give them up for a bar of chocolate!
• Users are the weakest link
–They are responsible for most (PW) problems
–You cannot expect them to follow instructions
–If it is possible for them to get it wrong, some definitely
–If they don’t like it, they will find a way round it
•Most authentication technology developed for enterprise,
users were not a primary consideration
To accesses or use the system it doesn’t matter who uses
the PIN or PW it is only should be correct.
2-Handwritten signature Image:
In this case holder handwritten signature is converted into
an image and is actually affixed to the document in
The process of taking the image from a protected
database and putting it onto the document is activated by
This system create document that will be verified by other
humans and can not be considered to have very good
The easy by which electronic data can be copied makes
this method as good as making a rubber stamp and using
it as a signature.
This type requires the use of a symmetric key crypto
system, where communicating parties must agree on a
A value called checksum is computed from the document,
this could be for example the number of vowels in the
This value is then encrypted using the key which known
only to receiver in addition to sender. Then the encrypted
document and checksum will be send to the receiver.
The receiver will restore the document using the key and
calculate a checksum for it using the same format of the
Then the receiver will decrypt the checksum he received
from the sender and compare it with one which computed
by him from the original document.
If the two (values) are identical the receiver will assume
that the document is authentic.
However, since two parties could have computed the
signature, therefore it is difficult to resolve a dispute
between them involving a valid signature, as either of
them could have affixed it.
It is a way of authentication in which a measurable
biological characteristic is captured and stored.
The process of signing consists of presenting a sample
which is then compared with stored specimen.
When the captured sample is compared against a single
reference template for a specific individual, the process is
Where the captured sample is matched against a number
of reference templates I a database in order to find an
appropriate match, the process is called identification.
Bio technology can be broadly categorized as
physiological or behavioral, at the current stage of
technological development the physiological technologies
are more reliable than behavioral ones
Key strokes dynamics
Finger print recognition
Finger geometry recognition
Hand geometry recognition
Retinal pattern recognition.
Face recognition by facial geometry
Face recognition by facial thermo grams
Palm pattern recognition.
Vein pattern recognition
Body odour recognition
The best situation for use of biometric is where a live
sample is captured and authentication takes place
against this captured sample.
The identity card can contain stored sample and individual
holding such a card can prove his identity by offering live
sample captured through (finger scanner) matched with
the sample stored on the card. This type of use has a very
However a sample that has been attached to a document,
say an electronic cheque, and sent by email is vulnerable
since it could be captured and reuse.
So when there is situation that requires comparison
between two stored samples, the process is vulnerable
and need additional security for example ensuring that the
biometric samples are encrypted and only matched by
Errors in Biometric Systems:
The first type of error is called the False Acceptance Error
(FAE), in this case an imposter is accepted. Probability of
this error called False Acceptance Rate (FAR).
The second type of error is called the False Rejection
Error (FRE), in this case a legitimate user is rejected.
Probability of this error called False Rejection Rate (FRR).
Most of the devices can be configured in a way that false
rejection can be traded-off against false acceptance.
This mean s that reducing one type of error will increase
the other type of error and vice versa.
On account of the inherent tradeoff between false
acceptance and false rejection, neither the FAR nor the
FRR is a good measure of the reliability of a biometric
technology on its own
A better method is to the cross rate, this is the point at
which the FAR is equal to the FRR
The lowest crossover rates are reported for retinal and iris
scan devices in the range of (1 in 100,000) next finger
scan devices(1 in 1000), the least accurate are signature
dynamics and voice recognition(1in 50).
Biometric technology are not always operated at their
cross points, there may be a situation where a biometric is
being operated in such a way that the FAR is very low, but
FRR may be very high
In applications where a privilege is being grunted by the
use of biometric device, it is desirable to operate at a very
For example, as far as a customer is concerned, if a bank
is offering ATM access via biometric device then the
possibility of false acceptance should be very low.
Here it is undesirable to have an imposter accepted; if
some legitimate user is rejected he can approach a bank
employee for assistance.
On the other hand if a right is being granted through the
use of a biometric device, then false rejection should be
Thus if a biometric device is used to decide whether a
person can vote or not then it is undesirable to have high
Types of Biometric Authentication:
A-Finger print I identification:
Finger print comparison is a very old technique(1800),it
contain individual unique characteristic called minutiae,
study of U.S Federal Bureau of Investigation (FBI) show
that no two individuals have more than 8 minutiae in
common. Courts have allowed testimony based on 12
A U.S study (1970) concludes that fingerprint recognition
had the greatest potential to produce the highest accuracy
level for identification purpose. In the light of current
knowledge this perhaps not true any longer.
This technology is quite mature and reliable now, a typical
system today capture about 40 minutiae. Device suitable
for verification are less cost (700 to 600$) than those for
B- Iris recognition:
This technology based on comparing a stored template of
the iris (coloured part of the eye) with a freshly taken
video picture of the iris.
Irides (plural of iris) are extremely featuring rich and
contain about 250 Minutiae each; a typical system will
take about 80 minutiae.
The technology works by making the user look at a video
camera from about 18 inches, which will take a short
video clip of the iris and match it with stored template.
The video camera functions with normal light and no laser
is required. Devices price (1000 to 4000 $)
Apart from being more feature rich than a finger print and
consequently more accurate, it can not be as easy
captured as fingerprint.
While it is easy to take impression of the finger of a
person, sometimes even without that person knowledge, it
is not easy to take a video clip of person's iris at a close
range without that person's knowledge. This gives the iris
scan added security.
Iris technology is accurate enough to be used in
identification mode although it can be used in verification
mode if required.
C-Face (Facial) recognition:
Although this type is the most natural one, automatic
system are not yet mature enough to produce the type of
accuracy needed for a practical system.
Faces are Different than passwords
•The brain uses a dedicated process to “learn” and
•The brain recognizes, not recalls, faces.
•This most powerful form of memory is unique to human
faces and does not apply to other images.
•Face recognition is a universal skill– independent of age,
language or education.
There are two types of Facial systems:
First type based on facial geometry, it work by measuring
specific facial features like the distance between the
inside corners of eyes, or distance between the outside
corners of eyes and other such parameters.
The second type called face recognition by facial thermo
gram, it works by recognizing the temperature patterns of
an individual face.
D-Hand Geometry systems:
This type works by measuring parameters like length of
fingers, width of fingers etc.
Hand geometry does not produce a large data set.
Therefore it is best to with small populations.
E-Retinal Scan Technology:
It is based upon recognising the pattern of blood vessel on
the retina. This a very accurate method but suffers from
some important drawbacks such as:
I. The method is personally invasive, as it involves shining
laser onto the retina through the pupil.
II. A retinal scan reveals a great deal about the state of
health of an individual.
III. The retinal scan is susceptible to change due to
disease such as cataract.
Iris recognition technology does not suffer from these
F- Signature Dynamic:
It is a technique that is based on the dynamic of making
signature rather than a direct compression of a written
signature with a stored one.
Factors measured are a acceleration rate, directions,
pressure, stroke length etc.
The problem with this system are that current technology
cannot accurately measure the parameters that constitute
the dynamic of signature,
Also a person does not always make a signature in fixed
manner, so allowance has to be made for a range of
This method consists of comparing sample of individual
voice with stored temples to find a match.
The live voice captured and then compared with recorded
A drawback of this system individual live voice may
affected by diseases
Advantages of Biometric System:
Higher Security – than passwords
2. Usability – no complex pass codes or procedures
3. Non-Intrusive – users are adverse to change and
reluctant to do more
4. Visibility–users want to see that companies are
5. Mobility–users log on using different PCs in different
6. Consistency–of user experience
7. Reliability – no false rejection, no system errors, no
8. Bidirectional – verify the User to the Site AND the Site
to the User
9. Flexibility – for varying risk levels and customer choice
10.Easy Integration – with current systems and
11.Low Cost – Procurement, deployment and ongoing
It a type of electronic signature that have some very
desirable properties. (legally)
It is normally based on asymmetric crypto systems, when
the recipient receive digitally signed message, it possible
for him to directly verify the digital signature using the
senders public key.
This is unlike the digital signature in the case of symmetric
encryption, where it should involve trusted third party to
Digital Signature based upon Asymmetric Crypto System
by A by A
Digital Signature based upon Symmetric Crypto System
Messa Messa Messa
ge ge ge
Signed Signed Signed
by A by A by A
This system depends on what is known as hash function
which is a procedure by which value is calculated on the
electronic record to which it is applied.
For example the number of times the letter (a) appears in
In the figure below value of the hash function is (5)
A sample Document
This is an example to illustrate
the concept of a hash function
A hash function must be easy to compute and must be
If a document is sent along with its hash function, then if
the document is modified, the hash value sent may not
tally with the hash value calculated from the modified
document, and this is how digital signature implemented.
In asymmetric crypto systems there is a type RSA where
anything that is encrypted with a public key of an
individual can only be decrypted by that individual's
Also any thing that is encrypted using the private key of an
individual can only be decrypted with the public key
corresponding to that individual.
To affix a digital signature to an electronic record we must
first compute the hash value for that record, then the hash
value should be encrypted with the private key of the
signer. The encrypted hash function is called the
In order to verify a signature that is claimed to have been
affixed by some person, the signature can be decrypted
using the public key corresponding to that person.
If the signature really belongs to that person, then the
signature will get decrypted to yield the hash value of the
This decrypted hash value can be compared with the hash
value computed directly from the record.
If these values match the record must have been singed
by the claimed singer, and the record could not have been
altered since the record was signed.
If the two values are not equal, then either the record was
not signed by the claimed signer, or the record has been
altered since it was signed or both.
Signing an Electronic Record
c Hash Hash
Record Function Value
Verifying a Signed Electronic Record
Record Hash Computed
As explained earlier a hash function is a procedure by
which any record can be converted into a fixed size value.
In order to be useful a hash function must depend upon all
the information in the record.
In this case changing even the smallest unit of information
in the record should produce a change in the computed
Consider a hash value as the number of times that the
letter (a) appears in a document which is not good hash
If we have the two following messages:
“you are not authorized to proceed on leave” And
“you are authorized to proceed on leave”
If we use the simple hash function and count the number
of times that the letter (a) occurs in these messages then
we will find that the hash value of both messages is 3
If a person digitally signed the first of these messages
based on the simple hash function, then this signature
would be verified as valid even with the second message,
and this will result in a problem.
There are numbers of function available which have the
properties that are desirable for a hash function; some of
these are MD5, SHA, and RipeMD 160.
The U.S National Institute for Standards and Technology
(NIST) has developed a standard for digital signature
called Digital Signature Standard (DSS), which specifies
that SHA is to be used as the hash function.
SHA takes an electronic document of any size and
produces a hash value that is 160 bits long, this size can
be represented by a decimal number having about 50
The RipeMD 160 has functions produces a value that is
160 bits long and MD5 produces a value that is 128 bits
The design of hash function in these cases is such that
the probability of two records having the same hash value
is extremely small, SHA and RipeMD 160 are considered
secure where as some concerns have been expressed
about the security of MD5
Digital signature Based on RSA:
RSA crypto system has a very desirable property, since in
addition to that public key can be used for encryption, the
private key can also be used for encryption.
So anything that encrypted using the private key, can only
be decrypted using the corresponding public key. This
enable applying digital signature using RSA directly
Hash value could be encrypted using the signer's private
key, and constitutes the singer's signature, any person
can decrypt this using the singer's public key to verify the
Digital signature Based on ElGamal
AlGamal crypto system allows encryption to be done only
using public key not private key.
Therefore digital signature in this case can not be used
directly, therefore special method different from encryption
The hash value computed using any hash function, using
this hash value another value is computed using the
private key, this value is the signature and is send along
with signed information.
The method is designed so that it is possible for the
verifier to do another calculation on the information, using
the same hash function and the public key.
As mentioned NIST issued DSS, this system revised and
a new digital signature technique proposed which is called
Digital Signature Algorithm (DSA).This is a variation of
ElGamal digital signature method.
the DSS specifies that the hash function to be used is
SHA, and DSA can only be used for digital signature and
not for encryption.
This mean when using RSA crypto system the SHA
function used with public key of the recipient to encrypt
the information, and it is used with the private key of the
sender (signer) to produce signature.
While in the case of ElGamal crypto system the SHA used
with public key of the recipient for encryption of the
information, but for producing signature DSA is used with
private key of the sender (singer).
Security of Digital Signature:
There are two main aspects in this regard
The first the private key of the singer must not be
computed deduced or disclosed during using digital
signature algorithm or in the process of affixing or
verifying digital signature.
The second the hash function that is used should not yield
the same value for two different records.
Regarding private as mentioned before choosing a key of
appropriate size is important factor, sine key in this case
can not be recovered from signature or public key
However apart from the situation where someone
intentionally reveals his private key to another, there are
two practical ways when a private key of someone may
become known to another person.
The first situation the private key is stored in such a
manner that someone else may get it.
The second situation when two or more individuals have
identical private keys
Regarding first situation security demand that key sizes in
the range of 512 to 1024 bits be used (in decimal this
150–300 digit long)
Remembering such large numbers is impossible.
It also impractical to enter this key using keyboard or
keypad, every time a digital signature is to be affixed.
The only practical way is to have a method where the key
is stored in such a form that can be read automatically by
the signing process.
The question of where to store a private key is important,
for example the local hard disk of a computer seem risky
since computer is usually used by more than one person
which mean the possibility of someone copy and use the
private key of another.
This mean even if the private key is stored on the hard
disk it should be encrypted with sufficient strong one. This
is another long key whose only purpose is to protect the
A practical solution is to use a symmetric crypto system
and use an easy to remember sentence. symmetric
encryption is suitable in this case since the owner of the
private key is the only one who will decrypt or encrypt the
If a key of length 128 bits is secure in symmetric
encryption then choosing a sentence of about 26 letters
as a passphrase will be sufficient.
The passphrase should be a sentence not a word it
should be long enough but easy to remember, since it
would be kept only in user mind, it is different than
Another problem with stoning private on a local hard disk,
the signing process must take place on that particular
If the encrypted private key became available over a
network each user must use the right size passphrase.
Another drawback is, the passphrase is subject to
interception while it is being keyed in.
A practical solution may be is to store the encrypted
private key on a removable storage device.
This ensures that the encrypted private key is available
only to the owner and that he is not tied to a particular
There are two options for removable storage, first using
floppy disk which is not reliable enough, and there may be
need to copy the key to a new floppy periodically to
ensure it does not got corrupted, in addition to the risk of
picking up a transmitting viruses if a number of different
machines are used for signing.
The second option is smartcards which more reliable and
less risky in virus transmission and it could be consider as
the best if a processor card is used to compute the
signature on the card itself.
The problem is that smartcard readers are not standard
equipment on PCs yet, also there are many problems with
smart card that may be out of reach of individuals
.however these problems may not be too much of an
issue smart card used in closed systems.
Regarding the issue of uniqueness of the private key, the
probability of two person have the same key is absolutely
negligible( even in length 512 bit which is about 150
This happen if keys were picked truly randomly, and a
poor random number generator is used.
If a poor random number has been used to generate
private keys, then an attacker with knowledge of the
random number generator might use it to repeatedly
generate a number of public key – private key pairs
The attacker could then check each public key so
generated to check if anyone else has the same public
key. If this is true the private keys corresponding to these
public keys must also be the same
There fore the random number generator being used must
be implemented in such a way so as to insure that random
number generated is not predictable.
This brings up the important question of weather each
user should be allowed to a key pairs, or should
centralized agency do that.