Document Sample

   Digital sigantures should be such that each user
    should be able to verify signatures of other users, but
    that should give him/her no information how to sign a
    message on behind of other users.
   The main difference from a handwritten signature is
    that digital signature of a message is intimately
    connected with the message, and for different
    messages is different, whereas the handwritten
    signature is adjoined to the message and always looks
    the same.
   Technically, digital signature is performed by a signing
    algorithm and it is verified by a verification algorithm.
Properties of Signatures

   Similar to handwritten signatures, digital
    signatures must fulfill the following:
       Must not be forgeable
       Recipients must be able to verify them
       Signers must not be able to repudiate them later
   In addition, digital signatures cannot be
    constant and must be a function of the entire
    document it signs
Digital Signature Process

Types of Digital Signature

   NIST FIPS 186 Digital Signature Standard
   El Gamal
   RSA Digital Signature
    - ISO 9796
    - ANSI X9.31
    - CCITT X.509
   This Standard specifies a Digital Signature Algorithm (DSA)
    appropriate for applications requiring a digital rather than
    written signature. The DSA digital signature is a pair of
    large numbers represented in a computer as strings of binary
   The DSA provides the capability to generate and verify

Digital Signature Standard

   This Standard specifies a Digital Signature Algorithm (DSA), provides
    the capability to generate and verify signatures
   A hash function is used in the signature generation process to obtain a
    condensed version of data, called a message digest .
   The message digest is then input to the DSA to generate the digital
    signature. The digital signature is sent to the intended verifier along
    with the signed data (often called the message). The verifier of the
    message and signature verifies the signature by using the sender's public
    The same hash function must also be used in the verification process.
    The hash function is specified in a separate standard, the Secure Hash
    Standard (SHS), FIPS 180.

Message Authentication Code with Hash
Message Authentication with Hash Functions
using Conventional Encryption
Message Authentication with Hash Functions using
Public Key Encryption
                                                 Hash Functions

Hash Functions
   Converts a variable size message M into fixed size
    hash code H(M) (Sometimes called a message
   h = H(M)
   M is a variable-length message, h is a fixed-length
    hash value, H is a hash function
   The hash value is appended at the source
   The receiver authenticates the message by
    recomputing the hash value
   Because the hash function itself is not considered
    to be secret, some means is required to protect the
    hash value
                                                            Hash Functions

Simple Hash Functions
   Operation of hash functions
       The input is viewed as a sequence of n-bit blocks
       The input is processed one block at a time in an iterative
        fashion to produce an n-bit hash function
   Simplest hash function: Bitwise XOR of every block
       Ci = bi1  bi2  …  bim
            Ci = i-th bit of the hash code, 1  i  n
            m = number of n-bit blocks in the input
            bij = i-th bit in j-th block
       Known as longitudinal redundancy check
                                                       Hash Functions

Simple Hash Functions
• Improvement over the simple
  bitwise XOR
  – Initially set the n-bit hash value to zero
  – Process each successive n-bit block of data as
      » Rotate the current hash value to the left by
         one bit
      » XOR the block into the hash value
El Gamal Signature Scheme
  Step 1     Randomly choose an integer k such that (k, p-1) = 1, 1<k<p-1,
             and k has not been used to sign a previous message

  Step 2     Calculate r = ak (mod p)
  Step 3     Find s such that M = xr + ks (mod (p-1))
  Step 4     Collect the pair (r, s) as the digital signature on the message M

Since, M = xr + ks (mod (p-1))
 aM = a(xr+ks) = axraks = yrrs(mod p)
 Given M and (r, s), the receiver or 3rd party can
  verify the signature by checking whether
  aM = yrrs(mod p) holds or not.

RSA Digital Signature Scheme
   Based on the difficulty of factoring large numbers.
   Given M, RSA digital signature can be produced by
    encrypting either M itself or a digest of M using the
    private signature key s.
   Signature, S = ws mod n, where w is message to be
    signed or message digest and n = pq (p and q are
    large primes).
   Verification: w = Sv mod n, where (v, n) is the public
    verification key.
What are Digital Certificates?
What are Digital Certificates?

 A digital certificate (DC) is a digital file that
certifies the identity of an individual or
institution, or even a router seeking access to
computer- based information. It is issued by a
Certification Authority (CA), and serves the
same purpose as a driver’s license or a
   What are Certification Authorities?

Certification Authorities are the digital world’s
equivalent to passport offices. They issue digital
certificates and validate holders’ identity and
They embed an individual or institution’s public key
along with other identifying information into each
digital certificate and then cryptographically sign it
as a tamper-proof seal verifying the integrity of the
data within it, and validating its use.
What is the Process of obtaining a
1.Subscriber (sender) generates a public\private key pair. Applies to
   CA for digital certificate with the public key.

2.CA verifies subscriber's identity and issues digital certificate
   containing the public key.

3.CA publishes certificate to public, on-line repository.

4.Subscriber signs message with private key and sends message to
   second party.

5.Receiving party verifies digital signature with sender's public key
   and requests verification of sender's digital certificate from CA's
   public repository.

6.Repository reports status of subscriber's certificate.
 What is the Process in obtaining a

    Bob’s                                       +
   public               signature             KB
     key    KB          (encrypt)

                           CA          certificate for
       Bob’s          private   K-
                                 CA   Bob’s public key,
 identifying              key
information                              signed by CA
Types of Digital Certificates

   There are four main types of digital
    certificates :-
       Server Certificates
       Personal Certificates
       Organization Certificates
       Developer Certificates
Server Certificates

   Allows visitors to exchange personal
    information such as credit card numbers, free
    from the threat of interception or tampering.
   Server Certificates are a must for building
    and designing e-commerce sites as
    confidential information is shared between
    clients, customers and vendors.
Personal Certificates

   Personal Certificates allow one to authenticate a
    visitor’s identity and restrict access to specified
    content to particular visitors.
   Personal Certificates are perfect for business to
    business communications such as offering suppliers
    and partners controlled access to special web sites
    for updating product availability, shipping dates and
    inventory management.
Organization & Developer Certificates

   Organization Certificates are used by
    corporate entities to identify employees for
    secure e-mail and web-based transaction.
   Developer Certificates prove authorship and
    retain integrity of distributed software
    programs e.g. installing a software on a
    computer system in most instances requires
    what is called a “serial key”
What Does a Digital Certificate Contain?

  It contains your name, a serial number,
  expiration date, a copy of the certificate-
  holder's public key (used for encrypting
  messages and digital signatures), and the
  digital signature of the certificate-issuing
  authority so that a recipient can verify that the
  certificate is real. Some digital certificates
  conform to the X.509 standard.
Example of a Certificate:

   Serial number (unique to issuer)
   info about certificate owner, including algorithm and
    key value itself (not shown)              info about
                                              valid dates

                                              digital
                                               by issuer
Why are they Used?

There are four(4) main uses:
1.   Proving the Identity of the sender of a transaction

2.   Non Repudiation – the owner of the certificate cannot deny
     partaking in the transaction

3.   Encryption and checking the integrity of data - provide the
     receiver with the means to encode a reply.

4.   Single Sign-On - It can be used to validate a user and log them into
     various computer systems without having to use a different password
     for each system
    Where are Digital Certificates Used?
   In a number of Internet applications that
   1.Secure Socket Layer (SSL) developed by
    Netscape Communications Corporation
   2. Secure Multipurpose Internet Mail
    Extensions (S/MIME) Standard for securing
    email and electronic data interchange (EDI).
    Where are Digital Certificates Used?
   3. Secure Electronic Transactions (SET)
    protocol for securing electronic payments
   4. Internet Protocol Secure Standard (IPSec)
    for authenticating networking devices
How Digital Certificates are Used for
Message Encryption
Why do I need a Digital Certificate?

   Virtual malls, electronic banking and other
    electronic services are a commonplace
    offering service from the luxury of one’s
    home. One’s concern about privacy and
    security may prevent you from taking
    advantage of the luxury; this is where digital
    certificate comes in.
Why do I need a Digital Certificate?

   Encryption alone is not enough as it provides
    no proof of the identity of the sender of the
    encrypted information. Used in conjunction
    with Encryption, Digital Certificates provides
    a more complete security solution, assuring
    the identity of all the parties involved in a
Advantages of Digital Certificates

   Decrease the number of passwords a user
    has to remember to gain access to different
    network domains.
   They create an electronic audit trail that
    allows companies to track down who
    executed a transaction or accessed an area.

   Digital watermarking is a technique which allows an
    individual to add hidden copyright notices or other
    verification messages to digital audio, video, or image signals
    and documents. Such hidden message is a group of bits
    describing information pertaining to the signal or to the
    author of the signal (name, place, etc.).


   VIDEO WATERMARKING: The watermark image is
    inserted into the video media.
   AUDIO WATERMARKING: The audio media is used to
    insert the information.
   TEXT WATERMARKING: The text media is used to insert
    the information .

Types of watermark.

   Visible watermark
   Invisible watermark
   Public watermark
   Private watermark
   Fragile watermark
   Perceptual watermark

How to create watermarking image

   Digital Watermarking software looks for noise in digital
    media and replaces it with useful information. A digital
    media file is nothing more than a large list of 0’s and 1’s.
   The watermarking software determines which of these 0’s
    and 1’s correspond to redundant or irrelevant details.
    For example, the software might identify details in an image
    that are too fine for the human eye to see and flag the
    corresponding 0’s and 1’s as irrelevant noise. Later the
    flagged 0’s and 1’s can be replaced by a digital watermark.


-> There will likely be non-commercial applications,
  or those with limited vulnerability to theft,
  where "good enough watermarking" will suffice.
     all watermarking techniques will be useful in resolvingo
-> Not
  ownership disputes in the court


   The challenge is to develop ever more invisible,
    decodable, and permanent watermarking methods,
    and perhaps to meet even more specifications as they
    are demanded.


   Digital watermarking can successfully be employed if
    the value of the digital media warrants the added
    expense. If not, it is an exercise in futility.
   Digital signatures have gained popularity in past
    years and now it is used in many organization,


Shared By: