digital signature project report
DESCRIPTION
digital signature a complete project reportTRANSCRIPT
ASeminar Report
On
DIGITAL SIGNATURE
In partial fulfillment of requirements for the degree of
Bachelor of TechnologyIn
Computer Engineering
Department of Computer science and Engineering
CHANDRAVATI GROUP OF INSTITUTIONS
BHARATPUR 321001
Submitted By Submitted To
SURABHI AGRAWAL Ms. POOJA SONI
09ECHCS053 (Seminar Head).
ACKNOWLEDGEMENT
I would like to pay a great thanks to my institution and a special one to my seminar head Ms. Pooja Soni without whose extent support, I would never have been able to complete my seminar report.
I would also like to pay on record a sincere thanks to Almighty, my parents, my family and my friends who have helped me a lot to get the matter.
Surabhi Agrawal
09ECHCS053
Deptt: Computer Science
2Digital Signature
PAGE INDEX
Topic Page No.
ABSTRACT 5
1. Introduction 6 2. What is Digital Signature 7 3. Why and where Digital Signature used 9 4. Act of Digital Signature 10 5. Difference in Conventional and Digital Signature 13 6. Paper V/s Digital Signature 14 7. Classes, Deliverables, Contents 158. How Digital Signature works 179. Signing and Verification 19
9.1 Signing Ceremony 9.2 Verification Ceremon
10.Form 16 and Digital Signature 21 – Saral eSign
11.Security Services in Digital Signature 22 12.Attacks on Digital Signature 23
12.1 Attack Types12.2 Forgery Types
13.Security Considerations 24– Risks not Mitigated
14.Advantages and Disadvantages 2515.Conclusion 26
BIBLIOGRAPHY 27
3Digital Signature
FIGURE INDEX
Figure Page No.
1. Figure 1.1- Cryptography 6 2. Figure 2.1- Private Key 73. Figure 2.2- Digital Signature Structure 84. Figure 4.1- IDRBT Certificate 115. Figure 6.1- Paper Signature 146. Figure 6.2- Digital Signature 147. Figure 8.1- Way of Signing Messages 178. Figure 9.1- Signing of Document 199. Figure 9.2- Verification of Document 2010.Figure 11.1- Non Repudiation Mechanism 22
4Digital Signature
Abstract
Scope
i. A Digital Signature is an XDS document (changed from June public comment version)
ii. There are four Use Cases considered for this year.
iii. Vendor must provide signature mechanism for XDS Submissions
iv. Possibility to use digital signatures without having an XDS registry. Approach is determined by other domain-specific groups (e-Prescribing, e-Referral)
Out of Scope
i. Certificate management.
ii. Standards and implementations are available
iii. Focus begins with signing, not encryption.
iv. Partial Document Signature
5Digital Signature
1. Introduction
Cryptography is one best technology that has made giant effect in protecting data and information in recent years. It is the science of securing your information by means of a code.
Cryptography provides an encryption for the data and information that passes via single/multiple channels. This is done to keep the data from any external or third party influence.
Digital signature is one of the kinds of encrypting your signature that is specific to you and saves it from forgery of any kind
A digital signature or e-signature for short is an electronic signature that can be utilized to authenticate the identity of the sender of a message or the signer of a document
Fig1.1- Cryptography
6Digital Signature
2. What is Digital Signature?
A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real. This indeed is so commonly observed now in internet transactions
A digital signature can be used with any kind of message, transactions and the like, whether it is encrypted or not, simply so that the receiver can be sure of the sender’s identity and that the message arrived intact.
Hash value of a message when encrypted with the private key of a person is his digital signature on that e-Document
Digital Signature of a person therefore varies from document to document thus ensuring authenticity of each word of that document.
As the public key of the signer is known, anybody can verify the message and the digital signature.
Fig2.1- Private Key
Concepts
A 1024 bits number is a very big number much bigger than the total number of electrons in whole world.
Trillions of Trillions of pairs of numbers exist in this range with each pair having following property
A message encrypted with one element of the pair can be decrypted ONLY by the other element of the same pair. Two numbers of a pair are called keys, the Public Key & the Private Key. User himself generates his own key pair on his computer.
7Digital Signature
Any message irrespective of its length can be compressed or abridged uniquely into a smaller length message called the Digest or the Hash. Smallest change in the message will change the Hash value.
Fig2.2- Digital Signature Structure
Each individual generates his own key pair [Public key known to everyone & Private Key only to the owner] Private Key – Used for making digital signature Public Key – Used to verify the digital signature
The signing and the verifying ceremony are done with the help of suitable algorithms.
8Digital Signature
3. WHY AND WHERE DIGITAL SIGNATURE USED
Why we need DIGITAL SIGNATURE?
a) To provide Authenticity, Integrity and Non-repudiation to electronic documents
b) To use the Internet as the safe and secure medium for e-Commerce and e-Governance
c) Providing accountability
d) Providing document integrity
e) Providing non-repudiation
f) Providing satisfactory evidence of: Authorship, Approval, Review, and Authentication
g) Infrastructural pattern to be further profiled by domain specific groups (e-Prescribing, e-Referral).
What type of Document need DIGITAL SIGNATURE?
The main purposes for using a digital signature include:
a) Signer verification: By placing a digital signature on any kind of document, especially one that requires it, shows the one who signed it is real and accepts responsibility for the signed document as being real and legal.
b) Authentication: A digital signature will also authenticate the document as being real and valid. It will prove to the executioner that
9Digital Signature
the information contained on the document is valid and can be put in
action.
10Digital Signature
c) 4. ACT FOR DIGITAL SIGNATURE
The Information Technology Act, 2000 provides for the use of Digital Signatures on the documents submitted in electronic form.
Under the provision of IT Act, 2000, the office of Controller of Certifying Authorities (CCA) appoints the Certifying Authorities (CA) by issuing Certificates for the same.
These CA will issue the Digital Signature to the End Users Directly or through the Registration Authorities (RA) /Local Registration Authorities (LRA).
It must be obtained from an ISO 17090 compliant Certificate Authority
Including the role extension for the signer’s role in the healthcare profession
For purposes of signature verification, the signer’s certificate (public key portion) must be available
Test certificates can be obtained without rigorous identification requirements for the purpose of the Connection.
For test certificates contact [email protected]
How Digital Signature will be issued to the End-users.
Information Technology Act, 2000
Controller of Certifying Authorities (CCA)
Certifying Authorities (CA)
Registration Authorities (RA)
Local Registration Authorities (LRA)
End Users
11Digital Signature
Certification Agencies
The Certification Agencies available in India are:
Tata Consultancy Services Ltd.
National Informatics Centre
Institute for Development & Research in Banking Technology (IDRBT)
MTNL
Customs & Central Excise (CBEC)
Code Solutions Ltd., (A division of Gujarat Narmada Valley Fertilizers Company Ltd.)
SafeScrypt from Sify Communications
E Mudhra
IDRBT Certificate
Fig4.1- IDRBT Certificate
12Digital Signature
IDRBT CertificatePaper Electronic
Trust Path
Controller is the Root certifying authority responsible for regulating Certifying Authorities (CAs)
Controller certifies the association of CA with his public key Certifying Authority (CA) is the trusted authority responsible for creating
or certifying identities. CA certifies the association of an individual with his public key
Role of Controller
Controller of Certifying Authorities as the “Root” Authority certifies the technologies, infrastructure and practices of all the Certifying Authorities licensed to issue Digital Signature Certificates.
Four CAs has been licensed
1. Safes crypt1.1 5th Feb 20021.2 A subsidiary of Satyam Info way
2. National Informatics Center (NIC) 2.1 17th July 20022.2 Govt. of India
3. Institute for Development & Research in Banking Technology (IDRBT)3.1 6th August 20023.2 A society of Reserve Bank of India
4. Tata Consultancy Services (TCS)4.1 9th September 2002
13Digital Signature
Charges of certificates varies from Rs. 500/- to Rs. 20,000/- per year
5. DIFFERENCE IN CONVENTIONAL AND DIGITAL SIGNATURE
A conventional signature is included in the document; it is part of the document. But when we sign a document digitally, we send the signature as a separate document.
These are the various major differences:-
i. Verification Method
For a conventional signature, when the recipient receives a document, she compares the signature on the document with the signature on file. For a digital signature, the recipient receives the message and the signature. The recipient needs to apply a verification technique to the combination of the message and the signature to verify the authenticity.
ii. Relationship
For a conventional signature, there is normally a one-to-many relationship between a signature and documents. For a digital signature, there is a one-to-one relationship between a signature and a message.
iii. Duplicity
In conventional signature, a copy of the signed document can be distinguished from the original one on file. In digital signature, there is no such distinction
unless there is a factor of time on the document.
14Digital Signature
6. PAPER SIGNATURES V/s DIGITAL SIGNATURE
Parameter Paper Electronic
Authenticity May be forged Cannot be copied
Integrity Signature independent of the document
Signature depends on the contents of the document
Non-repudiation a. Handwriting expert needed
b. Error prone
a) Any computer user
b) Error free
V/s Fig6.1- Paper Sign Fig6.2- Digital Signature
7. CLASSES, DELIVERABLES, CONTENTS
15Digital Signature
Classes
There are 4 general classes of Digital Signature.
i. Class 0: Issued for demonstration/test purpose.
ii. Class 1: Issued to Individuals/private subscribers. This class of certificate will authenticate only the User name and E-mail address.
iii. Class 2: Issued to both business personal and private individuals. This class of certificates confirms the information provided by the subscriber.
iv. Class 3: Issued to Individuals as well as Organizations. This class of certificate is used in the E-commerce application wherein high assurances of the certificates are required. This certificate is issued to an individual only on
their personal appearance before the CA.
Deliverables
The Digital Signature is provided with the following deliverables.
i. USB Token: Digital Signature allotted to the user .
ii. Password: Password required accessing the Digital Signature.
iii. Driver Software: Software required installing the Digital Signature in the system.
iv. Interface Software: Software which enables the user to embed the Digital Signature with the document.
Note: Only one document can be attached with the Digital Signature at a time.
Contents
16Digital Signature
A digital signature typically contains:
i. Owner's public key
ii. The Owner's name
iii. Expiration date of the public key
iv. The Name of the issuer (the CA that issued the Digital ID)
v. Serial number of the digital signature, and
vi. The digital signature of the issuer.
8. HOW DIGITL SIGNATURE WORKS?
17Digital Signature
Assume you were going to send the draft of a certain contract to your lawyer in another town. You want to give your lawyer the assurance that it was unchanged from what you sent and that it is really from you.
Here then would be the process:
1. You copy-and-paste the contract (it’s a short one!) into an e-mail note.
2. Using special software, you obtain a message hash (mathematical summary) of the contract.
3. You then use a private key that you have previously obtained from a public-private key authority to encrypt the hash.
4. The encrypted hash becomes your digital signature of the message. (Note that it will be different each time you send a message.)
Signed Messages
Fig8.1- Way of Signing Messages
How Signatures look?
18Digital Signature
Message+
Signature
Message+
Signature
HashHash
DecryptSignatureWith Sender’s Public Key
DecryptSignatureWith Sender’s Public Key
SIGN hashWith Sender’s Private key
SIGN hashWith Sender’s Private key
Message+
signature
Message+
signature
COMPARECOMPARE
Calculated Hash
Calculated Hash
MessageMessage
Sender Receiver
HashHash
Sent thru’ Internet
I agree
efcc61c1c03db8d8ea8569545c073c814a0ed755
My place of birth is at Gwalior.
fe1188eecd44ee23e13c4b6655edc8cd5cdb6f25
I am 62 years old.
0e6d7d56c4520756f59235b6ae981cdb5f9820a0
I am an Engineer.
ea0ae29b3b2c20fc018aaca45c3746a057b893e7
I am an Engineer.
01f1d8abd9c2e6130870842055d97d315dff1ea3
Note: These are digital signatures of same person on different documents
There may be three patterns possible for digital signature
i. Digital Signatures are numbers
ii. Same Length – 40 digits
iii. They are document content dependent
9. SIGNING AND VERIFICATION
19Digital Signature
9.1 Signing Ceremony
Original Combined Signed Document Document
Hash Function Asymmetric Algo
Private key used for Signing
Fig9.1- Signing Document
Explanation
In order to create a digitally signed documents the signing application:
i. Creates a digest of the document to be signed
ii. Creates a cryptographic hash of the digest using the private key of the signer
iii. Attaches the hash to the original document.
20Digital Signature
9.2 Verification Ceremony
Original Document Message Hash
Equal?
Signed Document
Public Key Signer
Signature Original hash (Signed Document)
Fig9.2- Verification of Document
Explanation
Begin with the signed document plus the signature, apply the algorithm using the public key of the signer that you may obtain from the signature, and you should end up with the same hash as the one that the signer created with their private key.
10. FORM 16 AND DIGITAL SIGNATURE
21Digital Signature
HASH function
EAdfj78oXWq
Asymmetric AlgorithmEAdfj78oXWq
Under the provision of IT Act, 2000 the digitally signed Form 16 has the same validity as of the physically signed form so as TDS Certificates issued under Income Tax Act.
Further, Circular No. 2/2007 dated 21/5/2007 from the Income Tax Dept clarifies, "The Central Board of Direct Taxes have, therefore, in exercise of powers under section 119 of the Income-tax Act, 1961, decided for the proper administration of this Act to allow the deductors, at their option, in respect of the tax to be deducted at source from income chargeable under the head "Salaries" to use their digital signatures to authenticate the certificates of deduction of tax at source in Form 16.“
Saral eSign
Saral e Sign is software developed to digitally sign Form 16 through the digital Signature of the user.
User should have a valid Digital Signature issued by any of the Certifying Authorities licensed under CCA.
Process flow of Saral eSign:
i. Picks the data from the software (Saral TDS/SPP) with TDS certificate prepared in Excel format.
ii. Convert the Excel certificate to PDF and apply Digital signature to all PDF files, with one time authentication.
iii. Display all the Certificates generated.
22Digital Signature
11. SECURIY SERVICES IN DIGITAL SIGNATURE
Digital Signature provides many security services such as message confidentiality, message authentication, message integrity, and nonrepudiation.
A digital signature can directly provide the last three but for message confidentiality we still need encryption/decryption mechanism.
These security mechanisms are discussed as follows:-
i. Message Authentication
A secure digital signature scheme, like a secure conventional signature can provide message authentication.
ii. Message Integrity
The integrity of the message is preserved even if we sign the whole message because we cannot get the same signature if the message is changed.
iii. Nonrepudiation
Fig11.1- Nonrepudiation Mechanism
Nonrepudiation can be provided using a trusted party.
iv. Confidentiality:Digital signature does not provide privacy. If there is a need for privacy, another layer of encryption/decryption must be applied.
23Digital Signature
12. ATTACKS ON DIGITAL SIGNATURE
There are certain attacks and forgeries associated with the Digital Signature.These are discussed as below.
12.1 Attack Types
12.1.1Key Only Attack
The attacker is only given the public verification key.
12.1.2Known Message Attack
The attacker is given valid signatures for a variety of messages known by the attacker but not chosen by the attacker.
12.1.3Chosen-Message Attack
The attacker first learns signatures on arbitrary messages of the attacker's choice.
12.2 Forgery Types
12.2.1Existential Forgery
Existential forgery is the creation (by an adversary) of any message/signature pair (m, σ), where σ was not produced by the legitimate signer.
12.2.2Selective Forgery
Selective forgery is the creation (by an adversary) of a message/signature pair (m, σ) where m has been chosen by the adversary prior to the attack.
24Digital Signature
13. SECURITY CONSIDERATIONS
Digital Signatures help mitigate risk for the following attacks:
i. In the storage or transmission of documents, characteristics of clinician orders reflected in the prescription could be modified.
ii. In the storage or transmission of documents, characteristics of countersigned clinician orders reflected in the prescription could be modified.
iii. A forged prescription could be introduced.
Risks Not Mitigated
The following scenarios will not be mitigated by using digital signatures and require additional security:
i. Corruption or bribery of a user, or counter-signerii. Theft of a private key
iii. Compromise of the physician’s workstation to allow access to the signing key
iv. The confirmation process could be corrupted or modified.v. The dispensing system could be corrupted or modified, including simple
attacks like burglary.vi. The dispensing feedback could be corrupted, modified, or destroyed.
25Digital Signature
14. ADVANTAGES AND DISADVANTAGES
Advantages
i. Imposter prevention: By using digital signatures you are actually eliminating the possibility of committing fraud by an imposter signing the document. Since the digital signature cannot be altered, this makes forging the signature impossible.
ii. Message integrity: By having a digital signature you are in fact showing and simply proving the document to be valid. You are assuring the recipient that the document is free from forgery or false information.
iii. Legal requirements: Using a digital signature satisfies some type of legal requirement for the document in question. A digital signature takes care of any formal legal aspect of executing the document.
Disadvantage
The disadvantages of using digital signatures involve the primary avenue for any business: money. This is because the business may have to spend more money than usual to work with digital signatures including buying certificates from certification authorities and getting the verification software.
26Digital Signature
15. CONCLUSION
Digital signatures are an essential breakthrough in the spheres of cryptography. Wherever there is a smart card the use of a digital signature almost becomes indispensable. A digital signature is very unique and is one very effective means of safeguarding your transaction concerns.
Digital signature is a very effective way of securing all your financial transactions so that you will experience more convenience in terms of doing various business and money matters. This way you will not worry and go with the problems of the traditional transactions that use signatures.
27Digital Signature
REFERENCES
[1] IHE Web sites: www.ihe.net
[2] Technical Frameworks, Supplements
– Fill in relevant supplements and frameworks
[3] Non-Technical Brochures:
– Calls for Participation– IHE Fact Sheet and FAQ– IHE Integration Profiles: Guidelines for Buyers– IHE Connect-a-thon Results– Vendor Products Integration Statements
28Digital Signature