sign in sign up
<<
Home , Key (cryptography)

APPLICATIONS SUCH AS banking, stock ments. Validation refers to the process of use some information that is unique to trading, and the sale and purchase of mer- certifying the contents of the document, the sender to prevent both forgery and chandise are increasingly emphasizing while refers to the process denial; it must be relatively easy to pro- electronic transactions to minimize opera- of certifying the sender of the document. duce; it must be relatively easy to recog- tional costs and provide enhanced ser- In this article, the terms document and nize and verify the authenticity of digital vices. This has led to phenomenal increas- message are used interchangeably. signature; it must be computationally infeasible to forge a digital signa- ture either by constructing a new message for an existing digital sig- nature or constructing a fraudulent for a given mes- sage; and it must be practical to ret- copies of the digital signatures in storage for arbitrating possible dis- putes later. To verify that the received docu- ment is indeed from the claimed sender and that the contents have not been altered, several proce- dures, called authentication tech- niques, have been developed. However, techniques cannot be directly used Digital signatures as digital signatures due to inade- quacies of authentication tech- niques. For example, although mes- sage authentication protects the two parties exchanging messages from a S.R. SUBRAMANYA AND BYUNG K. YI third party, it does not protect the two parties against each other. In addition, elementary authentication schemes produce signatures that are as long as the message themselves.

Basic notions and terminology Digital signatures are computed ©DIGITALVISION, STOCKBYTE, COMSTOCK based on the documents (message/ information) that need to be signed and on some private information es in the amounts of electronic documents Conventional and held only by the sender. In practice, that are generated, processed, and stored digital signature characteristics instead of using the whole message, a in computers and transmitted over net- A conventional signature has the fol- hash function is applied to the message works. This electronic information han- lowing salient characteristics: relative ease to obtain the message digest. A hash dled in these applications is valuable and of establishing that the signature is authen- function, in this context, takes an arbi- sensitive and must be protected against tic, the difficulty of forging a signature, the trary-sized message as input and pro- tampering by malicious third parties (who nontransferability of the signature, the dif- duces a fixed-size message digest as out- are neither the senders nor the recipients ficulty of altering the signature, and the put. Among the commonly used hash of the information). Sometimes, there is a nonrepudiation of signature to ensure functions in practice are MD-5 (message need to prevent the information or items that the signer cannot later deny signing. digest 5) and SHA (secure hash algo- related to it (such as date/time it was cre- A digital signature should have all the rithm). These algorithms are fairly sophis- ated, sent, and received) from being tam- aforementioned features of a conven- ticated and ensure that it is highly pered with by the sender (originator) tional signature plus a few more as digi- improbable for two different messages to and/or the recipient. tal signatures are being used in practical, be mapped to the same hash value. Traditionally, paper documents are but sensitive, applications such as secure There are two broad techniques used in validated and certified by written signa- e-mail and credit card transactions over digital signature computation—symmetric tures, which work fairly well as a means the Internet. Since a digital signature is key and public-key cryp- of providing authenticity. For electronic just a sequence of zeroes and ones, it is tosystem (cryptosystem broadly refers to documents, a similar mechanism is nec- desirable for it to have the following an technique). In the symmet- essary. Digital signatures, which are noth- properties: the signature must be a bit ric key system, a secret key known only ing but a string of ones and zeroes gen- pattern that depends on the message to the sender and the legitimate receiver erated by using a digital signature algo- being signed (thus, for the same origina- is used. However, there must be a rithm, serve the purpose of validation , the digital signature is different for unique key between any two pairs of and authentication of electronic docu- different documents); the signature must users. Thus, as the number of user pairs

MARCH/APRIL 2006 0278-6648/06/$20.00 © 2006 IEEE 5 public key. The combination of encrypt- Message ed message and signature, together with the encrypted symmetric key, form the digital envelope containing the signed Hash Message Signature Digital Message message. Figure 6 shows the process of Function Digest Function Signature opening a digital envelope, recovering Sender’s the message, and verifying the signa- Private Key ture. First, the symmetric key is recov- ered using the recipient’s private key. Fig. 1 Creating a digital signature This is then used to decrypt and recover the message and the digital signature. increases, it becomes extremely difficult message digest is compared with the The digital signature is then verified as to generate, distribute, and keep track of one recovered from the signature. If they described earlier. the secret keys. match, then it ensures that the message A public key cryptosystem, on the has indeed been sent by the (claimed) Direct and arbitrated other hand, uses a pair of keys: a pri- sender and that it has not been altered. digital signature vate key, known only to its owner, and A variety of modes have been pro- a public key, known to everyone who Creating and opening posed for digital signatures that fall into wishes to communicate with the owner. a digital envelope two basic categories: direct and arbitrat- For confidentiality of the message to be A digital envelope is the equivalent of ed. The direct digital signature involves sent to the owner, it would be encrypt- a sealed envelope containing an unsigned only the communicating parties, sender ed with the owner’s public key, which letter. The outline of creating a digital and receiver. This is the simplest type of now could only be decrypted by the envelope is shown in Fig. 3. The message digital signature. It is assumed that the owner, the person with the correspond- is encrypted by the sender using a ran- recipient knows the public key of the ing private key. For purposes of domly generated symmetric key. The sender. In a simple scheme, a digital sig- authentication, a message would be symmetric key itself is encrypted using the nature may be formed by encrypting the encrypted with the private key of the intended recipient’s public key. The com- entire message or the hash code of the originator or sender, who we will refer bination of the encrypted message and message with the sender’s private key. to as A. This message could be decrypted the encrypted symmetric key is the digital Confidentiality can be provided by fur- by anyone using the public key of A. If envelope. The process of opening the dig- ther encrypting the entire message plus this yields the proper message, then it ital envelope and recovering the contents signature with either the receiver’s pub- is evident that the message was indeed is shown in Fig. 4. First, the encrypted lic key encryption or the encrypted by the private key of A, and symmetric key is recovered by a decryp- key, which is conventional encryption. A thus only A could have sent it. tion using the recipient’s private key. sender may later deny sending a particu- Subsequently, the encrypted message is lar message by claiming that the private Creating and verifying decrypted using the symmetric key. key was lost or stolen and that someone a digital signature else forged his signature. One way to A simple generic scheme for creating Creating and opening digital overcome this is to include a time stamp and verifying a digital signature is shown envelopes carrying signed messages with every message and requiring notifi- in Figs. 1 and 2, respectively. A hash The process of creating a digital cation of loss of key to the proper function is applied to the message that envelope containing a signed message is authority. In case of dispute, a trusted yields a fixed-size message digest. The shown in Fig. 5. A digital signature is third party may view the message and its signature function uses the message created by the signature function using signature to arbitrate the dispute. digest and the sender’s private key to the message digest of the message and In the arbitrated signature scheme, generate the digital signature. A very the sender’s private key. The original there is a trusted third party called the simple form of the digital signature is message and the digital signature are arbiter. Every signed message from a obtained by encrypting the message then encrypted by the sender using a sender A to a receiver B goes first to an digest using the sender’s private key. randomly generated key and a symmet- arbiter T, who subjects the message and The message and the signature can now ric-key algorithm. The symmetric key its signature to a number of tests to be sent to the recipient. The message is itself is encrypted using the recipient’s check its origin and content. The mes- unencrypted and can be read by any- one. However, the signature ensures authenticity of the sender (something Hash Message Message similar to a circular sent by a proper Function Digest authority to be read by many people, Compare with the signature attesting to the authenticity of the message). At the Digital Signature Message receiver, the inverse signature function is Signature Function Digest applied to the digital signature to recov- er the original message digest. The received message is subjected to the Sender’s Public Key same hash function to which the original message was subjected. The resulting Fig. 2 Verifying a digital signature

6 IEEE POTENTIALS revised in 1993, and further revised with Encrypted Message Encrypt minor changes in 1996. Message RSA is a commonly used scheme for digital signatures. In a broad outline of the RSA approach, the message to be Random signed is input to a hash function that Symmetric Key Digital Encrypted produces a secure hash code of fixed Envelope Encrypt Symmetric Key length. This hash code is then encrypted using the sender’s private key to form the signature. Both the signature and the Receiver’s Public Key message are then concatenated and trans- mitted. The recipient takes the message Fig. 3 Creating a digital envelope and produces a hash code. The recipient also decrypts the signature using the sender’s public key. If the calculated hash Encrypted code matches the decrypted signature, Decrypt Message Message the signature is accepted as valid. This is because only the sender knows the pri- vate key, and thus only the sender could Digital have produced a valid signature. The sig- Envelope Encrypted nature generation and verification using Decrypt RSA is identical to the schemes shown in Symmetric Random Symmetric Figs. 1 and 2, respectively. Receiver’s Key The signing process in DSS (using Private Key DSA) is shown in Fig. 7. The DSA Fig. 4 Opening a digital envelope approach also makes use of a hash func- tion. The hash code is provided as input to a signature function together with a random number generated for this par- Message Message ticular signature. The signature function Encrypt Signed Message also uses the sender’s private key and a Hash Digital set of parameters known to a group of Function Signature communicating parties, referred to as Encrypt Random global public key. The output signature Symmetric Key Message consists of two components. The signa- Digest Receiver’s Public Key ture verification process is shown in Fig. 8. At the receiving end, the hash code of Signature the incoming message is generated and Sender’s Function Private Key input to a verification function, together with the two components of the signa- Fig. 5 Creating a digital envelope carrying a signed message ture. The verification function uses the global public key as well as sender’s sage is then dated and sent to B with an A public versus a private approach public key and recreates (one of the two indication that it has been verified to the to digital signatures components of) the original digital signa- satisfaction of the arbiter. The presence Another way of classifying digital sig- ture. A match between the recreated and of T solves the problem faced by direct nature schemes is based on whether a the original signature indicates the signature schemes, namely that A might private-key system or a public-key sys- authenticity of the signature. The signa- deny sending a message. The arbiter tem is used. The public-key system ture function is such that it assures the plays a sensitive and crucial role in this based digital signatures have several recipient that only the sender, with the scheme, and all parties must trust that advantages over the private-key system knowledge of the private key, could the arbitration mechanism is working based digital signatures. The two most have produced the valid signature. properly. There are many variations of popular and commonly used public-key The basis of the RSA scheme is the arbitrated digital-signature schemes. system based digital signature schemes difficulty of factoring of large prime num- Some schemes allow the arbiter to see are the RSA (named after Rivest, Shamir, bers. That of the DSA scheme is the diffi- the messages, while others don’t. The and Aldeman, the inventors of the RSA culty of computing discrete logarithms. particular scheme employed depends on public-key encryption scheme) and the The DSA provides only the signature the needs of the applications. Generally, digital signature algorithm (DSA) function where as the RSA scheme could an arbitrated digital-signature scheme approaches. The DSA is incorporated additionally provide encryption and key has advantages over a direct digital-sig- into the Digital Signature Standard (DSS), exchange. The signature verification nature scheme such as the trust in com- which was published by the National using the RSA scheme is about 100 times munications between the parties provid- Institute of Standards and Technology as faster than a DSA scheme. The signature ed by the trusted arbiter and in the arbi- the Federal Information Processing generation is slightly faster in the DSA tration of later disputes, if any. Standard. It was first proposed in 1991, scheme.

MARCH/APRIL 2006 7 Hash Message Message Function Digest Verify Encrypted Decrypt Signed Digital Message Signature Message Signed Signature Function Digest Message Encrypted Symmetric Decrypt Sender’s Key Public Key Random Symmetric Key Receiver’s Private Key

Fig. 6 Opening a digital envelope and verifying a digital signature

Work is underway for several exten- This technology is rather new and About the authors sions of the basic digital signature emerging and is expected to experi- S.R. Subramanya obtained his Ph.D. in scheme such as enabling signatures by ence growth and widespread use in computer science from George washing- multiple parties (group digital signa- the coming years. ton University where he received the tures), signatures by a hierarchy of sig- Richard Merwin memorial award from the natories, and protocols for simultaneous Read more about it EECS department in 1996. He received signing of contracts electronically by • W. Stallings, and the Grant-in-Aid of Research award from two or more signatories, separated by Network Security, 3rd ed. Englewood Sigma-Xi in 1997 for his research in audio wide distances. Cliffs, NJ: Prentice-Hall, 2002. data indexing. He is a senior research sci- • M. Bishop, Introduction to entist at LGE Modile Research in San Digital signatures in Computer Security. Reading, MA: Diego. His current research interests real applications Addison-Wesley, 2005. include mobile multimedia services and Increasingly, digital signatures are • J. Feghhi and P. Williams, Digital content management. He is the author of being used in secure e-mail and credit Certificates: Applied 1st over 70 research papers and articles. He card transactions over the Internet. The ed. Reading, MA: Addison-Wesley, 1999. is a Senior Member of the IEEE. two most common secure e-mail systems • C.P. Pfleeger and S.L. Pfleeger, Byung K. Yi obtained his Ph.D. in using digital signatures are Pretty Good Security in Computing, 3rd ed. electrical engineering from George Privacy and Secure/Multipurpose Internet Englewood Cliffs, NJ: Prentice-Hall, 2002. Washington University. He is the senior Mail Extension. Both of these systems • C. Kaufman, R. Perlman, and M. executive vice president of LG Electronics support the RSA as well as the DSS-based Speciner, Network Security: Private in San Diego. Dr. Yi’s previous affiliations signatures. The most widely used system Communication in a Public World, include Orbital Sciences Corp., Fairchild, for the credit card transactions over the 2nd ed. Englewood Cliffs, NJ: Prentice- and several high technology companies. Internet is Secure Electronic Transaction Hall, 2003. He is a Senior Member of the IEEE. (SET). It consists of a set of security pro- tocols and formats to enable prior exist- ing credit card payment infrastructure to Random work on the Internet. The digital signa- Number Message ture scheme used in SET is similar to the RSA scheme. Hash Message Signature Message Digital Function Digest Function Signature Conclusions Many traditional and newer busi- Sender’s Global nesses and applications have recently Private Key Public Key been carrying out enormous amounts Fig. 7 Signing using DSS of electronic transactions, which have led to a critical need for protecting the information from being maliciously altered, for ensuring the authenticity, Digital and for supporting nonrepudiation. Signature Compare Just as signatures facilitate validation Signature Hash Message and verification of the authenticity of Message Function Function Digest paper documents, digital signatures serve the purpose of validation and Sender’s Global authentication of electronic documents. Fig. 8 Verification using DSS Public Key Public Key

8 IEEE POTENTIALS