Running Head: Digital Signatures

1

Digital Signatures LaRon Walker Master of Information Technology and Internet Security May, 2010

2

ABSTRACT When transmitting data over any network, there is always a risk of this information being intercepted or modified by an outside source. To help protect against threats such as suppressreplay attacks, digital signatures are commonly used. Digital signatures are used to authenticate digital information and encompass certain requirements that help verify messages have not been modified during transport, and are from the original sender. They can play a key role in the encryption process, and maintain the integrity of message content and sender authenticity.

3

Digital Signatures LaRon Walker Master of Information Technology and Internet Security May, 2010 Digital signatures are used to verify that the contents of messages have not been altered during transport, and to verify the sender¶s identity. They generally consist of at least two algorithmic functions; one to create the signature, and another to verify the signature (Ulasien, 2006). By implementing digital signatures, the origin of messages can be verified, if the sender¶s identity comes into question. Along with this, the contents of messages are also verifiable using digital signatures, and can be used in combination with other encryption techniques. Digital signatures are primarily used to protect against message forgeries, and are commonly applied in scenarios where the participants of the message transaction are not familiar or fully trusted by one another. Digital signatures should consist of a private signature key and a public signature verification key as discussed in the article Digital Signature (2003). This allows users to generate signatures with secret or private keys that are encoded with time and date information along with other unique information that cannot be forged, but can be verified by anyone possessing the public signature verification key. All digital signatures must possess a date and time stamp that can be attached to messages to verify when the author sent the message and the message contents at that time. This information must also be verifiable by a third party to help resolve message disputes if any were to arise. Along with this, each signature should be easily

4

producible, easily verifiable yet virtually impossible to electronically forge. Every digital signature should meet these criterions in order to be most effective. Digital signatures can be applied in two methods. These techniques are known as direct digital signatures and arbitrated digital signatures. The main differences between these two approaches are that direct digital signatures only involve communication between the senders and recipients of messages, whereas arbitrated digital signatures involve third parties that verify sender and message content information before it is sent to the intended recipients. Direct digital signatures assume that recipients already possess the public key of the sender. One of the major drawbacks using this method is that it relies on the security of the private key. As discussed earlier, requiring all digital signatures to have a time stamp and other unique identifiers can help address this threat. When using arbitrated digital signatures, the third party is responsible for time stamping the message after the sender¶s identity and message contents are verified before being forwarded to the recipient. A common techniques used to forge messages are known as suppress-replay attacks. These attacks are possible when the clocks between sender and receiver are out of sync. For example, if the sender¶s clock is ahead of the intended recipient¶s clock and a message is intercepted, it can be resent once the timestamp matches the time at the recipient¶s location (Stalling, 2006). If the sender¶s clock is behind the intended recipient¶s clock, the message may be delayed, or not delivered at all due to the time mismatch. This can also occur if the sender¶s clock is not in sync with the key distribution center (KDC). One way to combat these types of attacks is to implement a process for users to check their clocks against the KDC¶s clock. By doing this, synchronization issues can be minimized, reducing the opportunities for these types

5

of attacks. More secure alternatives to combat these types of threats include using encryption techniques that utilize nonces, which are immune to replay attacks. Digital signatures can play a key role in maintaining message integrity. The main purpose of using digital signatures is to have an efficient way to effectively authenticate sender information and message contents. When used in combination with other encryption techniques, messages can be coded with timestamps and unique identifier information, which can be used directly between sender and recipient to verify message and sender authenticity. When all requirements of digital signatures are fulfilled, the threat of message forgery can be minimized, or even eliminated.

6

References DIGITAL SIGNATURE. (2003). In Encyclopedia of Computer Science. Retrieved May 29, 2010 from http://www.credoreference.com/entry/encyccs/digital_signature Stallings, W. (2006). Cryptography and Network Security Principles and Practice (5th ed.). Upper Saddle River, NY: Prentice Hall. Ulasien, P. (2006). Digital Signature Technologies. Faulkner Information Services. Retrieved May 29, 2010 from Faulkner Information Services database.

Sign up to vote on this title
UsefulNot useful