The Statistic Of International Telecommunications Union

Published Date: 02 Nov 2017

Following by the growing of computer-based machine, Internet rapid grow after 20th century. By the statistic of International Telecommunications Union (ICT) [1] in 2011, one third of population under the world is using the Internet. Those people use Internet for work, communication, entertainment etc. The internet becomes part of human life. Internet is a public network. Everyone is able to access transmit data on the internet. Public and Free are the character of Internet. However, in different point of view, those two characteristics also cause some side effect. For example, the communication of two internet user can be easily access by third-party. Any adversary can pretend to be any one. Hence, the privacy and authenticity of data become a threat when it is transmitting through the Internet. The risk including confidential message was access by other un-authorized third-party and some part of message was modified before data was send to receiver. It also has the possibility that the entry message was replace by third-party. So, the Internet becomes un-reliable. In order to counter those threats, science developed a lot technique to solving those problems. One useful technique is Digital Signature.

This paper is organized as follows: section 2 will briefly introduce the digital signature and give the definition; section 3 will discuss the usage of digital signature and its security property to mention why we need the digital signature; section 4 introduces how the digital signature will process, it will separate into two phrases; section 5 section introduce algorithm and technique that used in the digital signature, we will also introduce the standard algorithm which defined by NISP; section 6 discuss the application of digital signature in the real world and the current state under the law; section 7 mention the security issue of digital signature and section 8 is the conclusion.

II. Definition

FIPS PUB 186-3 [2] defines Digital Signature as following:

"A digital signature is represented in a computer as a string of bits. A digital signature is computed using a set of rules and a set of parameters that allow the identity of the signatory and the integrity of the data to be verified. Digital signatures may be generated on both stored and transmitted data."

In the real world, people use the handwritten signature to ensure agreement of individual on the paper document. The processing of signing the paper is usually done in face-to-face. But, in the digital world or Internet, it is difficult to meet a people face-to-face and measure the validity of digital document. An addition problem is that the digital document will be changed very frequently, when those document transmit through the Internet, it is un-protected and will be easily access by any other third-party. The reason is because the characteristic of Internet that we already mention in the previous section. In my point of view, digital signature is similar as handwritten signature in the real world. The table.1 shows the simple comparison of handwritten signature and the digital signature. However, the digital signature is not limited on simulate the function of handwritten signature, it also ensures other security property of digital document in the Internet. For instance, those ensured security properties include authorization, integrity and non-repudiation of digital data. Those security properties will be introduced in next section.

Handwritten Signature

Digital Signature

Media

Paper Document

Digital Document

Delivery

Mail, Hand Over

Network Transmission

Function

The provenance of the document, and agreement of signed individual

Ensure the authorization, integrity and non-repudiation of digital document.

Table. 1 Comparison of Handwritten Signature and Digital Signature

Digital Signature includes two phrases: the signing phrase and verify phrase. Those two phrases will be introduced in the 4th section, generation and verification of digital signature. During the processing of digital signature of digital signature, the technique of hash function will be used for generating the message authentication code (MAC) or message digest which serves as the signature of digital document later. The encryption technique will be used to protect the message digest on the transmission of Internet. Digital signature usually chose the public-key encryption to be the encryption algorithm. So, some of people will view the digital signature as an application of public-key encryption. If the message digest is not protected by the encryption algorithm, it will be difficult to assure the validity of MAC in the Internet without the protection of encryption. In addition, digital signature will able to ensure the non-repudiation property when using the public-key encryption. This security property encourages many organizations to use the digital signature within their internet services.

III. Motivation

In this section, we will discuss the facing problem of business when they want to use the Internet, and then to point out the usage of digital signature, also introduce what security property can be ensured by using the digital signature.

Following the rapidly grow of Internet, a lot organization want to provide their service in the Internet, like business company want to start the E-commerce. However, although the Internet is free, it is un-protected network. Wen et al. [10] summarize the security issues that organization need to solve before they start the E-commerce. In the table.2 you can see the suggested method of solve the problem. You may find that most of the issue is possible to be solved by the digital signature.

Security Problem[10]

Security Property

Possible Method/Technology

The validity of the information

Integrity

Digital Signature

The confidentiality of information transmission

Confidentiality

Encryption Technology

The integrity of transaction information

Integrity

Digital Signature

Non-repudiation of information

Non-repudiation

Authentication

Digital Signature

(Message authentication)

The authenticity of the traders identity

Authentication

User authentication

The information cannot be amended

Integrity

Digital Signature

Table. 2 The security issue of E-commerce and possible solution

Digital signature is a useful technology to ensure three security properties of digital document or message in the Internet, those three security properties are Authentication, Integrity and Non-repudiation. We introduce those properties in the following sub-section.

III.I. Security property and function

Authentication

Authentication is the way to proof a given entry is the valid one. Because the Internet is public without any protection, it is necessary to perform the authentication action when using the Internet service. Because of, unlike the real world activity, people are not able to build up the trust by fact-to-face. The internet users are usually separate in different place under the world. We need to develop other technique to achieve that goal, like digital signature. Using the digital signature, it is possible to build up the trust in the communication of two parties through the internet. The authentication includes the user authentication and message authentication, digital signature is mainly service the message authentication. User authentication is usually using other technique, like password, token or biometrics. The authentication ability is the result of using the message authentication code which is generated by hash function and encrypted by some of encryption. This property is required in the financial context, brank’s information or government’s public message.

Integrity

The Integrity refers as the validity of a transmitted digital document. It guarantees the received digital document is same as the original one from the sender, the digital document has not been altered by any others during the transmission. After signed a document, the message authentication code (MAC) or message digest will be generated and encrypted by using a secure key. Encryption prevent adversary to change or replace the MAC. The hash function also ensures that even if a small alteration in original digital documents will make the MAC much different with the valid one. This property is also including the unforgeability of digital signature.

Non-repudiation

The non-repudiation is considered as the most import property of digital signature. The non-repudiation means that when the receiver received digital documents, he/she is able to proof that this digital document really came from the sender. The sender cannot deny that he/she never send that digital document. Usually, this non-repudiation can be achieved when using the public-key encryption within digital signature. Since we assumed that only sender knows the private key, once he/she use private key to encrypt the signature, the received can only use the paired public key to decrypt and verify the signature.

Here has have import notes, the digital signature, which introduce in this report, is not able to ensure the confidentiality of digital document. The confidentiality is usually achieved by the encryption technique. We also use encryption technique in the digital signature, but only ensure the unforgeability of the message digest. Why we don’t directly use encryption in the whole message is because of the encrypted message cannot prevent the adversary alter part of the encrypted message even if when attacker don’t know the secure key. The message or documents is able to view or access by anyone.

However the digital signature has many different version of algorithm or standard for difference of organization, but those three security properties are usually consider as the goal or function of digital signature. Those algorithm and standards, which are introduced latter in this report, will all ensure those three security properties. The digital signature is possible to ensure more security property, like the digital signature of Ravneet Kaur et al. [4]. They introduce the digital signature with 2 difference of encryption algorithm and an addition security property, which is the privacy of digital document. In their summary, one of digital signature is using public-key encryption, an asymmetric encryption. The other is using the symmetric encryption. But, in my point of view, the digital signature in Ravneet Kaur’s summary is very similar as the digital envelope that is the reason why their digital signature can provide the confidential property.

IV. Generation and Verification of Digital Signature

In this section, we discuss how the digital signature work and what will be generated when we using digital signature. When we use the digital signature, we will consider there have two parties. One side (sender) is going to send a message to the other side (receiver) and use digital signature to ensure the authentication of message. The base step of digital signature is shown below:

1. Sender prepares a protected message digest of digital document;

2. Sender prepares the encrypted message digest together its corresponding document (or sends the two documents in separate way);

3. Received generate message digest of received document and verify with the decrypted message digest from sender.

From the above we can see that the digital signature mainly includes 2 phrases: 1.signature generation phrase and 2.message verification phrase. Those 2 phrases will be discussed in detail in the next two subsections. Here we assume that the message digest is produced by the hash function and the encryption for protecting the message digest is using the public-key encryption. The figure.1 shows the overview of those two phrases.

IV.I. Signature Generation

The signature generation phrase is performed in the sender side. We also consider those actions as signing the digital document. The sender will do the following action:

Hashing: sender uses the hash function with input of target document to generate message digest.

The size of message digest is usually much shorter than the original documents. The message digest will be used for received to verify the received digital document. The message digest should be much different even if the digital document is only changed a very little. That requirement is usually handled by the hash function. This action is going to perform the message authentication.

Encryption: sender uses his/her private key and public-key encryption algorithm to encrypt the generated message digest from step 1.

This step is considered as signing a document with the ownership of sender. Since we assume only the sender knows his private key, only he is possible to encrypt the message digest with his private key. Any other person is not able to pretend as the sender. That will serves as the non-repudiation of digital signature later. In addition, the message digest is protected by encryption of public-key algorithm. During the transmission, adversary cannot alter the message digest without decrypt it.

Packing: sender combine the digital document and its encrypted message digest, then send them to the receiver.

Usually the encrypted message digest is attended to the original document, and then send to the receiver. After the received get the file, he/she will perform message verification to verify the received document.

IV.II. Message Verification

Hashing: receiver perform the action as the sender to generate the message digest of received document.

After the receiver received the document and its encrypted message digest, he first performs the same action sender to generate the message digest of the document again. The idea is that if the message was not alter by any other attacker, both side (sender and received) should produce same message digest.

Decryption: receiver decrypt the encrypted message digests from the sender by using the public key of sender.

Since the received message digest is protected by sender’s encryption, the receiver need to decrypt it and get the message digest. Here receiver will use the public key which is pair with private key of sender, the public key will able to decrypt any content that is encrypted by sender’s private key.

Verification: receiver compares the decrypted message digest (from step 2) with the one produce by himself/herself (from step 1).

In general, the receiver compares the result of step 1 and step 2. This step is going to verify the digital document which received from sender. If those two message digital are same, the receiver can ensure this document is really from the sender and the document is not alter by any others. However, adversary is possible to access the documents without the attention sender and receiver. But receiver can get notes if the document is altered by adversary.

Hash Function

Encryption

Private Key

Append

MAC

Decryption

Public Key

Hash Function

Compare

Network

Transmission

Sender side

Receiver side

Figure.1 the processing diagram of digital signature

Append

MAC

In our report, the digital signature is a base version. But above steps already ensure three properties of authentication, integrity and non-repudiation. The white paper of CGI [5] introduces the digital algorithm similar as ours. You can refer to this paper to get other view of digital signature algorithm. However, everyone is able to modify or add more steps into the introduced algorithm. As we mention before, the digital signature will be exist difference version. In summary of Ravneet Kaur et al. [4], another digital signature algorithm of using symmetric encryption is introduced. Although, in my point view, that symmetric encryption signature algorithm is more like the digital envelope. The asymmetric encryption signature algorithm of Ravneet Kaur has one more step compare to our algorithm. Before send the message digest and document to receiver, those information are be encrypted one more time, by using receiver’s public key. The receiver also needs to decrypt the received information first in order to get the message and its encrypted message digests. You can refer to their paper for more detail.

V. Algorithm and Standard

After the previous section, we understand that the digital signature needs to use the technique of cryptographic hash function and encryption. In this section, we are going to introduce the possible hash function and encryption algorithm, also include some of their characters. In the last part of this section, we will show the digital signature standards of NIST [6]. In fact, many digital signatures were developed, in the paper of Shafi Glodwasser et al. [7] they introduce 11 signature schemes and discuss their security. You can refer to this paper and know the details.

The hash algorithm and encryption algorithm are both belong to the cryptographic technique. The hash algorithm is going to generate the message digest for later authentication. Since hash algorithm will produce a fixed length of output whenever what the size of input is, this character that makes the signature algorithm very efficiency. But digital signature has some of requirement when choosing hashing algorithm. The encryption algorithm is going to protect the message digest which produced from hashing algorithm, and it is going to prevent any adversary to alter the message digest during the network transmission.

Cryptographic Hash Algorithm

The cryptographic hash algorithm is an algorithm that mapping a variance-size of input into a fixed size of output. Usually, the size of output is much smaller than the input’s. The output of hash function is not reversible. It should not able to find out the input from any output of that algorithm. An example of hash function is shown in the figure.2, even if the input is changed a little, the output will be much different with original. The application of hashing algorithm include digital signature, storing password, any other needs to generate a digest of file and data.

In general, the hash algorithm should have the below properties:

Pre-image resistance

This property means that it is computationally infeasible to find a x such that H(x) = h. This ensures that the hash function is a one-way function. The adversary is difficult to compute the original input from a given hash value.

Figure.2 shows a typical cryptographic hash function (SHA-1) at work. Note that small differences in the input result in very different digests. [9]

Second pre-image resistance

This property means that it is computation infeasible to find a y such that H(x) = H(y) when x is known. This is also referred as the weak collision resistant. That ensure the adversary is difficult to perform any alteration in the message without effect valid of hashing value.

Collision resistance

This property means that it is computation infeasible to find any pair (x, y) such that H(x) = H(y). This also referred as the as the strong collision resistances.

The below table shows widely used algorithm of hash function, the characteristics of those algorithms are summary by Ravneet Kaur et al. [4]. The possible attack on those three properties is summary by the Wikipedia [8].

Characteristics

Hash size

Best known attacks

Collision

Second Pre-image

SHA1

FIPS approved; other versions (SHA256,SHA384,SHA512) provide longer outputs

160

Yes

No

MD5

Potential weaknesses is that it can be used as a keyed hash

128

Yes

No

RIPEMD-160

Developed as part of the EC‘s Research and Development in Advanced Communications Technologies in Europe (RACE)

160

Yes

No

TIGER HASH

Designed for efficient operation on 64-bit platforms

192

Yes

No

Table.3 Hash Algorithms [4, 8]

Encryption Algorithm

The encryption algorithm is a reversible algorithm that mapping an input with a "meaning-less" output. It usually includes an encryption algorithm and a decryption algorithm. The inputs of both algorithms include digital data and a user defined value, named key.

If the cryptographic encryption use same key to perform both encryption and decryption, that is classified as the symmetric key. On other hand, if the cryptographic encryption use different key for encryption and decryption, that is classified as the asymmetric key. Encryption algorithm also can be classified into Block cipher or Stream cipher. In the stream cipher, the key size is as long as the input data, like one-time pad, that is consider as the most secure of encryption algorithm. For the block cipher, the message is usually divide into fixed-size of block, which is encrypted with same key.

In the digital signature, public-key encryption is used more widely. The usage of public-key algorithm is introduced in the section of Generation and Verification of Digital Signature.

Digital Signature Standard

According to FIPS PUB 186-3 of NIST [2], they specify 3 algorithms for application which requiring a digital signature. In this publication, the public-key encryption and hash function was required in the process of digital signature. The three approved digital signature algorithm are include digital signature algorithm (DSA), RSA digital signature algorithm (RSA) and the Elliptic Curve digital signature algorithm (ECDSA).

The below table of Ravneet Kaur et al. [4] shows the base view of those 3 algorithms:

Algorithm

Characteristics

Minimum of key size (Bits)

DSA

FIPS 186-2 digital signature Digital signature based on SHA1 hash, unencumbered (no patents, no licenses)

1024

RSA

RSA digital signature(FIPS approved) Previously patented digital signature

1024

ECDSA

Digital signature based on elliptic curve key technology uses smaller keys than other public key technologies but may be encumbered by various

160

Table.4 Digital Signature Algorithms[4]

VI. Digital Signature Applications

In this section, we will look at the application of digital signature in the real world and the legal state of digital signature. The hand written signature is already confessed by the government’s Act. Whether the digital signature same as the hand written signature? We first discuss the legal issue of digital signature. Next we discuss how digital signatures are used in real world applications.

Legal Statement

In Unite State, the Uniform Electronic Transactions Act [11] defines the electronic signature as following:

"Electronic signature" means an electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record"

In this act, it didn’t directly mention the word of "digital signature". But the following statement indicates that digital signature is qualified as an electronic signature.

"A digital signature using public key encryption technology would qualify as an electronic signature, as would the mere inclusion of one’s name as a part of an e-mail message – so long as in each case the signer executed or adopted the symbol with the intent to sign."

In fact, many countries confessed electronic signature, instead of using the name of digital signature. But the electronic signature is just a simple view of digital signature. Those countries confess electronic signature should also confess the digital signature. Digital signature is recognized in the law as the below statements.

"(A) A record or signature may not be denied legal effect or enforceability solely because it is in electronic form.

(b) A contract may not be denied legal effect or enforceability solely because an electronic record was used in its formation.

(c) If a law requires a record to be in writing, an electronic record satisfies the law.

(d) If a law requires a signature, an electronic signature satisfies the law."

Application

In fact, many country or organization is going to find a way for recognizing the authentication in the Internet. The article "Digital signature and law" of Wikipedia [12] listed the country or union that is recognize the digital signature in the law. China is included in this list.

In the standard of NISP [2], the digital signature is use for the electronic mail, electronic funds transfer, electronic data interchange, software distribution, and data storage, the application that required the integrity or authentication. Zhu [3] also define more application that will use the digital signature in the E-commerce. For example, like online tax, internet banking and mobile payment.

The goal of using digital signature is to ensure the three security property which we discussed in the section 3. However, the digital signature still has some of security issue need to consider. For instance, how the received get the public key and ensure the public key is correct. Those issued will be discussed in following section.

VII. Security Issue

The digital signature is a usefully tools in the communication of Internet. But before using the digital signature in the real world activity, some of the issue should be solved. It is also possible that adversary will attack the digital signatures. First, we discuss the possible attack of digital signature.

Attack in the digital signature

In the paper of Shafi Glodwasser; Silvio Micali and Ronald L. Rivest [7] mention the possible attack of digital signature:

Key-only attacks: the adversary is only know the public key of sender for signature verification

Message attack: the adversary is able to know some of the valid signature of some message from sender. In a more critical case, the adversary may also have the ability to force the sender to generate some of chosen message.

Additional security issue

Before the digital signature is being used, some of the issue should also been ensure.

How to ensure the receiver get the correct public key of sender

Because the message digest is protected by the public-key encryption, the receiver needs to decrypt the message digest from sender before verifying the message. If the public key is not correct, the receiver is tend to make a wrong verification in all message of sender. The issue is inherited from the public-key encryption. One of the possible solutions is public key certification.

Sender must keep his private key in secure.

The private key play an import role in the digital signature, if the private of sender is known adversary, the digital signature will be totally broken. The adversary will able to pretend the sender without the attention of both sender and receiver. Any security property of message will not be ensured any more.

VIII. Conclusion

With using the technique of hash function and public-key encryption, the digital signature is able to ensure the property of authentication, integrity and non-repudiation of digital document. Because that advantages, the digital signature is now widely used in the government publication, electronic mail communication, business transaction and data authentication. The digital signature is already been recognized in the law of many country in the world. With the growing of Internet, the digital signature will become more and more important. Many algorithm are already developed and evaluated, the technique is able used in the real world applications. Some of advance algorithm is also developed, like the digital envelop or the algorithm that mentioned in the paper of Ravneet Kaur et al. [4]. Those two algorithms are going to make the digital signature able to ensure the confidentiality of digital documents. However, some of the security is still existed when using the digital signature. But scientists are going to develop some of solution for that. In the future, digital signature is possible used more widely.