Digital Signature and Public Key Infrastructure

1
Digital Signature and Public Key Infrastructure

• Course COSC513-01
• Instructor Professor Anvari
• Student ID 106845
• Name Xin Wen
• Date 11/25/00

2
Content

• Introduction
• Digital Signature and information security
• Public key cryptography
• Digital Signature components processes
• Public key infrastructure(PKI) its Flow

3
Introduction

• Paperless office
• Cultural tradition
• Tangible paper
• Handwritten signature
• Sealed envelopes etc.
• Lack of legal admit
• Lack of infrastructure to support it
• Technology

4
The Internet and electronic commerce

• Internet
• Lack of sufficient information security
• Lack of framework to enable electronic commerce
• Public key cryptography technology
• Legal recognition of digital signatures
• The elimination of paper becomes true

5
Fundamental requirement

• Sender authenticity
• Message integrity
• Non-repudiation
• Signature formalities

6
Satisfying the requirements in electronic commerce

• The purpose is to
• Protect the message
• Not the medium
• No way to make a secure environment
• The availability and affordability of the public
  network
• Secure the message
• Base on public key cryptography
• Utah Digital Signature Act is the first one

7
Digital Signatures information security

• A digital signature is not
• a digitized image of a handwritten signature
• like the UPS signature
• Signature is digitized
• Image is transferred to electronic document
• Once captured, can be easily copy and paste
• A digital signature is
• An actual transformation of an electronic message
  using public key cryptography
• Tied to the signed document and signer, not
  reproducible
• Legal admitted
• Contract can be done over internet

8
The basic principles

• All data entered into a computer is read as a
  binary number.
• For example Jack and Jill went up the hill
• The computer read it as1000111010100111000101
  etc
• Perform mathematical functions on the number
• Messages be transformed to alternate
  representations unique to the original one

9
Public key cryptography

• Employs an algorithm using two different but
  mathematically related keys
• One (primary key) for creating a digital
  signature or transforming data into a seemingly
  unintelligible form
• Another key (public key) for verifying a digital
  signature or returning the message to its
  original form

10
Public key cryptography

• Also termed as asymmetric key cryptography
• Involves an asymmetric key pair
• Public key freely disseminated no need of
  confidential
• Private key must keep secret
• Characteristics of the key pairs
• Mathematical related, but impossible to
  calculated each other
• Each key perform the inverse function of the
  other,
• one key does only that the other can undo

11
Digital Signature components

• Digital signatures are based on asymmetric,
  public key cryptography
• The digital signing and verification processes
  involve a hash algorithm and a signature
  algorithm(extremely complex math equation)

12
Digital Signature components

• a digital signature has nothing to do with the
  signers name or handwritten signature
• An actual transformation of the message itself ,
  and that is secret only known by the signer
• Tied to both the signer and the message being
  signed.

• 100 Original Message
• 2 Hash Algorithm
• 200 MessageDigest(fingerprint)
• 2 Signature Algorithm
• 400 Digital Signature
• (2 is primary key)

13
Creating a digital signature
14
Verifying a digital signature
If the message digest are identical, the
signature will verify, If they are different
in any way, the signature will not verify.
Message
Hash Function
Message Digest
Digest Signature
Signature Function
Message Digest
Signers Public Key
15
Public key infrastructure

• Using digital signature software
• Generate a key pair
• Release his public key to the on-line world
• Use any identity he choose
• Certification authority (CA)
• A trusted third party
• Guarantee individuals identities,
• Guarantee their relationship to their public keys
• (Bind their identities to the key pairs)

16
Public key infrastructure

• Digital certificates contains
• Name of the subscriber
• The subscribers public key
• The digital signature of the issuing CA
• The issuing CAs public key
• Other pertinent information about the subscriber
• Subscribers organization (e.g. his authority to
  conduct certain transactions.etc)
• These certificates are stored in a on-line,
  publicly accessible repository

17
PKI Process Flow
Certification Authority
Repository
3
1
2
5
6
Subscriber
Relying Party
4
18
PKI Process Flow

• Step1. Subscriber applies to Certification
  Authority for Digital Certificate
• Step2. CA verifies identity of subscriber and
  issues Digital Certificate
• Step3. CA publishes Certificate to Repository
• Step4. Subscriber digitally signs electronic
  message with Private key to ensure Sender
  Authenticity, Message Integrity and
  Non-repudiation and sends to Relying Party
• Step5. Relying Party receives message, verifies
  Digital Signature with Subscribers Public Key,
  and goes to Repository to check status and
  validity of Subscribers Certificate
• Step6. Repository returns results of status check
  on Subscriber Certificate to Relying Party

19
Digital signature applications

• Any processes that requires strong authentication
  of both sender and contents of the message, and
  non-repudiation.
• Such applications as
• Purchase order systems
• Automated forms processing contracts
• Remote financial transactions or inquires

20
Covers

• Digital Signature
• What it is
• Basic principle
• Its components
• Create and verifying it
• Its application
• Public key cryptography
• Definition
• Character of key pairs
• Public key infrastructure
• PKI
• PKI Process Flow