[attachment=1444]


INTRODUCTION
Digital signature is a sort of Cryptography. Cryptography means keeping communications private. It is a practical art of converting messages or data into a different form, such that no one read them without having access to the Ëœkeyâ„¢. The message may be converted using a Ëœcodeâ„¢ (in which case each character or group of characters is substituted by an alternative one), or Ëœcipherâ„¢ (in which case the message as a whole is converted, rather than individual characters). It deals with encryption, decryption and authentication.
There are two types of Cryptography-
1.Secret key or Symmetric Cryptography
2. Public key or Asymmetric Cryptography
In Symmetric Cryptography the sender and receiver of a message know and use the same secret key to encrypt the message, and the receiver uses same key to decrypt the message.
Asymmetric (or public key) Cryptography involves two related keys, one of which only the owner knows (the 'private key') and the other which anyone can know (the 'public key').
The advantages of Asymmetric Cryptography are that:
¢ Only one party needs to know the private key.
¢ The knowledge of the public key by a third party does not compromise security of message transmission.
The most important development from the work on public “key cryptography is Digital Signature.
Why Digital Signature:
Message authentication protects two parties who exchange messages from any third party. However it does not protect two parties against each other. Several forms of disputes between the two are possible.
For example suppose that john sends an authenticated message to Mary,using one of the schemes.Following dispute that could arise :
1. Mary may forge a different message and claim that it can come from John.Mary would simply have to create a message and append an authentication code using the key that John and Mary share.
2. John can deny sending the message.Because it is possible for Mary to forge a message there is no way to prove that John did in fact send the message.
Both scenarios are of legitmate concern.Here is an example of the first scenario:An electronic fund transfer take place and the receiver increases the amount of fund transferred and claims that larger amount had arrived from the sender.An example of the second scenarios is that an electronic mail message contains instruction to a stockbroker for a transdaction that subsequently turns out badly.The sender pretend that the message never sent.
In situation where there is not complete trust between sender and receiver,something more than authentication is needed .The most attractive solution to this problem is the digital signature .The digital signature is analogus to the handwritten signature.It must have the following properties:
Properties :
¢ It must verify the author and the date and time of signature .
¢ It must authenticate the contents at the time of signature.
¢ It must be verifiable by third parties,to resolve disputes.
Thus the digital function includes the authentication function.

Requirements :
On the basis of these prpperties ,we can formulate the following reqirements for a digital signature:
¢ The signature must be a bit pattern that depends on the message of being signed.
¢ The signature must use some information uniqe to sender ,to prevent both forgery and denial.
¢ It must be relatively easy to produce the digital signature .
¢ It must be relatively easy to recognize and verify the digital signature.
¢ It must be computationally infeasible to forge a digital signature ,either by constructing a new massage for an existing digital signature or by constructing a fraudulent digital signature for a given message.
¢ It must be practical to return a copy of the digital signature in storage.
A secure hash function ,embedded in a scheme such as that of figure satifies these reqirements.
What is digital signature:
Basically, the idea behind digital signatures is the same as your handwritten signature. You use it to authenticate the fact that you promised something that you can't take back later. A digital signature doesn't involve signing something with a pen and paper then sending it over the Internet. But like a paper signature, it attaches the identity of the signer to a transaction. Having a digital certificate is like using your driver's license to verify your identity. You may have obtained your license from Maryland, for example, but your Maryland license lets you drive in Nevada and Florida. Similarly, your digital certificate proves your online identity to anybody who accepts it.
A digital signature can also be used to verify that information has not been altered after it was signed. A digital signature is an electronic signature to be used in all imaginable type of electronic transfer. Digital signature significantly differs from other electronic signatures in term of process and results. These differences make digital signature more serviceable for legal purposes.

Digital signatures are based on mathematical algorithms. These require the signature holder to have two keys (one private and the public) for signing and verification .A verifiable trustworthy entity called certification authority creates and distributes signatures. A digital signature is a cryptographic means through which many of these may be verified. The digital signature of a document is a piece of information based on both the document and the signer™s private key. It is typically created through the use of a hash function and a private signing function (encrypting with the signer™s private key). Digital Signatures and hand “ written signatures both rely on the fact that it is very hard to find two people with the same signature. People use public “key cryptography to compute digital signatures by associating something unique with each person. When public-key cryptography is used to encrypt a message, the sender encrypts the message with the public key of the intended recipient. When public -key cryptography is used to calculate a digital signature, the sender encrypts the digital fingerprint of the document with his or her own private key. Anyone with access to the public key of the signer may verify the signature.
In practice, public-key algorithms are often too inefficient for signing long documents. To save time, digital signature protocols use a cryptographic digest, which is a one-way hash of the document. The hash is signed instead of the document itself. Both the hashing and digital signature algorithms are agreed upon beforehand. Here is a summary of the process:
1. A one-way hash of the document is produced.
2. The hash is encrypted with the private key, thereby signing the document.
3. The document and the signed hash are transmitted.
4. The recipient produces a one-way hash of the document.
5. Using the digital signature algorithm, the recipient decrypts the signed hash with the sender's public key.
If the signed hash matches the recipient's hash, the signature is valid and the document is intact.
There is a potential problem with this type of digital signature. Alice not only signed the message she intended to but also signed all other messages that happen to hash to the same message digest. When two messages hash to the same message digest it is called a collision; the collision-free properties of hash functions are a necessary security requirement for most digital signature schemes. A hash function is secure if it is very time consuming, if at all possible, to figure out the original message given its digest. However, there is an attack called the birthday attack that relies on the fact that it is easier to find two messages that hash to the same value than to find a message that hashes to a particular value. Its name arises from the fact that for a group of 23 or more people the probability that two or more people share the same birthday is better than 50%.
When software (code) is associated with publisherâ„¢s unique signature, distributing software on the Internet is no longer an anonymous activity. Digital signatures ensure accountability, just as a manufacturerâ„¢s brand name does on packaged software. If an organization or individual wants to use the Internet to distribute software, they should be willing to take responsibility for that software. This is based on the premise that accountability is a deterrent to the distribution of harmful code.
APPROACHES
A variety of approaches have been proposed for digital signature function. These approaches fall into two categories:
¢ Direct approach
¢ Arbitrated approach
Direct digital signature:
A direct digital signature involves only the communication parties (source and destination). It is assumed that the destination knows the public key of the source. A digital signature may be formed by encrypting the entire message with the senderâ„¢s private key or by encrypting the hash code of the message with the senderâ„¢s private key.
Confidentiality can be provided by further encrypting the entire message plus signature with either the receiverâ„¢s public key or a shared secret key. It is important to perform the signature function first and then an outer confidentiality function. In case of dispute some third party must view the message and signature. If the signature is calculated on an encrypted message, the third party also needs access to the decryption key to read the original message.
All direct schemes described so far have a common flaw:
The validity of the scheme depends on the security of the senderâ„¢s private key. If a sender later wishes to deny sending a particular message, he can claim that the private key was lost or stolen and that someone else forged his signature.
Administrative controls relating to the security of private keys can be employed to thwart or at least weaken this ploy. One example is to require every signed message to include a timestamp (date and time) and to require prompt reporting to compromise keys by a central authority. Another threat is that the private key might be stolen from sender X at time T. The opponent can then send a message signed with Xâ„¢s signature and stamped with a time before or equal to T.
Arbitrated digital signature:
The problems associated with direct digital signatures can be addressed by using an arbiter. As with direct signature schemes, there are a variety of arbitrated signature schemes. In general terms, these all operate as follows: every signed message from sender X to the receiver Y goes first to the arbiter A, who subjects the message and its signature to the number of tests to check its origin and content. The message is then dated and sends to Y with an indication that it has been verified to the satisfaction of the arbiter. With the presence of arbiter A, there are no chances of a sender X to disowning the message, as is the case with the direct digital signatures.
The arbiter plays a crucial role in arbitrated digital signatures and all parties must have a great deal of trust that the arbitration mechanism working properly. The use of a trusted system might satisfy this requirement.
HOW THE TECHNOLOGY WORKS :

Digital signatures require the use of public-key cryptography .If you are going to sign something, digitally, you need to obtain both a public key and a private key. The private key is something you keep entirely to yourself. You sign the document using your private key- which is really just a kind of code-then you give the person (the merchant of the website where you bought something or the bank lending your money to buy a house) who needs to verify your signature your corresponding public key. He uses your public key to make sure you are who you say you are. The public key and private key are related, but only mathematically, so knowing your private key. In fact, itâ„¢s nearly impossible to figure out your private key from your public key.
The sender accomplishes the process of creating a digital signature. The receiver of the digital signature performs the verification of the digital signature.
DIGITAL SIGNATURE STANDARD :
The National Institute of Standards and Technology has published Federal Information processing standards Publications (FIPS PUBS), known as digital signature standard. The DSS makes use of the Secure Hash Algorithm (SHA) and present a new digital signature technique called the Digital Signature Algorithm (DSA) appropriate for applications requiring a digital rather than written signature. The DSA digital signature is a pair of large numbers represented in a computer as strings of binary digits. The digital signature is computed using a set of rules (i.e., the DSA) and a set of parameters such that the identity of the signatory and integrity of the data can be verified. The DSA provides the capability to generate and verify signatures. Signature generation makes use of a private key to generate a digital signature. Signature Verification makes use of a public key, which corresponds to, but is not the same as, the private key. Each user possesses a private and public key pair. Public keys are assumed signatures for stored as well as transmitted data. Anyone can verify the signature of a user by employing that user's public key. Signature generation can be performed only by the possessor of the user's private key.
A hash function is used in the signature generation process to obtain a condensed version of data, called a message digest (see Figure 1). The message digest is then input to the DSA to generate the digital signature. The digital signature is sent to the intended verifier along with the signed data (often called the message). The verifier of the message and signature verifies the signature by using the sender's public key. The same hash function must also be used in the verification process. The hash function is specified in a separate standard, the Secure Hash Standard (SHS), FIPS 180. Similar procedures may be used to generate and verify signatures for stored as well as transmitted data.

Figure 1: Using the SHA with the DSA
The DSA authenticates the integrity of the signed data and the identity of the signatory. The DSA may also be used in proving to a third party that data was actually signed by the generator of the signature. The DSA is intended for use in electronic mail, electronic funds transfer, electronic data exchange, software distribution, data storage, and other applications which require data integrity assurance and data origin authentication.
The DSA may be implemented in software, firmware, hardware, or any combination thereof. NIST is developing a validation program to test implementations for conformance to this standard.

THE ALGORITHM:
The digital signature algorithm is as follows:
GLOBAL PUBLIC-KEY COMPONENTS:
1. p = a prime number, where 2L-1 < p < 2L for 512 = < L = <1024 and L a multiple of 64
2. q = a prime divisor of p - 1, where 2159 < q < 2160
3. g = h(p-1)/q mod p, where h is any integer with 1 < h < p - 1 such that h(p-1)/q mod P>1
(g has order q mod p)
THE USERâ„¢S PRIVATE KEY:
x = a randomly or pseudorandomly generated integer with 0 < x < q
USERâ„¢S PUBLIC KEY:
y = gx mod p
USERâ„¢S PER-MESSAGE SECRET NUMBER:
k = a randomly or pseudorandomly generated integer with 0 < k < q
The integers p, q, and g can be public and can be common to a group of users. A user's private and public keys are x and y, respectively. They are normally fixed for a period of time. Parameters x and k are used for signature generation only, and must be kept secret. Parameter k must be regenerated for each signature.
DIGITAL SIGNATURE GENERATION:
To begin with the process, a check (message) must be created. In order to create a digital signature with the check, a process known as hash function must occur. The hash function is a mathematical algorithm that creates a digital representation or fingerprint in the form of a hash result or message digest. The hash function generally has a standard length that is usually much smaller than the message but nevertheless substantially unique to it. Hash functions ensure that there have been no modifications to the check since it was digitally signed.
The next step is to encrypt the check and signature. The senderâ„¢ signature software transforms the result into a digital signature using the sender private key. The resulting signature is thus unique to both the message and the private key used to create it. Typically, a digital-signature is appended to its message and stored or transmitted with the message. However, it may also be sent or stored as a separate data element, so long as it maintains a reliable association with its message. Since a digital signature is unique to its message, it is useless when wholly disassociated from the message.
Now the question arises how do one get a private and a public key The answer is: You need to obtain something called a digital certificate. For that, you go to a certificate issuer, which will give you a digital certificate that says, in effect, "Here is Mike, and here is his public key. Anything he signs with his corresponding private key is valid." When you buy something online and digitally sign the transaction, you provide the merchant with your digital certificate. If the merchant trusts the issuer of the certificate, he uses the certificate to verify your signature. Often the authority that provides you with a digital certificate will also provide you with a private key. Certain computer systems will let you generate your own private key, but be careful! That is where the potential for fraud comes in. It's considered impossible to forge a digital signature the way one can forge a paper signature, but if you are careless with your private key”leaving it unprotected on your desktop, for instance”it's possible for you to compromise its integrity.
Mathematically
The signature of a message M is the pair of numbers r and s computed according to the equations below:
r = (gk mod p) mod q and
s = (k-1(SHA(M) + xr)) mod q.

In the above, k-1 is the multiplicative inverse of k, mod q; i.e., (k-1 k) mod q = 1 and 0 < k-1 < q.
M is a message to be signed and the value of SHA (M) is a 160-bit string output by the Secure Hash Algorithm specified in FIPS 180. For use in computing s, this string must be converted to an integer.
As an option, one may wish to check if r = 0 or s = 0. If either r = 0 or s = 0, a new value of k should be generated and the signature should be recalculated (it is extremely unlikely that r = 0 or s = 0 if signatures are generated properly).
The signature is transmitted along with the message to the verifier.
SIGNATURE VERIFICATION:
Prior to verifying the signature in a signed message, p, q and g plus the sender's public key and identity are made available to the verifier in an authenticated manner.
Let M', r' and s' be the received versions of M, r, and s, respectively, and let y be the public key of the signatory. To verifier first checks to see that 0 < r' < q and 0 < s' < q; if either condition is violated the signature shall be rejected. If these two conditions are satisfied, the verifier computes
w = (s')-1 mod q
u1 = ((SHA(M')w) mod q
u2 = ((r')w) mod q
v = (((g)ul (y)u2) mod p) mod q.
If v = r', then the signature is verified and the verifier can have high confidence that the received message was sent by the party holding the secret key x corresponding to y. For a proof that v = r' when M' = M, r' = r, and s' = s
If v does not equal r', then the message may have been modified, the message may have been incorrectly signed by the signatory, or the message may have been signed by an impostor. The message should be considered invalid.
A PROOF THAT v = r'
This appendix is for informational purposes only and is not required to meet the standard.
The purpose of this appendix is to show that if M' = M, r' = r and s' = s in the signature verification then v = r'. We need the following easy result.
LEMMA. Let p and q be primes so that q divides p - 1, h a positive integer less than p, and g = h(p-1)/q mod p. Then gq mod p = 1, and if m mod q = n mod q, then gm mod p = gn mod p.
Proof: We have
gq mod p = (h(p- 1)/q mod p)q mod p
= h(p-1) mod p
= 1
by Fermat's Little Theorem. Now let m mod q = n mod q, i.e., m = n + kq for some integer k. Then
gm mod p = gn+kq mod p
= (gn gkq) mod p
= ((gn mod p) (gq mod p)k) mod p
= gn mod p
since gq mod p = 1.
We are now ready to prove the main result.
THEOREM. If M' = M, r' = r, and s' = s in the signature verification, then v = r'.
Proof: We have
w = (s')-1 mod q = s-1 mod q
u1 = ((SHA(M'))w) mod q = ((SHA(M))w) mod q
u2 = ((r')w) mod q = (rw) mod q.
Now y = gx mod p, so that by the lemma,
v = ((gu1 yu2) mod p) mod q
= ((gSHA(M)w yrw) mod p) mod q
= ((gSHA(M)w gxrw) mod p) mod q
= ((g(SHA(M)+xr)w) mod p) mod q.
Also
s = (k-1(SHA(M) + xr)) mod q.
Hence
w = (k(SHA(M) + xr)-1) mod q
(SHA(M) + xr)w mod q = k mod q.
Thus by the lemma,
v = (gk mod p) mod q
= r
= r'.
The Risks Involved in Message Transmission
The term message transmission is used here to refer to the sending of a message from one person or organization to another, over a communications link.
The risks involved in message transmission are identified in a supporting document. This document describes the ways in which those risks can be addressed, through the application of cryptography.
Requirements for Message Transmission Security
The requirements of a security regime which addresses these risks are conventionally summarized under four broad headings. For the sender and receiver to be confident in the outcome of their communications, all of these requirements need to be satisfied.
(1) 'Confidentiality', or Message Content Security :
This comprises two separate requirements, that, during a message's transit from sender to receiver:
¢ No observer can access the contents of the message; and
¢ No observer can identify the sender and receiver.
The term 'confidentiality' is used by computer scientists who specialize in security matters. This is most unfortunate, because the term has an entirely different meaning within commerce generally, which derives from the law of confidence. For this reason, the alternative term 'message content security' is used in this Module.
(2) Integrity of Message Content :
This requires that the recipient can be sure that, whether accidentally, or because of an action by any party:
¢ The message has not been changed or lost during transmission;
¢ The message has not been prevented from reaching the recipient; and
¢ The message has not reached the recipient twice.
(3) Authentication of the Sender and Recipient :
This requires that:
¢ The sender can be sure that the message reaches the intended recipient, and only the intended recipient; and
¢ The recipient can be sure that the message came from the sender and not an imposter. The act by an imposter of sending such a message is referred to as 'spoofing'.
(4) Non-Repudiation by the Sender and Recipient :
This requires that:
¢ The sender cannot credibly deny that the message was sent by them; and
¢ The recipient cannot credibly deny that the message was received by them.
PURPOSE OF DIGITAL SIGNATURE
¢ Signer authentication :
If public and private keys are associated with an identified signer, the digital signature attributes the message to the signer. The digital signature cannot be forged, unless the signer loses control of the private key.
¢ Message authentication :
Digital signature identifies the signed message with far greater certainty and precision than paper signatures. Verification reveals any tempering since the comparison of hash result shows whether the message is the same as when signed.
¢ Non-repudiation :
Creating a digital signature requires the signer to use his private key. This alters the signer that he is consummating a transaction with legal consequences, decreasing the chances of litigation later on.
¢ Integrity :
Digital signature creation and verification processes provide a high level of assurance that the digital signature is that of the signer. Compared to tedious and labor intensive paper methods, such as checking signature cards, digital signatures yield a high degree of assurance without adding resources for processing.
AN EXAMPLE
________________________________________
What is a Digital Signature
An introduction to Digital Signatures, by David Youd
________________________________________

Bob

(Bob's public key)

(Bob's private key)
Bob has been given two keys. One of Bobâ„¢s keys is called a Public key,the other is called a Private key.
Bob's Co-workers:





Anyone can get Bob's Public Key, but Bob keeps his Private Key to himself
Pat Doug Susan
Bobâ„¢s Public key is available to anyone who needs it, but he keeps his Private key to himself.Keys are used to encrypt information. Encrypting information means "scrambling it up", so that only a person with the appropriate key can make it readable again.Either one of Bob's two keys can encrypt data, and the other key can decrypt that data.
Susan (shown below) can encrypt a message using Bobâ„¢s Public key. Bob uses his Private key to decrypt the message. Any of Bob's coworkers might have access to the message Susan encrypted, but without Bob's Private Key, the data is worthless.

Susan
"Hey Bob, how about lunch at Taco Bell. I hear they have free refills!"
HNFmsEm6Un BejhhyCGKOK JUxhiygSBCEiC 0QYIh/Hn3xgiK BcyLK1UcYiY lxx2lCFHDC/A

Bob
HNFmsEm6Un BejhhyCGKOK JUxhiygSBCEiC 0QYIh/Hn3xgiK BcyLK1UcYiY lxx2lCFHDC/A
"Hey Bob, how about lunch at Taco Bell. I hear they have free refills!"
With his private key and the right software,Bob can put digital signatures ondocuments and other data. A digital signature is a stamp Bob places on the data which is unique to Bob, and is very difficult to forge. In addition, the signature assures that any changes made to the data that has been signed can not go undetected.




To sign a document, Bob's software will crunch down the data into just a few lines by a process called "hashing". These few lines are called a message digest. (It is not possible to change a message digest back into the original data from which it was created.)



Bob's software then encrypts the message digest with his private key. The result is the digital signature.


Finally, Bob's software appends the digital signature to document. All of the data that was hashed has been signed.














Bob now passes the document on to Pat.


First, Patâ„¢s software decrypts the signature (using Bobâ„¢s public key) changing it back into a message digest. If this worked, then it proves that Bob signed the document, because only Bob has his private key. Patâ„¢s software then hashes the document data into a message digest. If the message digest is the same as the message digest created when the signature was decrypted, then Pat knows that the signed data has not been changed.
Plot complication...

Doug (our disgruntled employee) wishes to deceive Pat. Doug makes sure that Pat receives a signed message and a public key that appears to belong to Bob. Unbeknownst to Pat, Doug deceitfully sent a key pair he created using Bobâ„¢s name. Short of receiving Bobâ„¢s public key from him in person, how can Pat be sure that Bobâ„¢s public key is authentic
It just so happens that Susan works at the companyâ„¢s certificate authority center. Susan can create a digital certificate for Bob simply by signing Bobâ„¢s public key as well as some information about Bob.

Bob Info:
Name
Department
Cubical Number
Certificate Info:
Expiration Date
Serial Number
Bobâ„¢s Public Key:





Now Bobâ„¢s co-workers can check Bobâ„¢s trusted certificate to make sure that his public key truly belongs to him. In fact, no one at Bobâ„¢s company accepts a signature for which there does not exist a certificate generated by Susan. This gives Susan the power to revoke signatures if private keys are compromised, or no longer needed. There are even more widely accepted certificate authorities that certify Susan.
Letâ„¢s say that Bob sends a signed document to Pat. To verify the signature on the document, Patâ„¢s software first uses Susanâ„¢s (the certificate authorityâ„¢s) public key to check the signature on Bobâ„¢s certificate. Successful de-encryption of the certificate proves that Susan created it. After the certificate is de-encrypted, Patâ„¢s software can check if Bob is in good standing with the certificate authority and that all of the certificate information concerning Bobâ„¢s identity has not been altered.
Patâ„¢s software then takes Bobâ„¢s public key from the certificate and uses it to check Bobâ„¢s signature. If Bobâ„¢s public key de-encrypts the signature successfully, then Pat is assured that the signature was created using Bobâ„¢s private key, for Susan has certified the matching public key. And of course, if the signature is valid, then we know that Doug didnâ„¢t try to change the signed content.
Although these steps may sound complicated, they are all handled behind the scenes by Patâ„¢s user-friendly software. To verify a signature, Pat need only click on it.
CONCLUSION
Digital signatures are difficult to understand. Digital signatures will be championed by many players that the public distrusts, including national security agencies, law enforcement agencies, and consumer marketing companies. Digital signatures will inevitably be associated with cards. Digital signatures will inevitably be associated with biometric identifiers.
As a result, it appears that digital technology is rapidly becoming pervasive, the public not find this comforting. They will demand explicit privacy protections, far more substantial than the weak and patchy regime that is presently in place. The protections are also quite inadequate, though promising in some respects. Successful implementation of digital signatures will require far more attention to privacy issues by policy-makers and business interests.
REFERENCES
¢ Computer network by Andrew S. Tanenbaum
¢ Cryptography and Network security by William Stallings
¢ google.com
¢ yahoo.com
¢ amazon.com








CONTENTS
INTRODUCTION
¢ WHY DIGITAL SIGNATURE
¢ WHAT IS DIGITAL SIGNATURE
APPROACHES
¢ DIRECT DIGITAL SIGNATURE
¢ ARBITRATED DIGITAL SIGNATURE
THE DIGITAL SIGNATURE STANDARD
THE ALGORITHM
¢ DIGITAL SIGNATURE GENERATION
¢ DIGITAL SIGNATURE VERIFICATION
THE RISKS INVOLVED IN MESSAGE TRANSMISSION SECURITY
REQUIREMENT FOR MESSAGE TRANSMISSION SECURITY
PURPOSE OF DIGITAL SIGNATURE
CONCLUSION
REFERENCES

[attachment=4095]
INDEX
1.Acknowledgement
2.Abstract
3.Introduction
4.Overview
5.History
6.Benefits
7.Drawbacks
8.Additional Security Precautions
9.Current State of Use



INTRODUCTION


A digital signature or digital signature scheme is a type of asymmetric cryptography used to simulate the security properties of a handwritten signature on paper. Digital signature schemes consist of at least three algorithms: a key generation algorithm, a signature algorithm, and a verification algorithm. A signature provides authentication of a "message". Messages may be anything, from electronic mail to a contract, or even a message sent in a more complicated cryptographic protocol.
Digital signatures are often used to implement electronic signatures, a broader term that refers to any electronic data that carries the intent of a signature, but not all electronic signatures use digital signatures. In some countries, including the and in the electronic signatures have legal significance. However, laws concerning electronic signatures do not always make clear their applicability towards cryptographic digital signatures, leaving their legal importance somewhat unspecified.
A digital signature scheme typically consists of three algorithms:
A key generation algorithm that selects a private key uniformly at random from a set of possible private keys. The algorithm outputs the private key and a corresponding public key.
A signing algorithm which, given a message and a private key, produces a signature.



A signature verifying algorithm which given a message, public key and a signature, either accepts or rejects.
Two main properties are required. First, a signature generated from a fixed message and fixed private key should verify on that message and the corresponding public key. Secondly, it should be computationally infeasible to generate a valid signature for a party who does not possess the private key























OVERVIEW


Why use a digital signature?
The purpose of a digital signature is the same as your handwritten signature. Instead of using pen and paper, a digital signature uses digital keys (public-key cryptology). Like the pen and paper method, a digital signature attaches the identity of the signer to the document and records a binding commitment to the document. Unlike a handwritten signature, It is considered impossible to forge a digital signature the way a written signature might be.
The real value is in avoiding the paper and keeping your data electronic for a variety of reasons: save paper, send documents quickly via email, you can have multiple/exact copies and easier to manage the storage.
To use digital signature software requires some initial setup: you will need a signing certificate. If in your business you commonly sign documents or need to verify the authenticity of documents, then digital signatures can help you save time and paper-handling costs. The DigiStamp web site and software is designed to help you with the process and allow you to take advantage of the convenience and power of digital signatures.
What is needed to create a digital signature?
The digital signature software is provided at this web site for you to install and use. You will need to get your personal signing certificate. Creating your certificate involves creating a public-private digital key pair and a Certificate Authority. The


private key is something you keep only to yourself. You sign a document with your private key. Then, you give your public key to anyone who wants to verify your signature. The process of creating your public-private key pair is easy and quick; we will help you with process.
Public Keys. The public key certificate creates proof of the identity of the signer by using the services of a certificate authority. A certificate authority uses a variety of processes to associate the particular public key with an individual. You give your public key to anyone who wants to verify your signature. The combination of your public key and proof of identity result in a public key certificate - also called a signer's certificate.
Private Keys. The private key is something you keep only to yourself. You sign a document with your private key. The public and private keys are related mathematically. Knowing the public key allows a signature to be verified but does not allow new signatures to be created. If your private key is not kept private, then someone could maliciously create your signature on a document without your consent. It is critical to keep your private key secret.









HISTORY

In the famous paper "New Directions in Cryptography", Whitfield Diffie and Martin Hellman first described the notion of a digital signature scheme, although they only conjectured that such schemes existed. Soon afterwards, Ronald Rivest, Adi Shamir, and Len Adleman invented the RSA algorithm that could be used for primitive digital signatures. (Note that this just serves as a proof-of-concept, and "plain" RSA signatures are not secure.) The first widely marketed software package to offer digital signature was Lotus Notes 1.0, released in 1989, which used the RSA algorithm.
Basic RSA signatures are computed as follows. To generate RSA signature keys, one simply generates an RSA key pair containing a modulus N that is the product of two large primes, along with integers e and d such that e d = 1 mod φ(N), where φ is the Euler phi-function. The signer's public key consists of N and e, and the signer's secret key contains d.
To sign a message m, the signer computes σ=md mod N. To verify, the receiver checks that σe = m mod N.
As noted earlier, this basic scheme is not very secure. To prevent attacks, one can first apply a cryptographic hash function to the message m and then apply the RSA algorithm described above to the result. This approach can be proven secure in the so-called random oracle model.
Other digital signature schemes were soon developed after RSA, the earliest being



Lamport signatures, Merkle signatures (also known as "Merkle trees" or simply
"Hash trees"), and Rabin signatures. In 1984, Shafi Goldwasser , Silvio Micali, and Ronald Rivest became the first to rigorously define the security requirements of digital signature schemes. They described a hierarchy of attack models:
1.In a key-only attack, the attacker is only given the public verification key.
2.In a known message attack, the attacker is given valid signatures for a variety of messages known by the attacker but not chosen by the attacker.
3.In a chosen message attack, the attacker first learns signatures on arbitrary messages of the attacker's choice.
They also describe a hierarchy of attack results:
1.A total break results in the recovery of the signing key.
2.A universal forgery attack results in the ability to forge signatures for any message.
3.A selective forgery attack results in a signature on a message of the adversary's choice.
4.An existential forgery merely results in some valid message/signature pair not already known to the adversary.
They also present the GMR signature scheme, the first that can be proven to prevent even an existential forgeries against even a chosen message attack. Most early signature schemes were of a similar type: they involve the use of a trapdoor



permutation, such as the RSA function, or in the case of the Rabin signature scheme, computing square modulo composite n. A trapdoor permutation family is a family of permutations, specified by a parameter, that is easy to compute in the forward direction, but is difficult to compute in the reverse direction. However, for every parameter there is a "trapdoor" that enables easy computation of the reverse direction. Trapdoor permutations can be viewed as public-key encryption systems, where the parameter is the public key and the trapdoor is the secret key, and where encrypting corresponds to computing the forward direction of the permutation, while decrypting corresponds to the reverse direction. Trapdoor permutations can also be viewed as digital signature schemes, where computing the reverse direction with the secret key is thought of as signing, and computing the forward direction is done to verify signatures. Because of this correspondence, digital signatures are often described as based on public-key cryptosystems, where signing is equivalent to decryption and verification is equivalent to encryption, but this is not the only way digital signatures are computed.
Used directly, this type of signature scheme is vulnerable to a key-only existential forgery attack. To create a forgery, the attacker picks a random signature σ and uses the verification procedure to determine the message m corresponding to that signature. In practice, however, this type of signature is not used directly, but rather, the message to be signed is first hashed to produce a short digest that is then signed. This forgery attack, then, only produces the hash function output that corresponds to σ, but not a message that leads to that value, which does not lead to



an attack. In the random oracle model, this hash-and-decrypt form of signature is existentially unforgeable, even against a chosen-message attack.
There are several reasons to sign such a hash (or message digest) instead of the whole document.
For efficiency: The signature will be much shorter and thus save time since hashing is generally much faster than signing in practice.
For compatibility: Messages are typically bit strings, but some signature schemes operate on other domains (such as, in the case of RSA, numbers modulo a composite number N). A hash function can be used to convert an arbitrary input into the proper format.
For integrity: Without the hash function, the text "to be signed" may have to be split (separated) in blocks small enough for the signature scheme to act on them directly. However, the receiver of the signed blocks is not able to recognize if all the blocks are present and in the appropriate order.












BENEFITS OF DIGITAL SIGNATURE


Below are some common reasons for applying a digital signature to communications:


Authentication:

Although messages may often include information about the entity sending a message, that information may not be accurate. Digital signatures can be used to authenticate the source of messages. When ownership of a digital signature secret key is bound to a specific user, a valid signature shows that the message was sent by that user. The importance of high confidence in sender authenticity is especially obvious in a financial context. For example, suppose a bank's branch office sends instructions to the central office requesting a change in the balance of an account. If the central office is not convinced that such a message is truly sent from an authorized source, acting on such a request could be a grave mistake.

Integrity:


In many scenarios, the sender and receiver of a message may have a need for confidence that the message has not been altered during transmission. Although encryption hides the contents of a message, it may be possible to change an encrypted message without understanding it. (Some encryption algorithms, known as nonmalleable ones, prevent this, but others do not.) However, if a message is digitally signed, any change in the message will invalidate the signature.





Furthermore, there is no efficient way to modify a message and its signature to produce a new message with a valid signature, because this is still considered to be computationally infeasible by most cryptographic hash functions





























DRAWBACK OF DIGITAL SIGNATURE


Association of digital signatures and trusted time stamping:

Digital signature algorithms and protocols do not inherently provide certainty about the date and time at which the underlying document was signed. The signer might have included a time stamp with the signature, or the document itself might have a date mentioned on it. Regardless of the document's contents, a reader cannot be certain the signer did not, for example, backdate the date or time of the signature. Such misuse can be made impracticable by using trusted time stamping in addition to digital signatures.

Non-repudiation:

In a cryptographic context, the word repudiation refers to any act of disclaiming responsibility for a message. A message's recipient may insist the sender attach a signature in order to make later repudiation more difficult, since the recipient can show the signed message to a third party (e.g., a court) to reinforce a claim as to its signatories and integrity. However, loss of control over a user's private key will mean that all digital signatures using that key, and so ostensibly 'from' that user, are suspect. Nonetheless, a user cannot repudiate a signed message without repudiating their signature key. This is aggravated by the fact there is no trusted time stamp, so new documents (after the key compromise) cannot be separated from old ones, further complicating signature key invalidation. Certificate authorities usually maintain a public repository of public keys so the associated private key is certified and signatures cannot be repudiated. Expired certificates are




normally removed from the repository. It is a matter for the security policy and the responsibility of the authority to keep old certificates for a period of time if non-repudiation of data service is provided.
































ADDITIONAL SECURITY PRECAUTIONS


Putting the private key on a smart card:


All public key / private key cryptosystems depend entirely on keeping the private key secret. A private key can be stored on a user's computer, and protected by a local password, but this has two disadvantages:
the user can only sign documents on that particular computer
the security of the private key depends entirely on the security of the computer
A more secure alternative is to store the private key on a smart card. Many smart cards are designed to be tamper-resistant (although some designs have been broken, notably by Ross Anderson and his students). In a typical digital signature implementation, the hash calculated from the document is sent to the smart card, whose CPU encrypts the hash using the stored private key of the user, and then returns the encrypted hash. Typically, a user must activate his smart card by entering a personal identification number or PIN code (thus providing two-factor authentication). It can be arranged that the private key never leaves the smart card, although this is not always implemented. If the smart card is stolen, the thief will still need the PIN code to generate a digital signature. This reduces the security of the scheme to that of the PIN system, although it still requires an attacker to possess the card. A mitigating factor is that private keys, if generated and stored on smart cards, are usually regarded as difficult to copy, and are assumed to exist in






exactly one copy. Thus, the loss of the smart card may be detected by the owner and the corresponding certificate can be immediately revoked. Private keys that are
protected by software only may be easier to copy, and such compromises are far more difficult to detect.

Using smart card readers with a separate keyboard:

One of the main differences between a digital signature and a written signature is that the user does not "see" what he signs. The user application presents a hash code to be encrypted by the digital signing algorithm using the private key. An attacker who gains control of the user's PC can possibly replace the user application with a foreign substitute, in effect replacing the user's own communications with those of the attacker. This could allow a malicious application to trick a user into signing any document by displaying the user's original on-screen, but presenting the attacker's own documents to the signing application.
To protect against this scenario, an authentication system can be set up between the user's application (word processor, email client, etc.) and the signing application. The general idea is to provide some means for both the user app and signing app to verify each other's integrity. For example, the signing application may require all requests to come from digitally-signed binaries.




The current state of use ” legal and practical
Digital signature schemes all have several prior requirements without which no such signature can mean anything, whatever the cryptographic theory or legal provision.
First, quality algorithms. Some public-key algorithms are known to be insecure, practicable attacks against them having been discovered.
Second, quality implementations. An implementation of a good algorithm (or protocol) with mistake(s) will not work.
Third, the private key must remain actually secret; if it becomes known to any other party, that party can produce perfect digital signatures of anything whatsoever.
Fourth, distribution of public keys must be done in such a way that the public key claimed to belong to, say, Bob actually belongs to Bob, and vice versa. This is commonly done using a public key infrastructure and the public keyuser association is attested by the operator of the PKI (called a certificate authority). For 'open' PKIs in which anyone can request such an attestation (universally embodied in a cryptographically protected identity certificate), the possibility of mistaken attestation is non trivial. Commercial PKI operators have suffered several publicly known problems. Such mistakes could lead to falsely signed, and thus wrongly attributed, documents. 'closed' PKI systems are more expensive, but less easily subverted in this way.
Fifth, users (and their software) must carry out the signature protocol properly.


Only if all of these conditions are met will a digital signature actually be any evidence of who sent the message, and therefore of their assent to its contents. Legal enactment cannot change this reality of the existing engineering possibilities, though some such have not reflected this actuality.
Legislatures, being importuned by businesses expecting to profit from operating a PKI, or by the technological avant-garde advocating new solutions to old problems, have enacted statutes and/or regulations in many jurisdictions authorizing, endorsing, encouraging, or permitting digital signatures and providing for (or limiting) their legal effect. The first appears to have been in Utah in the United States, followed closely by the states Massachusetts and California. Other countries have also passed statutes or issued regulations in this area as well and the UN has had an active model law project for some time. These enactments (or proposed enactments) vary from place to place, have typically embodied expectations at variance (optimistically or pessimistically) with the state of the underlying cryptographic engineering, and have had the net effect of confusing potential users and specifiers, nearly all of whom are not cryptographically knowledgeable. Adoption of technical standards for digital signatures have lagged behind much of the legislation, delaying a more or less unified engineering position on interoperability, algorithm choice, key lengths, and so on what the engineering is attempting to provide.




Using separate key pairs for signing and encryption:
In several countries, a digital signature has a status somewhat like that of a traditional pen and paper signature. Generally, these provisions mean that what is digitally signed legally binds the signer of the document to the terms therein. For that reason, it is often thought best to use separate key pairs for encrypting and signing. Using the encryption key pair, a person can engage in an encrypted conversation (e.g., regarding a real estate transaction), but the encryption does not legally sign every message he sends. Only when both parties come to an agreement do they sign a contract with their signing keys, and only then are they legally bound by the terms of a specific document. After signing, the document can be sent over the encrypted link.

This article is presented by:Barry Leiba
IBM Research
Hawthorne, NY
Jim Fenton
Cisco
San Jose, CA

DomainKeys Identified Mail (DKIM):
Using Digital Signatures for Domain Verification

ABSTRACT
Email protocols were designed to be flexible and forgiving, designed in a day when Internet usage was a cooperative thing. A side effect of that is that they were not designed to provide protection against falsification of a message’s address of origin, referred to today as “spoofing”. DomainKeys Identified Mail (DKIM) defines a mechanism for using digital signatures on email at the domain level, allowing the receiving domain to confirm that mail came from the domain it claims to. In conjunction with the forthcoming DKIM sender signing practices specification, the receiving domain may also have more information for deciding how to treat mail without a valid signature. The use of DKIM signatures and signing practices gives sending domains one tool to help recipients identify legitimate messages from their domain, and a reliable identifier that can be used to combat spam and phishing.
INTRODUCTION
Early antispam filtering involved “blacklisting” the senders of spam – refusing to accept or deliver mail from email addresses known to send spam. Unfortunately, the Internet standards for email do not prevent the sender from lying about his identity, at the protocol level [8], in the mail “headers” [14], or both. This “spoofing”, as it’s called, not only allows spammers to get around email-address blacklists, but also to lend credibility to their messages by spoofing a reputable domain. Initially a way simply to convince recipients to open the messages, rather than to delete them, spoofing reputable domains has evolved into a con-game called “phishing”, resulting in estimated losses in 2004 of between one and two billion dollars [15],[9]. Clearly, something must be done to curtail spoofing; the ability to send messages while purporting to be another sender is in most cases undesirable. While curtailment will not stop phishing, and while spoofing cannot be stopped entirely without significant (and arguably undesirable) effects on Internet email as it is known today, making spoofing more difficult and providing domains with ways to protect their names and reputations are important steps against spam and phishing. There have been two broad mechanisms proposed for domain validation – verifying that mail did or did not come from the domain it claims to have come from. One uses IP address; the other uses digital signatures. In the former category are SPF (Sender Policy Framework [16]), and Sender ID [11], related techniques that differ in some details. CSV (Certified Sender Validation [4]) also falls into this category. In the second category are techniques that have the sender, or the sending domain, place a digital signature on the message. The signature can be verified later, by the recipient or by the receiving domain, and the verified signature can be used as evidence that the mail originated from where it says it does. The two categories each have advantages, and are not in competition. It is important to note, in this discussion, that the use of many techniques, together, is the most effective way to combat spam and related maladies (phishing, viruses and worms, and other malware distributed through email) [10]. Discussion of the advantages and disadvantages of the two categories is outside the scope of this paper, which will focus on the design and deployment of one particular specification: DomainKeys Identified Mail. The remainder of this paper will give an overview of DKIM, will discuss details of the mechanisms used and some of the choices made, and will show some practical deployment experience. 2 AN OVERVIEW OF DKIM
The concept behind DKIM is simple: If you receive a message from me bearing a valid digital signature, then you can be sure that it actually came from me. There are signature techniques already standardized for applying signatures to email, such as S/MIME [13] and OpenPGP [3], although the meaning of these signatures is subtly different from that of a DKIM signature.
For more information about this article,please follow the link:
http://citeseerx.ist.psu.edu/viewdoc/dow...1&type=pdf

[attachment=13652]
Document Digital SignatureAbstract/scope
Provide signature mechanism
Provide verification/validation
mechanism
Provide signature attributes
Allows direct access to document
Steps…
Key Generation
Random Numbers
Digital Signature
Generate Message Digest [SHA1]
Encrypting Digest using Private Key [Signatures]
Attaching the Signatures to the message.
Verification of Signatures
Run the test for Authentication, Integrity and Non repudiation.
Digital Signature Certificate
Public Key Certificate (PKC)
Some Trusted Agency is required which certifies the association of an individual with the key pair.
Certifying Authority (CA)
This association is done by issuing a certificate to the user by the CA
Public key certificate (PKC)
All public key certificates are digitally signed by the CA
Certifying Authority
Must be widely known and trusted

please send to me any new topic about digital signature report

to get information about the topic"digital signature full report" refer the page link bellow

http://studentbank.in/report-digital-sig...7#pid59857

to get information about the topic digital signature full report ,ppt and related topic refer the page link bellow

http://studentbank.in/report-digital-sig...t-download

http://studentbank.in/report-digital-sig...ull-report

http://studentbank.in/report-digital-sig...ars-report

http://studentbank.in/report-a-new-forwa...ure-scheme

http://studentbank.in/report-digital-sig...oad?page=2

http://studentbank.in/report-cryptograph...-signature

http://studentbank.in/report-public-key-...-signature

to get information about the topic digital signature full report ,ppt and related topic refer the page link bellow

http://studentbank.in/report-digital-sig...t-download

http://studentbank.in/report-digital-sig...ull-report

http://studentbank.in/report-digital-sig...ars-report

http://studentbank.in/report-a-new-forwa...ure-scheme

http://studentbank.in/report-digital-sig...oad?page=2

http://studentbank.in/report-cryptograph...-signature

http://studentbank.in/report-public-key-...-signature