Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risks of data manipulation and theft Gateway Average route travelled by an email sent via the Internet from A to B Washington DC A's provider Paris A.

Published byCaitlin Osborne Modified over 8 years ago

Similar presentations

Presentation on theme: "Risks of data manipulation and theft Gateway Average route travelled by an email sent via the Internet from A to B Washington DC A's provider Paris A."— Presentation transcript:

1

2 Risks of data manipulation and theft Gateway Average route travelled by an email sent via the Internet from A to B Washington DC A's provider Paris A B B's provider Berlin New York Sydney Potential risks Reading Modifying Copying Intercepting Cape Town Rome Helsinki Electronic Signatures 1

3 Areas of application for electronic signatures Communicating with judicial bodies eg lawyers writing, signing, encrypting (safeguarding clients' secrets) and emailing electronic claims and actions to the competent courts Communicating with public authorities eg individuals completing, signing, encrypting and emailing electronic tax returns eg building contractors signing, encrypting and emailing electronic bids in response to invitations to tender Communicating in the private sector eg customers communicating with companies, for instance for banking purposes eg strangers communicating via the Internet eg signing emails Anywhere where legally binding declarations of will require a signature and where – trustworthy communications, – reliable identification, and – integrity of electronic data are a key factor, legally compliant electronic signatures can legally compliant electronic signatures be used. Electronic Signatures 2

4 Smart card Smart card reader (Internal/external) PC and smart card reader Smart card with signature key Communication link Appropriate software 3 Which components does a user need?

5 An electronic signature is the electronic equivalent of a handwritten signature; in other words, it can be used to cannot Electronic signatures cannot ensure the confidentiality of electronic documents. reliably verify that an electronic document has not been modified, reliably identify the person who has signed an electronic document, and verify both the INTEGRITY of an electronic document and the IDENTITY of the person who has signed it on a long term basis. INTEGRITY IDENTITY VERIFIABILITY Electronic Signatures 4 What does an electronic signature do?

6 Electronic Signatures IDENTITY  INTEGRITYVERIFIABILITY The INTEGRITY of a document is ensured in two stages: 1.A digital fingerprint, called a "HASH VALUE", is calculated from the electronic data in the document. The key characteristics of HASH VALUES are that a.each hash value calculated from the same document will always be the same, however many times it is recalculated, and b.each different document will invariably have a different hash value. 2.The HASH VALUE is attached to the document from which it was calculated. 5

7 Electronic Signatures IDENTITY  INTEGRITYVERIFIABILITY 6 1.The original HASH VALUE is separated from the document. 2.A new HASH VALUE, called the "reference HASH VALUE", is calculated from the electronic data in the document.  Verification How to verify whether or not a document has been modified: If the original HASH VALUE and the reference HASH VALUE are the same, then the document has not been modified. If the document has been manipulated, then the original HASH VALUE and the reference HASH VALUE will not be the same. INTEGRITY = OKINTEGRITY = violated

8 Electronic Signatures IDENTITYINTEGRITYVERIFIABILITY  Electronic signature A HASH VALUE is not personalised; in other words, the same documents will always have the same HASH VALUE, even if they have been produced by different people. Personalising a HASH VALUE, or "electronically signing" a document, means mathematically calculating a new value from the HASH VALUE using a secret (private) key; the secret key is unique to one person, which means that the personalised HASH VALUE is also unique to that one person. The secret key is called the "SIGNATURE KEY". A HASH VALUE personalised using a SIGNATURE KEY is also called an ELECTRONIC SIGNATURE. 7

9 Electronic Signatures INTEGRITYVERIFIABILITY  Certificate 8 An ELECTRONIC SIGNATURE is uniquely bound to one natural person by a "CERTIFICATE", the digital equivalent of an identity card: The CERTIFICATE contains details of the identity of the holder of the SIGNATURE KEY, details of the period of validity of the certificate, and a reference to the service provider issuing the certificate. Surname, forename Pseudonym (optional) Valid from: Valid until: Issued by: Certification service provider xy CERTIFICATE IDENTITY

10 Electronic Signatures INTEGRITYVERIFIABILITY  Signature verification key 9 A CERTIFICATE also contains details of the SIGNATURE KEY bound to the person named in the CERTIFICATE. This is done using a public SIGNATURE VERIFICATION KEY belonging to the SIGNATURE KEY. The issuing service provider electronically signs the CERTIFICATE to protect it against manipulation. Surname, forename Pseudonym (optional) Valid from: Valid until: CERTIFICATE SIGNATURE VERIFICATION KEY IDENTITY Issued by: Certification service provider xy

11 Electronic Signatures INTEGRITYVERIFIABILITY  Root certification authority 10 IDENTITY A body issuing a CERTIFICATE is called a "CERTIFICATION SERVICE PROVIDER". In electronic commerce CERTIFICATES are the (official) documents confirming the identity of a SIGNATURE KEY holder. This means that the CERTIFICATION SERVICE PROVIDERS have particular importance and responsibility in electronic commerce. The trustworthiness of a CERTIFICATION SERVICE PROVIDER is attested in a CERTIFICATE. The CERTIFICATES for CERTIFICATION SERVICE PROVIDERS are issued by RegTP, the "ROOT CERTIFICATION AUTHORITY".

12 Electronic Signatures 11 INTEGRITYVERIFIABILITY  Verification IDENTITY How to verify an electronically signed document: DOCUMENT CERTIFICATE Signer ISSUER Certification service provider xy The SIGNATURE VERIFICATION KEY in the CERTIFICATE of the signer is used to verify the INTEGRITY of the document. SIGNATURE VERIFICATION KEY INTEGRITY

13 Electronic Signatures 12 INTEGRITYVERIFIABILITY  Verification IDENTITY How to verify an electronically signed document: DOCUMENT SIGNATURE VERIFICATION KEY INTEGRITY CERTIFICATE Certification service provider xy ISSUER RegTP INTEGRITY The SIGNATURE VERIFICATION KEY of the CERTIFICATION SERVICE PROVIDER in the CERTIFICATE of the issuer is used to verify the INTEGRITY of the CERTIFICATE. CERTIFICATE Signer ISSUER Certification service provider xy

14 Electronic Signatures 13 INTEGRITYVERIFIABILITY  Verification IDENTITY How to verify an electronically signed document: DOCUMENT SIGNATURE VERIFICATION KEY INTEGRITY CERTIFICATE Certification service provider xy ISSUER RegTP INTEGRITY CERTIFICATE Signer ISSUER Certification service provider xy IDENTITY As the CERTIFICATE binds the SIGNATURE VERIFICATION KEY to the signer, confirming the INTEGRITY of the CERTIFICATE also confirms the IDENTITY of the signer.

15 Electronic Signatures 14 INTEGRITYVERIFIABILITY  Verification IDENTITY The trustworthiness of CERTIFICATES is similarly verified: SIGNATURE VERIFICATION KEY INTEGRITY CERTIFICATE RegTP ISSUER RegTP INTEGRITY CERTIFICATE Certification service provider xy ISSUER RegTP IDENTITY CERTIFICATE Signer ISSUER Certification service provider xy The IDENTITY of the CERTIFICATION SERVICE PROVIDER is verified using RegTP's CERTIFICATE.

16 Electronic Signatures INTEGRITY CERTIFICATE RegTP ISSUER RegTP INTEGRITY CERTIFICATE Certification service provider xy ISSUER RegTP IDENTITY CERTIFICATE Signer ISSUER Certification service provider xy INTEGRITY IDENTITY RegTP's CERTIFICATE, called the "ROOT CERTIFICATE", can be verified directly. 15 INTEGRITYVERIFIABILITY  Verification IDENTITY The trustworthiness of CERTIFICATES is similarly verified:

17 Electronic Signatures CERTIFICATE RegTP ISSUER RegTP INTEGRITY IDENTITY 16 INTEGRITYVERIFIABILITY  Valid document IDENTITY A document has a valid signature where the INTEGRITY of the DOCUMENT CERTIFICATE Signer ISSUER Certification service provider xy INTEGRITY IDENTITY INTEGRITY IDENTITY CERTIFICATE Certification service provider xy ISSUER RegTP has been verified. These checks are made automatically.

18 Electronic Signatures 17 INTEGRITYVERIFIABILITY  Trust centre directory service IDENTITY A list is kept of all the CERTIFICATES needed to verify an electronically signed document. A list, called a "CERTIFICATE REVOCATION LIST", is also kept of all the CERTIFICATES that have been revoked. A CERTIFICATE can be revoked if, for instance, the SIGNATURE KEY of the holder identified in the CERTIFICATE has been stolen. As soon as a CERTIFICATE has been revoked, it cannot be used to create a valid electronic signature. The DIRECTORY SERVICE and the technical components used by a CERTIFICATION SERVICE PROVIDER to produce certificates are located in a particularly secure environment, called a "TRUST CENTRE". The list of CERTIFICATES and the CERTIFICATE REVOCATION LIST together form the DIRECTORY SERVICE. The DIRECTORY SERVICE is available to anyone at any time (24 hours a day) for information for validity checks.

19 Electronic Signatures 18 INTEGRITYVERIFIABILITY  Infrastructure IDENTITY All the elements contributing to the VERIFIABILITY of ELECTRONIC SIGNATURES are termed "CERTIFICATION INFRASTRUCTURE" and include: National ROOT CERTIFICATION AUTHORITY – State – CERTIFICATION SERVICE PROVIDERS – Private – USERS – Institutions, companies, private individuals – issues certificates for issue certificates for ROOT CA Germany CA 1CA n... ROOT Country XY

20 Electronic Signatures 19 INTEGRITYVERIFIABILITY  Long term signatures IDENTITY In order to create the equivalent of handwritten signatures, electronically signed documents must remain VERIFIABLE over long periods of time (decades): This means that the DIRECTORY SERVICE of each CERTIFICATION SERVICE PROVIDER must operate reliably over a period of years and must be interoperable with other DIRECTORY SERVICES in the same INFRASTRUCTURE. In addition, all the procedures and technical components used must have been comprehensively verified in order to guarantee a high level of security for electronically signed documents on a long term basis. The new Electronic Signatures Act takes full account of these special circumstances by creating a framework that ensures the security of electronic signatures. RegTP's TRUST CENTRE was the first to meet the stringent security requirements of the Act. It forms the core of Germany's CERTIFICATION INFRASTRUCTURE for electronic signatures.

Download ppt "Risks of data manipulation and theft Gateway Average route travelled by an email sent via the Internet from A to B Washington DC A's provider Paris A."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Digital Signatures in State of Tennessee Pam Roberts Finance & Administration Office for Information Resources Planning, Research & Development.

Digital Signatures in State of Tennessee Pam Roberts Finance & Administration Office for Information Resources Planning, Research & Development.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,

 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC513-01 Instructor:Professor Anvari Student ID:106845 Name:Xin Wen Date:11/25/00.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Encryption and the Law: The need for a legal regulatory framework for PKI Yee Fen Lim Department of Law Macquarie University.

Encryption and the Law: The need for a legal regulatory framework for PKI Yee Fen Lim Department of Law Macquarie University.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.

E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
1 Digital Signatures CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 12, 2004.

1 Digital Signatures CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 12, 2004.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

Similar presentations

Ads by Google