Presentation is loading. Please wait.

Presentation is loading. Please wait.

Digital Signature Cryptography

Published byJessica Gwendolyn Shepherd Modified over 5 years ago

Similar presentations

Presentation on theme: "Digital Signature Cryptography"— Presentation transcript:

1 Digital Signature Cryptography

2 Digital signature ‘Digital signature’ means authentication of any electronic record by means of an electronic method or procedure in accordance with the provisions of Section 3 Electronic record means data, record or data generated, image or sound, received or sent in an electronic form or microfilm or computer generated fiche Digital Signature Certificate to be issued by Certifying Authority Asymmetric Crypto System and hash functions details - as prescribed

3 Digital Signature Basically a digital signature is a two way process, involving two parties: The signer (creator of the digital signature) and The recipient (verifier of the digital signature). A digital signature is complete, if and only if, the recipient successfully verifies it.

4 Need for Digital Signature
It has been realized that Internet being a public network would never be secure enough and there would always be a fear of interception, transmission errors, delays, deletion, authenticity or verification of an electronic message using Internet as a medium. Hence the goal was to protect the message, not the medium.

5 The art and science of keeping messages secure is cryptography
Plain Text Plain Text Encryption Decryption Cipher Text

6 Symmetric Cryptography
Asymmetric Cryptography

7 Symmetric Cryptography
When a single secret key is used to maintain communication between the sender and the receiver, it is referred to as a symmetric cryptography or private-key cryptographic system.   Here, both encryption and decryption use the same key.

8 Symmetric Cryptography
K1 = K2 Encryption Key(K1) Decryption Key(K2) Plain Text Decryption Plain Text Encryption Cipher Text

9 Asymmetric Cryptography
For both the processes of encryption and decryption two different keys are used. It is referred to as a asymmetric cryptography or public-key cryptographic system.

10 Asymmetric Cryptography
K1 = K2 Encryption Key(K1) Decryption Key(K2) Encryption Decryption Plain Text Plain Text Cipher Text

11 [Keys of a pair – Public and Private]
ENCRYPTION DECRYPTION Message 1 Central to the growth of e-commerce and e-governance is the issue of trust in electronic environment. Encrypted Message 1 9a be49f0b9cab28d755aaa9cd98571b275bbb0adb405e6931e856ca3e5e569edd Encrypted Message 1 9a be49f0b9cab28d755aaa9cd98571b275bbb0adb405e6931e856ca3e5e569edd Message 1 Central to the growth of e-commerce and e-governance is the issue of trust in electronic environment. Same Key SYMMETRIC Message 2 The Internet knows no geographical boundaries. It has redefined time and space. Advances in computer and telecommunication technologies have led to the explosive growth of the Internet. This in turn is affecting the methods of communication, work, study, education, interaction, leisure, health, governance, trade and commerce. Encrypted Message 2 a520eecb61a770f947ca856cd675463f1c95a9a2b8d4e6a71f80830c87f5715f5f dd7e97da0707b48a1138d77ced56feba2b467c398683c7dbeb86b854f120606a7ae1ed934f adab0d7be66dccde1a763c736cb9001d0731d541106f50bb7e54240c40ba780b7a553bea570b99c9ab3df13d75f8ccfdddeaaf3a749fd1411 Encrypted Message 2 a520eecb61a770f947ca856cd675463f1c95a9a2b8d4e6a71f80830c87f5715f5f dd7e97da0707b48a1138d77ced56feba2b467c398683c7dbeb86b854f120606a7ae1ed934f adab0d7be66dccde1a763c736cb9001d0731d541106f50bb7e54240c40ba780b7a553bea570b99c9ab3df13d75f8ccfdddeaaf3a749fd1411 Message 2 The Internet knows no geographical boundaries. It has redefined time and space. Advances in computer and telecommunication technologies have led to the explosive growth of the Internet. This in turn is affecting the methods of communication, work, study, education, interaction, leisure, health, governance, trade and commerce. Different Keys [Keys of a pair – Public and Private] ASYMMETRIC [PKI]

12

13 Hash Function [compression function, contraction function, message digest, finger print, cryptographic checksum, message integrity check, and manipulation detection code ] A Hash Function is a mathematical algorithm that takes a variable length input string and convert it to a fixed length output string [ called hash value]

14 Hash Function Message (Any Length) HASH Hash is a fixed length string 128 bit MD5 160 bit SHA-1

15 Digital Signature

16 Basically a digital signature is a two way process, involving two parties:
The signer (creator of the digital signature) and The recipient (verifier of the digital signature). A digital signature is complete, if and only if, the recipient successfully verifies it.

17 Concept of Digital Signatures
Scanned but not Digital Signatures Digital Signatures bab3dbfba30eedc0c52dacfc144df4d9c

18 Signed Messages OK Sent thru’ Internet Sender Receiver Message if
Calculated Hash Message Sent thru’ Internet Signed Message Message + signature Message + Signature if OK Signatures verified COMPARE Hash Hash SIGN hash With Sender’s Private key Decrypt Signature With Sender’s Public Key Sender Receiver

19 Signed Messages OK Sent thru’ Internet Sender Receiver Message if
Calculated Hash Message Signed Message Sent thru’ Internet Message + signature Message + Signature if OK Signatures verified COMPARE Hash Hash SIGN hash With Sender’s Private key Decrypt Signature With Sender’s Public Key Sender Receiver

20 A dot is added at the end of the message
Hash Value, Digital Signatures Signature Algorithm SHA1RSA Message 1 This is a sample message for demonstration on digital signatures. This will be used to generate a message digest using sha1 and generating 160 bit digest Hash Value 1 7a08f27d5282b673fbb97cd028a c052c8 Digital Signature 1 bab3dbfba30eedc0c52dacfc144df4d9c A dot is added at the end of the message Signer’s Private Key Message 2 This is a sample message for demonstration on digital signatures. This will be used to generate a message digest using sha1 and generating 160 bit digest. Hash Value 2 b3cafe1ea21f290ad8be71b510297d038b68a7f9 Digital Signature 2 5335ba87f67cfc65d7ea2d7dced44ea3dc16282c Signer’s Private Key Adding a space between bit and digest Message 3 This is a sample message for demonstration on digital signatures. This will be used to generate a message digest using sha1 and generating 160 bit digest. Hash Value 3 cd7db886d5e0e63d48c6c4358c86aa3d6e2afe86 Digital Signature 3 a9af4dd59ceb285eda5cfc3e9b72aaf8 Signer’s Private Key

21 Paper signatures v/s Digital Signatures
Parameter Paper Digital Authenticity May be forged Can not be copied Integrity Signature independent of the document Signature depends on the contents of the document Non-repudiation Handwriting expert needed Error prone Any computer user Error free V/s

22 Paper signatures v/s Digital Signatures
Parameter Paper Digital Purpose To authenticate the message as originating from purported signer Evidence distinctive, attributable to the signer only Signer Identification Notary /witnesses Trusted Third Party (CA) V/s

23 Digital signatures are based on asymmetric, or public key, cryptography and are capable of fulfilling the demand of burgeoning e-commerce by not only providing message authentication, integrity and non-repudiation function but also making it highly scalable.

24 The basic problem with the aforesaid digital signature regime is that it operates in online, software driven space, without human intervention. Sender sends a digitally signed message; recipient receives and verifies it. The only requirement is that both sender and the recipient to have digital signature software at their respective ends.

25 Law & E-Governance

26 Primary Legal Issues Surrounding E-Governance
Adopting a functional equivalent approach  Facilitating efficient Government-Citizen interface. The focus is to give due legal recognition to digital signatures and electronic records.

27 Legal Recognition of Electronic Records and Digital Signatures
Legal recognition to electronic records and digital signatures.[Section 4& 5].  Use of electronic records and digital signatures in government and its agencies for filing, issue, grant, receipt or payment of money [Section 6]. Electronic records or information, whenever retained, as required by law must be retained in the format in which it was originally generated, sent or received[Section 7].

28 Publication of Electronic Gazette
The IT Act provides that the rule, regulation, order, bye-law, notification or any other matter could now also be published in the Electronic Gazette apart from the Official Gazette [Section 8].

29 Limited Electronic Governance Rights
It does not confer a right upon any person to insist that any Ministry or Department of the Central or State government (or any authority or body) to accept, issue, create, retain or preserve any document in the form of electronic records or to participate in any monetary transaction in the electronic form[Section 9].

30 Issue of Privacy

31 “Privacy is where technology and the law collide.”
- Richard Smith (who traced the ‘I Love You’ and ‘Melissa viruses’)

32 Internet is not a private network. It is a shared-information network
Internet is not a private network. It is a shared-information network. As and when you log onto the Internet and navigate on the World Wide Web, your digital profile is being created. The same technology that makes it easy for you to find what you want when you want on the Internet also makes it easy for others to learn about you.

33 Though the Constitution of India has not guaranteed the right to privacy as a fundamental right to the citizens but nevertheless, the Supreme Court has come to the rescue of common citizen, time and again by construing “right to privacy” as a part of the right to “ protection of life and personal liberty”.

34 Privacy:Three Legal Principles

35 That the individual’s right to privacy exist and any unlawful invasion of privacy would make the ‘offender’ liable for the consequences in accordance with law; That there is constitutional recognition given to the right of privacy which protects personal privacy against unlawful governmental invasion; That the person’s “right to be let alone” is not an absolute right and may be lawfully restricted for the prevention of crime, disorder or protection of health or morals or protection of rights and freedom of others;

36 Freedom of Expression

37 Freedom of Expression The Indian Constitution lays down under Article 19 certain fundamental rights to every citizen. The Art. 19 uses the expression ‘freedom’ and mentions the several forms and aspects of it, which are secured to individuals, together with the limitations that could be, placed upon them in the general interest of the society.

38 Art.19(1)(a) provides “that all the citizens shall have the right to freedom of speech and expression”. But it should be read with sub-Art. (2), which imposes reasonable restrictions imposed by the State relating to defamation; contempt of court; decency or morality; security of the State; friendly relations with foreign states; incitement to an offence; public order; and maintenance of the sovereignty and integrity of India.

39 Thus fundamental right to freedom of speech and expression extends to the Internet medium as well.
Every citizen has a freedom to acquire or share kowledge (or information) using Internet and related resources, subject only to reasonable restrictions.

40 Role of CERT-IN Computer Emergency Response Team – India, the single authority for issue of instructions in the context of blocking of websites. CERT-IN has to instruct the DoT to block the website after, Verifying the authenticity of the complaint; Satisfying that action of blocking of website is absolutely essential.

41 CERT-IN [Gazette Notification (Extraordinary) No. G. S. R
CERT-IN [Gazette Notification (Extraordinary) No. G.S.R. 181 (E), dated 27th February, 2003]is based on the premise that such blocking can be challanged if it amounts to restriction of freedom of speech and expression.

42 However, the websites promoting hate content, slander, or defamation of others, promoting gambling, promoting racism, violence and terrorism and other such material, in addition to promoting pornography, including child pornography, and violent sex can reasonably be blocked since all such websites may not claim constitutional right of free speech. Blocking of such websites may be equated to  “balanced flow of information” and not censorship.

43 The following officers can submit the complaint to the Director, CERT-IN:
Secretary, National Security Council Secretariat Secretary, Ministry of Home Affairs Foreign Secretary or a representative not below the rank of Joint Secretary Secretaries, Dept. of Home Affairs of each of the States and of the Union Territories CBI, IB, DG of Police of all the States Secretaries or Heads of all (IT Departments) of all the States and Union Territories not below the rank of Joint Secretary of Central Government Chairman of NHRC, Minorities Commission or SC or ST Commission or National Women Commission The directive of the court

44 “The law is the last interpretation of the law given by the last judge
“The law is the last interpretation of the law given by the last judge.” - Anon.

Download ppt "Digital Signature Cryptography"

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Confidentiality and Privacy Controls

Confidentiality and Privacy Controls
I NFORMATION T ECHNOLOGY A CT 2000. B ACKGROUND 1. Drew inspiration from Model Law on Electronic Commerce adopted by the United Nations Commission of.

I NFORMATION T ECHNOLOGY A CT B ACKGROUND 1. Drew inspiration from Model Law on Electronic Commerce adopted by the United Nations Commission of.
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.

Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC513-01 Instructor:Professor Anvari Student ID:106845 Name:Xin Wen Date:11/25/00.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.

E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.
Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.

Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.
Cyber Law & Islamic Ethics

Cyber Law & Islamic Ethics
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.

1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.

1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.

Similar presentations

Ads by Google