Digital Signature Algorithms and Application of a Scheme of Digital Signature in Electronic Government - Literature review Example

Name Task Tutor Date Digital signatures Abstract With the rapid growth of mobile and wireless technologies, people have started using the current computer technology in e-commerce, mobile fund transfer, games online, and theatre booking. As a result of this multiple uses that require high security, digital signatures are used to provide the privacy of the users since these signatures can prove the source of the document and confirm its integrity. Digital signatures are hard to be attacked by the intruders who tried to distort the messages hence making it popular. This has lead the electronics researchers to come up with different ways of coming up with digital signatures that cannot be attacked by the intruders. Introduction As a result of huge information between different enterprises where there is no confident trust between the sender and the receiver, an authentication is needed. The best solution to this problem is the use of digital signatures because they are analogous to the signature that is written with the hand. However, some factors should be considered; first is the flexible and complicate flow of information in electronic enterprises; second is the security of the digital signature algorithm; and third is the problem of the speed in signing and verification in digital signatures (Yun-kyung Lee et al 245). These signatures are created by taking the hash of the message and encrypt it with the creators’ private key. This will authenticate the validity of the users and ensures the integrity of the message, and non repudiation services. These signatures are made up of ones and zeroes and are generated by use of digital signature algorithm. In practical application, the security of the messages is normally influenced by the operation speed of the machines and the transmitting speed is normally a big problem particularly in an environment where there is a lot of network communication. The use of smart cards is one of the important measures in solving the problem of sophisticated attacks and they are easy to use, carry and comparatively it is hard to temper with. The only problem of using it is that it does not have the user interface. Hence, the person using it still needs a computer to make the card produce digital signatures. If the computer being used is malicious, it can misinform the person using it and obtain the signature from the wrong document. As a result of the internet being widely used, it has become a big issue that a high demand of private information at web servers and the invasion of private information by the attackers are looked into. This is as a result of the many users paying special attention to the problem that come as a result of the many facts that many of the operations and transactions that they transact through the internet could be easily collected and recorded. Hence, the anonymity has become attractive feature to be added in many transactions. The development of anonymous authentication technology has provided a solution to this problem. This technology can protect the personal information and guarantees the convenience that we get from the internet as we use it. This is an authentication method that is based on a digital signature scheme that offers anonymity like blind signature, ring signature, group signature, and traceable signature According to the Na Zhu and GuoXi Xiao in the article Application of a Scheme of Digital Signature in Electronic Government. They discussed about three types of digital signatures namely Rivest-Shamir-Adleman (RSA), Digital Signature Algorithm (DSA), and ECDSA (Elliptic Curve Digital Algorithm) every type has different key size that has the capability of being increased to obtain higher security at the expense of slower cryptographic operations. The RSA public key cryptosystem is made up of exponentiation modulo, a number n which is a product of two huge prime numbers. Encryption of plaintext is done in blocks, where every block has a binary value that is less than n. Decryption and encryption are in the form for plain text block M and cipher text block C is given as C = M e mod n. Both the sender and receiver should know the value of n. But the receiver only should know the value of d while the sender only should know the value of e. The size of RSA is 1024 bits. DSA cryptosystem is based on the complexity of computing discrete logarithms and the schemes that was originally presented by Schnorr and ELGamal. It is particularly a public key technique based on exponentiation modulo which is a big prime number p. In this scheme, the size is the length of the prime p which is 1024 bits. The best attack with the DSA is the general number field sieve and another security parameter is the size of exponents used for exponentiation (Na Zhu and GuoXi Xiao 65). ECDSA is based on elliptic curves where the variables and coefficients are restricted to the elements of finite field. This elliptic curves are defined either over modulo integer with a prime number (GF(p)) or binary polynomials (GF(2m)). The key size is the size of the of the prime number or binary polynomials bits. The key size normally ranges from 160 to 200 bits. The parameter of the security in ECDSA is the size of the multipliers that are limited to the order of the generator used and a little less than the key size (Na Zhu and GuoXi Xiao 34). A digital signature should contain all the features of a conventional signature plus more other features because they are used in sensitive matters such as e-mail and credit card transactions carried out over the internet. Digital signatures should have the following properties: it must be a bit pattern depending on the message that is being signed; it should be created with some unique information by the sender to prevent forgery and denial; it should be comparatively easy to be produced; it should be quite simple to identify and verify its authenticity; and it should be computed in a manner that is not feasible to be forged. In the article Digital Signature Algorithm Based on Hash Round Function and Self-certified Public Key System, the authors Chen Hai-peng, Shen Xuan-jing and Wei Wei discussed that digital signatures are computed depending on the information to be signed and should be done on the information that the sender has. In practice, a hash function is applied to the information to get the information digest instead of applying the whole information. A hash function takes arbitrary-sized information as input and gives out fixed size information digested as output. The commonly used hash functions are message digest 5 (MD 5) and secure hash algorithm (SHA). There are two techniques used in digital signature computation, this are symmetric and public key cryptosystem. In symmetric key system, a secretively key which is only known by the sender and receiver is used. Hence, there should be a unique key amid any two users. As a result of many pairs of users it becomes hard to generate and keep tract of the keys. A public key cryptosystem uses a number of keys; this are a private key only known by the owner and a public key known by all people who wants to communicate with the person who owns it. For the message being send to the owner to be confidential, it should be encrypted first with the owners public key, once encrypted the only person who can decrypt it is the owner of the public key. Senders Private Key Fig,1. Creating a digital signature The most commonly secured e-mail system that uses digital signatures are pretty good privacy and multipurpose internet mail extension. This system supports both the RSA and DSS-based signatures. The system that is commonly used for credit card transactions through the internet is SET (secure electronic transaction). This system consists of security protocols and formats that enabled previous existing credit card payment infrastructure to use internet. Due to weak digital signatures that can be easily attacked by the substitution and homeostasis attacks for example RSA and ELGamal, hash transformation of messages should be done before putting the signature. J. Seberry proposed a method that could be used in the article Comment on a Digital Signature Scheme with Using Self-certified Public Keys. In this method, a hash round function is constructed using Boolean algebra that satisfies the characters of balance, strict avalanche criterion, and realization of software. Furthermore, using the hash round function, the latest hash algorithm called hash round function algorithm (HRFA) is contrived. As a result of aiming at the defects that exist at the available digital signatures algorithms from being attacked by active and impersonation attacks, use of HRFA and self-certified public key forms a new kind of signature algorithm called (hash round function and self-certified public key system digital signature algorithm) H-S DSA. Following the construction features of H-S DSA signature, it has made its signing schemes a bit slower as compared to others and that is the main weakness of H-S DSA. The mathematical analysis done shows that H-S DSA is more secured and relatively simple time-complexity. In a digital signature scheme that uses self-certified public keys, the public key and the verification signature are carried out in logical steps. Previously, Tseng et al proposed a digital signature scheme using the self-certified public key; his new proposal has a new digital signature recovery with two variants. But later, Shao et al reveal that the scheme is insecure and makes an improvement scheme that will overcome the Tseng scheme weakness. According to the security of Shao, his scheme consist of 4 phases, the system initialization phase, mass recovery phase, signature generation, and dispute arbitration. He showed in his mathematical analysis that even the improved scheme cannot escape the middleman attack. This middle man attack is always frightful over the internet. Recently, digital signature method that is mainly used in the internet environment with the anonymous authentication method that protects personal information is group signature scheme as analyzed by Yun-kyung Lee, Seung-wan Han, Sok-joon Lee, Byung-ho Chung, and Deok Gyu Lee in the article Anonymous Authentication System using Group Signature. The group signature scheme is a method where a member of a group signs anonymously a message on behalf of the group. In this the verifier knows that the signer is a group member but he does not know his identity, hence he can supply anonymity. This concept was introduced by David Chaum and Eugene van Heyst. According to them, the group signature has the following characteristics: The members of the group are the only ones who can sign the messages; The person receiving the message can verify that it is a valid group signature, but he cant tell the member of the group that sign; If there is a need, the signature can be opened so that the member who signed the message can be known. In this scheme the group manager has the highest power to add group members and reveals the personality of the group members at certain circumstances. With this signature scheme, the length of the signature normally expands in proportion to the number of the members of the group. But a researcher D. Boneh put forward a group signature method with a fixed length irrespective of the number of members. He named the group as short group signatures because of the signatures length. The length of the signature is the same as that of RSA, it has 1533 bits. This short group signature (SGS) of D. Boneh has five procedures namely key generation, signing, verification, opening and revocation. SGS of D .Boneh provide some security features like: the signatures doesn’t reveal their signers identity, honestly generated signatures verify and trace correctly, and all signatures including those created by the collusion of many users and the manager of the group trace to a member of the forging coalition (it has full traceability). Anonymous authentication system can be implemented by applying the SGS features. In this, the signature is signed by one member of the group but its identity is not revealed. In anonymous authentication it is requires that the identity of the user is not known but he should be an honest person. By applying the short group signature in anonymous authentication system, it provides tracing features in circumstances of the signer’s erroneous actions. Sometimes in communication, the computers that are being used are malicious and can obtain digital signatures from an arbitrary document. To solve this problem, a solution on condition signatures is applied. This solution is discussed by Istva´n Zsolt Berta, Levente Buttya´ n, and Istva´n Vajda in the article, A Framework for the Revocation of Unintended Digital Signatures Initiated by Malicious Terminals. In electronic commerce, where the cryptographic protocols are used, the user needs a computer which stores cryptographic keys and it can perform cryptographic computations on behalf of the person. On the other hand, this computers need to be trusted by the person using it to work as expected, and again this terminal should not compromise the security of the person using it. Unluckily, most computers cannot be trusted either because the party using it cannot be trusted by the owner or the owner is not convinced that the computer doesn’t have some hidden features. As a result of this problem, a solution for this entrusted terminal was proposed and this solution is based on the concept called conditional signatures. To detect attacks in this concept, a framework that gives a chance to mobile users to sign messages on doubted computers with the help of smart cards and later on examine the signatures in the environment that is trusted and revokes the ones that are faked. Once the message is protected by conditional signatures, neither the user nor the receiver can alter it, put both of them can withdraw from it. These conditional signatures should only be used in devices at which a particular service can be accessed only through the computers that are not trusted by the owner. With the rapid growth of wireless and mobile technology, the mobile technology has also been used to access the internet. As a result of this multiple use, it demands that security should be applied in this communication to curb attacks from the intruders. With mobile devices, we use location based digital signature since digital signatures protocols which has asymmetrical cryptographic algorithm are not good to be used in mobile devices because they have low computation capability and short battery life. If this method is used, the mobile device will get blocked for a certain length of time and the batteries will get drained fast. Geo-Encryption is used to generate digital signatures in these devices. This concept is discussed in the article, Digital Signature on Mobile Devices based on Location by the authors Santi Jarusombat and Surin Kittitornkun. Geo-Encryption is GPS-based encryption that utilizes the advantage of GPS technology. This scheme integrates time and position into the decryption and encryption process in a manner that gives an extra layer of security over the one that is availed by the conventional cryptography. It gives a chance for a message to be encrypted over a certain area. The receiver can decrypt the message only if he is within the allowed area and time. A geo-lock function is applied in encryption process to bring together the receiver geographic location (L), encryption key, and time to give geo-secured key to be transmitted with the message. This message can only be decrypted if the receiver is physically present at area L. a Geo-locking function can creates a geo-locking value by use of PVT (position velocity time) to GeoLock the mapping function in which the longitude, latitude, and time forms the inputs. The value of the Geo-Lock is meant for the generation of geo-secured keys from the session key and recovery session key from the geo-secured key. This Geo-Encryption is effective if the person sending the message knows the location of the recipient and the time in which the recipient will be there. “A mobility model for GPS-Based Encryption” proposes a model for geo-encryption techniques that permit mobile nodes to switch over the movement parameters, so that the person sending the message can geo-encrypt to the recipient estimated area (Santi Jarusombat and Surin Kittitornkun. 51). In mobile communication, the sign server is meant for updating messages and generating digital signatures in order to reduce the burden on mobile devices. Security in electronics transactions using mobile agents are classified into two different aspects as stipulated by Song Ham et al, this are one the security of the hosts to which the mobile agent will travel and the security of the mobile agents through which a number of sensitive data might be transported to the host. The first one is used to protect the security of the host because the mobile agent could be malicious. While the second is used to protect the mobile agents incase the host is hostile On the article by Hu Chaoju and Wang Xuning entitled Watermark Protocol Based on Time-stamp and Digital Signature, they discussed that Zero watermark is a new technology applied in digital watermark technique. This technique solves the antimony between the imperceptibility and robustness; it also protects the image of the copyright better. Digital watermarks are added to the digital audio, image, or video signals. This signals makes it able for the people to know the owner of the products, to identify the buyers, or to give more information about the about the products. Even though the watermark information is very little, it is still dangerous to release it into the network because it can be attacked. As a result of this risk, zero watermarks were introduced. This technology utilizes the significant features of the original image to create watermark without altering any image of this feature. Also watermarks are not entrenched into the image of the original image so that at the time of publication the original image will not increase due to additional information. DHWM (Diffie-Hellman protocol for watermark) is a protocol based on TTP (Trusted Third Party), this protocol is a combination of both digital watermark technology and key exchange algorithm and it gives the people using it a better IPR protection mechanism. TTP is an arbitration body that contains a watermark key which is fair for all users. TTP can find the copyright ownership through technical way. A safe zero digital watermark protocol introduces the digital certificate where the digital signature and time stamp are specific information from the extraction of important information in the images to generate zero digital watermark (Hu Chaoju and Wang Xuning 12). This protocol has the capability to resist intermediary and explain attacks, impersonation, prevent fraud, in order to protect the rights of digital goods. Conclusion The study of the ten articles has given insight knowledge about the importance and creation of digital signatures. Because digital signatures solve many problems in electronic documents send through different means especially when there is no trust between the sender and the receiver. The analysis has shown how these signatures are created, the best types to be used and the devices that suite better to be used on. Also the security and credibility of both the network and related hardware to be used are discussed. There is a high chance of improvement in this field because the government and private sectors are so much using the electronics means of communication to carry out their daily activities. As a result of this, they are now encouraging the researchers to research more on it in order to provide the most secured signatures. Works cited Chen Hai-peng, Shen Xuan-jing and Wei Wei. ‘Digital Signature Algorithm Based on Hash Round Function and Self-certified Public Key System’. (2009). Francesco Buccafuri and Gianluca Lax. ‘Signing digital documents in hostile enviroments’. Journal of digital information management. (2002). Hu Chaoju and Wang Xuning. Zero. ‘Watermark Protocol Based on Time-stamp and Digital Signature’. (2009). Istva´n Zsolt Berta, Levente Buttya´ n, and Istva´n Vajda. “A Framework for the Revocation of Unintended Digital Signatures Initiated by Malicious Terminals.” IEEE transactions on dependable and secure computing, vol. 2, no. 3, July (2005). Na Zhu and GuoXi Xiao. “The Application of a Scheme of Digital Signature in Electronic Government”. (2008). Song Ham, Vidyasagar Potdar, Elizabeth chang, and Tharam Dillon. ‘Privacy-preserving transactions protocol using mobile agents with mutual authentication’. Idea group publishing 1.1, (2007). Santi Jarusombat and Surin Kittitornkun, Digital Signature on Mobile Devices based on Location. Bangkok, (2008). Zhang Jianhong, Chen Hua1, Gao Shengnan1, and Geng Qin. ‘Comment on a Digital Signature Scheme with Using Self-certified Public Keys’. (2009). Yun-kyung Lee, Seung-wan Han, Sok-joon Lee, Byung-ho Chung, and Deok Gyu Lee. ‘Anonymous Authentication System using Group Signature’. (1999). Read More