The increasing use of digital signature in electronic documents poses special challenges in verifying authenticity, because digital technology makes such documents easy to alter or copy, leading to multiple non-identical versions that can be used in unauthorized or illegitimate ways. To help meet the challenge of the digital age but also provide the assurance that an electronic document has not been altered. A digital signature, viewed through authenticity, verifies documents, at no cost to the customer. [12] Everyone is used to dealing with an original document, or an authenticated copy of the original document, but is in difficulties when the concept of ‘original’ proves to be elusive in respect of a digital signature, whatever form it takes. [8] Data and information security becomes more and more important in digital signature which uses a public high-speed wide area network. Generally, E-security is characterized in terms of privacy, authenticity and integrity of digital data. [14]Authentication is concerned for both information providers and information users thought the process. [5]This paper proposed an algorithm with flowchart of authenticity of digital signature that gives us generalization to check security and authentication of digital signature effectively.
1. Introduction: E-security creates a secure and trusted electronic operating environment for both public and private sectors because the risk associated with the internet has also grown rapidly so key focus of respecting and protecting the privacy and information security of citizens, businessman, communities and organizations. Electronic commerce transactions for business management of risk and other applications may also seek to authenticate the origin, destination confidentiality, integrity and security from digital signature technology of documentation that means no part of the message and the contents has been altered during transmission. Creating a valid signature does not require a specific technology. Proof of signing relates to the intent rather than the technology. Proof of that fact needs to be made under other applicable law and must have identity, authority, integrity, security, availability & confidentiality.[15] Basic security issue is authentication which is a process of confirming and serves as the basis for authorization the identity of an entity like a user, a machine and company security objectives of document. So authentication is the process of establishing confidence in user identities with legal consequences. Authenticity is of fundamental importance not only for scholarly work, but also for practical affairs, including legal matters, regulatory requirements, military and other governmental information, and financial transactions.[6] It serves as the basis for authorization that identify the author of document.[11] Authentication is needed where there is not complete trust between sender and receiver.[17] Digital law issues that have emerged include authentication of official legal information and preservation for long term access, particularly for born digital legal information which has no paper equivalent. [18] A digital signature is an electronic signature that can be used to authenticate the identity of the sender’s message or the signer’s document, and possibly to ensure that the original content of the message or document that has been sent is unchanged and easily transportable, cannot be imitated by someone else, and can be automatically time-stamped that the sender cannot easily repudiate it later. [1] It provides few things according to user needs: confidentiality, authentication, authorization, non-repudiation, data-integrity and verifying document integrity. The issue is about trust or the lack of trust so authentication is needed where there is not complete trust between sender and receiver. If the document is not authentic, it will not always be necessary to request a digital evidence specialist to investigate the document technically to establish authenticity. [7] It provides confidence to customers, citizens and consumers that the material actually came from the originating organization. [3] With the proper computer software, we can modify or duplicate data easily, if those modification or duplication is unauthorized, it will make us doubtful when submitting digitally as evidence in court. This technology is based on cryptography and effectively enhances the strength of power of evidence. This proposed technology creates unique code as a digital signature to be with an image.
2. How does it work? Digital signature is a sort of Cryptography that means keeping communications private. It is a practical art of converting messages or data into a different form, such that no one read them without having access to the ‘key’. The message may be converted using a ‘code’ (in which case each character or group of characters is substituted by an alternative one), or ‘cipher’ (in which case the message as a whole is converted, rather than individual characters). It deals with encryption, decryption and authentication. There are two types of Cryptography-1 Private or Secret key or Symmetric Cryptography
3. Public key or Asymmetric Cryptography : In Symmetric Cryptography the sender and receiver of a message know and use the same secret key to encrypt the message, and the receiver uses same key to decrypt the message.
Asymmetric (or public key) Cryptography involves two related keys, one of which only the owner knows (the 'private key') and the other which anyone can know (the 'public key'). Digital signatures are created and verified by cryptography, the branch of applied mathematics that concerns itself with transforming messages into seemingly unintelligible forms and back again. Digital signatures use what is known as "public key cryptography," which employs an algorithm using two different but mathematically related "keys;" one for creating a digital signature or transforming data into a seemingly unintelligible form, and another key for verifying a digital signature or returning the message to its original form.[16]Cryptography has key to user confidence and future growth of it. [13] It provides assurance that it is attributable, with various levels of certainty, to the signatory. [15] Digital Signatures are based on Public Key Technology that uses asymmetric cryptography with mathematical codes. Each person's identity is related to a key pair - a private key and a public key. During the signing, this code is generated with the help of an algorithm and, the digital contents. The code generated, known as the 'message digest', is unique for each process and content by using individual's private key encrypt this code is referred as 'Digital Signature. This establishes the identity of the signer and bound to the message and sent along with the document or the transaction and also sent individual’s public key. [2] Digital Signature verification: When an individual receives a signed document or transaction, he will initiate the verification process. The public key of the sender is used to decrypt the digital signature and retrieve the message digest. The hash algorithm is applied again to the digital contents to generate another message digest. These two message digests are compared and if they match verification is successful. If there were any changes in the digital contents the resultant message digest would differ from the original one and the verification would fail.
Proposed Algorithm and Flowchart
This algorithm helps to authenticate the digital signature
Step1: For Creation of Digital signature
1) Select a Text Message with key pair {Public key, Private key}.
2) Applying hash function then generates a Mathematical code, Message Digest, Call it to MD1.
3) Applying signature function to MD1 using Signer’s private key then generate Digital signature.
Step2: For Verifying Digital signature
1) Applying signature function with signer’s public key to the digital signature
2) Generate a Message Digest, call it to MD2.
Step3: If (MD1== MD2)
Then
Signature verified
Else
Signature not verified
Goto step1.
This flowchart shows the implementation of the steps related to the creation and verification of digital signature that gives the integrate approach to authenticate individuals signature.
The flow for the given algorithm as follows
Figure 1 Flowchart
4. Conclusion: E-security has changed significantly with the emergence of sophisticated, targeted and malicious online attacks that is potentially come from a number of sources including organized crime, foreign intelligence services and politically motivated groups that pose a risk to the 1) continuity of government 2) reliable delivery of critical services by both the public and private sectors and 3) identity and financial information of home users and small to medium sized enterprises. [4] This paper presents an algorithm that gives a generalized and integrates way to authenticate the digital signature.
5. Future scope: This algorithm can be combined to determine both the procedure creation and verification of digital signature. That will do by one algorithm that’s why simple, compact and efficient. It also saves time to create and verify.
6. References
1. http://searchsecurity.techtarget.com/sDefinition/0sid14_gci 526300,00.html
2. http://www.elock.com/digitalsignaturefaqs.html
3. http://www.entrust.com/digital-signatures/index.htm
4. Australian government.E-security national agenda (ESNA). E-security _public+policy+statement.pdf, 2001
5. David Bearman and Jennifer Trant.Authenticity of Digital Resources-Towards a Statement of Requirements in the Research Process.D-Lib Magzine,June 1998,ISSN 1082-9873 [6] H.M. Gladney and J.L Bennett. What Do We Mean by Authentic?. D-Lib Magazine, Volume 9. Number 7/8, ISSN 1082-9873, July-August 2003
6. Stephen Mason. Authentication of digital documents. Newsletter on the fight against cybercrime, Number 5, November 2009, pp 1 – 5,
7. Stephen Mason. Electronic evidence and the meaning of ‘original’. Amicus Curiae The Journal of the Society for Advanced Legal Studies Issue 79 Autumn 26-28 2009 .
8. GPO US Government printing office,Council Discussion, Questions and Answers.Authentication .the Spring Meeting,2005.
9. Che-Yen Wen and Kum-Ta Yang. Image authentication for digital image evidence, Forensic science Journal, 2006; 5:1-11 Sept, 6 2006
10. Malte Timmermann.OOo Digital signatures. OpenOffice.org Conference 2004, available from http://marketing.openoffice.org/ooocon2004/.. /timmer mann_digital_signature.pdf
11. John Landwehr.Security Matters-US Govt. printing office deploys digital signature for FY2009 Budget,February 4, 2008
12. Dr. Bernd Holznagel and Lars Dietze. STORK cryptography workshop: Towards a Roadmap for Future research, IST-2002-38273, Germany NOV 26-27 ,2002 available from http://www.itm.uni-muenster.de
13. X Q Zhou.H K Huang. and S L Lou.Authenticity and integrity of digital mammography images.IEEE Transactions on Medical Imaging.
14 Dr Paul Schapper and Dra Mercedes Rivolta. Authentication & Digital Signatures in E- Law and Security:A Guide for Legislators and Managers.
15. American Bar Association,Section of Science and Technology,Information Security Committee.Digital Signature Guidelines:Tutorial.2006.
16. Digital signature full report available from http://www.seminarprojects.com/Thread- digital-signature-full-report/digitalsignature full report.doc
17. Claire M Germain.Digitizing the World’s Law: Authetication and Preservation International Legal Information Management Handbook Paris & Berlin Ashgate 2010, September 2, 2010
Print version