Digital Signatures

I have defined previously some of the computer security terms and definitions. So far, the encryption and decryption operations provide confidentiality, where the information is kept secret from all but authorized parties (protect the information from being readable to unauthorised people). Whereas, many people do care about the other security properties such as, Integrity, Authentication, Non-repudiation and more (Remember the following terms).

  • Data Integrity: ensures that a message has not been modified in transit.
  • Message Authentication: ensures that the sender of a message is authentic.
  • Non-repudiation: ensures that the sender of a message cannot deny the creation of the message.
  • Identification: establishing and verifying the identity of an entity.
  • Access control: restricting access to the resources to privileged entities.
  • Availability: the electronic system is reliably available.
  • Auditing: provides evidence about security-relevant activities such as, keeping logs about certain events.
  • Physical security: providing protection against physical tampering and/or responses to physical tampering attempts.
  • Anonymity: providing protection against discovery and misuse of identity.

 

Symmetric Key is not enough to provide full-security, since it does not provide all the previous properties. Therefore, it is important to implement/introduce Digital Signatures. In fact, Digital Signatures provide Data Integrity, Message Authentication and Non-repudiation. The following steps explain how Digital Signatures work:

  1. Any party can start this communication, either Alice or Bob, by generating two keys (public-key and private-key). In our scenario, Bob has generated the two keys.
  2. Bob sends his public-key to Alice, while keeping his private-key
  3. The message (x) that Bob wants to send will be signed via the Bob’s (private-key).
  4. The message (x); along with Bob’s signature will be sent to Alice.
  5. Alice will verify the received message (x) via Bob’s public-key. This ensures that Bob has sent the message (message integrity, authentication and non-repudiation).

 

This PowerPoint file explains the digital-signatures process step-by-step.

For more information about Digital Signature.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s