Thursday, 6 April 2017

Digital Signature

Image result for digital signature


digital signature is a mathematical scheme for demonstrating the authenticity of digital messages or documents. A valid digital signature gives a recipient reason to believe that the message was created by a known sender (authentication), that the sender cannot deny having sent the message (non-repudiation), and that the message was not altered in transit (integrity).
Digital signatures are a standard element of most cryptographic protocol suites, and are commonly used for software distribution, financial transactions, contract management software, and in other cases where it is important to detect forgery or tampering.

History of Digital Signature

Image result for history digital signature

In 1976, Whitfield Diffie and Martin Hellman first described the notion of a digital signature scheme, although they only conjectured that such schemes existed. Soon afterwards, Ronald RivestAdi Shamir, and Len Adleman invented the RSA algorithm, which could be used to produce primitive digital signatures (although only as a proof-of-concept – "plain" RSA signatures are not secure). The first widely marketed software package to offer digital signature was Lotus Notes 1.0, released in 1989, which used the RSA algorithm.

Other digital signature schemes were soon developed after RSA, the earliest being Lamport signaturesMerkle signatures (also known as "Merkle trees" or simply "Hash trees"), and Rabin signatures.
In 1988, Shafi GoldwasserSilvio Micali, and Ronald Rivest became the first to rigorously define the security requirements of digital signature schemes.They described a hierarchy of attack models for signature schemes, and also presented the GMR signature scheme, the first that could be proved to prevent even an existential forgery against a chosen message attack.

How they work

Image result for how they work digital signature

To create RSA signature keys, generate a RSA key pair containing a modulus, N, that is the product of two large primes, along with integers, e and d, such that e d  1 (mod φ(N)), where φ is the Euler phi-function. The signer's public key consists of N and e, and the signer's secret key contains d.

To sign a message, m, the signer computes a signature, σ, such that σ ≡ md (mod N). To verify, the receiver checks that σe ≡ m (mod N).
As noted earlier, this basic scheme is not very secure. To prevent attacks, one can first apply a cryptographic hash function to the message, m, and then apply the RSA algorithm described above to the result. This approach is secure assuming the hash function is a random oracle.
Most early signature schemes were of a similar type: they involve the use of a trapdoor permutation, such as the RSA function, or in the case of the Rabin signature scheme, computing square modulo composite, n. A trapdoor permutation family is a family of permutations, specified by a parameter, that is easy to compute in the forward direction, but is difficult to compute in the reverse direction without already knowing the private key ("trapdoor"). Trapdoor permutations can be used for digital signature schemes, where computing the reverse direction with the secret key is required for signing, and computing the forward direction is used to verify signatures.
Used directly, this type of signature scheme is vulnerable to a key-only existential forgery attack. To create a forgery, the attacker picks a random signature σ and uses the verification procedure to determine the message, m, corresponding to that signature.[19] In practice, however, this type of signature is not used directly, but rather, the message to be signed is first hashed to produce a short digest that is then signed. This forgery attack, then, only produces the hash function output that corresponds to σ, but not a message that leads to that value, which does not lead to an attack. In the random oracle model, this hash-then-sign form of signature is existentially unforgeable, even against a chosen-plaintext attack.]
There are several reasons to sign such a hash (or message digest) instead of the whole document.
For efficiency
The signature will be much shorter and thus save time since hashing is generally much faster than signing in practice.
For compatibility
Messages are typically bit strings, but some signature schemes operate on other domains (such as, in the case of RSA, numbers modulo a composite number N). A hash function can be used to convert an arbitrary input into the proper format.
For integrity
Without the hash function, the text "to be signed" may have to be split (separated) in blocks small enough for the signature scheme to act on them directly. However, the receiver of the signed blocks is not able to recognize if all the blocks are present and in the appropriate order.

Applications of digital signatures


Image result for applications of digital signature

As organizations move away from paper documents with ink signatures or authenticity stamps, digital signatures can provide added assurances of the evidence to provenance, identity, and status of an electronic document as well as acknowledging informed consent and approval by a signatory. The United States Government Printing Office (GPO) publishes electronic versions of the budget, public and private laws, and congressional bills with digital signatures. Universities including Penn State, University of Chicago, and Stanford are publishing electronic student transcripts with digital signatures.
Below are some common reasons for applying a digital signature to communications:

Authentication

Although messages may often include information about the entity sending a message, that information may not be accurate. Digital signatures can be used to authenticate the source of messages. When ownership of a digital signature secret key is bound to a specific user, a valid signature shows that the message was sent by that user. The importance of high confidence in sender authenticity is especially obvious in a financial context. For example, suppose a bank's branch office sends instructions to the central office requesting a change in the balance of an account. If the central office is not convinced that such a message is truly sent from an authorized source, acting on such a request could be a grave mistake.

Integrity

In many scenarios, the sender and receiver of a message may have a need for confidence that the message has not been altered during transmission. Although encryption hides the contents of a message, it may be possible to change an encrypted message without understanding it. (Some encryption algorithms, known as nonmalleable ones, prevent this, but others do not.) However, if a message is digitally signed, any change in the message after signature invalidates the signature. Furthermore, there is no efficient way to modify a message and its signature to produce a new message with a valid signature, because this is still considered to be computationally infeasible by most cryptographic hash functions (see collision resistance).

Non-repudiation

Non-repudiation, or more specifically non-repudiation of origin, is an important aspect of digital signatures. By this property, an entity that has signed some information cannot at a later time deny having signed it. Similarly, access to the public key only does not enable a fraudulent party to fake a valid signature.
Note that these authentication, non-repudiation etc. properties rely on the secret key not having been revoked prior to its usage. Public revocation of a key-pair is a required ability, else leaked secret keys would continue to implicate the claimed owner of the key-pair. Checking revocation status requires an "online" check; e.g., checking a certificate revocation list or via the [6]Online Certificate Status Protocol. Very roughly this is analogous to a vendor who receives credit-cards first checking online with the credit-card issuer to find if a given card has been reported lost or stolen. Of course, with stolen key pairs, the theft is often discovered only after the secret key's use, e.g., to sign a bogus certificate for espionage purpose.

Image result for digilocker

DigiLocker is a "digital locker" introduced in February 2016 and the service was launched by the Government of India in July 2015 to provide a secure dedicated personal electronic space for storing the documents of resident Indian citizens.[2] The storage space of 1GB is linked to the Unique Identification Authority of India (Aadhaar number) of the user, which can be utilised for storing personal documents like University certificates, Permanent account number (PAN) cards, voter id cards, the URIs of the e-documents issued by various Government departments.
There is also an associated facility for e-signing documents. The service is intended to minimise the use of physical documents, reduce administrative expenses, provide authenticity of the e-documents, provide secure access to government-issued documents and to make it easy for the residents to receive services.
To sign up the user should possess an Aadhar Card and a mobile number linked to it.
DigiLocker is one of the key initiatives under the Digital India Programme. This was released by the Ministry of Electronics and Information Technology (MeitY), Government of India.

Key stakeholders of DigiLocker

Image result for key stakeholders of digilocker

The three key stakeholders of the DigiLocker platform are citizens, issuers and requesters. Let’s see how these stakeholders interact with the DigiLocker:

Citizens
Citizens can store or access their documents using the DigiLocker. They can store either an uploaded or issued document on the DigiLocker.
Uploaded document: Citizens may upload scanned copies of their important documents including the driving license, voter’s ID card (EPIC), passport, marks sheets, income tax statements, etc. They can use the DigiLocker to submit a digitally signed copy to a government agency if required by that agency. However, the agency must be registered as a requester with the DigiLocker.
Issued documents: These are e-documents that have been issued on the DigiLocker by a registered issuer who pushes the Uniform Resource Indicator (URI) of the e-documents to the digilockers of citizens, based on their Aadhaar numbers. These are stored in a central repository, and citizens can see and share their respective URI links.
Issuers
Various government agencies are registered with DigiLocker as issuer and they can issue e-documents to citizens. These agencies include CBSE, Registrar Office, Income Tax Department, and so on. In 2016, CBSE issued the class 12th result, while NEET issued the rank letter, on DigiLocker. Also, all the CBSE results now onwards would be issued on DigiLocker. DigiLocker also provides the facility for issuers to issue legacy data but that would require Aadhaar seeding in the issuers’ legacy databases.
Requesters
A requester, in the context of DigiLocker, is a government department that offers citizen services (the revenue department, a passport office or a municipality) or an organisation that requires documentation (banks, telcos, etc.). In order to provide a government service, a government agency needs to ascertain an individual’s identity, age or nationality, for which various standard and supporting documents issued by multiple government agencies may be required. In order to provide its services, the requester can request for digital versions of those documents and accept those online through the DigiLocker.


Security measures of DigiLocker

Image result for security of digilocker images


Following is the security measures used in the system
  • 256 Bit SSL Encryption
  • Mobile Authentication based Sign Up
  • ISO 27001 certified Data Centre
  • Data Redundancy
  • Timed Log Out
  • Security Audit