Digital Signature

Digital Signature is a #Security Mechanism where hashed# data is appended to (sometimes encrypted# using Rivest-Shamir-Adleman (RSA)#) a data unit, allowing a recipient of the data unit to prove the source and Integrity# of the data unit. It could protect against forgery# due to its Non-Repudiation# nature. At the receiver side, it will either reject (return value 0) or accept (return value 1) the signature.

Note: Hashing is used to avoid certain attacks.

It is using an Asymmetric Cryptography# approach for signing \(S = [H(M)]^d \mod n\) (using sender’s private key) and verifying \(H(M) = S^e \mod n\) (using receiver’s public key), thus is universally verifiable.

Links to this page

TAC3121 Chapter 6: Message Authentication and Hash Functions

Digital Signature
TAC3121 Chapter 1: Introduction

Digital Signature
Security Mechanism

Digital Signature#
Secure/Multipurpose Internet Mail Extensions (S/MIME)

S/MIME utilises several Cryptographic schemes to provide secrecy to the MIME email. For Digital Signature#, it uses DDS or Rivest-Shamir-Adleman (RSA)#. Hash Functions# used are SHA-1 and MD5. ElGamal or Rivest-Shamir-Adleman (RSA)# is used to encrypt session key. The message encryption is done by Advanced Encryption Standard (AES)#, Triple Data Encryption Standard (3DES)#, RC2/40 or others.
Pretty Good Privacy (PGP)

PGP is a #Asymmetric Cryptographic program used to encrypt, decrypt and sign emails over insecure transmission channel such as Internet with Digital Signature# which is developed by Philip R. Zimmermann in 1991. It has become the de facto #standard for email security. It provides five services: Confidentiality#, Authentication#, compression, e-mail compatibility (encode raw binary to ASCII characters using Radix-64 Encoding#) and segmentation (if the message is too large). It guarantees the security in Application Layer#.
Peer Entity Authentication

Peer Entity Authentication is a kind of #Security Service that utilises encryption#, Digital Signature# and Authentication Exchange# in order to counter Masquerade#.
Non-Repudiation

Non-Repudiation is a characteristic where both party, usually a sender and a receiver from #networking perspective, can’t deny the validity of a message. This will prove that the message is sent by that particular sender, and is received by that particular receiver. It utilises Digital Signature#, Data Integrity#, and Notarisation#.
Integrity

Integrity is a measure on whether how complete (remained unaltered) the received message itself is, as it would be the same or highly similar as the one that being sent. By further utilising encryption#, Digital Signature# and Data Integrity#, it could be used to counter Replay Attack# and Modification#
Hash Function

Hash Function, denoted as \(h = H(M)\), is an unkey function that condense arbitrary lengths of value into a fixed size output (fingerprint). It could be used as a mapping function of #Hash Table key into an appropriate cell, in #Digital Signature for authentication#, creating one-way password, detecting intrusion or virus, or construct pseudorandom# function (PRF) or a pseudorandom number generator (PRNG).
Data Origin Authentication

Data Origin Authentication is a kind of #Security Service that utilises encryption# and Digital Signature# in order to counter Masquerade#.
Cryptographic Primitives

Digital Signature#
Asymmetric Cryptography

Digital Signature#

It addresses two issues faced by Symmetric Cryptography: Key Distribution# and Digital Signature#. One doesn’t need to have a secure channel or a third party to distribute public keys as it will not sufficient to undermine the security of the encrypted message. Public keys could be distributed by either Public Announcement#, Publicly Available Directory#, Public-Key Authority#, or Public-Key Certificate#. We can verify whether the message is coming from the intended sender using the public key, thus able to authenticate the author. That being said, it is vulnerable to quantum computing.

#security #)