- Got Questions?
- +1-316-444-1378
- +44-141-628-6690
- [email protected]
Digital Signature and its Vulnerabilities
Digital Signature and its Vulnerabilities
Name:
Course:
Institution:
Lecturer:
Date:
Abstract
The purpose of this document is to explain the specific properties of a digital signature. The document also provides justifications of the differences between direct and arbitrated digital signatures. Finally, the document gives an explanation as to what a suppress-replay attack necessitates. The following document is meant to enlighten the user of the different properties of digital signature and their vulnerabilities.
Digital Signature and its Vulnerabilities
Introduction
Computers are a part of the modern lifestyle. However, when working with them at times the issue of security, information assurance and privacy usually arises. At times, the concern of digital signature frequently pops up when using the computer. It is essential to be informed of digital signatures and their properties. There might also be a time when one needs to know of the differences between types of digital signature and their vulnerabilities. Finally, one needs to know how to deal with these vulnerabilities.
Properties of a Digital Signature
A digital signature is a mathematical scheme used to demonstrate the dependability of a digital document. Digital signatures are commonly used in software distribution and in places where the user wants to detect forgery. It consists of a key algorithm that selects a private key uniformly from a set of private keys. In addition, it has a signing algorithm-producing signature that responds to the given message. Moreover, it is a signature-verifying algorithm that responds to the sent message. There are several properties that a digital signature must have. First, it must be genuine. This means that the person who signed it is real and intended to do so (Leiwo, 2003).
Secondly, the signature must be difficult to forge, meaning that the user is the only one entitled to sign and open the document. No one else is permitted to know of the signature, no person can act on behalf of the signer. The signature should be of quality without mistakes to avoid practicable attacks form outsiders. Digital signatures must not be re-usable, meaning after the document has been signed no part of the document can be displayed or made use of anywhere. It is not warranted for use anywhere else since the owner has locked the document with an algorithm password. The digital signatures cannot be renounced; once it is signed, the signer cannot deny that he signed the document. The signature must be easy to recognize. The user must use a signature that is easily recognizable and easy to memorize but private. They should also be practicable in retaining a copy of the signature in storage.
Difference between Direct and Arbitrated Digital Signature
Direct and arbitrated digital signatures are processes used to send data from one person to another without any charges. A direct digital signature can be formed by encrypting the message with a private key. It is a signature that the sender of the message contacts the receiver and gives them the public key. The sender then sends a secure message to the receiver containing the public key that he uses to open the document and read the contents. The method is the safest since it does not involve a third party. There are drawbacks related to this signature. The message is only secure when the private key is secure. If it is shared to anyone then the information is insecure. The sender can deny sending the message by simply stating that their key was lost (Yoon, 2004).
However, if this happens then a message containing the compromising key can be sent to the sender. An arbitrated digital signature is used to overcome the sending problem encountered in a direct digital signature. Here every message sent from the sender first goes to the arbitrator who checks on the content. It is then dated and sent to the recipient. The arbitrator helps solve the problem of sender disowning the message. The presence of a third party helps curb the problem encountered in sending the message. However, the third party involved must be a person who is trusted. The party needs to validate the contents of the message and the sender details. He helps prevent message trafficking.
A Suppress-replay Attack
Suppress replay attack is where legitimate data transfer is captured and replayed by an adversary in attempt to gain unauthorized access to the data. It is a concern when both parties are confirming their identity. This type of reply attack occurs in the Denning Protocol where it uses timestamps to increase the level of security. Timestamps are a measure used to prevent an attack. It revolves around synchronized time clocks throughout the network. The only time the distributed time clocks can become unsynchronized is when there is a fault in the mechanism. It is stated by Li Gong that the recipient remains vulnerable to accepting the message as a current even after the clocks have detected the error (Stallings, 2003). The recipient remains vulnerable until the message is invalidated. In suppress replay, if the clock of the sender is ahead of time and the message is interrupted, he can replay it on current timestamp.
A replay track can be used together with a masquerade where a stranger pretends to be an authorized user. Another measure than can be used to prevent attacks is use of tokens to verify timestamps of messages. Thirdly, one can use message authentication code. This is short piece of information used to authenticate a message. The keyed hash function accepts as input a private key with a lengthy message to be validated and exits a message authentication code. It protects the message information by only allowing verifiers with the private word to detect any hindrance to the content.
Message authentication codes contain different security measures. For it to be considered secure, it must resist forgery. This means that if the attacker gets hold of the secret word, he cannot guess all the codes. Message authentication codes differ from digital signatures in the case of balanced encryption. They are repudiating as the signatures in the situation of sharing a secret key. Any one who can verify a message authentication code can operate other codes for other messages. The messages are created such that they will always produce the same codes assuming the same algorithm will be used to generate both. They are designed to produce same codes, message or secret word are input to the similar algorithm. Proper use of these message attack measures can curb the issue of message delay and data diversion to unauthorized destinations.
Conclusion
To conclude, digital signatures have essential properties in them that are important in digital signature design scheme that is aimed at ensuring the validity of the sender’s message, the contents and the two parties. A direct digital signature is a method where the sender of the message is responsible for ensuring that the receiver obtained the sent public key safely and ensures the private key is safe. He ensures the key is safe to avoid any traffic of information or interference from a third party. An arbitrated digital signature is a process that uses a trusted third party to validate the sender’s details, the receiver’s details and the message contents. The two signature methods have drawbacks; however, the latter one was designed to support the direct signature method. The third party was designed to eliminate the issue of trafficking. One security support system designed is the suppress replay attack where there legal transfer of data is delayed, recorded and replayed at a future point of time. This is done in order to gain unauthorized admission. Nevertheless, this attack can be controlled if the safest precautions are put into consideration.
References
Leiwo, J. (2003). Digital Signatures. Retrieved from
<http://www.tml.tkk.fi/Studies/T-110.498/2003summer/Slides/lecture04.pdf>
Stallings, W. (2003). Cryptography and Network Security: Principles and Practices. Retrieved from < http://EzineArticles.com/2605927>
Yoon, H. (2004). Digital Signatures. Retrieved from <http://camars.kaist.ac.kr/~hyoon/courses/is560/is560/Chap-10.ppt>
