View
120
Download
0
Category
Tags:
Preview:
DESCRIPTION
Digital Signature
Citation preview
DIGITAL SIGNATURE
Digital Signatures
Each individual generates his own key pair[Public key known to everyone & Private key only to the owner]
Private Key – Used for making digital signature
Public Key – Used to verify the digital signature
INTRODUCTION
Digital Signature is Hash value of a message when encrypted with the private key of a person is his digital signature on that e-Document Digital Signature of a person therefore varies from document to document thus ensuring authenticity of each word of that document. As the public key of the signer is known, anybody can verify the message and the digital signature
Digital Signatures Each individual generates his own key pair [Public key known to everyone & Private key only to the owner ] Private Key – Used for making digital signature Public Key – Used to verify the digital signature
OBJECTIVE
In the electronic environment basic legal functions of a signature are performed by way of a method that identifies the originator of a data message and confirms that the originator approved the content of data message. This method uses the techniques of cryptography and encryption.
Public key cryptography is an asymmetric scheme that uses a pair of pair of keys for encryption. A public key, which encrypts data and a corresponding private and secret key for decryption.
PROBLEM STATEMENT
Digital signatures are based on mathematical algorithm. These require the signature holder to have two keys (one private and the public) for signing and verification. A verifiable trustworthy entity called certification authority creates and distributes signature. A digital signature is a cryptographic means through which many of these may be verified. The digital signature of a document is a piece of information based on both the document and the sign is a private key. It is typically created through the use of a hash function.
If you are sending a sensitive document, you would want the recipient of the document to know that it was from you and you would also want to ensure that the document gets to the recipient in the very same state you sent it in, without any alterations. The process of digitally signing your document would go something like this:
Why Digital Signatures?
•To provide Authenticity, Integrity and Non-repudiation to electronic documents•To use the Internet as the safe and secure medium for e-Commerce and e-Governance
OVERALL DESCRIPTION OF PROJECT
Digitally signed messages may be anything represent able as a bit string: examples include electronic mail, contracts, or a message sent via some other cryptographic protocol. A digital signature scheme typically consists of three algorithms
A key generation algorithm that selects a private key uniformly at random from a set of possible private keys. The algorithm outputs the private key and a corresponding public key.
A signing algorithm that, given a message and a private key, produces a signature.
A signature verifying algorithm that, given a message, public key and a signature, either accepts or rejects the messages claim to authenticity.• Two main properties are required. First, a signature generated from a fixed message and fixed private key should verify the authenticity of that message by using the corresponding public key. Secondly, it should be computationally infeasible to generate a valid signature for a party who does not possess the private key.
Advantages of Digital Signatures
The following are the main benefits of using digital signatures: Speed: Businesses no longer have to wait for paper documents to be sent
by courier. Contracts are easily written, completed, and signed by all concerned parties in a little amount of time no matter how far the parties are geographically.
Costs: Using postal or courier services for paper documents is much more expensive compared to using digital signatures on electronic documents.
Security: The use of digital signatures and electronic documents reduces risks of documents being intercepted, read, destroyed, or altered while in transit.
RSA Algorithm Key Generation
Random Numbers RSA Key Pair [Private/Public Key]
Digital Signature Generate Message Digest [SHA1] Encrypting Digest using Private
Key [Signatures] Attaching the Signatures to the
message. Verification of Signatures
Run the test for Authentication, Integrity and Non repudiation.
Digital Signature Certificate ITU X.509 v3
Public-Key Certification
Signed by using
CA’sprivate
key
UserName &
other credentials
UserName &
other credentials
User’s Public
key
User’s Public
key
User Certificate
Certificate Database
PublishCertificateRequest
User Name
User’s Public Key
CA’s Name
Validity
Digital Signature of CA
Certificate Class
User’s EmailAddress
Serial No.
Key pair Generation
Private
Public
Web site of CA
User 1 certificate
User 2 certificate.
Public
License issued by CCA
Private key protection
The Private key generated is to be protected and kept secret. The responsibility of the secrecy of the key lies with the owner.
The key is secured using
PIN Protected soft token Smart Cards Hardware Tokens
Paper signatures v/s Digital Signatures
Parameter Paper Electronic
Authenticity May be forged Can not be copied
Integrity Signature independent of the document
Signature depends on the contents of the document
Non-repudiation a. Handwriting expert needed
b. Error prone
a. Any computer user
b. Error free
V/s
Signed Messages
Message+
Signature
Message+
Signature
HashHash
DecryptSignatureWith Sender’s Public Key
DecryptSignatureWith Sender’s Public Key
SIGN hashWith Sender’s Private key
SIGN hashWith Sender’s Private key
Message+
signature
Message+
signature
COMPARECOMPARE
Calculated Hash
Calculated HashMessageMessage
Sender Receiver
HashHash
Signed Message
Sent thru’ Internet
ifOK
Signatures verified
TEST PLAN
Unit Testing Unit testing focuses efforts on the smallest unit of software design. This is
known as module testing. The modules are tested separately. The test is carried out during programming stage itself. In this step, each module is found to be working satisfactory as regards to the expected output from the module.
Integration Testing Data can be lost across an interface. One module can have an adverse
effect on another, sub functions, when combined, may not be linked in desired manner in major functions. Integration testing is a systematic approach for constructing the program structure, while at the same time conducting test to uncover errors associated within the interface. The objective is to take unit tested modules and builds program structure. All the modules are combined and tested as a whole.
Validation Testing At the culmination of the integration testing, Software is completely
assembled as a package. Interfacing errors have been uncovered and corrected and a final series of software test begin in validation testing. Validation testing can be defined in many ways, but a simple definition is that the validation succeeds when the software functions in a manner that is expected by the customer. After validation test has been conducted, one of the three possible conditions exists.
The function or performance characteristics confirm to specification and are accepted.
A deviation from specification is uncovered and a deficiency lists is created.
Proposed system under consideration has been tested by using validation test and found to be working
Output Testing After performing the validation testing, the next step is output testing of the proposed
system, since no system could be useful if it does not produce the required output in a specific format. The output format on the screen is found to be correct. The format was designed in the system design time according to the user needs. For the hard copy also; the output comes as per the specified requirements by the user. Hence output testing did not result in any correction for the system.
User Acceptance Testing User acceptance of a system is the key factor for the success of any system. The
system under consideration is tested for the user acceptance by constantly keeping in touch with the prospective system users at the time of developing and making changes whenever required.
This is done in regard to the following point: Input Screen Design Output Screen Design Format of reports and other outputs.
RISK MANAGEMENT
Risk Identification: We analyzed that there were several types of risks involved with our project like:
Hardware Constraint Risks like the CPU is over burdened with calculations and the system might hang.
Data Loss Risk due to hardware malfunction or failure to save the changes applied in the existing code.
Development Environment Risks due to 1 members in the group, since the modules are different, at the time of integration, more amount of time is spent than the main module itself.
Risks Quantification: The impact of the different risks mentioned above was assessed as follows
Environment Risks: Medium probability and High Impact. Thus it can be seen as a medium risk.
Hardware Constraint Risks: Very low probability and High Impact. Thus it can be seen as a low risk.
Deliverability Risks: Very High probability and Medium Impact. Thus it can be seen as a high risk
Data Loss Risks: Medium Probability and Very high impact. High Risk Development Environment Risks: Low Medium Probability and Medium
Impact. Thus it can be seen as a medium risk.
Risk Response: There are basically four things which can be done about a risk. It can be avoided, transferred, mitigated or accepted.
Hardware Constraint Risks: It has a very low chance of occurring but
if encountered, can be avoided by CPU of good processing speed as well as sufficient free disk space at the beginning when the simulation is started.
Deliverability Risks: It has a good chance of happening and can be mitigated
Data Loss Risks : Has an average chance of occurring and can be mitigated by pushing my code on the cloud from time to time
Development Environment Risks: Nothing can be done to mitigate such risks. They just need to be accepted.
Risk Monitoring and Control Environment Risks: It can be controlled by properly initializing the light
variables carefully. Hardware Constraint Risks: It can be monitored by making sure of the
quality of the hardware and its performance stats. Development Environment Risks: It can be controlled by continuing with
the project and completing it as much as possible.
Error and Exception Handling
Integrating Windows 7, Visual Studio 2010 and the toolkits over the top of
building our own class files, we encountered a good number of exceptions which we made sure would never again occur by building an accurate and time improvised property sheet for our project.
We had to resolve several errors while making our own classes and integrating them with the main program like external resolved linker error, unidentified variable identifier, unhandled exception in importing libraries and redefined functions.
DEBUGGING
Debugging is a methodical process of finding and reducing the
number of bugs, or defects, in a computer program or a piece of electronic hardware, thus making it behave as expected.
Debugging tends to be harder when various subsystems are tightly coupled, as changes in one may cause bugs to emerge in another.
As the project is still in its development stage, debugging done was alongside code writing. Most of the times due to a silly mistake which resulted into a fatal error, the program often crashed when tried to access some attributes of an object that were not initialized.
When the models were being tested, a comparison had to be formulated. This comparison was very difficult to narrow down since the input parameters for each model are different.
SECURITY MECHANISM
This system is provided with authentication without which no user can pass. So only the legitimate users are allowed to use the application. If the legitimate users share the authentication information then the system is open to outsiders.
Design Diagrams
Use Case Diagram Control Flow Diagram Activity Diagram
Screenshots
Login Generate Add New User Converter Add New User Signing
LIMITATIONS
Small encryption exponent Small encryption exponent and small message Using the same key for encryption and signing Using a common modulus for different users Acting as an oracle
CONCLCONCLUSION
USICONCLUSION
Minimize the risk of dealing with imposter. Minimize the risk of undetected message tampering and forgery. Retains a higher degree of information security. Don't use the same RSA key for encryption and signing. Always format your input before encrypting or signing. When decrypting, check the format of the decrypted block. If it is not as expected, return an error message, not the decrypted string. Similarly, when verifying a signature, if there is any error whatsoever, just respond with "Invalid Signature".
GANTT CHART
RESEARCH
IDEA AND CONCEPT
STRUCTURE
INTERFACE DESIGN
BUILD WEBSITE
TESTING
0 5 10 15 20 25 30 35
NO.OF DAYS TO COMPLETESTART DATE
THANK YOU
Recommended