Digital Signature Essay Example For Students

Digital Signature Essay Digital Signatures CONTENTS 1. ABSTRACT 2. INTRODUCTION 3. DESIGN PRINCIPLES EXPLANATION 3. 1. MODULES 3. 2. MODULE DESCRIPTIOIN 4. PROJECT DICTIONARY 4. 1. DATAFLOW DIAGRAMS 5. FORMS REPORTS 5. 1. I/O SAMPLES 6. BIBILIOGRAPHY 1. ABSTRACT The security of information available to an organization was primarily provided through physical and administrative means. For example, rugged file cabinets with a combination lock were used for storing sensitive documents and personnel screening procedures were employed during the hiring process. With the introduction of the computer, the need for automated tools for protecting files and other information stored on the computer became evident. This is especially the case for a shared system and the need is even more acute for a network. Computer networks were primarily used by university researches for sending e-mail, and by corporate employees for sharing printers. Under these conditions, security was not given much attention. Today, since the world is going global, and trillions of data are transferred daily across networks, security is looming on the horizon as a potentially massive problem. The generic name for the collection of tools designed to protect data and to thwart hackers is Computer Security. In the project titled â€Å"Digital Signatures† security is ensured in the Messaging System of an organization. In this application, if an employee wishes to send confidential information to another employee connected through the intranet of their organization, he first signs the message and then sends it to the recipient. He signs the message using Digital Signatures. The person who receives the message validates the sender and if the message is from an authorized employee, he reads the message. The above operation is performed using Digital Signature Algorithm (DSA). This application makes sure that the security services Authentication, Secrecy, Integrity, and Non-repudiation are provided to the user. Therefore, intruders cannot gain access to classified information. 2. INTRODUCTION Scope The project is confined to the intranet in an organization. This application makes sure that security services such as secrecy, authentication, integrity and non-repudiation are provided to the communicating parties. Objective This project has been developed keeping in view the security features that need to be implemented in the networks following the fulfillment of these objectives: †¢ To develop an application that deals with the security threats that arise in the network. †¢ To enable the end-users as well as the organizations come out with a safe messaging communication without any threats from intruders or unauthorized people. †¢ To deal with the four inter-related areas of network security namely Secrecy, Authentication, Non-repudiation and Integrity. Project Overview This application makes use of Digital Signature Algorithm (DSA) along with a hash function. The hash code is provided as input to a signature function along with a random number generated for this particular signature. The signature function also depends on the sender’s private key and a set of parameters known to a group of communicating principals. This set constitutes a global public key. The result is a signature consisting of two components. At the receiving end, verification is performed. The receiver generates a quantity that is a function of the public-key components, the sender’s public key, and the hash code of the incoming message. If this quantity matches with one of the components of the signature, then the signature is validated. This application makes sure that the security services Authentication, Secrecy, Integrity, and Non-repudiation are provided to the user. †¢ This application allows to keep the information out of the hands of unauthorized persons. This is called Secrecy. †¢ It also deals with determining whom a person is communicating with before revealing sensitive information or entering a business deal. This is called Authentication. †¢ Non-repudiation deals with proving that a particular message was sent by a particular person in case he denies it later. Integrity makes sure whether a particular message has been modified or something has been added to it. The project mainly deals with maintenance of the above mentioned security services thereby allowing the users as well as the network organizations to keep track of intrusions and thus enhancing the security services. Existing sys tem These days almost all organizations around the globe use a messaging system to transfer data among their employees through their exclusive intranet. But the security provided is not of high standards. More and more unauthorized people are gaining access to confidential data. Disadvantages: †¢ The validity of sender is not known. †¢ The sender may deny sending a message that he/she has actually sent and similarly the receiver may deny the receipt that he/she has actually received. †¢ Unauthorized people can gain access to classified data. †¢ Intruders can modify the messages or the receiver himself may modify the message and claim that the sender has sent it. Proposed system The system will provide the following security services: Confidentiality: Confidentiality is the protection of transmitted data from passive attacks. Contents Introduction Overview of Diabetes Type I EssayIt uses an algorithm that is designed to provide only the digital signature function. Unlike RSA, it cannot be used for encryption or Key exchange. Nevertheless, it is a public-key technique. RSA Approach In the RSA approach, the message to be signed is input to a hash function that produces a secure hash code of fixed length. This hash code is then encrypted using the sender’s private key to form the signature. Both the message and the signature are then transmitted. The recipient takes the message and produces a hash code. The recipient also decrypts the signature using the sender’s public key. If the calculated hash code matches the decrypted signature, the signature is accepted as valid. Because only the sender knows the private key, only the sender could have produced a valid signature. where M = Message H = Hash Function E = Message Digest at the Sender’s side D = Message Digest at the Receiver’s side KRa = Sender’s Private Key KUa = Sender’s Public Key DSS Approach The Digital Signature Standard approach also makes use of a hash function. The hash code is provided as input to a signature function along with a random number generated for this particular signature. The signature function also depends on the sender’s private key and a set of parameters known to a group of communicating principals. This set constitutes a global public key. The result is a signature consisting of two components. where M = Message H = Hash Function KRa = Sender’s Private Key KUa = Sender’s Public Key KUG = Group Public Key r, s = Signature k = Random Number Sig = Signature Function Ver = Verification Function Disadvantage of RSA over DSA RSA does not use a hash function, it encrypts the message. The length of the encrypted code is same as that of the original message which leads to 100% overhead. This implies more processor overload and increase in processing time. DSA uses a hash function which takes large amounts of data and gives a fixed length message digest. This implies less overhead. Hence DSA is preferred over RSA for Digital Signatures. SECURE HASH ALGORITHM (SHA-1) This application makes use of the Secure Hash Algorithm (SHA-1). The SHA-1 algorithm takes as input a message with a maximum length of less than 264 bits and produces as output a 160-bit message digest. The input is processed in 512-bit blocks. The processing consists of the following steps: Step 1 : Appending padding bits The message is padded so that its length is congruent to 448 modulo 512 (length = 448 mod 512). Padding is always added, even if the message is already of the desired length. Thus, the number of padding bits is in the range of 1 to 512. The padding consists of a single 1-bit followed by the necessary number of 0-bits. Step 2 : Append Length. A block of 64 bits is appended to the message. This block is treated as an unsigned 64-bit integer (most significant byte first) and contains the length of the original message (before the padding). Step 3 : Initialize MD buffer. A 160-bit buffer is used to hold intermediate and final results of the hash function. The buffer can be represented as five 32-bit registers ( A, B, C, D, E ). These registers are initialized to the following 32-bit integers (hexadecimal values): A = 67452301 B = EFCDAB89 C = 98BADCFE D = 10325476 E = C3D2E1F0 These values are stored in big-endian format, which is the most significant byte of a word in the low-address byte position. As 32-bit strings, the initialization values (in hexadecimal values) : word A = 67 45 23 01 ord B = EF CD AB 89 word C = 98 BA DC FE word D = 10 32 54 76 word E = C3 D2 E1 F0 Step 4 : Process message in 512-bit (16-word ) blocks. The heart of the algorithm is a module that consists of four rounds of processing of 20 steps each. The four rounds have a similar structure, but each uses a different primitive logical function, which we refer to as f1, f2, f3, and f4. Each round takes as input the current 512-bit block being proce ssed (Yq) and the 160-bit buffer value ABCDE and updates the contents of the buffer. Each round also makes use of an additive constant Kt, where 0