Research of digital signature implementation and usage inside an organization / Skaitmeninio parašo diegimo ir naudojimo organizacijoje tyrimas

Valušytė, Eglė

19 June 2008

While all the modern world is moving to the electronic space and the services are assuming a digital form, one also gives thought to the means to approach to this more and more often, and one of many of the means is digital signature. Electronic signature would even overtake its inky prototype not only in science or IT business, but also in the heads of the consumers, if there were not any traditional, organizational barriers, any fear of innovations and uncertainty amongst many other factors that are useful to explore. The most popular implementation of digital signature - PKI (Public key infrastructure) – can fill a lot more than one function; the variety of all of the PKI application areas is very wide. Also known as assymetric cryptography, PKI can provide an opportunity not only to sign a document, but also a reverse process is possible, that is to communicate safely in the Internet or other net using public key for encoding and private key for decoding. The paper strives to point out the essence and the main principles of PKI, to disclose its possibilities and means for the organizations and the users, to analyse the empirical information in an organization, to measure the current PKI situation in Lithuania also touching Europe, to reveal the mindset and behaviour peculiarities of a potential user of the digital signature. / Visam šiuolaikiniam pasauliui persikeliant į elektronines erdves, paslaugoms įgaunant skaitmeninę formą, vis dažniau susimąstoma ir apie visas priemones tam pasiekti, iš kurių viena – e.parašas. E.parašas kai kuriais atžvilgiais netgi lenktų rašalinį savo prototipą ne tik moksle ir IT versle, bet ir vartotojų galvose, jei ne tradiciniai, organizaciniai barjerai, naujovių ir nežinomybės baimė, bei daugelis kitų veiksnių, kuriuos naudinga ištirti. Labiausiai paplitusi e.parašo realizacija PKI (Public key infrastructure) – viešojo rakto infrastruktūra – gali atlikti žymiai daugiau nei vieną funkciją, visos PKI taikymo sričių įvairovės darbe nepavyktų atskleisti dėl vietos ir laiko stokos. Dar vadinama asimetriniu šifravimu, PKI gali ne tik suteikti galimybę pasirašyti dokumentą, bet įmanomas ir atvirkštinis procesas, t.y., užšifravimui naudojant viešąjį, o iššifravimui – privatųjį raktą, saugiai komunikuoti internete ar kitame tinkle. Darbas siekia parodyti PKI esmę ir pagrindinius principus, atskleisti galimybes ir priemones organizacijoms ir vartotojams, išanaliztuoi empirinę informaciją organizacijoje, įvertinti dabartinę PKI situaciją Lietuvoje, paliečiant Europą, atskleisti galimo skaitmeninio parašo vartotojo elgsenos ypatumus.

Informatics

Digital signature

PKI

Organization

Skaitmeninis parašas

PKI

Organizacija

Digital Signature : Comparative study of its usage in developed and developing countries

Thangavel, Jayakumar

January 2014

The online trading is growing widely day by day, which makes safety the biggest concern while carrying out trading by electronic means. As many other operations can be done with digital environment and internet, operation that provides identity validation should also be added to the digital environment. When data are transferred, the user should make sure that there are no changes in the original data while transferring them from sender to receiver. And it has also become necessary to authenticate the users often to ensure security and to avoid fraud. There are lot of different ways of online identification, in which digital signature is considered to be one of the powerful way of authentication. So, the online user use digital signature to authenticate the sender and to maintain the integrity of the document sent. In this paper, a study is carried out to identify the usage of digital signature and the perspective of people towards it in developed and developing countries and a survey is taken to support the theory.

Digital signature

Cryptography

Authentication

Public Key Cryptography

Comparative study

Aplikace pro elektronický podpis a časové razítko / Application for digital signature and timestamping

Remiaš, Miroslav

January 2009

In general, the Internet represents an unsecured medium of data transfer. Besides the rising popularity of the Internet, the matters of safety are getting to the foreground of importance. Anybody would be able to gain access to the computer network or to other valuable information if no algorithm of verifying the genuineness of identity were used. It is necessary to secure not only the access to the documents but also the content itself, which could be modified during the transfer through an unsecured medium. Last but not least, without the discretion provided by cryptography, the information may become literally public. To provide security and protection for the communicating participants the problems mentioned above are solved with the help of cryptographic techniques. The verification of the identity and the integrity of messages, the credibility of document’s ownership and safe data transfer through an unsecured medium are all the aspects, which the field of communication security on the Internet, thus the public key infrastructure, deals with. The electronic signature, as a part of the security area, is one of many advertised themes nowadays in Czech Republic. The aim of this master’s thesis is to acquaint the reader with the necessary technological procedures of digital signature, such as cryptographic techniques, public key infrastructure and timestamp. The practical part of this thesis consists of a suggested implementation of a web application in the programming language ASP.NET, which forms a certification authority with an opportunity of claiming a timestamp to authorize timestamps. After the problematic of cryptography was explained in the first chapter, the term of electronic signature has been introduced in the second chapter. Very important information, as far as the electronic signature of documents is concerned, is the time of the document’s creation and the subsequent signature verification by an appropriate authority. So the following part of the thesis is dedicated to the timestamp and to the authority of its verification. The fourth section deals with the large scale of public key infrastructure. The fifth part focuses on the description of the support for the whole problem mentioned so far using Microsoft’s programming language ASP.NET. The final sixth chapter represents the practical part of the thesis, namely the web application itself, where the individual modules of the application with its functions are described.

Analysis of Non-Interactive Zero Knowledge Proof

Hegde, Suprabha Shreepad

02 November 2018

No description available.

Computer Science

zero knowledge proof

digital signature

hash function

A Session Initiation Protocol User Agent with Key Escrow

Hossen, MD. Sakhawat

January 2009

Voice over Internet Protocol (VoIP), also called IP telephony is rapidly becoming a familiar term and as a technology it is invading the enterprise, private usage, and educational and government organizations. Exploiting advanced voice coding & compression techniques and bandwidth sharing over packet switched networks, VoIP can dramatically improve bandwidth efficiency. Moreover enhanced security features, mobility support, and cost reduction features of VoIP are making it a popular choice for personal communication. Due to its rapid growth in popularity VoIP is rapidly becoming the next generation phone system. Lawful interception is a mean of monitoring private communication of users that are suspected of criminal activities or to be a threat to national security. However, government regulatory bodies and law enforcement agencies are becoming conscious of the difficulty of lawful interception of public communication due to the mobilitysupport and advanced security features implemented in some implementations of VoIP technology. There has been continuous pressure from the government upon the operators and vendors to find a solution that would make lawful interception feasible and successful. Key escrow was proposed as a solution by the U. S. National Security Agency. In key escrow the key(s) for a session are entrusted to a trusted third party and upon proper authorization law enforcement agencies can receive the session key(s) from this trusted third party However, key escrow adds some security vulnerabilities and potential risks as an unethical employee of the key escrow agent (or a law enforcement agency that has received the session key(s)) can misuse the key(s) to forge content of a communication session -- as he or she possesses the same key(s) as the user used for this session. This thesis addresses the issue of forged session content, by proposing, implementing, and evaluating a cryptographic model which allows key escrow session content. The implementation utilizes an existing implementation of a Session Initiation Protocol (SIP) user agent ‘minisip’ developed at KTH. The performance evaluation results suggest that the proposed model can support key escrow while protecting the user communication from being forged with the cost of minimal computational resource and negligible overhead. without the possibility of undetectable fabrication of  session content. The implementation utilizes an existing implementation of a Session Initiation Protocol (SIP) user agent ‘minisip’ developed at KTH. The performance evaluation results suggest that the proposed model can support key escrow while protecting the user communication from being forged with the cost of minimal computational resource and negligible overhead.

Lawful Interception

Key escrow

SRTP

MIKEY

PKI

Digital Signature

Security Architecture for the TEAMDEC System

Wang, Haiyuan

06 August 1999

The prevalence of the Internet, client/server applications, Java, e-commerce, and electronic communications offers tremendous opportunities for business, education and communication, while simultaneously presenting big challenges to network security. In general, the web was designed with little concern for security. Thus, the issue of security is important in the design of network-based applications. The software architecture proposed in this thesis allows for the secure and efficient running of a team-based decision support system, specifically TEAMDEC. Based on the system's requirements and architecture, three types of possible attacks to the system are identified and a security solution is proposed that allows for user authentication, secure communication, and script access control. The implementation of these features will reduce security risk and allow effective use of the valuable system information data. / Master of Science

Network Security

Cryptography

Authentication

Digital Signature

Key Agreement

Java

TEAMDEC

Points of High Order on Elliptic Curves : ECDSA

Kouchaki Barzi, Behnaz

January 2016

This master thesis is about Elliptic Curve Digital Signature Algorithm or ECDSA and two of the known attacks on this security system. The purpose of this thesis is to find points that are likely to be points of high order on an elliptic curve. If we have a point P of high order and if Q = mP, then we have a large set of possible values of m. Therefore it is hard to solve the Elliptic Curve Discrete Logarithm Problem or ECDLP. We have investigated on the time of finding the solution of ECDLP for a certain amount of elliptic curves based on the order of the point which is used to create the digital signatures by those elliptic curves. Method: Algebraic Structure of elliptic curves over finite fields and Discrete logarithms. This has been done by two types of attacks namely Baby Step, Giant Step and Pollard’s Rho and all of the programming parts has been done by means of Mathematica. Conclusion: We have come into a conclusion of having the probable good points which are the points of high order on elliptic curves through the mentioned attacks in which solving the ECDLP is harder if these points have been used in generating the digital signature. These probable good points can be estimated by means of a function we have come up with. The input of this function is the order of the point and the output is the time of finding the answer of ECDLP.

Digital signature (DS.)

Baby Step

Giant Step (Bs.Gs.)

Pollard’s Rho

PKI/PMI AND SMART TOKENS IN HEALTHCARE INFORMATION SYSTEMS

Liu, Hailong, Qi, Wenhua, Zhang, Qishan, Wu, Jinpei

10 1900

International Telemetering Conference Proceedings / October 20-23, 2003 / Riviera Hotel and Convention Center, Las Vegas, Nevada / While healthcare industry is striving to achieve e-health systems for improvements in healthcare quality, cost, and access, privacy and security about medical records should be considered carefully. This paper makes a deep study of Public Key Infrastructures (PKIs) and Privilege Management Infrastructures (PMIs) and how they can secure e-health systems. To access resources, e.g. patient records, both authentication and authorization are needed, so public key certificates and attribute certificates are both required to protect healthcare information. From a typical medical scenario, we see not only static but also dynamic permissions are required. Dynamic authorization maybe the most complex problem in e-health systems.

security

PKI

PMI

public key certificate

attribute certificate

smart token

e-health

digital signature

EFFICIENT AND SCALABLE NETWORK SECURITY PROTOCOLS BASED ON LFSR SEQUENCES

Chakrabarti, Saikat

01 January 2008

The gap between abstract, mathematics-oriented research in cryptography and the engineering approach of designing practical, network security protocols is widening. Network researchers experiment with well-known cryptographic protocols suitable for different network models. On the other hand, researchers inclined toward theory often design cryptographic schemes without considering the practical network constraints. The goal of this dissertation is to address problems in these two challenging areas: building bridges between practical network security protocols and theoretical cryptography. This dissertation presents techniques for building performance sensitive security protocols, using primitives from linear feedback register sequences (LFSR) sequences, for a variety of challenging networking applications. The significant contributions of this thesis are: 1. A common problem faced by large-scale multicast applications, like real-time news feeds, is collecting authenticated feedback from the intended recipients. We design an efficient, scalable, and fault-tolerant technique for combining multiple signed acknowledgments into a single compact one and observe that most signatures (based on the discrete logarithm problem) used in previous protocols do not result in a scalable solution to the problem. 2. We propose a technique to authenticate on-demand source routing protocols in resource-constrained wireless mobile ad-hoc networks. We develop a single-round multisignature that requires no prior cooperation among nodes to construct the multisignature and supports authentication of cached routes. 3. We propose an efficient and scalable aggregate signature, tailored for applications like building efficient certificate chains, authenticating distributed and adaptive content management systems and securing path-vector routing protocols. 4. We observe that blind signatures could form critical building blocks of privacypreserving accountability systems, where an authority needs to vouch for the legitimacy of a message but the ownership of the message should be kept secret from the authority. We propose an efficient blind signature that can serve as a protocol building block for performance sensitive, accountability systems. All special forms digital signatures—aggregate, multi-, and blind signatures—proposed in this dissertation are the first to be constructed using LFSR sequences. Our detailed cost analysis shows that for a desired level of security, the proposed signatures outperformed existing protocols in computation cost, number of communication rounds and storage overhead.

Authentication

digital signature

signature aggregation

blind signature

LFSR sequences

Computer Engineering

Engineering

A Novel Authenticity of an Image Using Visual Cryptography

Koshta, Prashant Kumar, Thakur, Shailendra Singh

01 April 2012

Information security in the present era is becoming very important in communication and data storage. Data transferred from one party to another over an insecure channel (e.g., Internet) can be protected by cryptography. The encrypting technologies of traditional and modern cryptography are usually used to avoid the message from being disclosed. Public-key cryptography usually uses complex mathematical computations to scramble the message. / A digital signature is an important public-key primitive that performs the function of conventional handwritten signatures for entity authentication, data integrity, and non-repudiation, especially within the electronic commerce environment. Currently, most conventional digital signature schemes are based on mathematical hard problems. These mathematical algorithms require computers to perform the heavy and complex computations to generate and verify the keys and signatures. In 1995, Naor and Shamir proposed a visual cryptography (VC) for binary images. VC has high security and requires simple computations. The purpose of this thesis is to provide an alternative to the current digital signature technology. We introduce a new digital signature scheme based on the concept of a non-expansion visual cryptography. A visual digital signature scheme is a method to enable visual verification of the authenticity of an image in an insecure environment without the need to perform any complex computations. We proposed scheme generates visual shares and manipulates them using the simple Boolean operations OR rather than generating and computing large and long random integer values as in the conventional digital signature schemes currently in use.

Digital signature scheme

Visual cryptography

RSA signature

DSA signature

Boolean OR operation