Technical and legislative aspects regarding the digital signature.
Robu, Raul ; Voisan, Emil ; Ungureanu, Dan 等
1. INTRODUCTION
The high performances reached by the information technology during
the last years and its decreasing costs made it possible to present,
manipulate and archive documents more and more in an electronic format.
In this process, an essential role is played by the digital signature
(NIST, 1994), the instrument through which the content of an electronic
document and its issuer are authenticated in an almost infallible
manner.
2. THE PRINCIPLE OF THE DIGITAL SIGNATURE
The digital signature is implemented using cryptographic methods
with two keys: a private key and a public key, in the concept introduced
by Diffie and Hellman, from Stanford University (Diffie & Hellman,
1976). The first key must have a maximum secrecy regime and that is why
it is known only by its owner, being named the private key (PRIV). The
second key, on the other hand, is made public, that is the reason it is
called a public key (PUB). Both keys are in fact string of bits,
provided by a special program. While the public key can be issued
anywhere in the world, the private key must be kept in a safe place.
That is why the private key is usually stored on a secured cryptographic
device (etoken or smart card, which can be accessed only by entering a
password, the PIN code) and cannot be extracted from this device in a
comprehensible form, but only as a cryptogram. The public key is
included on a digital certificate which is also stored on the secured
cryptographic device. The certificate may be exported and published on
the Internet because it does not contain confidential information.
3. THE MATHEMATICAL FUNDAMENTALS OF THE DIGITAL SIGNATURE
The existing implementations of the digital signature systems, most
often use the following cryptographic algorithms:
* MD2, MD5 -"Message Digest"- (Wang & Yu, 2005),
created by Ronald Rivest and SHA -"Secure Hash Algorithm"-,
created by the USA Standards Institute for digital signature (NIST,
2002), all used for digest's extraction;
* RSA, created by Rivest, Shamir and Adleman (Rivest et al., 1978),
El Gamal (El Gamal, 1985) and DSA -"Digital Signature
Algorithm"- (NIST, 1994), all used for digest's encryption /
decryption.
4. SIGNING AND CHECKING THE SIGNATURE OF THE DOCUMENTS
In practical implementations, the public key algorithms are often
inefficient and slow. In order to decrease the time, a digest of the
document is realized based on a hash function (Fig. 1).
Signing document M (Fig 1.) determines the following actions
(Patriciu et al., 2001):
* the digest D of the document M is done with the help of a hash
function (SHA1, SHA2, MD2, MD5);
* the document digest is ciphered with the private key of the
releaser (which is stored on a secured device) and its obtained a
cryptogram S which represents the digital signature, which is attached
to the document M;
* the digital certificate which contains the public key is attached
to document M, operation which allows the verification, respectively the
validation of the signature.
The encrypting algorithms have a great crypto-complexity, generally
based on complex mathematical operations, with huge numbers (hundreds of
decimal numbers or thousands of bits).
The digital signature protocol guarantees that (Patriciu &
& Ene-Pietrosanu, 2001):
a. the signature is authentic, because it can be verified only with
the public key of the releaser;
b. the signature cannot be forged, because only the releaser knows
his own secret key;
c. the signature is not reusable, because it depends on the content
of the document which is encrypted;
d. the signature is not alterable, because any alteration of the
content of the document results in the fact that the signature cannot be
validated with the public key of the releaser;
e. the signature is not reputable, because the only one who had the
necessary instruments to sign is the releaser and that is why the
verification / validation process which takes place at the receptor,
does not even involve the releaser.
[FIGURE 1 OMITTED]
[FIGURE 2 OMITTED]
The signature is checked through 3 steps (fig. 2) (Patriciu et al.,
2001):
* a new digest of the alleged signed document is created
* the signed digest is decrypted with the public key of the
releaser
* the 2 digests are compared and if there is coincidence the
signature is validated.
5. INSURING CONFIDENTIALITY
The pair of keys can be used not only to sign and check the
signature, but also in order to insure the confidentiality of the
documents. If a signatory X desires to send a confidential document to a
signatory Y, signatory X may encrypt the document using the public key
of signatory Y. In this way, only signatory Y will be able to decrypt the document with the help of his private key.
6. LEGISLATIVE ASPECTS
A series of documents settle, from a legislative perspective, the
digital signature concept and the way it is used in EU (EP & EC,
2000).
The Directive 1999/93/EC of the European Parliament and of the
Council of 13 December 1999 on a Community framework for electronic
signatures (EP & EC, 2000) introduces the following fundamental
definitions:
The digital signature represents data in an electronic format,
which are attached or logically associated with other electronic data
and which serve as an authentication method.
The extended digital signature represents the digital signature
which fulfills all of the following conditions:
a) it is linked in an unique manner to the signatory
b) it insures the identification of the signatory
c) it is created through means exclusively controlled by the
signatory
d) it is linked to the electronic data that it is related to, in
such a manner that any ulterior modification of these data can be
identified.
A signatory is a person who possesses a device which creates the
digital signature and who acts for himself or as a representative of a
third party.
Digital signature creation data are any electronic data with a
unique character, such as codes, or private cryptographic keys, which
are used by the signatory to create a digital signature.
A digital signature creation device is a configured software and /
or hardware, used for the implementation of the data necessary for the
creation of the digital signature.
A secured digital signature creation device is the device that
creates the digital signature which fulfills all the following
conditions:
a) the data for the creation of the signature, used to generate it,
must appear only once and their confidentiality must be insured
b) the data necessary for the creation of the digital signature,
used to generate it, must not be inferred
c) the signature must be protected against forgery by the technical
instruments available at the time it is generated
d) the data for the creation of the digital signature must be
effectively protected by the signatory against being used by
unauthorized persons
e) it must not alter the data to be signed or prevent such data
from being presented to the signatory prior to the signature process.
Digital signature verification data are electronic data, such as
codes or public cryptographic keys, which are used with the purpose of
checking/verifying a digital signature.
A digital signature verification device is a configured software
and / or hardware, used for the implementation of the data needed for
the checking of the digital signature.
A digital certificate is a collection of electronic data which
attest the link between the data used for the verification of the
digital signature and a person confirming the identity of that person.
7. CONCLUSIONS
The digital signature has the following attributes: it is
authentic, it cannot be forged, it is not reusable, it is not alterable
and it is not reputable.
Digital signature offers many advantages and can be used in a wide
range of applications, being able to substitute hand signature in any
domain. This solution eliminates hard copies and assures important time
reductions, allowing the achievement of remote transactions between
individuals and / or institutions.
The digital signature also guarantees that there were no text
adding or changing operations in the document after the document was
signed. This cannot be guaranteed while using the hand signature.
This paper presents a systematic description of the technical and
legislative aspects regarding the digital signature, based on the
authors' practical experience in implementing digital signature in
hospitals and territorial work inspectorates from several counties of
Romania.
8. REFERENCES
Diffie, W. & Hellman, M. (1976). New directions in
cryptography, IEEE Transactions on Information Theory, Vol. 22 (Nov.
1976), pp. 644-654, ISSN 0018-9448
El Gamal, T. (1985), A public key cryptosystem and a signature
scheme based on discrete logarithms, IEEE Transactions on Information
Theory, Vol. 31 (Jul. 1985), pp.469-472, ISSN 0018-9448
EP--The European Parliament and the EC--European Council (2000).
Directive 1999/93/EC, a community framework for electronic signatures,
Official Journal of the European Communities (Jan. 2000), pp. 12-20
NIST--National Institute of Standards and Technology (1994).
Announcing the Standard for Digital Signature Standard (DSS), FIPS 186
(1994)
NIST--National Institute of Standards and Technology (2002).
Announcing the Secure Hash Standard, FIPS 180-2 (2002)
Patriciu, V.V.; Ene-Pietrosanu, M.; Bica, I.; Vaduva, C. &
Voicu, N. (2001). Security of electronic commerce, Bic All, ISBN 973-571-325-X, Romania
Patriciu, V.V. & Ene-Pietrosanu, M. (2001). New technologies
regarding the Internet's security, Revista Informatica Economica,
Nr 1 (17), (2001), pp. 60-68
Rivest, R.; Shamir, A. & Adleman, L. (1978). A method for
obtaining digital signatures and public key cryptosystems,
Communications of the ACM, Vol. 21 (Feb. 1978), pp. 120-126, ISSN
0001-0782
Wang, X. & Yu, H.; (2005). How to Break MD5 and Other Hash
Functions, Advances in Cryptology--EUROCRYPT, Vol. 3494/2005, pp. 19-35,
ISSN 0302-9743
