What kind of electronic document contains a public key?
|
Shubhani
Aggarwal, Neeraj Kumar, in Advances in Computers, 2021 A digital signature algorithm refers to a standard for digital signatures, which is based on the algebraic properties of discrete logarithm problem and modular exponentiations based
on public-key cryptosystems principal. Digital signatures are work on the principle of two mutually authenticating cryptographic keys, i.e., a public key and a private key. In this chapter, we have discussed the digital signature algorithm, elliptic curve digital signature algorithm (ECDSA), and Edward curve digital signature algorithm (EdDSA). With this, the detailed working and cryptographic functionality of these algorithms are described. Read full chapter URL: https://www.sciencedirect.com/science/article/pii/S0065245820300590 Security
Vlasios Tsiatsis, ... Catherine Mulligan, in Internet of Things (Second Edition), 2019 6.2.2.2 Asymmetric authenticationA digital signature is an example of an asymmetric authentication mechanism. It differs from the previously described MAC in that a digital signature is generated using the private key of a public/private key pair. This demonstrates asymmetric functionality, and seeing the private key should only be known to the sender, the digital signature proves that the message could only have emanated from the holder of that private key and is therefore authentic. There are numerous Digital Signature Algorithms. These include algorithms such as DSA, SHA with RSA, ECDSA, and ElGamal. During the initial development of low-power IoT security schemes based around WSN-type technologies, it was thought that digital signatures were too computationally expensive. Notwithstanding, there are a number of implementations that have been proven feasible for the resource-constrained IoT technology. Read full chapter URL: https://www.sciencedirect.com/science/article/pii/B9780128144350000183 Security in Wireless SystemsVijay K. Garg, in Wireless Communications & Networking, 2007 Digital SignatureA digital signature provides a secure and authenticated message transmission (enabled by public key enabling (PKE)). It provides proof identifying the sender. The digital signature includes the name of the sender and other key contents (e.g., date, time, etc). The features of the digital signature method are discussed below: •A digital signature can be used to ensure that users are who they claim to be. •The signing agency signs a document, m, using a private decryption key, dB, and computes a digital signature dB(m). •The receiver uses the agency's public key, eB, and applies it to the digital signature, dB(m), associated with the document, m, and computes eb[db(m)] to produce m. •This algorithm is very fast, especially with hash functions. •It is only used in message authentication codes when a secure channel is used to transmit unencrypted messages, but needs to verify their authenticity. •It is also used in the secure channels of a secure socket layer (SSL). Read full chapter URL: https://www.sciencedirect.com/science/article/pii/B9780123735805500478 EncryptionSharon K. Black Attorney-at-Law, in Telecommunications Law in the Internet Age, 2002 9.4.2 Digital SignaturesSending Process—Creation of a Digital SignatureSince a digital signature is created when a sender uses his or her private key to encrypt a message, it is, therefore, an integral part of the encryption process. As such, encryption provides, at no additional cost, nonforgible electronic signatures that are far more secure, reliable, accurate, and verifiable than a handwritten signature. For this reason, they prevent confusion and fraud in the Internet Age and provide the security required by persons doing business in a non—face-to-face manner. As such, digital signatures will be an increasingly important technology in the new Internet Age. They provide the means for any intended recipient to receive a highly secure, identifiable private message that cannot be altered or decrypted by others. Without this digital verification, e-commerce and advanced uses of communication could not proceed to its fullest potential. 1991/1993—U.S. Digital Signature Algorithm (DSA)Since the National Institute of Standards and Technology (NIST) was given responsibility for computers and related systems in the Brooks Act of 1965, it reviewed encryption and digital signature issues for the United States in the 1970s and 1980s, even before people realized the importance of digital signatures to commerce and other official communications. However, it wasn't until a quarter of a century later, in August 1991, that NIST announced its selection of the United States's digital signature standard, called the digital signature algorithm (DSA). The DSA, developed by an employee of the National Security Agency (NSA) was made available free to users with no royalties charged, but it was not broadly embraced because of its close connection to NSA. 1993—Digital Signature Standard (DSS)As a result, two years later, in June 1993, NIST announced a second, more refined standard known as the digital signature standard (DSS). NIST first issued its Notice of Approval for the DSS on May 19, 1994.25 When it received no negative comments, it proceeded with its recommendation to the White House and U.S. Congress. Both approved the DSS as the U.S. standard in 1994 and reconfirmed it four years later, on December 9 1998.26 It continues to be the standard used for digital used for digital signature technology in the United States today. 1999—Millennium Digital Commerce Act (MDCA)Based on this standard, the next year, in 1999, Senator Spencer Abraham (R, Michigan) sponsored the Millennium Digital Commerce Act (MDCA) to “ensure that individuals and organizations in different states are held to their agreements and obligations even if their respective state have different rules concerning electronically signed documents.” The proposed MDCA sought to (1) prohibit individual state laws from restricting the legality of digital contracts simply because they are in electronic form, (2) establish guidelines for international use of electronic signatures that would remove obstacles to electronic transactions, and (3) allow the market to determine the type of authentication technology used in international commerce. 2000—Electronic Signatures in Global and National Commerce Act (E-SIGN Commerce Act), June 30, 2000Springboarding off the support generated by the proposed Millennium Digital Commerce Act, the U.S. Congress passed the Electronics Signatures in Global and National Commerce Act (E-SIGN Commerce Act) of 2000, also known as the Digital Signature Act (DSA), enacted on June 30, 2000. The DSA affirmed the legal validity of digital signatures for e-commerce transactions, contracts, and court documents. For this reason, it is an enormously important law in the new Internet Age. The two major reasons Congress passed the Digital Signature Act were: digital signatures are superior to handwritten signatures, in that they cannot be forged or later denied, and numerous commerce and trade groups, plus many judicial courts petitioned in strong support of them. This new law has generated numerous activities that are best tracked through sources such as the Digital Signatures: A Practitioners Checklist found at http://www.macleoddixon.com/04public/Articles/digsig.pdf. Read full chapter URL: https://www.sciencedirect.com/science/article/pii/B9781558605466500314 Security and EncryptionPeter Wayner, in Agents Unleashed, 1995 14.5 Digital Signature StandardThe Digital Signature Standard emerged from the National Institute of Standards and Technology (NIST, Gaithersburg, MD) in 1991 with the federal government's express hope that it would become widely used to authenticate documents. The standand consisted of the Secure Hash Algorithm, discussed in section 14.4.1, and a Digital Signature Algorithm (DSA), which is similar in the most abstract sense to RSA. The most significant difference, though, between RSA and the DSA was that the DSA could not be used to keep secrets. The algorithm won't lock something away, it will just allow you to verify that it is unchanged. This distinction is an important one to a government that maintains that cryptography is a munition that might be used against the state. Any implementation of DSA can be exported but RSA can't. The DSA is discussed here for several reasons. One, people may want to create agent systems that can ship information across the U.S. borders. This is theoretically possible today with RSA. Two, governmental standards often become defacto general standards. It is entirely possible that, say, the IRS could set up a digital signature infrastructure that people could use to sign their tax forms. If they made the directory of public keys available to the world, then this might become the standard for the country. A trusted public-key infrastructure is needed before these signatures can become widely used. The third reason the DSA is included here is because a variant of it can be used in some forms of digital cash described in Chapter 15. Anyone considering using the DSA should be aware that many of the same questions about patent infringement still hold. The holders of the RSA patents, the Public Key Partners, maintain that the use of the DSA falls under the basic claims of the patents they hold. Anyone using the algorithm should pay them for the rights. The government, however, seems willing to fight this battle in court. At this writing in December 1994, there are no details about any settlement, so the public may want to lay low and wait for something to happen. 14.5.1 Digital Signature AlgorithmThe DSA is based upon the Schnorr and El Gamal signature algorithms [ElG85a, ElG85b] which both use the discrete log function as the basis of their security. That is, they rely upon the fact that it is easy to compute xn mod p given x,n, and some prime p but hard to invert this and find n if you start with x,p and xn mod p. Many people worked seriously on solving this problem and the current opinion is that prime numbers p of about 512 bits long are strong enough to resist attacks at this time. Longer primes will be needed soon.
The DSA begins with: •p— a prime number between 512 and 1024 bits long. NIST suggests increasing the lengths in quantized amounts, but this is not necessary. •q— a 160-bit prime factor of p − 1. •g=h p−1q such that h ≤ p − 1 and hp−1q>1 . •x is any number < q. •y = gx mod p To sign a message, 1.The sender computes the hash value of the message, call it H(m), and selects a random number k. 2.The sender computes r = (gk mod p) mod q and s = (k−l(H(m) + xr)) mod q. r and s constitute the signature. They're bound up with the message in an appropriate way. The signature is verified by computing: 1.w=s −1modq 2.u1=(H(m) ×w)modq 3.u2=(r×w )modq 4.u=((gu1×yu2)modq)modq 5.if υ = r then the signatures match and the document is verified. There are several ways that the DSA can be circumvented to include subliminal secret messages. The easiest way to understand how this can be done is to imagine trying to send a single bit. This can be accomplished by simply keep choosing a new random k until the output has a least-significant bit that matches the message. Doing this with larger messages is more complicated but is well documented in the work of Gus Simmons [Sim84, Sim85, Sim85, Sim93, Sim94]. Finally, readers might want to note that there is a Digital Signature Standard(DSS) that describes how to use the Digital Signature Algorithm. The terms are often used interchangeably even there are some differences. The algorithm is a mathematical construct. The standard is a guide for people in the federal government. Read full chapter URL: https://www.sciencedirect.com/science/article/pii/B9780127387659500198 A modified digital signature algorithm to improve the biomedical image integrity in cloud environmentBalasubramanian Prabhu Kavin, ... Arputharaj Kannan, in Advances in Computational Techniques for Biomedical Image Analysis, 2020 13.5 Conclusion and future worksThis paper developed a modified digital signature scheme for ensuring data integrity and authenticity of the bio-medical image data, which is shared in the cloud through the Internet. Here, the TPA checks the shared medical image whether it is damaged or modified by applying the proposed digital signature scheme. Moreover, an existing Adler32 hash function is used for creating digital signature with 8 bits and the proposed digital signature scheme provides 16 bits of output signature which is better than the existing digital signatures. Finally, the proposed scheme proves the efficiency according to the signature generation and verification times by conducting five different experiments. This model can be improved further with a new hash function instead of Adler32. Read full chapter URL: https://www.sciencedirect.com/science/article/pii/B978012820024700013X Emerging data encryption methods applicable to Energy InternetHajir Pourbabak, ... Wencong Su, in The Energy Internet, 2019 8.2 Importance of digital signatures in the Energy InternetA digital signature is a mathematical technique that appends a block of data to a message. The appended block of data allows a receiver to validate the authenticity and integrity of a message and the identity of a sender such as a fingerprint and a handwritten signature [20,21]. An efficient and practical digital signature may enable all prosumers and consumers to participate directly in a real-time retail electricity market based on the development of a prosumer/consumer-centric market [22]. The level of security provided by a classical digital signature (e.g., symmetric and asymmetric key cryptography) depends on certain unproven assumptions, such as the difficulty of the mathematical problem. Digital signature opportunities and challenges are investigated for various cryptography schemes in the next sections. Various security measures and digital signatures are designed to meet some important requirements, which guarantee cyber security and a fair e-commerce energy market (Fig. 8.1):  Figure 8.1. Requirements of various security measures and digital signatures. •Confidentiality: The contents of the message must be kept private while it travels among agents to protect the information from disclosure to unauthorized parties [3]. •Authentication (Credibility): The information embedded in a digital signature should help a receiver verify the origin of a document or the identity of the sender and other related information based on the type of document. For instance, the time and date of a signature in financial documents are important [23]. •Integrity (Inalterability): A digital signature ensures that no unauthorized alterations are made to the data during transmission [24]. •Public verifiability: This property indicates that a receiver of a signed message or document should be assured that all other receivers who receive a message from the same agent are able to verify the legitimacy of the same signature [23]. •Transferability: A third party can copy the sender's signature and transfer it to other parties to prove the authenticity of the sender. •Nonrepudiation: As an important aspect of digital signatures, the sender of a message, which is associated with a digital signature, cannot deny having signed a document that has a valid signature [25]. •Nonreusability: A digital signature is an inseparable part of an encrypted, signed document and cannot be detached and used for other documents [26]. •Unforgeability: Only a sender can produce a valid signature for the associated message. A receiver should not be able to reproduce a sender's signature for a new message [27]. Read full chapter URL: https://www.sciencedirect.com/science/article/pii/B9780081022078000084 Company ProfilesMark Lockie, in The Biometric Industry Report (Second Edition), 2002 4.5.4 Strategic InformationAlong with most other digital signature verification (dsv) companies, Cyber-SIGN believes that the signing of the Electronic Signatures Global and National Commerce (E-Sign) Act by the US Federal Government, and similar legislation internationally, will boost the company’s sales. Potential applications for the company’s products include electronic commerce, finance, healthcare, on-line banking, government, legal, security, workflow and other markets that require non-refutable, tamper-proof documents. Cyber-SIGN is already proving itself successful in Asian markets – in particular at Japanese telecoms company NTT, where some 100,000 employees are now believed to be using its dsv technology to secure email and to connect to the corporation’s central server for printing and signing letters from their desktop PCs. Whether the company can secure a foothold in the US market in the face of competition from companies such as CIC remains to be seen. However, the company’s long-term goal is to secure venture capital and float on the US stock exchange. The company’s main competitors include CIC in the USA, Softpro in Europe and Asia and to a lesser extent Wondernet, which operates primarily in the Middle East. Read full chapter URL: https://www.sciencedirect.com/science/article/pii/B9781856173940500098 Video Security and ProtectionMin Wu, Qibin Sun, in The Essential Guide to Video Processing, 2009 17.3.1 BackgroundThe basic diagram of a digital signature scheme is shown in Fig. 17.11. Given a video with arbitrary size, applying cryptographic hashing on the video to obtain its MAC (message authentication code) that is usually hundreds bits in length (e.g., 128 bits with MD5 algorithm and 160 bits with SHA-1 algorithm [4]), signing on the MAC to generate the crypto signature of the video by using the sender's private key, and sending the video together with the signature to the recipient. At the receiver site, the authenticity of the video is verified through the following steps: applying the same hash function, as used at the sending site, to obtain a MAC A. Decrypting the received signature using the sender's public key to obtain another MAC B. Comparing A and B bit by bit: the received video will be deemed unauthentic if any discrepancies, even one bit difference, occur. FIGURE 17.11. Block diagram of cryptographic signature schemes. However, in real applications of video streaming over the networks, the video to be sent is often required to be transcoded to adapt to various channel capacities (e.g., network bandwidth) as well as terminal capacities (e.g., computing and display power) [41]. Note that we essentially regard transcoding as the process of converting a compressed bit stream into lower rates. Such transcoding poses new challenges on authentication due to (1) the distortions introduced during video transcoding and network; (2) flexibilities of various video transcoding methods like dropping video frames or dropping video packets. In this section, we first present a content-level video authentication system, which is robust to frame resizing, frame dropping, requantization, and their combinations. We then present a stream-level video authentication scheme, which is robust to packet loss due to either bandwidth constraints or network reliability. All the schemes achieve an end-to-end authentication that is independent of specific transcoding design and balances the system performance in an optimal way. Read full chapter URL: https://www.sciencedirect.com/science/article/pii/B9780123744562000207 The Blockchain Technology for Secure and Smart Applications across Industry VerticalsShubhani Aggarwal, Neeraj Kumar, in Advances in Computers, 2021 4.2.2 B. Block verification using proof-of-workIn block verification process, Alice computes the digital signatures using private key (PK), which contains transactional database (TD) having the source IP address, destination IP address, unique identity, action performed, and the content having a set of transactions. Digital signatures is created by cryptographic hash algorithms such as SHA-512, SHA-256. The DS is computed by Alice using Eqs. (2) and 3 as follows. (2)TD=SHA−512(H||C) (3)DS=PK(TD) where H represents header, DS represents the digital signatures, and C denotes content. Now, the DS is sent to all the distributed nodes for authentication. Miner node computes the PoW for the authentication of DS using SHA-512. Here, Merkle hash tree is used to store the previous hash values. The PoW is calculated by miner node using Eqs. (4)–(6) as follows. (4) P1=SHA−512(C||MR(H )||previoushash) (5)P2=SHA−512(P1||t) (6)PoW=SHA− 512(P2||N) where, MR denotes Merkle root, t is a timestamp, and N is nonce (a random variable generated by miner nodes for finding PoW). Each miner node uses different or same nonce value at the same time to compute the PoW. If the computed PoW matches with the DS, then the miner node gets rewarded otherwise, the computed value of PoW is stored in the ledger of the distributed nodes. This process is repeated to create the validated blocks, which are then chained together to form a blockchain. The entire process of block verification is as shown in Fig. 14. Fig. 14. Block verification process. Read full chapter URL: https://www.sciencedirect.com/science/article/pii/S0065245820300644 What is the most common form of authentication for computer systems and networks?Passwords are the most common methods of authentication. Passwords can be in the form of a string of letters, numbers, or special characters.
What type of server runs Active Directory?The main Active Directory service is Active Directory Domain Services (AD DS), which is part of the Windows Server operating system. The servers that run AD DS are called domain controllers (DCs). Organizations normally have multiple DCs, and each one has a copy of the directory for the entire domain.
What authentication type is the default for Active Directory?In Active Directory domains, the Kerberos protocol is the default authentication protocol.
What is the name for the process of keeping track of user network activity?Accounting, also known as auditing, is the process of keeping track of a user's activity while accessing the network resources, including the amount of time spent in the network, the services accessed while there, and the amount of data transferred during the session.
|
