Digital Signature and its Vulnerabilities
The purpose of this document is to explain the specific properties of a digital signature. The document also provides justifications of the differences between direct and arbitrated digital signatures. Finally, the document gives an explanation as to what a suppress-replay attack necessitates. The following document is meant to enlighten the user of the different properties of digital signature and their vulnerabilities.
Digital Signature and its Vulnerabilities
Computers are a part of the modern lifestyle. However, when working with them at times the issue of security, information assurance and privacy usually arises. At times, the concern of digital signature frequently pops up when using the computer. It is essential to be informed of digital signatures and their properties. There might also be a time when one needs to know of the differences between types of digital signature and their vulnerabilities. Finally, one needs to know how to deal with these vulnerabilities.
Properties of a Digital Signature
A digital signature is a mathematical scheme used to demonstrate the dependability of a digital document. Digital signatures are commonly used in software distribution and in places where the user wants to detect forgery. It consists of a key algorithm that selects a private key uniformly from a set of private keys. In addition, it has a signing algorithm-producing signature that responds to the given message. Moreover, it is a signature-verifying algorithm that responds to the sent message. There are several properties that a digital signature must have. First, it must be genuine. This means that the person who signed it is real and intended to do so (Leiwo, 2003).
Secondly, the signature must be difficult to forge, meaning that the user is the only one entitled to sign and open the document. No one else is permitted to know of the signature, no person can act on behalf of the signer. The signature should be of quality without mistakes to avoid practicable attacks form outsiders. Digital signatures must not be re-usable, meaning after the document has been signed no part of the document can be displayed or made use of anywhere. It is not warranted for use anywhere else since the owner has locked the document with an algorithm password. The digital signatures cannot be renounced; once it is signed, the signer cannot deny that he signed the document. The signature must be easy to recognize. The user must use a signature that is easily recognizable and easy to memorize but private. They should also be practicable in retaining a copy of the signature in storage.
Difference between Direct and Arbitrated Digital Signature
Direct and arbitrated digital signatures are processes used to send data from one person to another without any charges. A direct digital signature can be formed by encrypting the message with a private key. It is a signature that the sender of the message contacts the receiver and gives them the public key. The sender then sends a secure message to the receiver containing the public key that he uses to open the document and read the contents. The method is the safest since it does not involve a third party. There are drawbacks related to this signature. The message is only secure when the private key is secure. If it is shared to anyone then the information is insecure. The sender can deny sending the message by simply stating that their key was lost (Yoon, 2004).
However, if this happens then a message containing the compromising key can be sent to the sender. An arbitrated digital signature is used to overcome the sending problem encountered in a direct digital signature. Here every message sent from the sender first goes to the arbitrator who checks on the content. It is then dated and sent to the recipient. The arbitrator helps solve the problem of sender disowning the message. The presence of a third party helps curb the problem encountered in sending the message. However, the third party involved must be a person who is trusted. The party needs to validate the contents of the message and the sender details. He helps prevent message trafficking.
A Suppress-replay Attack
Suppress replay attack is where legitimate data transfer is captured and replayed by an adversary in attempt to gain unauthorized access to the data. It is a concern when both parties are confirming their identity. This type of reply attack occurs in the Denning Protocol where it uses timestamps to increase the level of security. Timestamps are a measure used to prevent an attack. It revolves around synchronized time clocks throughout the network. The only time the distributed time clocks can become unsynchronized is when there is a fault in the mechanism. It is stated by Li Gong that the recipient remains vulnerable to accepting the message as a current even after the clocks have detected the error (Stallings, 2003). The recipient remains vulnerable until the message is invalidated. In suppress replay, if the clock of the sender is ahead of time and the message is interrupted, he can replay it on current timestamp.
A replay track can be used together with a masquerade where a stranger pretends to be an authorized user. Another measure than can be used to prevent attacks is use of tokens to verify timestamps of messages. Thirdly, one can use message authentication code. This is short piece of information used to authenticate a message. The keyed hash function accepts as input a private key with a lengthy message to be validated and exits a message authentication code. It protects the message information by only allowing verifiers with the private word to detect any hindrance to the content.
Message authentication codes contain different security measures. For it to be considered secure, it must resist forgery. This means that if the attacker gets hold of the secret word, he cannot guess all the codes. Message authentication codes differ from digital signatures in the case of balanced encryption. They are repudiating as the signatures in the situation of sharing a secret key. Any one who can verify a message authentication code can operate other codes for other messages. The messages are created such that they will always produce the same codes assuming the same algorithm will be used to generate both. They are designed to produce same codes, message or secret word are input to the similar algorithm. Proper use of these message attack measures can curb the issue of message delay and data diversion to unauthorized destinations.
To conclude, digital signatures have essential properties in them that are important in digital signature design scheme that is aimed at ensuring the validity of the sender’s message, the contents and the two parties. A direct digital signature is a method where the sender of the message is responsible for ensuring that the receiver obtained the sent public key safely and ensures the private key is safe. He ensures the key is safe to avoid any traffic of information or interference from a third party. An arbitrated digital signature is a process that uses a trusted third party to validate the sender’s details, the receiver’s details and the message contents. The two signature methods have drawbacks; however, the latter one was designed to support the direct signature method. The third party was designed to eliminate the issue of trafficking. One security support system designed is the suppress replay attack where there legal transfer of data is delayed, recorded and replayed at a future point of time. This is done in order to gain unauthorized admission. Nevertheless, this attack can be controlled if the safest precautions are put into consideration.
Leiwo, J. (2003). Digital Signatures. Retrieved from
Stallings, W. (2003). Cryptography and Network Security: Principles and Practices. Retrieved from < http://EzineArticles.com/2605927>
Yoon, H. (2004). Digital Signatures. Retrieved from
Our Service Charter
Excellent Quality / 100% Plagiarism-FreeWe employ a number of measures to ensure top quality essays. The papers go through a system of quality control prior to delivery. We run plagiarism checks on each paper to ensure that they will be 100% plagiarism-free. So, only clean copies hit customers’ emails. We also never resell the papers completed by our writers. So, once it is checked using a plagiarism checker, the paper will be unique. Speaking of the academic writing standards, we will stick to the assignment brief given by the customer and assign the perfect writer. By saying “the perfect writer” we mean the one having an academic degree in the customer’s study field and positive feedback from other customers.
Free RevisionsWe keep the quality bar of all papers high. But in case you need some extra brilliance to the paper, here’s what to do. First of all, you can choose a top writer. It means that we will assign an expert with a degree in your subject. And secondly, you can rely on our editing services. Our editors will revise your papers, checking whether or not they comply with high standards of academic writing. In addition, editing entails adjusting content if it’s off the topic, adding more sources, refining the language style, and making sure the referencing style is followed.
Confidentiality / 100% No DisclosureWe make sure that clients’ personal data remains confidential and is not exploited for any purposes beyond those related to our services. We only ask you to provide us with the information that is required to produce the paper according to your writing needs. Please note that the payment info is protected as well. Feel free to refer to the support team for more information about our payment methods. The fact that you used our service is kept secret due to the advanced security standards. So, you can be sure that no one will find out that you got a paper from our writing service.
Money Back GuaranteeIf the writer doesn’t address all the questions on your assignment brief or the delivered paper appears to be off the topic, you can ask for a refund. Or, if it is applicable, you can opt in for free revision within 14-30 days, depending on your paper’s length. The revision or refund request should be sent within 14 days after delivery. The customer gets 100% money-back in case they haven't downloaded the paper. All approved refunds will be returned to the customer’s credit card or Bonus Balance in a form of store credit. Take a note that we will send an extra compensation if the customers goes with a store credit.
24/7 Customer SupportWe have a support team working 24/7 ready to give your issue concerning the order their immediate attention. If you have any questions about the ordering process, communication with the writer, payment options, feel free to join live chat. Be sure to get a fast response. They can also give you the exact price quote, taking into account the timing, desired academic level of the paper, and the number of pages.