Digital signatures
This presentation is the property of its rightful owner.
Sponsored Links
1 / 18

Digital Signatures PowerPoint PPT Presentation


  • 131 Views
  • Uploaded on
  • Presentation posted in: General

Digital Signatures. A Brief Overview by Tim Sigmon August, 2000. Digital Signatures. Legal concept of “signature” is very broad any mark made with the intention of authenticating the marked document Digital signatures are one of many types of electronic signatures

Download Presentation

Digital Signatures

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Digital signatures

Digital Signatures

A Brief Overview

by

Tim Sigmon

August, 2000


Digital signatures1

Digital Signatures

  • Legal concept of “signature” is very broad

    • any mark made with the intention of authenticating the marked document

  • Digital signatures are one of many types of electronicsignatures

  • Example electronic signatures

    • loginid/password, PIN, card/PIN

    • digitized images of paper signatures

    • digitally captured signatures (UPS, Sears, etc.)

    • typed notations, e.g., “/s/ John Smith”

    • email headers


Digital signatures cont d

Digital Signatures (cont’d)

  • “digital signature” means the result of using specific cryptographic processes

  • Digital signatures operate within a framework of hardware, software, policies, people, and processes called a Public Key Infrastructure (PKI)

  • Note: PKI also supports other security requirements; in particular, confidentiality, both during transmission (e.g., SSL) and for storage


Public key cryptography

Public Key Cryptography

  • First, “secret key” or symmetric cryptography

    • same key used for encryption and decryption

    • orders of magnitude faster than public key cryptography

  • Public key technology solves the key exchange problem (no shared secrets!)

  • Public key and private key that are mathematically linked

  • Private key not deducible from public key

  • Confidentiality: one key encrypts, other decrypts

  • Digital signature: one key signs, other validates


Digital signature example

Digital Signature example


Signed email example

Signed Email example

  • (show example of sending/receiving digitally signed email using Netscape Messenger)

  • (uses S/MIME)


Problem relying party needs to verify a digital signature

Problem: relying party needs to verify a digital signature

  • To do this, must have an assured copy of the signer’s public key

    • signer’s identity must be assured

    • integrity of public key must be assured

  • Potential options for obtaining public keys

    • signer personally gives their public key to relying party

    • relying party obtains the desired public key by other “out of band” means that they trust, e.g., transitive relationships, signing parties, etc.

  • But, what about strangers? what about integrity of the public key?


Public key or digital certificates

Public Key (or Digital) Certificates

  • Purpose: validate both the integrity of a public key and the identity of the owner

  • How: bind identifying attributes to a public key (and therefore to the keyholder of the corresponding private key)

  • Binding is done (i.e., digitally signed) by a trusted third party (Certification Authority)

  • It is this third party's credibility that provides "trust"


X 509 v3 certificates

X.509 v3 Certificates

  • Subject’s/owner’s identifying info (e.g., name)

  • Subject’s/owner’s public key

  • Validity dates (not before, not after)

  • Serial number

  • Level of assurance

  • Certification Authority’s name and signature

  • Extensions


Example certs

Example Certs

  • (this is where I show and describe the contents of the actual certificates that were used to verify a digitally signed email message)


Distribution of certificates

Distribution of Certificates

  • since certs carry public info and are integrity-protected, they can be distributed and shared by any and all means, e.g.,

    • distribute via floppies or other removable media

    • publish on web sites

    • distribute via email (e.g., S/MIME)

    • directory lookups (e.g., LDAP, X.500)

  • distribution via directories is the ultimate solution

  • however, many important applications and uses of digital signatures can be implemented without the implementation or use of sophisticated directories


Trust and certification paths

Trust and Certification Paths

  • Relying party needs an assured copy of the issuing CA’s PK in order to validate a certificate containing the signer’s PK

  • In general, a chain of multiple certificates that ends at a trusted root may be needed

  • How to organize the CA’s?

    • single top-down hierarchy (yikes!)

    • multiple hierarchies (Netscape/Microsoft disservice)

    • cross certifications (e.g., Federal BCA, Virginia’s BCA)

  • Revocation and CRLs (certificate revocation lists)


Where are we now

Where are we now?

  • Technologies are still evolving but are very usable

  • Policies and legal standing exist but still developing (need case law)

    • Code of Virginia, Federal law

    • Uniform Electronic Transctions Act

  • Browsers/email already contain a lot of capability

  • Particular uses widely taking place, e.g., SSL

  • Some universities making more use, e.g., MIT

  • Federal government taking a leadership role

  • ITC/UVa project for deployment


Ds efforts in virginia

DS efforts in Virginia

  • Digital Signature Initiative (COTS workgroup) formed to pursue pilot deployments

  • UVa led development of a bridge certification architecture (modeled after federal bridge)

  • Pilot project sponsors

    • VIPNet, DIT, DGIF

    • DMV, DOT, DGS

    • Counties of Chesterfield, Fairfax, Wise

    • Cities of Norfolk, Charlottesville

  • http://www.sotech.state.va.us/cots

    • Virginia’s Council on Technology Services


Portals at uva

Portals at UVa

A Status Report

by

Tim Sigmon

August, 2000


Portal definition

Portal Definition

  • problem: every person/group has a different definition

  • working definition: deliver information and services in an integrated, customized, and personalized manner

  • elements that we include:

    • authenticated access

    • customization - system presents info that is peculiar to the specific user

    • personalization - user controls certain aspects

    • break down organizational views/barriers


Background and players

Background and Players

  • discussions among ITC, Univ. Relations, Student Council, Student Affairs, ....

  • JA-SIG conference and uPortal evaluation

  • development of “e-volving University” proposal

  • Reynolds and Sweeney presentation to Senior Cabinet

  • team is led by Nancy Tramontin and Debbie Mills


First phase

First Phase

  • deliver first version of student portal by Jan., 2001

  • will not use uPortal (nor any other portal framework)

  • desired functionality

    • authenticated access (using existing passwords)

    • brief email stats and web-based email access

    • calendar that includes student events (not personal, yet)

    • course links

    • personal links (i.e., bookmarks)

    • personal reminders (?)

    • news, announcements, weather

    • important “fixed” links


  • Login