Data Security Learning Module
Digital Signatures
Created By Eng. Eslam Osama
Introduction to Digital Signatures
Digital Signature is a cryptographic technique that verifies the authenticity, integrity, and origin of a digital message or document. It is created using the sender's private key and verified using their public key.
Key Features of Digital Signatures
- Authenticity: Confirms the message is from the claimed sender (verified via public key).
- Integrity: Ensures the message hasn't been altered; any change breaks the signature.
- Non-repudiation: The sender cannot deny sending the message after signing it.
Important Notes:
- Third-Party Authentication in Digital Signatures
A digital signature must be publicly verifiable, meaning a trusted third party can check its validity — not just the sender and receiver. This is often done using a Certificate Authority (CA). - Signatures Are Not Unconditionally Secure
Digital signatures are not 100% secure. An attacker might eventually break the algorithm, exploit weak random number generators, or use forgery attacks. Expiration dates help reduce this risk over time.
Attacks and Forgeries
Scenario: Assume Alice is a server that runs an automated document-signing service. An attacker (Mallory) wants to forge her signature.
| Attack Type | What the Attacker Does | Example with Alice | Threat Level |
|---|---|---|---|
| Key-only Attack | Tries to forge a signature knowing only Alice's public key. | Mallory downloads Alice's public key and tries to create fake signed documents. | Low |
| Known Message Attack | Uses a set of valid signed documents to help forge a new one. | Mallory collects Alice's old signed contracts and studies the signatures to learn patterns. | Moderate |
| Generic Chosen Message Attack | Gets signatures on a pre-made list of messages to break the system. | Mallory sends 100 prepared contracts to Alice's API to be signed to find weaknesses. | Moderate |
| Directed Chosen Message Attack | Chooses messages to be signed after seeing the public key to target it. | After getting Alice's key, Mallory designs 100 specific contracts tailored to exploit it. | High |
| Adaptive Chosen Message Attack | Sends messages one by one, adapting each new message based on the last signature. | Mallory sends 1 contract, sees signature, then sends an adjusted one to extract info and forge. | Critical |
Key Differences Between Attack Types
🔍 Generic Chosen Message vs. Known Message Attack
- In Generic, the attacker chooses the messages. In Known, the attacker only observes messages chosen by others.
- In Generic, the attacker interacts with the signer. In Known, it's passive observation.
🎯 Generic vs. Directed Chosen Message Attack
- In Generic, messages are chosen *before* knowing the public key. In Directed, they're chosen *after* to specifically target the key.
🔄 Adaptive vs. Directed Chosen Message Attack
- In Directed, all messages are chosen at once. In Adaptive, the attacker learns from each signature and adjusts the next message, making it a dynamic, interactive attack.
Forgery Types
| Forgery Type | What It Means | Threat Level |
|---|---|---|
| Total Break | Attacker recovers the signer's private key. They can sign anything. | Catastrophic |
| Universal Forgery | Attacker can forge a signature for any message without the key (finds an algorithm flaw). | Critical |
| Selective Forgery | Attacker forges a signature for a *specific, pre-chosen* message. | High |
| Existential Forgery | Attacker forges a signature for at least one message they didn't get to choose (often a nonsensical one). | Low (but still a break) |
RSA Signature Scheme
Direct Digital Signature with RSA
The RSA algorithm can be used to create a direct digital signature, where the sender signs a message with their private key, and the receiver verifies it with the sender's public key.
Adding Confidentiality
For confidentiality, the entire signed message can be encrypted using a symmetric key shared between the sender and receiver. This protects both the message content and the signature from eavesdropping.
Review Questions
(1) List two disputes that can arise in message authentication.
A sender might deny sending a message. A receiver might forge a message and claim it came from the sender.
(2) What are the properties a digital signature should have?
It must verify the author and the date/time of the signature. It must authenticate the contents at the time of signing. It must be verifiable by third parties to resolve disputes.
(3) What requirements should a digital signature scheme satisfy?
The signature must be a bit pattern depending on the message being signed. It must use information unique to the sender. It must be easy to produce, easy to recognize/verify, and computationally infeasible to forge.
(4) What is the difference between direct and arbitrated digital signatures?
Direct: Involves only the sender and receiver. The receiver verifies the signature with the sender's public key.
Arbitrated: Involves a trusted third party (an arbiter) who participates in the signature process to validate it.
(5) In what order should signing and encryption be applied?
Sign first, then encrypt. This ensures the signature is protected along with the message and allows the receiver to decrypt and then verify the signature on the original content.
(6) What are some threats to a direct digital signature scheme?
The main threat is forgery. An attacker might try to forge a signature using the public key (key-only attack) or by analyzing existing signed messages (known message attack). The sender could also later disown a signature by claiming their private key was lost or stolen.