See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/261041415

Digital signature forming and keys protection based on person's

characteristics

Conference Paper · March 2012

DOI: 10.1109/ICITeS.2012.6216593

CITATIONS READS

2 184

1 author:

Ahmed B. Elmadani
Sebha University Libya
17 PUBLICATIONS   16 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

offline signature based on image process and Hu moment View project

All content following this page was uploaded by Ahmed B. Elmadani on 10 December 2017.

The user has requested enhancement of the downloaded file.

 International Conference on Information Technology and e-Services 2012
Digital Signature forming and keys protection based
on person’s Characteristics
Ahmed B. Elmadani
Dept. of Computer Science Faculty of Science
Sebha University
Sebha Libya
e-mail: elmadan@yahoo.com
Abstract—In today's commercial environment, establishing a
framework for the authentication came with different challenges,
need of secure document exchange, secure bank transactions, and
other e-commerce needs. Challenges are in term of
confidentiality. Digital signature (DS) is the only means of
achieving it. This paper shows a method in signing and verifying
a document digitally online. A document is first signed, using a
Secure Hash Algorithm – 160 (SHA-1), then protected by
sender’s keys. The receiver verifies the signature using keys
stored in the smart card (SMC) that is derived from his
fingerprint. This paper investigates DSs techniques that is based
on use of SMCs. It shows how true user identity can be verified
when used keys are derived from human characteristics. The
obtained results were translated in term of speed and security
enhancement which is highly in demand of e-commerce society.
Keywords-component; Digital Signature, Hash Function,
Public key system, and SHA-1.
I. INTRODUCTION
Digital Signature (DS) is a mathematical scheme for
demonstrating the authenticity of a digital message or
document [1]. DS gives a recipient reason to believe that the
message or document was created by a known sender, and that
it was not altered in transit. DSs are commonly used for
software distributions, financial transactions, and in other
cases, where it is important, to detect forgery and tampering
[11].
The purpose of a DS is to guarantee that the individual
sending the message or document really is who he or she
claims to be. Where the goal is to facilitate both e-government
and e-commerce applications over the Internet [1]. DSs are
especially important for electronic commerce and are a key
component of most authentication schemes. To be effective,
DSs must be non forgeable. There are a number of different
encryption techniques to guarantee this level of security [2].
DSs are often used to implement electronic signatures, a
broader term that refers to any electronic data that carries the
intent of a signature [1], but not all electronic signatures use
DSs [11] In some countries, including the United States, India,
and members of the European Union, electronic signatures
have legal significance [3]. However, laws concerning
electronic signatures do not always make clear whether they
are digital cryptographic signatures in the sense used here,
11
leaving the legal definition, and so their importance,
somewhat confused [4].
DS is implemented by attaching a digital code to an
electronically transmitted message that uniquely identifies the
sender. DSs are equivalent to traditional handwritten
signatures in many respects[2], properly implemented DSs are
more difficult to forge than the handwritten type. DS schemes
in the sense used here are cryptographically based, and must
be implemented properly to be effective [4]. DSs can also
provide non-repudiation, meaning that the signer cannot
successfully claim they did not sign a message, while also
claiming their private key remains secret; further, some non-
repudiation schemes offer a time stamp for the DS, so that
even if the private key is exposed, the signature is valid
nonetheless [2]. Digitally signed messages may be anything
that can be represented as a bit or a string, examples include
electronic mail, contracts, or a message sent via some other
cryptographic protocol [3].
There are few commercial applications that supporting a DS,
as an example Adobe, Excel, MS Outlook and etc...
There are many common method in DS, one of them is to use
a Public Key Cryptography, DSs are created and verified by
cryptography. Public key cryptography employs an algorithm
using two different, mathematically related "keys" [5], one
"public key" for creating a DS or transforming data into a
seemingly unintelligible form, the other key "private key" for
verifying a DS or returning a message to its original form [1].
Disadvantage of this method is, if many people need to verify
the signer's DS, the public key must be available or distributed
to all of them, probably by the means of distributing it in an
on-line repository or directory where it is easily accessible [4].
Thus, although many people may know the public key of a
given signer and use it to verify that signer's signatures, they
cannot discover that signer's private key and use it to forge
DSs, but they can try[3].
Another fundamental process, named a "hash function", is
used in both creating and verifying a DS. Hash function is an
algorithm which creates a digital representation or a
"fingerprint" in the form of a "hash value" of a standard length
which is usually much smaller than the message's length but
nevertheless substantially unique to it. Any changes to the
message lead to producing an invariably different hash value
when the same hash function is used. Hash functions enable
the software for creating DSs to operate on smaller and
predictable amounts of data, while still providing robust
evidentiary correlation to the original message content,
thereby efficiently providing assurance that there has been no
modification of the message since it has been digitally signed.
Secure Hash Algorithm – 128 (SHA-1) and Message Digest
Version 5 (MD5) are commercial algorithms using a concept
of Hash Function [13]. Hash function, in sometimes fails
because of collision (two documents got same hash vale) [12].
MD5 designed by Ronal Rivest, produces a 128-bit hash
value, it has been discovered to have security flaws, and there
are many research work on developing fixes and more secure
alternatives such as SHA-1[13]. SHA-1 is a secure hash
algorithm – 160. Produces 160-bit hash value. It is designed
by NIST & NSA in 1993 revised 1995 as SHA – 160, US
standard for use with digital signature algorithm (DSA)
signature scheme. Standard is FIPS 180-1 1995, it has an
internet reference RFC3174. SHA -1 replaces MD4/MD5
which is vulnerable to many known attacks [12]. NIST have
issued a revision FIPS 180 – 2 adds three additional hash
algorithms SHA-256, SHA-384, and SHA-512. Designed for
compatibility with increased security provided by the
advanced encryption standard (AES) cipher[12].
DS can also be generated by your email software and your
private key, working together. Your message's signature
generates according to standards either Secure/ Multipurpose
Internet Mail Extension (SMIME) or Pretty Good Privacy
(PGP), so the receiver must also have that standard supported.
The SMIME standard is supported by Netscape Messenger (a
part of the Netscape browser), and Outlook Express, which
comes with Microsoft's Internet Explorer. Eudora supports
PGP but not SMIME[5]. The use of digital signatures usually
involves two processes, one performed by the signer and the
other by the receiver of the DS:
DS Creation is a process of obtaining value using a hash
function, the value is unique and derived from both the signed
message and a given private key. For the hash result to be
secured, there must be only a negligible possibility that the
same DS could be created by the combination of any other
message or private key. Generally speaking, a DS can be
thought of as a numerical value represented as a sequence of
characters and computed using a mathematical formula. The
formula depends on two inputs: the sequence of characters
representing the electronic data to be signed, and a secret
number referred to as a signature's private key, associated with
the signing party and which only that party has access to. The
resulting computed value, representing the DS, is then
attached to the electronic data just as a paper signature
becomes a part of a paper document [3].
DS Verification is a process of checking the DS with the
reference to the original message and a given public key,
thereby determining whether the DS was created for that same
message using the private key that corresponds to the
12
referenced public key [9]. Verifying also relies on a formula.
Here, the formula depends on three inputs [10]: the sequence
of characters representing the supposedly originally signed
electronic data, the public key of the signing party, and the
value representing the supposedly authentic DS. The output of
the formula is a simple answer: yes or no. 'Yes' signifies that
the DS is indeed an authentic DS on the presented electronic
data and it is associated with the party linked to the public key
being used [3]. This insures two critical results:
 The digital signature can be uniquely associated with
the exact document signed, because the first input is
the precise sequence of characters representing that
data.
 The signature can be uniquely associated with the
signing of individual because the second input is the
private key, that only, that individual controls.
The term smart card (SMC) refers to a plastic card with a
standard dimension defined by ISO 7816. The SMC basically
contains three elements [6]:
 A microprocessor chip, with an operating system
written permanently to the ROM. This manipulates
the stored data in it.
 A volatile or non-volatile storage unit. This may use
a ROM or RAM OR EPROM/EEPROM. The size of
the memory may range between 1 to 8 KB. Since this
is too small, a SMC can store only vital information.
 An I/O module, which allows to read or write from or
to the SMC.
The name “Smart card” is termed because of it’s intelligent IC
chip which can store and process data securely, such as
fingerprint or cryptography keys. The present generation of
SMCs can store up to 40 KB and the on-board process is a 16-
bit processor, which can run at 10MHZ [6]. Most of signature-
creation systems are currently based on SMCs, which store all
necessary cryptographic information of a user (e.g., keys and
certificates)[1]. However most of existing DS systems,
provide signature without proofing true identity[15], because
they stand on using keys that anyone can use[8]. Therefore
document have to be signed in such a way that proofs the true
identity to avoid many attacks reported in [16]. This can be
done only by using user’s personal characteristics for example
fingerprint and Iris[7].
As we mentioned previously, this paper focuses only on
security of smart card and their use in digital signature. We
have studied extensively in the past years (particularly system
using digital signature) one of them is [1], the investigation
shows the use of two types of smart cards:
 The first type is based on typing PIN or keys to the
keyboard compare them with stored ones in the smart
card to gain access to the system and perform DS.
 The second type is based on scanning the PIN or keys
from smart card and perform DS.
  Even though, the use of smart cards are increased, we exchanged by the sender denoted as User1 in the
see their use do not proof the true identity, because proposed system by signing the document and sent in
PIN can be given to anyone, at the same time anyone a secured channel. Process will be explained in next
can hold scanned smart card to gain illegal system paragraphs.
access.
 Exists systems using smart card equipped with
person’s characteristics are time consuming [6] or
temple match, which means, memory space
consuming as in [17].

Therefore, it is important to have system which solves

mobility[18], but DS high performance and memory space
saving have to be taken in account. Of course, other solutions
exist, however, they are out of the scope of this paper. In our
proposed DS system we will introduce a system using
fingerprint but it is not based on used temple. Secure
signature-generation system using SMCs to protect DS from
attacks mention in[14][17] will be considered. Then to
improve use of biometrics in order to proof true user identity
as in [15], avoid consuming memory space as in [6] by
constructing keys from user’s fingerprint.

II. METHODOLOGY AND DISCUSSIONS

The following paragraphs will discuss proposed algorithm,
experiment and obtained results.
Figure 1. User1 authentication, Hash calculation, and keys
A. Proposed Algorithm protection (sender’s side).
Sequence of DS calculation in our new system for any given
message are described as following:
 Users have to obtain a SMC card, that contains
information about their fingerprints and other access
control information.
 Receiver has to obtain two keys (pub1, prv1)using his
SMC and fingerprint, the two keys are derived from
user's fingerprint.
 The receiver sends his public key to the sender.
 Once sender receives public key (pub1) from the
receiver, he repeats the above sequence points 2- 3 to
obtain his own two keys (pub2, prv2).
 The sender then, selects message, calculates HF1
using equation (1) shown in 2,4. SHA-1 is used
because of its stability, and also it attacks resistance
compared with other hash functions. An encryption
will be performed to HF1, pub2 and M using pub1.
Then sent them back to the receiver.

 The receiver once he receive the encrypted message,

decrypts them to get HF1, Pub2, and M.
 Receiver calculates the HF2 of the received message
M using equation (2) shown in 2.4.
 Using HF1 and HF2 receiver calculates differences
between the two hashes that is the value of ¥ by
applying equation (3) shown in 2.4. If the resulted
value equals to zero, that means message is signed by
the sender and it is not modified, otherwise message Figure 2. User2 authentication, received message decryption. Then
Hash calculation to verify digital signature (receiver’s side).
was modified. Figure (1) illustrates trust information

13
In Figure (2) a receiver denoted as User2 after authenticating
himself using fingerprint and obtained smart card, he decrypts
received message then verifies digital signature.

B. Users system access

Users are accessing the system through their SMC. As shown
in Figure (3) user 's information cryptography public keys, and
his fingerprint are embedded on the user's SMC chip. In SMC
chip two Keys are stored, one is a public key (pub) and
another is a private key (prv), the two keys were generated
using information related to the user's fingerprint. To access
the stored information as shown in Figure (3) user has to
provide his fingerprint through the fingerprint reader.

C. keys generation
Any registered user has a valid SMC card, the valid SMC
card is obtained by providing personal fingerprint to
fingerprint reader. A process as shown in Figure (4) will be
used to generate two cryptography system keys from the
fingerprint, keys and other information and embedded them
into the SMC card for further use using fingerprint writer.

Figure 4. keys generation, embedding keys and fingerprint

information to the smart card (SMC).

where SHA-1 is a secure hash algorithm 160, which produces

160-bit hash value. It was used for its stability and secrecy
[12]. To calculate the hash values in the receiver’s part, he
uses this equation:

HF2 = SHA-1(pub1+pub2+Doc) (2)

To calculate the differences between two hash vales (HF1 and

HF2), equation (3) is used to obtain value of ¥ as following:

¥ = HF1 - HF2. (3)

E. Digital signature calculation

Figure 3. User system access by providing his SMC card and
fingerprint tip.
D. DS Equations used to calculate values
To calculate the hash values of the given document, the
following equations are used:
In order to sign any document (Doc), sender calculates the
hash value of the Doc using equation (1). HF1 is the resulted
value of using SHA-1 algorithm with combination of Doc and
users two public keys and selected Doc ( i refer to any version
of SHA algorithm that may used to calculate Hash). Keys are
sender’s public key (pub1) and receiver’s public key (pub2). In
Figure (5) shows combining of Doc and users keys, that used
to perform the digital signature. The signed Doc with other
cryptography keys will be sent to the receiver for verification
purpose.

HF1=SHA-1(pub1+pub2+Doc) (1)

14

Figure 5. Digital Signature calculation using SHA-1i algorithm and user keys.
F. Document and digital Signature protection
To avoid security violence, the Doc and calculated signature
have to be protected. Therefore, we use user's public key
(pub1) to encrypt all out- going messages. In Figure (6)
document (Doc), pub1 key and calculated HF1 in the sender
side are encrypted using pub1 key and sent to the receiver.
 using the received message (Doc), sender's public key
(pub1), and his public key (pub2), the receiver calculates
the hash value HF2 .
 Receiver then compares the received HF1 with the
calculated HF2, if the two values are equal, that means
Doc has not changed and an expected user has signed it.
In Figure (2) we show sequence of digital signature
authentication.
.
H. How proposed system works
User to gain access to the system, has to authenticate himself
as in Figure (3) using his fingerprint. A valid user will be able
to access the stored cryptography keys and use them for
encryption or decryption and in signing documents. Two users
to exchange information and to sign any document, sender
will must first ask for the receiver’s public key (pub2). A pub2
key will be used in DS creation together with sender’s pub1
key. DS will be created using equation (1) as shown in Figure
(1), then encrypted using receiver's pub2 key and sent to the
receiver. The receiver, once he received the encrypted
message, decrypts’ it with his private key (prv2) as shown in
Figure (2), then calculates new DS using equation (2). A
comparison of the two signatures is performed using equation
(3). Results will be used to insure that document was changed
or not and signed by the expected user.
I. Proposed system against existing systems
Research shows that there are some previous work done to
avoid keys attack transferred from card reader to the system
and in user proofing identity. Table no. (1) shows some
systems concerned in DS with smart card based, that provided

Table 1 previous research and their drawback

Ref. Used Drawback
No. Algorithm
1 Introduces PIN Does not provide true user
protection by identity
processing it on the
card reader
6 Cryptographic Keys In such a way true user
used in DS are derived identity was proofed but
by extracting system is time consuming
fingerprint minutiae at
each user system access
14 The algorithm protects PIN was protected from
DS creation against Trojan Horse in forming DS,
tampering and Trojan but true identity not solved
Horse
17 X.509 Digital certificate Biometrics are used in
combined with public- authentication but does not
private keys embed in used in DS processes.
smart card and uses
finger template to
access them to perform
Figure 6. Digital Signature and document protection using pub2 key. DS

G. Digital Signature Authentication
Receiver has to be sure that the received document (Doc) was
not changed, modified, or signed by others. Sequence of
authenticating the received message are described below and
shown in Figure (2) as following:
by previous research and their drawback. In contrast to old
systems, access in our new system will be only through
personal characteristics fingerprint, this means nobody can
gain access or key retrieval unless authentication is true and
no tampering takes place in proposed system, so user true

15
identity faced in [1,14] and time consuming because of
comparing fingerprint templates as in [17] was solved by
providing nontransferable fingerprint tip, meanwhile, Trajan
horse has nothing to copy from keypad, so DS is protected
from attacks mentioned in [15]. One more advantage of the
proposed system is protecting of hash values using
unpredicted keys derived from fingerprint. this will help also
to avoid collisions. as a result the new system gives a powerful
advantage in individual authentication and in security
enhancement.
III. CONCLUSION
A method of securing sensitive document was presented, it
focuses in signing a giving document digitally. The new
system can support e-commerce transition over the internet. It
solved the user’s mobility by using a Smartcard, a high
security was provided using the document encryption, and
document authentication by applying digital signature.
Information privacy, password protection are maintained by
introducing the fingerprint authentication.
REFERENCES
[1] Nentwich, F. Kirda E., and Kruegel. C. (2006). Practical Security
Aspects of Digital Signature Systems. Technical University Vienna.
Technical.
[2] US ESIGN Act of 2000. (2002). accessed at: http://
frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi.
[3] American Bar Association Section of Science and Technology
Information Security Committee. (2010). Digital Signature Guidelines
Tutorial. www.abanet.org/privacy.html
[4] Digital Signature (2010). www.emailprivacy.info/email_privacy
[5] Youd D. (2009). What is digital signature. www.youd.com
[6] Lin Y. Maozhi X and Zhiming Z. (2007). Digital signature systems
based on smart card and ¯Fingerprint feature. Journal of Systems
Engineering and Electronics Vol. 18, No. 4, 2007, pp.825-834.
16
View publication stats
[7] Elmadani. A. B. (2010). Human Authentication using FingerIris
algorithm based on statistical approach the 2 nd International in network
digital conference (NDT '10), Prague Czech Republic. pp (288-296).
[8] Elmadani A. B. and Ramli A. R. (2010). Matching fingerface Based on
Area Under The Highest Peaks Curve. ICCCE 2010 Conference KL
Malaysia.
[9] Digital Signature using Elgamal (2010) www.ait-
pedia.com/wiki/digital_signature
[10] Introduction to digital signature. (2010). www.e-
signature.gov.eg/ElectronicSignature_Mechanizm_Arabic.doc
[11] Shneier B. (2002). Applied Cryptography, Protocols, Algorithms and
Source Code in C. John Wiley.
[12] Wang X. Feng D. Lai X and Yu. (2004). Collision for Hash Functions
MD4, MD5, HAVAL-128, and RIPEDMD. Proceedings of the 2th
Annual International Cryptology Conference (Crypto ’04), Santa
Barbara CA.
[13] Robshow M. (1995). MD2, MD5, SHA and other Hash Functions. RSA
Laboratories Technical Report TR-101.
[14] Spalka A. Cremers A \, and Langweg H. (2001). Protecting the Creation
of Digital Signature with Trusted Computing Platform Technology
Against Attacks by Trojan Horse. In IFIP Security Conference.
[15] Sufreenmohd A, Wong F, and Ismail A. (2002). Identity authentication
via typing biometrics. Information & Communications Technology
(ICT) Proceedings of 2nd World Engineering Congress Malaysia.
[16] Langweg H. (2006). Malware Attacks on Electronic Signatures
Revisited. In Sicherheit 3 rd Jahrestagug Fachbereich Sicherheit der
Gesellschaft fuer Informatik.
[17] Isobe, Y.; Seto, Y. and Kataoka, M. (2001). Development of personal
authentication system using fingerprint with digital signature
technologies. Proceedings of the 34th Hawaii International Conference
on System Sciences (HISS-34). pp 1-9.
[18] Yang J.(2010). Biometrics Verification Techniques Combing with
Digital Signature for Multimodal Biometrics Payment System.
Proceedings of Fourth International Conference on Management of e-
Commerce and e-Government (ICMeCG), pp. 405-420. China.
Ahmed B. Elmadani was born in 1956. He received Ph.D. degree at
UPM University Malysia in 2003. He worked in computer science
department Sebha University (Libya),
from 1997 to 1999 as Assistant lectuerar and head department,
from 2003 – 2008 as lectuerar at the same department,
from 2009- till now as asistant prof. and lecturar at the same
department..
His main research interests include cryptography, information security ,
imaging, digital signature and biometrics fingerprint.