Professional Documents
Culture Documents
11.digitial Signatures
11.digitial Signatures
Digital Signatures
INFORMATION SECURITY
BY SHAHBAZ ASHRAF
• Digital Signatures 2
signatures
Class 1
This type of DSC can't be used for legal business
documents, as they're validated based only on an email ID
and username.
Class 1 signatures provide a basic level of security and are
used in environments with a low risk of data compromise.
• Classes and types of digital 12
signatures
Class 2
These DSCs are often used for electronic filing (e-filing) of
tax documents, including income tax returns and goods
and services tax returns.
Class 2 digital signatures authenticate a signer's identity
against a pre-verified database.
Class 2 digital signatures are used in environments where
the risks and consequences of data compromise are
moderate.
• Classes and types of digital 13
signatures
Class 3
The highest level of digital signatures, Class 3 signatures
require people or organizations to present in front of a CA
to prove their identity before signing.
Class 3 digital signatures are used for e-auctions, e-
tendering, e-ticketing and court filings, as well as in other
environments where threats to data or the consequences
of a security failure are high.
• How digital signatures work 14
Legal documents and contracts: Digital signatures are legally binding. This makes
them ideal for any legal document that requires a signature authenticated by
one or more parties and guarantees that the record has not been altered.
Sales contracts: Digital signing of contracts and sales contracts authenticates the
identity of the seller and the buyer, and both parties can be sure that the
signatures are legally binding and that the terms of the agreement have not
been changed.
Benefits of Digital Signatures 24
signature :
Digital signature is used to verify authenticity, integrity,
non-repudiation ,i.e. it is assuring that the message is sent
by the known user and not modified, while digital
certificate is used to verify the identity of the user, maybe
sender or receiver. Thus, digital signature and certificate
are different kind of things but both are used for security.
Most websites use digital certificate to enhance trust of
their users
Digital certificate vs digital 32
signature :
Digital Signature vs Electronic 33
Signature
Digital signature attacks 34
Chosen-message attack:
The attacker either obtains the victim's public key or tricks the
victim into digitally signing a document they don't intend to sign.
Known-message attack.
Theattacker obtains messages the victim sent and a key that
enables the attacker to forge the victim's signature on
documents.
Key-only attack.
The attacker only has access to the victim's public key and can
re-create the victim's signature to digitally sign documents or
messages that the victim doesn't intend to sign.