Module 4

Authentication Protocols &

Digital signature schemes

Marks: 08 Hours: 15
Outline User Authentication

Entity Authentication

Authentication protocol

• One way Authentication

• Mutual Authentication
• Kerberos Authentication Protocol

Digital signature Schemes

• Goal of Digital Signature

• Digital Signature Algorithm
• RSA Signature scheme
• Digital Signature Standards

2
User Authentication
• In most computer security contexts, user authentication is the
fundamental building block and the primary line of defense.
• User authentication is the basis for most type of access control and
for user accountability.
• RFC 4949 (Internet Security Glossary ) defines user authentication.
• User authentication is a process that allows a device to verify the
identify of someone who connects to a network resource.
• It is very important when user use dynamic IP addressing on trusted
or optional network
• Means of user authentication
• Password, figure print, token or OPT, voice or signature

3
► A typical item of authentication information associated with this
user ID is a password, which is kept secret (known only to Alice
and to the system).
► If no one is able to obtain or guess Alice’s password, then the
combination of Alice’s user ID and password enables
administrators to set up Alice’s access permissions and audit her
activity.

► Because Alice’s ID is not secret, system users can send her e-mail,
but because her password is secret, no one can pretend to be
Alice.

4
► The process of verifying an identity claimed by or for a system
entity is called authentication.
► An authentication process consists of two steps:

• Identification step: Presenting an identifier to the security system.

• Verification step: Presenting or generating authentication

information that corroborates the binding between the entity and the
identifier.

► In essence, identification is the means by which a user provides a claimed

identity to the system; user authentication is the means of establishing
the validity of the claim.

5
Means of User Authentication
•There are four general means of authenticating a user’s identity, which can
be used alone or in combination:
►Something the individual knows: Examples include a password, a
personal identification number (PIN), or answers to a prearranged set of
questions.
►Something the individual possesses: Examples include cryptographic
keys, electronic keycards, smart cards, and physical keys. This type of
authenticator is referred to as a token .
►Something the individual is (static biometrics): Examples include
recognition by fingerprint, retina, and face.

►Something the individual does (dynamic biometrics): Examples

include recognition by voice pattern, handwriting characteristics, and typing
rhythm.
can use alone or combined
all can provide user authentication
all have issues 6
Something the individual Something the individual
knows possesses
•Examples include a password, a •Examples include cryptographic
personal identification number keys, electronic keycards, smart
(PIN), or answers to a prearranged cards, and physical keys
set of questions • This is referred to as a token

There are four

general means of
authenticating a
user’s identity,
which can be
used alone or in
combination
Something the individual
Something the individual is does (dynamic biometrics)
(static biometrics) •Examples include recognition by
•Examples include recognition by voice pattern, handwriting
fingerprint, retina, and face characteristics, and typing rhythm

7
► All of these methods,properly implemented and used, can
provide secure user authentication. However, each method has
problems.
► An adversary may be able to guess or steal a password.

► Similarly, an adversary may be able to forge or steal a token.

► A user may forget a password or lose a token.

► Furthermore, there is a significant administrative overhead for managing

password and token information on systems and securing such
information on systems.
► With respect to biometric authenticators, there are a variety of problems,
including dealing with false positives and false negatives, user
acceptance, cost, and convenience.

8
Entity Authentication
• The communication between sender and receiver must be
authenticated.
• User A must authenticate user B and User B must authenticate
user A

9
Authentication protocol
• One way Authentication
– Only sender has to prove his identity to receiver whereas sender can’t
verify the identity of receiver
• One factor authentication: password
• Mutual Authentication
• here both sender and receiver have to prove their identity to each other.
• Also called as two factor authentication
• Two factor authentication : ATM card and PIN or OTP

10
Authentication Protocols
• used to convince parties of each others identity and to exchange
session keys
• may be one-way or mutual
• key issues are
– confidentiality – to protect session keys
– timeliness – to prevent replay attacks
Mutual Authentication
► Protocols which enable communicating parties to satisfy themselves mutually
about each other’s identity and to exchange session keys.
► Central to the problem of authenticated key exchange are two issues:
► confidentiality and timeliness.
► Confidentiality: To prevent masquerade and to prevent compromise of session
keys, essential identification and session-key information must be communicated
in encrypted form. This requires the prior existence of secret or public keys that
can be used for this purpose.

► Timeliness, is important because of the threat of message replays. Such replays,

at worst, could allow an opponent to compromise a session key or successfully
impersonate another party. At minimum, a successful replay can disrupt
operations by presenting parties with messages that appear genuine but are not.

12
Replay Attacks
•lists the following examples of replay attacks:
1.Thesimplest replay attack is one in which the opponent simply copies a message
and replays it later.
2.An opponent can replay a timestamped message within the valid time window. If
both the original and the replay arrive within then time window, this incident can be
logged.

3.As with example (2), an opponent can replay a timestamped message within the
valid time window, but in addition, the opponent suppresses the original message.
Thus, the repetition cannot be detected.

4.Another attack involves a backward replay without modification. This is a replay

back to the message sender. This attack is possible if symmetric encryption is used
and the sender cannot easily recognize the difference between messages sent and
messages received on the basis of content.

13
Approaches to Coping With Replay Attacks
► Attach a sequence number to each message used in an authentication exchange

• A new message is accepted only if its sequence number is in the proper order
• Difficulty with this approach is that it requires each party to keep track of the last
sequence number for each claimant it has dealt with

• Generally not used for authentication and key exchange because of overhead

► Timestamps

• Requires that clocks among the various participants be synchronized

► Challenge/response

• Party A, expecting a fresh message from B, first sends B a nonce

(challenge) and requires that the subsequent message (response)
received from B contain the correct nonce value that, in A’s

14
One-Way
Authentication
One application for which
encryption is growing in A second requirement
popularity is electronic mail is
(e-mail)
that of authentication
• Header of the e-mail message • The recipient wants some
must be in the clear so that the assurance that the message is
message can be handled by the
from the alleged sender
store-and-forward
e-mail protocol, such as SMTP or
X.400
• The e-mail message should be
encrypted such that the mail-
handling system is not in
possession of the decryption
key

15
One-Way Authentication
• required when sender & receiver are not in communications at
same time (eg. email)
• have header in clear so can be delivered by email system
• may want contents of body protected & sender authenticated
Using Symmetric Encryption
• as discussed previously can use a two-level hierarchy of keys
• usually with a trusted Key Distribution Center (KDC)
– each party shares own master key with KDC
– KDC generates session keys used for connections between parties
– master keys used to distribute these to them
• The Needham-Schroeder Protocol is the original, basic key
exchange protocol. Used by 2 parties who both trusted a
common key server, it gives one party the info needed to
establish a session key with the other. Note that since the key
server chooses the session key, it is capable of reading/forging
any messages between A&B, which is why they need to trust it
absolutely!
• Note that all communications is between A&KDC and A&B,
B&KDC don't talk directly (though indirectly a message passes
from KDC via A to B, encrypted in B's key so that A is unable to
read or alter it). Other variations of key distribution protocols can
involve direct communications between B & KDC.

18
 Needham-Schroeder Protocol
• original third-party key distribution protocol
• for session between A B mediated by KDC
• protocol overview is:
1. A->KDC: IDA || IDB || N1
2. KDC -> A: E(Ka,[Ks||IDB||N1|| E(Kb,[Ks||IDA])])
3. A -> B: E(Kb, [Ks||IDA])
4. B -> A: E(Ks, [N2])
5. A -> B: E(Ks, [f(N2)])
20
Needham-Schroeder Protocol
• used to securely distribute a new session key for communications
between A & B
• but is vulnerable to a replay attack if an old session key has been
compromised
– then message 3 can be resent convincing B that is communicating
with A
• modifications to address this require:
– timestamps in steps 2 & 3 (Denning 81)
– using an extra nonce (Neuman 93)
One-Way Authentication
• use refinement of KDC to secure email
– since B no online, drop steps 4 & 5
• protocol becomes:
1. A->KDC: IDA || IDB || N1
2. KDC -> A: E(Ka, [Ks||IDB||N1 || E(Kb,[Ks||IDA])])
3. A -> B: E(Kb, [Ks||IDA]) || E(Ks, M)
• provides encryption & some authentication
• does not protect from replay attack
Kerberos
► Kerberos is an authentication service developed as part of Project Athena at MIT,
and is one of the best known and most widely implemented trusted third party
key distribution systems.
► A workstation cannot be trusted to identify its users correctly to network services
► A user may gain access to a particular workstation and pretend to be another
user operating from that workstation
► A user may alter the network address of a workstation so that the requests
sent from the altered workstation appear to come from the impersonated
workstation
► A user may eavesdrop on exchanges and use a replay attack to gain entrance
to a server or to disrupt operations
► Kerberos provides a centralized authentication server whose function is to
authenticate users to servers and servers to users.
► Unlike most other authentication schemes, Kerberos relies exclusively on
symmetric encryption, making no use of public-key encryption.
► Two versions of Kerberos are in common use: version 4 & version 5.
Kerberos Requirements
► Secure: A network eavesdropper should not be able to obtain the necessary
information to impersonate a user. More generally, Kerberos should be strong
enough that a potential opponent does not find it to be the weak link.

► Reliable: For all services that rely on Kerberos for access control, lack of
availability of the Kerberos service means lack of availability of the supported
services. Hence, Kerberos should be highly reliable and should employ a
distributed server architecture with one system able to back up another.

► Transparent: Ideally, the user should not be aware that authentication is

taking place beyond the requirement to enter a password.
► Scalable: The system should be capable of supporting large numbers of
clients and servers.
Terminology
Realm:
• Indicates an authentication administrator domain.
Principal:
• It is the name used to refer to the entries in AS.
Ticket:
• It is issued by AS & Encrypted using Secret key of Service.
Encryption:
Encryption type:
• DES, RC4-HMAC, AES128 &AES256 algorithms.
Encryption key.
Key Version Number (kvno)
 Key Distribution Center (KDC):
Database:
Contains information about Users & Services.
Authentication Server (AS):
Give reply to initial authentication Request from Client & issues TGT.
Ticket Granting Server (TGS):
Distributes Service tickets to client.
Session Key:
It is secret between Users & Services for which a client has work session open
on a server.
Replay Cache
Credential Cache:
Used to store password & related session key.
Kerberos Version 4
► Makes use of DES to provide the authentication service

► There are different approaches to security are :

1. SIMPLE AUTHENTICATION DIALOGUE

2. MORE SECURE AUTHENTICATION DIALOGUE.

A Simple Authentication Dialogue
► For a secure transaction, server should confirm the client and its request.
► In unprotected network it creates burden on server,
therefore an Authentication Server(AS) is used.
► Authentication server (AS)
► Knows the passwords of all users and stores these in a centralized
database
► Shares a unique secret key with each server
► Ticket
► Created once the AS accepts the user as authentic; contains the user’s
ID and network address and the server’s ID
► Encrypted using the secret key shared by the AS and the server
► The user logs on to a workstation and requests access to server V. The client module
C in the user’s workstation requests the user’s password and then sends a message
to the AS that includes the user’s ID, the server’s ID, and the user’s password.

► The AS checks its database to see if the user has supplied the proper password for
this user ID and whether this user is permitted access to server V. If both tests are
passed, the AS accepts the user as authentic and must now convince the server that
this user is authentic. To do so, the AS creates a ticket that contains the user’s ID
and network address and the server’s ID. This ticket is encrypted using the secret
key shared by the AS and this server. This ticket is then sent back to C.

► With this ticket, C can now apply to V for service. C sends a message to V containing
C’s ID and the ticket. V decrypts the ticket and verifies that the user ID in the ticket
is the same as the unencrypted user ID in the message. If these two match, the server
considers the user authenticated and grants the requested service.
Consider the following hypothetical dialogue
 Problem: An opponent could capture the ticket transmitted in
message (2), then use the name IDC and transmit a message of form
(3) another workstation. The server would receive a valid ticket that
matches the user ID and grant access to the user on that other
workstation. To prevent this attack, the AS includes in the ticket the
network address from which the original request came.
A More Secure Authentication Dialogue
► The main problem in A SIMPLE AUTHENTICATION DIALOGUE,
the user must enter password for every individual service.
► Kerberos overcome this by using a new server, known as Ticket
granting server (TGS).
► Now in Kerberos we have two servers; AS and TGS.
► The new service, TGS, issues tickets to users who have been authenticated to AS. Thus, the
user first requests a ticket-granting ticket from the AS.
► The client module in the user workstation saves this ticket. Each time the user requires
access to a new service, the client applies to the TGS, using the ticket to authenticate itself.
The TGS then grants a ticket for the particular service. The client saves each service-granting
ticket and uses it to authenticate its user to a server each time a particular service is
requested. Let us look at the details of this scheme:

1. The client requests a ticket-granting ticket on behalf of the user by sending its user’s ID to
the AS, together with the TGS ID, indicating a request to use the TGS service.

2. The AS responds with a ticket that is encrypted with a key that is derived from the user’s
password, which is already stored at the AS. When this response arrives at the client, the
client prompts the user for his or her password, generates the key, and attempts to decrypt
the incoming message. If the correct password is supplied, the ticket is successfully
recovered.
3. The client requests a service-granting ticket on behalf of the user. For this
purpose, the client transmits a message to the TGS containing the user’s ID, the
ID of the desired service, and the ticket- granting ticket.
4. The TGS decrypts the incoming ticket using a key shared only by the AS and
the TGS and verifies the success of the decryption by the presence of its ID. It
checks to make sure that the lifetime has not expired. Then it compares the user
ID and network address with the incoming information to authenticate the user.
If the user is permitted access to the server V, the TGS issues a ticket to grant
access to the requested service.
5. The client requests access to a service on behalf of the user. For this purpose,
the client transmits a message to the server containing the user’s ID and the
service- granting ticket. The server authenticates by using the contents of the
ticket.
 Working of Kerberos
Step 1: (Fig 1)

The AS, receives the

request by the client and
verifies that the client.

Fig. 1 Authentication service verifies the user ID

Step 2:

▪Upon verification, a timestamp

is created with current time in a
user session with expiration
date.
▪The timestamp ensures that
when 8 hours is up, the
encryption key is useless.

Step 3: (Fig 2)

The key is sent back to the

client in the form of a TGT.

Fig. 2 Authentication service issues

TGT.
Fig. 3 Client submits TGT to TGS.
Step 5: (Fig. 4)

▪ The TGS creates an

encrypted key with a
timestamp and grants the
client a service ticket.

Step 6:

▪ The client decrypts the

ticket & send ACK to TGS.

Fig. 4 TGS grants client the service ticket.

 Step 7:
▪Then sends its own
encrypted key to the
service server.

▪ The service
decrypts the key and
check timestamp is
still valid or not.

▪ If it is, the service

contacts the KDC to
receive a session that
is returned to the client.

Fig. 5 Service server decrypts

key & checks timestamp
Step 8: (Fig. 6)

▪ The client decrypts the ticket.

If the keys are still valid ,
communication is initiated
between client
and server.

▪ Now the client is authenticated

until the session expires.

Fig. 6 For valid keys communication is initiated.

Kerberos 4 Overview

42
Summary of Messages in Kerberos
▪ Advantages:
▪ Passwords are never sent across the network unencrypted.
▪ Clients and applications services mutually authenticated.
▪ Tickets have a limited lifetime.
▪ Authentication through the AS only has to happen once.
▪ Sharing secret keys is more efficient than public-keys.

▪ Disadvantages:
▪ Kerberos only provides authentication for clients and services.
▪ Vulnerable to users making poor password choices.
▪ Client M/c and service(servers) M/c to be designed with Kerberos
authentication in mind.
 Environmental differences between Kerberos version 4 and
version 5
S.No Parameters Version 4 Version 5

Encryption In version 5, ciphertext is tagged with an encryption-type

system Version 4 requires the use of DES.
1 identifier so that any encryption technique may be used.
dependence

Internet protocol Version 4 requires the use of Version 5 network addresses are tagged with type and
2 dependence Internet Protocol (IP) addresses. length, allowing any network address type to be used.

In version 4, the sender of a message employs a byte
ordering of its own choosing and tags the message to
Message byte
3 indicate least significant byte in lowest address or most
ordering
significant byte in lowest address.
In version 5, all message structures are defined using
Abstract Syntax Notation One (ASN.1) and Basic
Encoding Rules (BER), which provide an unambiguous
byte ordering.

Lifetime values in version 4 are encoded in an 8-bit

quantity in units of five minutes. Thus, the maximum In version 5, tickets include an explicit start time and end
4 Ticket lifetime lifetime that can be expressed is 28*5=1280 minutes. time, allowing tickets with arbitrary lifetimes.
This may be inadequate for some applications.

Version 4 does not allow credentials issued to one client

to be forwarded to some other host and used by some
Version 5 provides this capability authentication
Authentication other client. This capability would enable a client to
forwarding.
5 forwarding access a server and have that server access another
server on behalf of the client.

In version 4, interoperability among N realms requires

Inter-realm Version 5 supports a method that requires fewer
on the order of N2 Kerberos-to-Kerberos relationships,
6 authentication relationships.
as described earlier.
 PUBLIC KEY CRYPTOGRAPHY
▪ In Public Key Cryptography two different but mathematically related keys are
used.

▪ The public key may be freely distributed, while its paired private key must
remain secret.

▪ The public key is typically used for encryption, while the private or secret key
is used for decryption.

▪ It give new direction to Kerberos as it eases key distribution a lot.

▪ KDC doesn’t need to save client keys in its database.

▪ To obtain a TGT, the client has to present his public key.

▪ A trusted certification authority (CA) has to sign every valid public key.
 Digital Signature
The digital signature process.
• The sender uses a signing algorithm to sign the message.

• The message and the signature are sent to the receiver.

• The receiver receives the message and the signature and

applies the verifying algorithm to the combination.

• If the result is true, the message is accepted; otherwise, it is

rejected.
Difference Between Conventional And Digital
Signature
1. Inclusion
– When documents are signed digitally sender sends two documents :
the message and the signature
2. Verification Method
– A copy of the signature is not store anywhere. The recipients needs to
apply a verification technique to the combination of the msg and
signature to verify the authenticity
3. Relationship
– In digital signature there is one to one relation between document
and signature
4. Duplicity
– Duplication of digital signature is easy

49
The Digital Signature Process
 Need for Keys

Note
A digital signature needs a public-key system.
The signer signs with her private key; the verifier
verifies with the signer’s public key.
13.51
 Note
A cryptosystem uses the private and public keys of
the receiver: a digital signature uses
the private and public keys of the sender.

13.52
Services provided by Digital Signature
1. Message Authentication
2. Message Integrity
3. Nonrepudiation

For confidentially another layer of

encryption-decryption must be applied

53
 Digital Signature Schemes
Several digital signature schemes have evolved during the last few
decades. Some of them have been implemented.

1. RAS Digital Signature scheme

2. Digital Signature Standard (DSS)
3. ElGamal Digital Signature scheme
4. Schnorr Digital Signature scheme

13.54
 RSA Digital Signature Scheme

13.55
 Key Generation
Key generation in the RSA digital signature scheme is
exactly the same as key generation in the RSA

Note
In the RSA digital signature scheme, d is private;
e and n are public.

13.56
 Signing and Verifying

RSA digital signature scheme

13.57
 Example
As a trivial example, suppose that Alice chooses p = 823 and q = 953,
and calculates n = 784319. The value of φ(n) is 782544. Now she
chooses e = 313 and calculates d = 160009. At this point key
generation is complete. Now imagine that Alice wants to send a
message with the value of M = 19070 to Bob. She uses her private
exponent, 160009, to sign the message:

Alice sends the message and the signature to Bob. Bob receives the
message and the signature. He calculates

Bob accepts the message because he has verified Alice’s signature.

Example

Alice selects n=221 and e=15.Find Private key of Alice.

If Alice wants to send message M=11 to Bob. Calculate
The Signature and show Bob can
Verify the message.

07/20/10
DSS

62
Sender Side :
• In DSS Approach, a hash code is generated out of the message and
following inputs are given to the signature function –
1. The hash code.
2. The random number ‘k’ generated for that particular signature.
3. The private key of the sender i.e., PR(a).
4. A global public key(which is a set of parameters for the
communicating principles) i.e., PU(g).
• These input to the function will provide us with the output
signature containing two components – ‘s’ and ‘r’. Therefore, the
original message concatenated with the signature is sent to the
receiver.

63
Receiver Side :
At the receiver end, verification of the sender is done. The hash code
of the sent message is generated. There is a verification function
which takes the following inputs –
1. The hash code generated by the receiver.
2. Signature components ‘s’ and ‘r’.
3. Public key of the sender.
4. Global public key.
• The output of the verification function is compared with the
signature component ‘r’. Both the values will match if the sent
signature is valid because only the sender with the help of it
private key can generate a valid signature.

64
Two Approaches to Digital Signatures

65
DSS Signing and Verifying

66
Algorithm
Global Public-Key Components
P---prime number where 2L < p < 2L-1
q---prime divisor of (p 1), where 2159 < q < 2160; i.e., bit length of 160 bits
g---= h(p 1)/q mod p,
h is any integer with 1 < h < (p 1) such that h(p 1)/q mod p > 1

User's Private Key

X: random or pseudorandom integer with 0 < x < q

User's Public Key

Y = gx mod p

User's Per-Message Secret Number

K = random or pseudorandom integer with 0 < k < q

67
 Signing
r = (gk mod p) mod q
s = [k-1 (H(M) + xr)] mod q
Signature = (r, s)
Verifying
w = (s')-1 mod q
u1 = [H(M')w] mod q
u2 =(r')w mod q
v = [(gu 1 yu 2) mod p] mod q
TEST: v = r'
M = message to be signed
H(M) = hash of M using SHA-1
M', r', s' Received M R and S
68
 Digital Signature
The digital signature process.
• The sender uses a signing algorithm to sign the message.

• The message and the signature are sent to the receiver.

• The receiver receives the message and the signature and

applies the verifying algorithm to the combination.

• If the result is true, the message is accepted; otherwise, it is

rejected.
 ElGamal Digital Signature Scheme

General idea behind the ElGamal digital signature scheme

13.70
 Key Generation
The key generation procedure here is exactly the same as
the one used in the cryptosystem.

Note
In ElGamal digital signature scheme, (e1, e2, p) is
Alice’s public key; d is her private key.

13.71
 Verifying and Signing

ElGamal digital signature scheme

13.72
✔ In the signing process , two functions create two
signatures ; in the verifying process the output of two
functions are compared for verification .
✔ One function is used both for signing and verifying
but the function uses different inputs .
✔ The message is part of the input to function 2 when
signing; it is part of the input to function 1 when
verifying. The calculations in functions 1 and 3 are
done modulo p ; it is done modulo p-1 in function 2 .
✔ The problem is that p needs to be very large to guarantee
that the discrete log problem is intractable in Zp*.
✔ The recommendation is a p of atleast 1024 bits. This
could make the signature as large as 2048 bits.
✔ To reduce the size of the signatutre , schnorr proposed a
new scheme based on ElGamal , but with a reduced
signature size.
 KEY-ONLY FORGERY
In this eve has access only to the public key. Two kinds of
forgery are possible:
1.Eve has a predefined message M.She needs to forge
Alice’s signature on it.Eve must find two valid signatures
S1 and S2 for this message.This is a selective forgery.
2.Eve must be able to find three random values :M,S1 and
S2 such that the last two are the signature of the first one.
 KNOWN-MESSAGE FORGERY

If eve has intercepted a message M and its two signatures

S1 and S2,she can find another message M’, with the same
pair of signatures S1 and S2.However,note that this is also
an existential forgery that does not help Eve very much.
 Example
• Bob chooses p=11,e1=2,r=9,d=8 and sign message M=5 using Elgamal
digital signature scheme. Calculate s1 and s2 and show how Alice can
verify the signature

• Alice chooses p=23,e1=5,d=3 a random number 9 and sign message

M=7 before sending it to bob. Calculate s1 and s2 and show how bob
can verify the signature.
 SCHNORR DIGITAL SIGNATURE
SCHEME-Signing and Verifying
In this signature scheme , Alice’s public key is (e1,e2,p,q);
her private key (d) .
✔ In the signing process , two functions create two
signatures; in the verifying process , the output of one
function is compared to the first signature for
verification.
✔ The important point is that the scheme uses two
moduli :p and q.
✔ Functions 1 and 3 use p ; function 2 uses q .
 Signing
1.Alice chooses a random number r.
2.Alice calculates S1 = h(M|e1^r mod p).
3.Alice calculates S2 = r + d × S1 mod q.
4.Alice sends M, S1, and S2. Verifying Message
5.Bob calculates V = h (M | e1^S2 e2^−S1 mod p).
6.If S1 is congruent to V modulo p, the message is
accepted; otherwise rejected
Legal Aspects of Digital Signatures
The digital signature is that which makes a document a legal one.
It is a representation of assuring that the document meats all
legal and is authentic in its framework.
The actual digital signature provides the following:
• • Evidence
• • Ceremony
• • Approval
• • Efficiency

81
Advantages of Digital Signatures
• Advantages
1. Authentication , identification of the person that signs.
2. Integrity of data , every change will be detected.
3. Non repudiation , because the author cannot be denied of his work (he
created and sent).
4. Imposter prevention Elimination of possibility of committing fraud by an
imposter
• Disadvantages
1. The disadvantages of using digital signatures involve the primary avenue
for any business: money.
2. Though the use of Digital Signatures is very powerful way to secure and
authenticate a message or document, its advantages are hampered by lost
or theft of keys and the use of vulnerable storage facilities.
3. A number of Digital Signature standard exist which are incompatible with
each other and there is a strong need of a standard through which these
different methods (keys) can interact.

82