Digital Signatures And 

Authentication  Protocols
Reporters:
Jerimiah Saberon
Merryl Lorraine gonzaga
April mae panaguiton
What is the Digital Signature Standard (DSS)?
 The Digital Signature Standard (DSS) is a digital signature algorithm developed by the
U.S. National Security Agency as a means of authentication  for electronic documents.

 A digital signature is equivalent to a written signature used to sign documents and provide physical
authentication.

 DSS was published by the National Institute of Standards and Technology in 1994. It has since
become the United States government standard for authentication of electronic documents.

 DSS is also specified as a verified means for authentication in Federal Information Processing
Standards (FIPS) 186.
How does the Digital Signature Standard work?
 DSA is a pair of large numbers that are computed according to the specified algorithm within
parameters that enable the authentication of the signatory and, as a consequence, the
integrity of the data attached.
 It contains Elliptic Curve Digital Signature Algorithm (DSA), as well as a definition of Rivest-
Shamir-Adleman signatures based on Public-Key Cryptography Standards #1 version 2.1
and American National Standards Institute X9.31.
 Digital signatures are generated through DSA, as well as verified. Signatures are
generated in conjunction with the private key. Verifying the private key takes place in
reference to a corresponding public key
What is the Digital Signature Standard format?
Lesson 2: Authentication services and protocols

•     Authentication protocols are methods or procedures

used to verify the identity of a user, device, or system.
These protocols are designed to ensure that only
authorized users or devices are able to access protected
resources, and to prevent unauthorized access or
tampering.
 Types of Authentication
 Password-based authentication  - This is the most common form of authentication, in
which a user provides a username and password to log in to a system or access a protected
resource. Password-based authentication is relatively simple to implement, but can be
vulnerable to attacks such as dictionary attacks or brute force attacks.
 Two-factor authentication − This is a type of authentication that requires a user to provide
two forms of identification, such as a password and a security token, to log in to a system or
access a protected resource. Two-factor authentication can provide an additional layer of
security, but may be inconvenient for users and may require additional infrastructure to
support.
 Biometric authentication − This is a type of authentication that uses physical or
behavioral characteristics ,such as a fingerprint or facial recognition, to verify the identity of
a user. Biometric authentication can be highly secure, but may be expensive to implement
and may not work well for all users (e.g., due to differences in physical characteristics).
 The Most Common Authentication Protocols are:

 Kerberos is an authentication protocol that is used to securely identify users and devices
on a network. It is designed to prevent attacks such as eavesdropping and replay attacks,
and to allow users to securely access network resources without transmitting their
passwords over the network.
 LDAP (Lightweight Directory Access Protocol) is a network protocol used to access and
manage directory services, such as those provided by Active Directory or Open LDAP.
LDAP is designed to be a simple, fast, and secure protocol for accessing directory services
over a network.
 OAuth2 (Open Authorization 2.0) is an open standard for authorization that enables users
to grant third-party applications access to their resources (such as data or services) without
sharing their passwords. OAuth2 is used to enable secure authorization from web, mobile,
and desktop applications.
 The Most Common Authentication Protocols are:

 SAML (Security Assertion Markup Language) is a standard protocol used to securely

exchange authentication and authorization data between organizations. It is commonly
used to enable single sign-on (SSO) and to provide secure access to web-based
resources.
 RADIUS (Remote Authentication Dial-In User Service) is a networking protocol used to
manage and authenticate users who connect to a network. It is commonly used to
authenticate users who connect to a network using a dial-up connection, but it can also be
used to authenticate users who connect to a network using other technologies, such as
wireless or VPN.
Lesson 3: 2FA (Two Factor Authentication) 

What is 2FA ?    
Two-factor authentication (2FA) is an identity and access management security method that requires two
forms of identification to access resources and data. 2FA gives businesses the ability to monitor and help
safeguard their most vulnerable information and networks.

Benefits of 2FA
Businesses use 2FA to help protect their employees’ personal and business assets. This is important
because it prevents cybercriminals from stealing, destroying, or accessing your internal data records for
their own use.
Authentication methods for 2FA

 Hardware Tokens - Businesses can give their employees hardware tokens in the form of a
key fob that produces codes every few seconds to a minute. This is one of the oldest forms
of two-factor authentication.

 Push Notifications - Push two-factor authentication methods require no password. This type
of 2FA sends a signal to your phone to either approve/deny or accept/decline access to a
website or app to verify your identity.

 SMS Verification - SMS, or text messaging, can be used as a form of two-factor

authentication when a message is sent to a trusted phone number. The user is prompted to
either interact with the text or use a one-time code to verify their identity on a site or app.

 Voice-based Authentication - Voice authentication works in a similar way to push

notifications, except that your identity is confirmed through automation. The voice will ask you
to press a key or state your name to identify yourself.
2FA Implementation
• Implementing 2FA within a business or personal setting is beneficial in protecting vulnerable
networks and databases. With a mobile device, you can generate your own codes, or
tokens, to provide a unique set of letters/numbers to verify your identity. These codes are
sent via SMS and are verified through a website or app. It is important to note that the
website or app that you’re identifying yourself through is reliable and safe. One-time
passcodes that are generated through apps or websites are more time-sensitive than an
SMS code or token.

• Here are some tips to ensure your two-factor authentication implementation goes as
smoothly as possible.
• Consider using the most common method of implementation, SMS authentication. It’s
convenient and ensures that all user identities are verified via a reliable phone number.
• Remember that most users can implement 2FA through the security settings of their
smartphone or electronic device.
• Find the right two-factor authentication provider.
Lesson 4: Digital Certificates 
A digital certificate is a form of electronic credential that can prove the authenticity of a user,
device, server, or website. It uses PKI to help exchange communications and data securely
over the internet.

A digital certificate contains the following identifiable information:

• User’s name
• Company or department of user
• IP (internet protocol) address or serial number of device
• Copy of the public key from a certificate holder
• Duration of time the certificate is valid for
• Domain certificate is authorized to represent
Digital certificates can provide the following benefits:

 Security - Digital certificates can keep internal and external communications confidential and
protect the integrity of the data. It can also provide access control, ensuring only the intended
recipient receives and can access the data.
 Authentication - With a digital certificate, users can be sure that the entity or person they
are communicating with is who they say they are and makes sure that communications reach
only the intended recipient. 
 Scalability - Digital certificates can be used across a variety of platforms for individuals and
large and small businesses alike. They can be issued, renewed, and revoked in a matter of
seconds.
 Reliability - A digital certificate can only be issued by a publicly trusted and rigorously vetted
CA, meaning that they cannot be easily tricked or faked.  
 Public trust - The use of a digital certificate proves authenticity of a website, documents, or
emails. It can assure users and clients that the company or individual is genuine and
respects privacy and values security.
Different types of digital certification

 TLS/SSL certificates - The TLS/SSL certificate is used to secure communications between

a computer and the server, and it is hosted by the server. When a client computer seeks to
access the server, the server will present the digital certificate to prove that it is authentic
and the desired destination.
 Client certificates -This is a form of a digital ID that can identify one machine to another —
a specific user to another user. This can be used to allow a user to access a protected and
secure database and also for email.
 Code signing certificates -This type of digital certificate involves software or files. The
publisher or developer of software will sign it to validate its authenticity to users downloading
it.
Where digital certificates are used

 Public certificate authorities are required to adhere to a set of baseline requirements. Most
web browsers are set up to trust a pre-selected list of CAs, which are set by the browser
itself or the operating system of the device. The verification of a digital certificate often
happens behind the scenes and quickly, without a user even being aware of the process.
 Digital certificates are also used in e-commerce to protect sensitive, identification, and
financial information. Online shopping, stock trading, banking, and gaming all use digital
certificates. Digital certificates can be used for electronic credit card holders and merchants
to protect the financial transaction.
Criticisms of digital certificates

 While digital certificates are designed to invoke public trust and prove security and validity,
they are not infallible. Digital certificates do have potential weaknesses that bad actors have
exploited.
 Organizations can be breached, for example, and cybercriminals can steal certifications and
private key information, allowing them to then distribute malware. An illegitimate certificate
can configure an infected system to trust it opening the door to attack.
 The MITM (man-in-the-middle) attack has also been known to intercept SSL/TLS traffic to
gain access to sensitive information by either creating a fake root CA certificate or installing
a rogue certificate that can then bypass security protocols. Overall, however, the use of
digital certificates to secure websites is considered to be more secure than not using them.
THANK YOU!!!