BakerDavid.com : Work : Portfolio : Digital Signatures

Work



	Ingeo Education Series Digital Signatures



	Why signatures? Ever since mankind has documented its existence, people have used contracts to conduct their daily business. One of the earliest recorded contracts was drafted for the sale of a piece of real estate in ancient Sumeria (modern-day Iraq): Sini-Ishtar, the son of Ilu-eribu, and Apil-Ili, his brother, have bought one third Shar of land with a house constructed, next the house of Sini-Ishtar, and next the house of Minani; one third Shar of arable land next the house of Sini-Ishtar, which fronts on the street; the property of Minani, the son of Migrat-Sin, from Minani, the son of Migrat-Sin. They have paid four and a half shekels of silver, the price agreed. Never shall further claim be made, on account of the house of Minani. By their king they swore. The names of fourteen witnesses and a scribe then follow. Month Tebet, year of the great wall of Karra-Shamash. 1 This rather modern-sounding contract dates back to about 2000 B.C., and contains all of the standard parts of a contract: the date, the parties to the deal, the considerations being exchanged, and most important of all, the signatures of those involved. Though these signatures are rendered in cuneiform (wedge-shaped stylus marks in wet clay), they are identical in function to the signatures of today. Signatures are so ubiquitous that we often take them for granted. We sign things every day—letters, receipts, checks, and contracts—yet we rarely consider what the ink on the paper actually means. The word signature comes from the Latin signare, "to mark," which derives from signum, "sign." A signature is exactly that—a mark or sign that identifies us as part of a transaction. The act of signing a document is the same whether it's a friendly letter, a traffic ticket, or a check for the phone bill. According to the American Bar Association, we put our marks on documents for several different reasons: 2 Ceremony: Most documents requiring signatures involve transactions, large or small. The ceremonial act of signing emphasizes the relative importance of the transaction and the mark that makes it legal. Evidence: When we sign a document, we make a distinctive mark that links us to that document. In signing, we assert that the words on paper are intended to be taken as our own (i.e. "I said this"). Approval: A person's mark usually indicates approval of the document, its contents, and its legal implications (i.e. "I agree to this"). Logistics: To "sign off" on a document sets events in motion, allowing money to change hands and lives to change. To "sit on" a document, refusing to sign, keeps these things from happening. The act of signing facilitates the flow of the transactions that shape our lives. We generally think of a signature as someone's name, but this isn't necessarily the case. Most of us have probably seen a movie where someone signs a document with a mark (generally an X) instead of a name. This type of mark isn't much further from the often illegible scribbling at the bottom of a doctor's prescription slip. Sometimes signatures are more conventional than "actual", like a company president's computer-generated signature on a payroll check, or the U.S. treasurer's printed signature on our currency. Other marks that count as signatures in our legal system include certain stamps and seals. With signatures, it doesn't matter if it's a name or an X or a stamp or a seal. What matters is that the mark identifies the person approving the document and that it allows a transaction to take place. Why digital signatures? The Internet has irrevocably changed the way the world interacts. As we go increasingly online to get our work done, more and more of the documents we produce are purely digital—created, processed, and stored without paper. Several years ago, when it became evident that this trend of electronic business would continue to evolve, people began to recognize a need for a way to "sign" an electronic document. Electronic document signing would speed up the process by which documents get executed and actions are initiated. There are essentially three purposes that any signature—digital or otherwise—must serve: 3 Signer identity: The signature must identify the person who signed the document. Document identity: The signature should identify the document that has been signed. Security: The nature of the signature and document should make it extremely difficult for either the signer or the document to be changed or falsified without detection. For so-called "wet" signatures, created with a pen and ink, all three purposes are modestly served by conventions that have been in existence for many centuries. The identity of a signer is confirmed either by witnesses (and/or notaries) or by having an expert compare the signature to a known handwriting sample. The identity of a document is verified by dealing with original paper documents only—no copies and no faxes. The security of the transaction is maintained by examining both the document and the signature: checking whether either has been tampered with, smearing fresh ink with a wet finger, holding the document to the light to detect the presence of correction fluid, and so on. In truth, the vast majority of signed documents receive just a cursory examination. Wet signatures are generally assumed valid unless circumstances suggest that they might be fraudulent. For digital signatures, the standards for validation are much, much higher. The distributed, public nature of the Internet makes it very difficult to guarantee the integrity of transmitted or received data. Fear of computer hackers, digital forgers, and online con artists has helped push the bar for online security much higher. Advanced network security technology reduces the risk that electronic documents will be intercepted and altered while in transit. More importantly, high-tech encryption allows any potential tampering to be detected. The result is that digital signatures are at least as "safe" as wet signatures, providing online speed and convenience in addition to peace of mind. What is a digital signature? To explain what digital signatures are, it is useful to explain what digital signatures are not. A digital signature is in no way tied to a person's handwritten signature. Many of us have signed for a package on an electronic pad that captures our signature as a computerized image. This is a digitized signature, not a digital signature. Digital signature technology has nothing to do with a person's handwritten name. A digital signature is a series of numbers generated by complex algorithms, and involves encryption technology rather than penmanship. The basic mathematics behind digital signature technology has been around since 1977. Two major factors have fostered the relatively recent implementation of digital signatures as a practical tool. First is the passage of several important laws which endorse the technology for business and government use. Second is the emergence of a framework of enterprise to facilitate the creation and processing of digitally signed documents. This framework is referred to as the Public Key Infrastructure, or PKI. What is the Public Key Infrastructure? Public Key Infrastructure (PKI) refers to the companies, people and technologies working together to ensure trust in the digital signature industry. This includes anyone involved in the following: Verifying and vouching for a person's identity Issuing and administering digital certificates Linking key code data to a person's digital certificate Ensuring the security of key codes and encryption technologies Promoting and supporting the infrastructure At the heart of PKI is a technology called asymmetric cryptography. Most cryptographic methods used today are symmetric—that is, they use a single key to both lock and unlock a message. In contrast, asymmetric cryptography (also known as public key cryptography) relies on two separate keys: a private key and a public key. When used with digital signatures, each key has a specific purpose: A private key is a very long number generated by a special mathematical function. The private key is the main tool used to create a digital signature. It is known only to the person who generates it, and must be kept absolutely secret because it represents the identity of the person using it. A private key is almost always password protected, and is encoded on a smart card (with an embedded microchip), on a Universal Serial Bus (USB) token that connects to a computer, or in a special computer file. A public key is a second long number that allows another person to "unlock" a signature in order to validate both the document and the signer's identity. The public key is generated with the private key. The two are mathematically related, but because of the nature of the key generation algorithms, it is virtually impossible to deduce the form of the private key from the public key or its signature. Together, a private key and a public key constitute a key pair. The public key becomes public when a digital certificate is issued. It is useful to think of a digital certificate as a sort of "signing license." It is a digital identity card that contains an assortment of information: The name of the certificate holder Additional information about the owner (e-mail address, city and state of residence, and so on) The holder's public key The certificate's date of issue and date of expiration A validation stamp (really just another signature) by the agency issuing the certificate A digital certificate is issued by a certification authority (CA). The PKI industry trusts CAs to verify the identity of certificate holders, to renew and revoke certificates as needed, and to maintain public information related to the certificates they issue. CAs routinely use a variety of different sources—drivers licenses, passports, personal references, and so on—to vouch for a person's identity before issuing a certificate. Since CAs are only as good as the trust they engender in others, they must follow carefully established protocols, and frequently open themselves to outside auditors. Once a certificate is issued, the holder has all of the tools necessary to create and verify a digital signature. How is a private key used to create a digital signature? Digital signature technology capitalizes on the fact that every digital document—no matter what kind of file it is—is essentially a long series of ones and zeroes. Since digital documents are just long string of numbers, mathematical functions can be performed on them. The process begins with an unsigned document: Once a digital document is ready to be signed, the document's numerical code is processed through a special mathematical operation called a hash function. This creates a new document called a document fingerprint, also referred to as a message digest. The document fingerprint and private key are used in a second operation called a signature function. This process uses the private key to encrypt the document fingerprint, resulting in a digital signature. The digital signature is like a locked box containing the document fingerprint. The only way to unlock this box is to use the public key of the user who locked it. The digital signature is embedded within the original document, creating a digitally signed document. How is a public key used to validate a digital signature? Once a digital document has been signed, it can be sent to the interested parties. As a matter of course, anyone who receives a digitally signed document will want to authenticate it before the document is reviewed. The process of validation includes ensuring that the signature was created by someone authorized to do so, and checking whether the document has been tampered with in any way. Validation assures the reviewer that the security of the process—and the authenticity of the signed document—is conclusively proven. The validation process begins with a signed digital document: First, the original document and digital signature are separated. The original document is processed using the same hash function that was used when the document was signed. This creates another document fingerprint. Next, the signer's digital certificate is obtained from the certificate authority's online repository. This certificate contains the signer's public key. Since the public key can only unlock a message that has been locked by the user's corresponding private key, it is critical that the correct key be used. The public key is used to unlock the digital signature, releasing the original document fingerprint. The two document fingerprints are compared. They must be absolutely identical if the document is to be proved valid. If the private key that locked the message doesn't match the public key that unlocked the message, or if the document has been tampered with in any way, the signed document will be invalidated. If the two message digests match, then the signature—and the document to which it is attached—is proven valid, and the signed document is accepted as legal and legitimate. In this way, digital signatures fulfill the requirements for which they were designed. They identify the person signing the document, they identify the document itself, and they ensure that neither the signature nor the document has been forged or altered. What is digital notarization? An important part of many signed documents is a notarized acknowledgement. This is a time-tested safeguard that helps protect the parties of a contract or transaction. According to the National Notary Association, there are five components of a notarized acknowledgement: 4 Personal appearance: This crucial aspect of the acknowledgement allows the notary to observe and interact with the signer, noting if anything seems suspicious or out of the ordinary. Identification: The notary may rely on several means—identity documents, credible witnesses, or first-hand knowledge—to make sure that the person signing a document is the same person who is party to it. Acknowledgement by signer: In signing before a notary, signers assert that they are authorized to sign a document and that they are signing on their own volition. Lack of duress: The presence of a third party helps prevent a signer from being coerced into signing by threats of physical harm. Awareness: Interacting with the signer allows the notary to detect whether drugs, mental impairment or other infirmity may have affected a person's judgement, influencing the decision to sign. The roles played by the document signer and notary are straightforward. The signer makes the acknowledgement, and the notary takes the acknowledgement. The acknowledgement says, in essence, "This is my signature, which I am making voluntarily, and with a clear head." Once steps have been taken to verify that this is true, the notary confirms the acknowledgement by affixing a seal to the document. For all practical purposes, a digital acknowledgement is identical to a digital signature, but a digital acknowledgement can only be created by a notary public who has been given special credentials to do so. Instead of an embossed stamp, the notary uses a special digital certificate. Though the documents and signatures are digital, many states still require that a notary public be physically present for the document's signing, to fulfill the "personal appearance" required by law. This requirement may change as digital documents become more and more commonplace. A document that has been both signed and notarized will actually contain two digital signatures, the signer's and the notary's. The technology is designed so that the signatures are cumulative. When a document is notarized, the original signer's digital signature is first validated. Thus, validating a digital acknowledgement also validates the signer's digital signature—and the original document itself. Are digital signatures and acknowledgements safe? Almost everything about PKI is public—digital certificates, public keys, and signing and hash algorithms. The only secret in the digital signature industry is the private key held by each individual certificate holder. The private key is the linchpin of the entire Public Key Infrastructure, providing the positive authentication necessary to make it all work. As long as a signer's private key remains secret, the whole process is secure. There are really only three ways that a private key could be compromised: The owner of the key could reveal it (intentionally or otherwise) to someone else. The key could be revealed through the use of malicious software on the user's computer. The key could be "cracked" through the use of cryptoanalysis, the process of trying every possible key combination until one works. The first scenario is the most likely, but also the easiest to prevent. The truth is that more security systems are broken through social engineering—fast talk and plausible requests—than through hacking. For example, a con artist could call a certificate holder, and say something like the following: "Hi, Ms. Jones. This is Rufus Abernathy from Acme Digital Certificates. Our servers were fried yesterday by a lightening storm—but don't worry. We have restored the system, but have to re-validate your digital certificate against a known signature. I need you to send your private key code to the following email address...." Ms. Jones, of course, should tell the caller to go jump in a lake. She should also report the incident to her certificate authority. A certificate authority will never ask a certificate holder to reveal his or her private key; anyone asking for a private key is suspect. As long as each certificate holder is careful not to reveal his or her private key to anyone—including spouse, employer, and employees—the private key will remain safe. The second possibility is that malicious software could capture and reveal a private key. Anyone who has fallen victim to a computer virus knows that software from uncertain sources is not always what it appears to be. If a signer uses software that has been specifically engineered to capture and relay the private key code, it is probable that the key will be compromised. Because of this, it is important that signers use only signing software from trusted sources. The final possibility is that a private key could be revealed through cryptoanalysis. This is the least likely of the three scenarios. In fact, because of the nature of public key cryptography, it is virtually impossible. The strength of any cryptographic system is determined by the relative probability that its code can be cracked. This probability is gauged by the number of elements and the range of each element, which in turn determines the total number of possible key combinations. The more combinations, the better the security. A good example of "acceptable" security is the humble combination lock. People trust their wallets and keys and credit cards to them when they leave their belongings in a school or gym locker. But how safe are they? Well, a standard combination lock has ticks for 40 positions, and takes three numbers to open. Three elements, with a range of 1 to 40 for each element, allow for 64,000 (40³) different combinations. Assuming it takes about 15 seconds to try each possible combination, it would take a person just over 11 days (without eating or sleeping) to try them all. In the digital world, where information is composed of "bits" (ones and zeroes), the range of a key element is always two. Since 2¹⁶ (2 x 2 x 2 x 2 x 2 x 2 x 2 x 2 x 2 x 2 x 2 x 2 x 2 x 2 x 2 x 2) would be 65,536, this means that the combination lock is roughly equivalent to 16-bit encryption. Stated another way, it would take a sequence of 16 ones or zeroes to approach the level of complexity—and security—of a combination lock. Digital signatures, on the other hand, use 1,024-bit encryption. A private key is simply a number represented by a series of 1,024 ones and zeroes. The gross number of possibilities with this scheme is easy to calculate, but difficult to fathom. With 1,024 positions and a range of two possibilities for each position, we get a total of 2¹⁰²⁴, or 1.8 x 10³⁰⁸, possibilities. This number would be written with an 18 followed by 307 zeroes—not to mention 102 commas. We don't really have names for numbers this large. How difficult would it be to use cryptoanalysis to crack a digital signature? The standard method would be to have a computer begin at the first number and cycle through to the last possible number, checking to see if the result is comprehensible. Digital signature standards require that both public and private keys be prime numbers (divisible only by one and themselves). Though this narrows down the total range of possibilities, it would actually be quicker to simply check every number rather than trying to factor each combination to see if it is prime or not. So suppose we had a supercomputer that could generate a trillion (1,000,000,000,000 or 10¹²) keys per second. At this rate, it would take the computer 2.4 x 10²⁸⁷ years to generate all possible key combinations. Considering that scientists generally agree that our universe is only about 18 trillion (1.8 x 10¹⁰) years old, this means it would take our supercomputer a length of time that is 277 orders of magnitude higher than the age of our universe to generate all possible keys. Granted, the computer might get lucky and get the correct combination right off the bat. Otherwise, the process could take a long, long time. According to security experts, no successful attacks on 1,024-bit encryption have been reported. Considering the numbers outlined above, this is hardly surprising. As long as a person's private key is kept secret, his or her digital signature is safe and secure. Conclusion Since ancient times, people have been leaving their marks on the figurative dotted line. In ancient Sumeria, it was stylus marks on clay tablets. In Egypt, it was hieroglyphs on papyrus. Yesterday's standard was fresh ink on white paper, but the times—as always—are still changing. As this latest revolution in document technology continues, we can expect to see more and more "paper standards" reinvented and reinforced by information science. Computerization offers benefits never before seen in a previous document technology: instant transmission, flexible storage, and effortless duplication. Digital signatures provide the final pieces of the puzzle, adding a high standard of security and ensuring peace of mind. NOTES: Halsall, Paul, ed. 1998. A Collection of Contracts from Mesopotamia, c. 2300 - 428 BCE. Internet Ancient History Sourcebook. 21 March 2001 http://www.fordham.edu/halsall/ancient/mesopotamia-contracts.html. American Bar Association, Science and Technology Information Security Committee. [2000]. Digital Signature Guidelines Tutorial. 21 March 2001 http://www.abanet.org/scitech/ec/isc/dsg-tutorial.html. American Bar Association. National Notary Association. A Position on Digital Signature Laws and Notarization. Chatsworth, CA: National Notary Association, 2000.



	What's New? If you don't know me, or don't know me well, you can get a pretty good picture of who I am and what I do from snooping around in this site. How I pay the bills: DriveTime Eclectic Interactive What I do for fun: Equinox Spirit of Phoenix