Upload
calvin-watson
View
216
Download
1
Embed Size (px)
Citation preview
© Julia Wilk (FHÖV NRW) 1
Digital Signatures
© Julia Wilk (FHÖV NRW) 2
Digital Signatures
Structure
1. Introduction
2. Basics
3. Elements of digital signatures
4. Realisation in public authorities
5. Conclusion
© Julia Wilk (FHÖV NRW) 3
Digital Signatures
1. Introduction
• What is a Digital Signature?- A Digital Signature is a type of asymmetric cryptography used
to simulate the security properties of a handwritten signature on paper.
- Sometimes also used: Electronic Signature (here synonymic)
• Why is it important for E-Government?- Handwritten signature often required in public law - Digital signature can replace it- More possibilities of electronic services:
Cost savings Saving Time
© Julia Wilk (FHÖV NRW) 4
Digital Signatures
2. Basics2.1. Law
• Germany: “Signaturgesetz” in 1997- Precondition for safe and legally binding electronic
signatures- Regulates specifications for using digital signatures
• Europe: EU Signature Directive- Unification of different signature laws in the EU
(especially different security levels)- Basis for changes of the German law in 2001, 2005
and 2007- Changes made the law conform to the European
directive
© Julia Wilk (FHÖV NRW) 5
Digital Signatures
Law: Different Signatures1. Electronic signature
- Data in electronic form which are attached with other electronic data and which serve as a method of authentication
2. Advanced electronic signature- Means an electronic signature that is also
- uniquely linked to the signatory,- capable of identifying the signatory,- linked to the data to which it relates that any change of the data is
detectable.
3. Qualified digital signature- based on a qualified certificate of a Certification Authority (CA)- Germany: sole signature that is equal to a handwritten signature (§
126a BGB)
4. Qualified digital signature with accreditation- Like a qualified signature, but furthermore
CA was accredited voluntarily Proof for comprehensive technical and administrative security
© Julia Wilk (FHÖV NRW) 6
Digital Signatures
2.2. Security Properties
© Julia Wilk (FHÖV NRW) 7
Digital Signatures
Security Properties of handwritten messages
• Authenticity- Nobody should impersonate someone he doesn’t is
• Integrity- A message can not be falsified unnoticed
• Obligation- The signature has to assure legal certainty
• Confidentiality- No person except the receiver should be able to read
the message
© Julia Wilk (FHÖV NRW) 8
Digital Signatures
3. Elements of digital signatures
3.1. Basic functionality
3.2. Hash functions and hash results
3.3. Asymmetric encryption
3.4. Certification
3.5. User’s realisation
© Julia Wilk (FHÖV NRW) 9
Digital Signatures
© Julia Wilk (FHÖV NRW) 10
Digital Signatures
3.2. Hash functions and hash results
• Solution: Not the document itself, but its hash result gets signed
• Hash function:= algorithm which creates a digital representation in the form of a hash result of a standard length which is usually much smaller than the message but substantially unique to it
• Hash function also known as “digital fingerprint”• Premises for hash functions:
- Hash function has to be unique- “One-way-property”
© Julia Wilk (FHÖV NRW) 11
Digital Signatures
3.3. Asymmetric encryption
• Basic: a pair of keys, namely a private key and a public key
• Premises:- Private key has to be saved, e.g. using a chip card with a PIN - Public key can be accessible for everyone, but its owner’s
identity has to be identifiable without problems to guarantee authentication (certificate)
- Not possible to generate the Private key by knowing someone’s Public key
© Julia Wilk (FHÖV NRW) 12
Digital Signatures
3.2. Encryption: Proceeding
• Generating message’s digest (hash result)• Using Public Key to encrypt hash result• Result of the encryption: digital signature• Sender sends
- message,- digital signature and- certificate to receiver
• Receiver wants to check- Integrity
Generating hash result, compare it to the sender’s hash result and decrypting the message with the sender’s public key
- Authenticity Can be checked by means of the certificate
© Julia Wilk (FHÖV NRW) 13
Digital Signatures
3.2. Encryption: Proceeding
© Julia Wilk (FHÖV NRW) 14
Digital Signatures
3.4.Certification
• Important for authenticity:- Receiver of a message has to be sure that the public key he
uses really belongs to the sender
• Solution: Certification Authority (CA)- Independent, confidential- Law causes premises for a CA
• Certificate: comparable with a digital identity card• Document that shows someone’s identity doubtless• Three-stepped infrastructure guarantees authenticity:
- Sender- CA- Authority that controls CA
© Julia Wilk (FHÖV NRW) 15
Digital Signatures
3.5. Realisation by user
• Important for security: private key has to be absolutely saved and only available for his user
• Technical premises:- Chip card and PIN
High security level because of “possession and knowledge” Cards available through bank branches, but they are only
mediators of accredited CAs Encryption of the hash result is realised in a matter of
seconds
- Card reader- Computer and corresponding software
© Julia Wilk (FHÖV NRW) 16
Digital Signatures
3.5. User acceptance• Citizen’s interests:
- Doing as much as possible by using the internet - Survey: 88 % of German citizens would like to do everything
concerning public administration online to avoid waiting times and save time
• Today: Nearly every authority has got a homepage where you can download forms or search for information
• Problem: Forms often need to be signed handwritten• We learned: Only the qualified digital signature can replace a
handwritten signature• Using qualified signatures premises special equipment
(remember chip card, card reader…)
© Julia Wilk (FHÖV NRW) 17
Digital Signatures
3.5. User acceptance
• Question: Are the citizens really willing to pay for their wish to do as much as possible online?- Costs for licences are estimated about 50 € in Germany- Solution: Equipment has to be all-purposed, it has to be
possible to use the equipment in other fields, like home banking e.g.
• Further problems:- Administrative procedures often need original documents
(like a family register or a birth certificate)- If you do everything in a electronic way, the expert advice
of the official is missing which maybe causes mistakes
© Julia Wilk (FHÖV NRW) 18
Digital Signatures
3.5. User acceptance
• Summing up:- The more possibilities of using digital
signature equipment exist, the more will be established the digital signature and also the citizen’s acceptance
- Electronic government offer is rising year by year, so maybe also the success will rise with it
© Julia Wilk (FHÖV NRW) 19
Digital Signatures
4. Realisation in public authorities
• 2001: only 4,8 % of German local authorities use digital signatures
• 2006: 30 % use respectively qualified signatures and qualified signatures with accreditation
© Julia Wilk (FHÖV NRW) 20
Digital Signatures
Use of digital signatures in German cities (Survey by KGSt, 2006)
05
1015
2025
3035
4045
50
electronicsignature
advancedelectronicsignature
qualified signature qualified signaturewith accreditation
don't know thedifferences
us
e in
pe
r c
en
t
<50.000habitants
50.000-200.000habitants
>200.000habitants
© Julia Wilk (FHÖV NRW) 21
Digital Signatures
5. Conclusion• Offering and diffusion of digital signatures had grown in the
last years because of- Unification of law in the EU- Further development- Increasing disposition of public authorities to engage in digital
signatures• Citizen’s vantages:
- Many transactions can be done from the computer at home- Citizen is not bound to opening times and reachability of public
authorities• Public authorities:
- Saving costs in traditional sectors- New technologies cause other costs and other resources like
qualified employees- Long-term: digital signatures can redound to more efficiency
© Julia Wilk (FHÖV NRW) 22
Digital Signatures
5. Conclusion• Security
- Today things like the one-way hash function, asymmetric encryption and sophisticated chip card system cause secure proceedings
- The security standard has to be conformed to the computer systems that get increasingly powerful
• Costs- High costs are indispensable to guarantee a high security level
• User’s/Citizen’s Acceptance- Chip card systems are easy to use- High costs could reduce the success of digital signatures- Necessary to coordinate standards to use a chip card system for many
different applications
© Julia Wilk (FHÖV NRW) 23
Digital Signatures
5. Conclusion
• Summing-up:- Today digital signatures are under way and
can only be seen as an amendment to traditional procedures
- In the future digital signatures will get more and more important to guarantee an efficient action of public authorities