1 integrating digital signatures with relational database: issues and organizational implications by...
TRANSCRIPT
11
Integrating digital signatures with Integrating digital signatures with relational database: Issues and relational database: Issues and
organizational implicationsorganizational implications
By Randal Reid, Gurpreet Dhillon. By Randal Reid, Gurpreet Dhillon. Journal of Database Management. Journal of Database Management.
June 2003June 2003
Presented By Presented By Madhavi KolluMadhavi Kollu
22
Agenda/Topics to be coveredAgenda/Topics to be covered
Encryption basicsEncryption basics Digital signature conceptsDigital signature concepts NormalizationNormalization Integration of Digital signatures Integration of Digital signatures
and Relational databasesand Relational databases ConclusionConclusion
33
EncryptionEncryption ProtectsProtects
The contents of a message The contents of a message Insure confidentialityInsure confidentiality
Encryptions Types.Encryptions Types. SymmetricSymmetric
• Single key is used Single key is used AsymmetricAsymmetric
• Two keys generated as a pairTwo keys generated as a pair Figure 1 shows an asymmetric encryptionFigure 1 shows an asymmetric encryption
44
Encryption(2Encryption(2))
55
Digital SignaturesDigital Signatures Ensures Ensures
Data integrity Data integrity AuthenticationAuthentication
Meets the E-sign act’s requirementsMeets the E-sign act’s requirements Figure 2 shows a digitally signed plain text Figure 2 shows a digitally signed plain text
message.message.
66
Digital Signatures(2)Digital Signatures(2)
77
Digital Signatures(3)Digital Signatures(3)
Integrity of the MessageIntegrity of the Message The data has not been modified since it was The data has not been modified since it was
signed.signed. Cryptographic hash functionsCryptographic hash functions
SHA-1 SHA-1 MD5MD5
88
Digital Signatures(4)Digital Signatures(4) The hash is encrypted using sender’s The hash is encrypted using sender’s
private key.private key. The receiver runs the same hash algorithm The receiver runs the same hash algorithm
against the plain text file.against the plain text file. The encrypted hash is decrypted using the The encrypted hash is decrypted using the
sender’s public key. The two hashes are sender’s public key. The two hashes are compared.compared.
Figure 3 depicts the Digital signature Figure 3 depicts the Digital signature processprocess
99
Digital Signatures(5)Digital Signatures(5)
1010
Digital Signatures(6)Digital Signatures(6)
Authentication of the senderAuthentication of the sender Proof of the originProof of the origin MethodologiesMethodologies
The PGP (pretty good privacy)The PGP (pretty good privacy)• Provides authentication through a web-of-trust Provides authentication through a web-of-trust
processprocess
X.509 structureX.509 structure• Based on a hierarchical model, one trusted Based on a hierarchical model, one trusted
endorser, root certificate authority endorser, root certificate authority
(Ex: www.verisign.com)(Ex: www.verisign.com)
1111
Digital Digital Signatures(7Signatures(7))
1212
NormalizationNormalization Prevents Prevents
Data redundancy Data redundancy Data inconsistencyData inconsistency
6 levels of normalizations are shown in 6 levels of normalizations are shown in Table 1.Table 1.
Figure 5 is an example of this process.Figure 5 is an example of this process.
1313
Normalization(2)Normalization(2)
1414
Normalization(3)Normalization(3)
1515
Integration of digital signatures and Integration of digital signatures and Relational databasesRelational databases
Two Models of IntegrationTwo Models of Integration Separated model Separated model Integrated modelIntegrated model
Separated modelSeparated model Manually transfers the data from the signed Manually transfers the data from the signed
document into the relational database.document into the relational database. Stored electronically for later retrieval.Stored electronically for later retrieval.
This model is shown in Figure 6.This model is shown in Figure 6.
1616
Integration of digital signatures and Integration of digital signatures and Relational databases(2)Relational databases(2)
1717
Integration of digital signatures and Integration of digital signatures and Relational databases(3)Relational databases(3)
Integrated modelIntegrated model The signed document is decomposed into The signed document is decomposed into
elements and placed into the relational data elements and placed into the relational data structure including the digital signature and the structure including the digital signature and the certificate chain portions of the document.certificate chain portions of the document.
To verify the transaction at a later point in time, To verify the transaction at a later point in time, the entire document is retrieved from the the entire document is retrieved from the relational data structures and reassembled into relational data structures and reassembled into its original form.its original form.
This model is shown in Figure 7.This model is shown in Figure 7.
1818
Integration of digital signatures and Integration of digital signatures and Relational databases(4)Relational databases(4)
1919
Comparing separate and integrated Comparing separate and integrated storage of signed documentsstorage of signed documents
Separate ModelSeparate Model AdvantagesAdvantages
InexpensiveInexpensive LimitationsLimitations
Redundancy and Redundancy and breakdown in the breakdown in the integrity of the integrity of the system.system.
High error rates.High error rates.
Integrated ModelIntegrated Model AdvantagesAdvantages
Better performance Better performance and data integrityand data integrity..
LimitationsLimitations Relatively high cost Relatively high cost Difficulty in the Difficulty in the
integration processintegration process
2020
XML digital signatureXML digital signature XML digital signature specification.XML digital signature specification.
((http://www.w3.org/signature/http://www.w3.org/signature/).). Advances in XML digital signatures Advances in XML digital signatures
incorporates confidentiality, authenticity, incorporates confidentiality, authenticity, data integrity and non repudiation.data integrity and non repudiation.
The format for an XML digital Signature is The format for an XML digital Signature is shown in Figure 8.shown in Figure 8.
2121
XML digital signature(2)XML digital signature(2)
2222
Discussion & ConclusionDiscussion & Conclusion Separated model is a low-cost, but the Separated model is a low-cost, but the
integrated model - provides better integrated model - provides better performance and data integrityperformance and data integrity
Available products such as DBsign from Available products such as DBsign from Gradkell Systems, Inc (Gradkell Systems, Inc (www.gradkell.comwww.gradkell.com))
Challenges from an organizational standpoint Challenges from an organizational standpoint in creating level of trustin creating level of trust
Proper planning, tools and controls in place Proper planning, tools and controls in place integration is achievableintegration is achievable
2323
QUESTIONS QUESTIONS ??? ???