digital signatures bearbetet

Upload: rashianand

Post on 29-May-2018

224 views

Category:

Documents


0 download

TRANSCRIPT

  • 8/8/2019 Digital Signatures Bearbetet

    1/23

    Julia Wilk (FHV NRW) 1

    Digital Signatures

  • 8/8/2019 Digital Signatures Bearbetet

    2/23

    Digital Signatures

    Julia Wilk (FHV NRW) 2

    Structure

    1. Introduction

    2.

    Basics3. Elements of digital signatures

    4. Realisation in public authorities

    5. Conclusion

  • 8/8/2019 Digital Signatures Bearbetet

    3/23

    Digital Signatures

    Julia Wilk (FHV NRW) 3

    1. Introduction

    What is a Digital Signature?- A Digital Signature is a type of asymmetric cryptography used

    to simulate the security properties of a handwritten signature on

    paper.

    - Sometimes also used: Electronic Signature (here synonymic)

    Why is it important for E-Government?- Handwritten signature often required in public law

    - Digital signature can replace it

    - More possibilities of electronic services:

    Cost savings

    Saving Time

  • 8/8/2019 Digital Signatures Bearbetet

    4/23

    Digital Signatures

    Julia Wilk (FHV NRW) 4

    2. Basics

    2.1. Law

    Germany: Signaturgesetz in 1997- Precondition for safe and legally binding electronic

    signatures

    - Regulates specifications for using digital signatures

    Europe: EU Signature Directive- Unification of different signature laws in the EU

    (especially different security levels)

    - Basis for changes of the German law in 2001, 2005and 2007

    - Changes made the law conform to the Europeandirective

  • 8/8/2019 Digital Signatures Bearbetet

    5/23

    Digital Signatures

    Julia Wilk (FHV NRW) 5

    Law: Different Signatures

    1. Electronic signature- Data in electronic form which are attached with other electronic data

    and which serve as a method ofauthentication

    2. Advanced electronic signature

    - Means an electronic signature that is also

    - uniquely linked to the signatory,- capable of identifying the signatory,

    - linked to the data to which it relates that any change of the data isdetectable.

    3. Qualified digital signature

    - based on a qualified certificate of a Certification Authority (CA)

    - Germany: sole signature that is equal to a handwritten signature (126a BGB)

    4. Qualified digital signature with accreditation

    - Like a qualified signature, but furthermore CA was accredited voluntarily

    Proof for comprehensive technical and administrative security

  • 8/8/2019 Digital Signatures Bearbetet

    6/23

    Digital Signatures

    Julia Wilk (FHV NRW) 6

    2.2. Security Properties

  • 8/8/2019 Digital Signatures Bearbetet

    7/23

    Digital Signatures

    Julia Wilk (FHV NRW) 7

    Security Properties of handwritten messages

    Authenticity

    - Nobody should impersonate someone he doesnt is

    Integrity

    - A message can not be falsified unnoticed

    Obligation

    - The signature has to assure legal certainty

    Confidentiality- No person except the receiver should be able to read

    the message

  • 8/8/2019 Digital Signatures Bearbetet

    8/23

    Digital Signatures

    Julia Wilk (FHV NRW) 8

    3. Elements of digital signatures

    3.1. Basic functionality

    3.2. Hash functions and hash results

    3.3. Asymmetric encryption

    3.4. Certification

    3.5. Users realisation

  • 8/8/2019 Digital Signatures Bearbetet

    9/23

    Digital Signatures

    Julia Wilk (FHV NRW) 9

  • 8/8/2019 Digital Signatures Bearbetet

    10/23

    Digital Signatures

    Julia Wilk (FHV NRW) 10

    3.2. Hash functions and hash results

    Solution: Not the document itself, but its hash result gets

    signed

    Hash function:= algorithm which creates a digital

    representation in the form of a hash result of a standardlength which is usually much smaller than the message

    but substantially unique to it

    Hash function also known as digital fingerprint

    Premises for hash functions:- Hash function has to be unique

    - One-way-property

  • 8/8/2019 Digital Signatures Bearbetet

    11/23

    Digital Signatures

    Julia Wilk (FHV NRW) 11

    3.3. Asymmetric encryption

    Basic: a pair of keys, namely a private key and apublic key

    Premises:- Private key has to be saved, e.g. using a chip card

    with a PIN

    - Public key can be accessible for everyone, but itsowners identity has to be identifiable withoutproblems to guarantee authentication (certificate)

    - Not possible to generate the Private key by knowingsomeones Public key

  • 8/8/2019 Digital Signatures Bearbetet

    12/23

    Digital Signatures

    Julia Wilk (FHV NRW) 12

    3.2. Encryption: Proceeding

    Generating messages digest (hash result)

    Using Public Key to encrypt hash result

    Result of the encryption: digital signature

    Sender sends- message,

    - digital signature and

    - certificate to receiver

    Receiver wants to check

    - Integrity Generating hash result, compare it to the senders hash result and

    decrypting the message with the senders public key

    - Authenticity

    Can be checked by means of the certificate

  • 8/8/2019 Digital Signatures Bearbetet

    13/23

    Digital Signatures

    Julia Wilk (FHV NRW) 13

    3.2. Encryption: Proceeding

  • 8/8/2019 Digital Signatures Bearbetet

    14/23

    Digital Signatures

    Julia Wilk (FHV NRW) 14

    3.4.Certification

    Important for authenticity:

    - Receiver of a message has to be sure that the public key he

    uses really belongs to the sender

    Solution: Certification Authority (CA)

    - Independent, confidential

    - Law causes premises for a CA

    Certificate: comparable with a digital identity card

    Document that shows someones identity doubtless

    Three-stepped infrastructure guarantees authenticity:- Sender

    - CA

    - Authority that controls CA

  • 8/8/2019 Digital Signatures Bearbetet

    15/23

    Digital Signatures

    Julia Wilk (FHV NRW) 15

    3.5. Realisation by user

    Important for security: private key has to beabsolutely saved and only available for his user

    Technical premises:- Chip card and PIN

    High security level because of possession and knowledge

    Cards available through bank branches, but they are onlymediators of accredited CAs

    Encryption of the hash result is realised in a matter of

    seconds

    - Card reader

    - Computer and corresponding software

  • 8/8/2019 Digital Signatures Bearbetet

    16/23

    Digital Signatures

    Julia Wilk (FHV NRW) 16

    3.5. User acceptance

    Citizens interests:- Doing as much as possible by using the internet

    - Survey: 88 % of German citizens would like to do everythingconcerning public administration online to avoid waiting timesand save time

    Today: Nearly every authority has got a homepage where youcan download forms or search for information

    Problem: Forms often need to be signed handwritten

    We learned: Only the qualified digital signature can replace ahandwritten signature

    Using qualified signatures premises special equipment(remember chip card, card reader)

  • 8/8/2019 Digital Signatures Bearbetet

    17/23

    Digital Signatures

    Julia Wilk (FHV NRW) 17

    3.5. User acceptance

    Question: Are the citizens really willing to pay for theirwish to do as much as possible online?

    - Costs for licences are estimated about 50 in Germany

    - Solution: Equipment has to be all-purposed, it has to be

    possible to use the equipment in other fields, like homebanking e.g.

    Further problems:

    - Administrative procedures often need original documents(like a family register or a birth certificate)

    - If you do everything in a electronic way, the expert adviceof the official is missing which maybe causes mistakes

  • 8/8/2019 Digital Signatures Bearbetet

    18/23

    Digital Signatures

    Julia Wilk (FHV NRW) 18

    3.5. User acceptance

    Summing up:

    - The more possibilities of using digital

    signature equipment exist, the more will beestablished the digital signature and also the

    citizens acceptance

    -Electronic government offer is rising year byyear, so maybe also the success will rise with

    it

  • 8/8/2019 Digital Signatures Bearbetet

    19/23

    Digital Signatures

    Julia Wilk (FHV NRW) 19

    4. Realisation in public authorities

    2001: only 4,8 % of German local

    authorities use digital signatures

    2006: 30 % use respectively qualified

    signatures and qualified signatures with

    accreditation

  • 8/8/2019 Digital Signatures Bearbetet

    20/23

    Digital Signatures

    Julia Wilk (FHV NRW) 20

    Use of digital signatures in German cities (Survey by KGSt, 2006)

    0

    5

    10

    15

    20

    25

    30

    35

    40

    45

    50

    electronic

    sign

    ture

    advanced

    electronic

    signature

    qualifiedsignature qualified signature

    w ith accreditation

    don't know the

    differ ences

    usei

    np

    er

    ce

    nt

    200.000

    habitants

  • 8/8/2019 Digital Signatures Bearbetet

    21/23

    Digital Signatures

    Julia Wilk (FHV NRW) 21

    5. Conclusion Offering and diffusion of digital signatures had grown in the

    last years because of

    - Unification of law in the EU

    - Further development

    - Increasing disposition of public authorities to engage in digital

    signatures

    Citizens vantages:

    - Many transactions can be done from the computer at home

    - Citizen is not bound to opening times and reachability of publicauthorities

    Public authorities:- Saving costs in traditional sectors

    - New technologies cause other costs and other resources likequalified employees

    - Long-term: digital signatures can redound to more efficiency

  • 8/8/2019 Digital Signatures Bearbetet

    22/23

    Digital Signatures

    Julia Wilk (FHV NRW) 22

    5. Conclusion

    Security- Today things like the one-way hash function, asymmetric

    encryption and sophisticated chip card system cause secure

    proceedings

    - The security standard has to be conformed to the computer

    systems that get increasingly powerful Costs

    - High costs are indispensable to guarantee a high security level

    Users/Citizens Acceptance

    - Chip card systems are easy to use

    - High costs could reduce the success of digital signatures

    - Necessary to coordinate standards to use a chip card system for many

    different applications

  • 8/8/2019 Digital Signatures Bearbetet

    23/23

    Digital Signatures

    Julia Wilk (FHV NRW) 23

    5. Conclusion

    Summing-up:

    - Today digital signatures are under way and

    can only be seen as an amendment to

    traditional procedures

    - In the uture digital signatures will get more

    and more important to guarantee an efficient

    action of public authorities