c




c  

c  
cc 
!
p 

"#!

p 

"#!
"$%$
#

p  "$%$
#

p #&
!

p 
 $
 "%$
#

p 

#"

p 

"#!
!#
!
 
p #
!
  !&
'# 
p  

! 
.
HISTORY

In 1976, Whitfield Diffie and Martin Hellman first described the notion of a digital signature
scheme, although they only conjectured that such schemes existed. Soon afterwards, Ronald
Rivest, Adi Shamir, and Len Adleman invented the RSA algorithm, which could be used to
produce primitive digital signatures (although only as a proof-of-concept²"plain" RSA
signatures are not secure). The first widely marketed software package to offer digital signature
was Lotus Notes released in 1989, which used the RSA algorithm.

To create RSA signature keys, generate an RSA key pair containing a modulus O that is the
product of two large primes, along with integers and
such that 
Ł 1 (mod ij(O)), where ij is
the Euler phi-function. The signer's public key consists of O and , and the signer's secret key
contains
.

Most early signature schemes were of a similar type: they involve the use of a trapdoor
permutation, such as the RSA function, or in the case of the Rabin signature scheme, computing
square modulo composite  A trapdoor permutation family is a family of permutations, specified
by a parameter, that is easy to compute in the forward direction, but is difficult to compute in the
reverse direction without already knowing the private key. However, for every parameter there is
a "trapdoor" (private key) which when known, easily decrypts the message. Trapdoor
permutations can be viewed as public-key encryption systems, where the parameter is the public
key and the trapdoor is the secret key, and where encrypting corresponds to computing the
forward direction of the permutation, while decrypting corresponds to the reverse direction.
Trapdoor permutations can also be viewed as digital signature schemes, where computing the
reverse direction with the secret key is thought of as signing, and computing the forward
direction is done to verify signatures. Because of this correspondence, digital signatures are often
described as based on public-key cryptosystems, where signing is equivalent to decryption and
verification is equivalent to encryption, but this is not the only way digital signatures are
computed., even against a chosen-message attack.[6][
 

]

There are several reasons to sign such a hash (or message digest) instead of the whole document.

‘p 
 The signature will be much shorter and thus save time since hashing is
generally much faster than signing in practice.
‘p 

   Messages are typically bit strings, but some signature schemes
operate on other domains (such as, in the case of RSA, numbers modulo a composite
number O). A hash function can be used to convert an arbitrary input into the proper fA
a  
 or a  

 is a mathematical scheme for
demonstrating the authenticity of a digital message or document. A valid digital signature
gives a recipient reason to believe that the message was created by a known sender, and
that it was not altered in transit. Digital signatures are commonly used for software
 distribution, financial transactions, and in other cases where it is important to detect
forgery or tampering.

Digital signatures are often used to implement electronic signatures, a broader term that refers to
any electronic data that carries the intent of a signature,[1] but not all electronic signatures use

Digital signatures employ a type of asymmetric cryptography. For messages sent through a
nonsecure channel, a properly implemented digital signature gives the receiver reason to believe
the message was sent by the claimed sender. Digital signatures are equivalent to traditional
handwritten signatures in many respects; properly implemented digital signatures are more
difficult to forge than the handwritten type. Digital signature schemes in the sense used here are
cryptographically based, and must be implemented properly to be effective. Digital signatures
can also provide non-repudiation, meaning that the signer cannot successfully claim they did not
sign a message, while also claiming their private key remains secret; further, some non-
repudiation schemes offer a time stamp for the digital signature, so that even if the private key is
exposed, the signature is valid nonetheless. Digitally signed messages may be anything
representable as a bitstring: examples include electronic mail, contracts, or a message sent via
some other cryptographic protocol

osen message attack.

2 a  


As organizations move away from paper documents with ink signatures or authenticity stamps,
digital signatures can provide added assurances of the evidence to provenance, identity, and
status of an electronic document as well as acknowledging informed consent and approval by a
signatory. The United States Government Printing Office (GPO) publishes electronic versions of
the budget, public and private laws, and congressional bills with digital signatures. Universities
including Penn State, University of Chicago, and Stanford are publishing electronic student
transcripts with digital signatures.

Below are some common reasons for applying a digital signature to communications:

    

Although messages may often include information about the entity sending a message, that
information may not be accurate. Digital signatures can be used to authenticate the source of
messages. When ownership of a digital signature secret key is bound to a specific user, a valid
signature shows that the message was sent by that user. The importance of high confidence in
sender authenticity is especially obvious in a financial context. For example, suppose a bank's
branch office sends instructions to the central office requesting a change in the balance of an
account. If the central office is not convinced that such a message is truly sent from an
authorized source, acting on such a request could be a grave mistake.

 
 
In many scenarios, the sender and receiver of a message may have a need for confidence that the
message has not been altered during transmission. Although encryption hides the contents of a
message, it may be possible to   an encrypted message without understanding it. (Some
encryption algorithms, known as nonmalleable ones, prevent this, but others do not.) However, if
a message is digitally signed, any change in the message after signature will invalidate the
signature. Furthermore, there is no efficient way to modify a message and its signature to
produce a new message with a valid signature, because this is still considered to be
computationally infeasible by most cryptographic hash functions (see collision resistance).

O 
a  

Non-repudiation, or more specifically  
 

  , is an important aspect of digital
signatures. By this property an entity that has signed some information cannot at a later time
deny having signed it. Similarly, access to the public key only does not enable a fraudulent party
to fake a valid signature. This is in contrast to symmetric systems, where both sender and
receiver share the same secret key, and thus in a dispute a third party cannot determine which

entity was the true source of the informatio




"#!
!#
!
 
Over the last half century, computer systems have changed out of all recognition. In 1943,
Thomas Watson (Chairman of IBM) said "I think there is a world market for maybe five
computers."

Today's computers are more powerful, smaller, cheaper, and more user-friendly. As they have
improved, computers have proliferated in our society, our businesses, and our personal lives.
Most modern businesses and governments depend on their computer systems to support their
operations, from personnel files to financial management and everything in between.

Initially, computers that were used to support business and government processes were backed
up with hard copies. If the computer was unavailable, the hard copies were used and everyone
went back to manual forms and processes. This would happen with a degree of frequent
regularity

In today's environment, most businesses and government processes could not survive without the
computer - especially email or totally web based businesses.

Computers have become the mainstay of business and government processes. Business has been
using them for years and in most major countries (i.e. G8 and similar) there are drives towards
electronic or joined up government. This is to allow the people to access government services
from their desktop in their own home.
Without computers, entire businesses and government operations would almost cease to
function.

This proliferation of cheap, powerful, user-friendly computers has enabled more and more
people to use them and, more importantly, rely on them as part of their normal way of life. As
businesses, government agencies, and individuals continue to rely on them more and more, so do
the criminals.

They use computers to support their illegal operations. Computer crimes and frauds are
increasing.They will no doubt continue to increase as more computers are networked
internationally, thus giving global access to computer criminals.

The O
   
   , conducted by the Computer Security Institute in
conjunction with the U.S. Federal Bureau of Investigation's International Computer Crime Squad
[CSI/FBI 2006]A
, showed an alarmingly high number of businesses reporting difficulties with
computer and Internet fraud. Among the findings:

Of the organisations who acknowledged financial losses due to computer breaches, many could
not quantify the losses.

‘ 65% detected computer viri;

‘ 48% reported between one and five security incidents if the year

‘ 42% reported incidents that originated from sources within the organisation;

‘ 32% of the respondents experienced incidents of unauthorized use of their computer systems
during the last year;

‘ 47% reported theft of laptop computers and mobile devices;

In the area of e-commerce:

All of the respondents experienced some sort of website incidents:

á
 


 


   a  

 


  
Employees pose a real risk in this area. Information can now be stolen using a variety of
mechanisms including:

‘ Hard copy printed reports;

‘ Data files e-mailed to private mail boxes across the Internet from corporate systems;

‘ The use of high volume data devices such as disks, tapes or memory sticks;

‘ The use of commercially available compression software to reduce the size of the file.

Methods that prevent such activities include:

‘ Monitoring print queues to identify very large print runs;

‘ Introducing software which prevents data which has been copied to a removable storage
device from being read by computers outside the organisation;

‘ Having a policy and mechanism to use a centralised Internet gateway. This gateway will
only allow access to trusted computers and e-mail addresses;

‘ Monitoring call logging systems to identify high volume traffic and access to unauthorised
sites.

Hackers use a number of different techniques to gather information to penetrate systems and
networks.

u 


A logic bomb is a computer program executed at a specific time period or when a specific event
occurs. For example, a programmer can write a program to instruct the computer to delete all
personnel and payroll files if his name were ever removed from the file.




Salami techniques involve the theft of small amounts of assets from a large number of sources
without noticeably reducing the whole.

In a banking system, the amount of interest to be credited to an account is rounded off. Instead of
rounding off the number, that fraction of it is credited to a special account owned by the
perpetrator.

Typically this is used when sequential processing occurs and each account is processed with the
fractions added to the special account.

This got its name from the slicing of small amounts from the accounts like a salami sausage. The
original perpetrator was only caught because the Bank held a competition for the first and last
alphabetical account holder in the bank (i.e. a name beginning with 'aa' and a name beginning
with 'zz'. The programmer had used the last account to be processed for the storage of the salami
additions and the account name stated 'zz'. This account was chosen and then the owner could
not be found so it was investigated and the fraud came to light.

(c
)*