Digital Signature in Network Security
Authentication, and integrity non-reputation can be achieved by using Digital Signature Signature. The idea is similar to the signature in a physical document. In the real physical world, the authenticity of a document is verified by the signature of the sender which is called Digital Signature.
The integrity of the document must also be checked such that after signing the document it becomes protected and can’t be modified by any other agent. From the other point of view, the receiver must be able to prove that the document has come from the sender it is claiming which is called Non-Repudiation.
Integrity: The Integrity of the message is preserved because if an eve intercepted the message and modified the whole or part of it, the receiver after decryption will get a meaningless message and take necessary action.
Non-Repudiation: It is also achieved as the receiver can prove that the message when encrypted and decrypted with the desired sender’s private and public keys generate the same saved message.
Public-key encryption is efficient if the message length is small. But if it is very large then it becomes very efficient to encrypt and decrypt it with the public-key encryption method. One solution to this problem to this problem is generating a Message Digest. The digest will be a minimized version of the whole document. Then the encryption with the public key is done on that digest only, not on the whole message.
To create a digest from the message hash function is used. The hash function generates a fixed-size digest from a variable-size message.
The two most common hash functions are:
i. Message Digest 5 (MD5)– It produces the 120-bit digest
ii. Secure Hash Algorithm 1 (SHA-1) – It produces 160-bit digest.
The hash function must have two properties for its success:
1. Hashing Should be one way.
2. The hashing and the message should have a one-to-one correspondence.
- After the digest has been created, it is encrypted using the sender’s private key. The encrypted digest is attached to the original message and sent to the receiver.
- The receiver receives the original message and the encrypted digest. It applies the same hash function to the message received to generate the digest.
- It also decrypts the received digest using the public key of the sender and the result is compared with the previous digest generated by it. If the two digests are the same then all three security is preserved.