Scribd
Upload
597 views10 pages

Direct & Arbitrated Digital Signatures

The document discusses digital signatures and their properties and advantages/disadvantages. It covers direct digital signatures, which involve a trust between the sender and recipient, and arbitrated digital signatures, which include a third party arbiter. Direct signatures are vulnerable to attacks where the message or public key is corrupted, while arbitrated signatures allow the recipient to verify with the arbiter. The document also discusses suppress-replay attacks and how digital signatures can authenticate messages but not ensure security of transmitted data.

Uploaded by

Ahsan Sakhee
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
597 views10 pages

Direct & Arbitrated Digital Signatures

The document discusses digital signatures and their properties and advantages/disadvantages. It covers direct digital signatures, which involve a trust between the sender and recipient, and arbitrated digital signatures, which include a third party arbiter. Direct signatures are vulnerable to attacks where the message or public key is corrupted, while arbitrated signatures allow the recipient to verify with the arbiter. The document also discusses suppress-replay attacks and how digital signatures can authenticate messages but not ensure security of transmitted data.

Uploaded by

Ahsan Sakhee
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

By Jonathon Dosh

Date: 9/18/2014
ITAS367 Principles and Methods in Cryptographic Security
 When it comes to knowing if a person sends a message that is encrypted using a private key it is crucial

to know where the message came from. That is why it is important to check a message for authentication

when two people are communicating. With a digital signature there are four properties that are associated

with a digital signature. The properties are:

 The digital signature can only be written by the person that created the secret information(McCurley, 1995).

 The digital signature can be authenticated by any individual that is communicating with the creator and

document(McCurley, 1995).

 Digital signature can only be used with one document and it cannot validate another document(McCurley, 1995).

 A digital signature cannot be used to produce another document from the original document(McCurley, 1995)
 A direct digital signature is comprised between a sender and receiver(Yi, 2006). With most

direct digital signatures it is believed that the receiver of the message knows the sender and

the public key that is attached to the sender’s message. Most direct digital signature

become targets of attack because the sender tends to decline that they sent a message to

other person. The reason behind that is most direct digital signatures can become corrupted

or compromised during its delivery, so receivers have to have the public key get

authenticated by the sender(Yi, 2006). With a direct digital signature you can create a time

stamp to make sure that the sender was the person that sent the message and public(Yi,

2006).
 An arbitrated digital signature is a three way branch between sender, arbiter, and

receiver(YI, 2006). This process is more effective then a direct digital signature because

with the digital signature being verified by a third party then the recipient can authenticate

the message and public key faster(Yi, 2006). Plus with the arbiter checking to make sure

that the message and public was sent by the sender the sender cannot deny sending the

message because the message goes through the arbiter before the recipient sees the message

him/her self(Yi , 2006). In arbitrated digital signature everything is built off of trust if their

no trust between the parties or between the sender and the arbiter then the message will be

erased or denied to be see by any recipient of the sender.


 In a direct digital signature there is a trust between sender and recipient.

 In an arbiter digital signature there is a three way trust between sender, arbiter, and

recipient.

 In direct digital signature you have to take the word of the sender to know if the signature is

theirs and has not being tampered with during its delivery across the web.

 In an arbitrated digital signature the recipient can call the arbiter to dispute a conflict in the

digital signature of the sender because the arbiter is the one that verified the signature

before the recipient is given access to the message and the public key of the sender.
 A suppress-reply attack is when a attacker gains access to a sender’s message and tampers

with the time stamp of the message(Khatri, 2013). By the attacker changing the time stamp

they can gain access to the recipient’s computer when they click on the message in their

spam folder(Khatri, 2013). Most suppress-replay attacks happen between sender and

recipient messages because even with the message being encrypted it is not hard to effect

the original message and the public key of the sender. Most suppress-replay attacks are

replay messages that attacks send to recipients, so that they can gain access to the

recipient’s computer in order to steal or get information from the recipient’s

computer(Khatri, 2013).
 An advantage of digital signature is that it can only pertain to one communication link

between sender and recipient.

 Another advantage of digital signature it can be strengthen by including a hash algorithm

and time stamp to the message so that they recipient knows that the message has not being

altered.

 Another advantage of digital signature is that it allows for better authentication process

between sender and recipients.

 The last advantage of digital signature it can be stored on a CA along with the public keys

of the sender.
 A disadvantage of digital signature is that trust is built on the ownership of the sender when

they make their public key accessible to the public(Mady, 2009).

 Another disadvantage of digital signature is that the private key has to secured at all

times(Mady, 2009).

 Another disadvantage of digital signature is the time it takes to generate and obtain the

authentication of the signature(Mady, 2009).

 Another disadvantage of digital signature is that it does not entitle the sender with security

of the data being transferred among the sender and recipient(Mady, 2013).
 Even though we used technology to communicate we can’t trust ourselves with making

sure that message get to places without any problems. We can aim to better ourselves by

finding ways to make our messages harder to read, but in order to make sure that happens

we have to put in the time and effort to make sure that our information stays secured from

the outside world. We cannot always plan ahead for when we send our messages to another

person because we are unsure if the message will reach its destination. With technology

always changing and security becoming the focus of how we can protect ourselves when

sending message we can look towards digital signature to help a little to secure and protect

our messages cross the web.


 McCurley K.(1995 March 11). Digital Signatures(website). Retrieved from

http://pages.swcp.com/~mccurley/cs.sandia.gov/health/node14.html

 Subramanya S.R. and Yi Byung ( 2006 April). Digital signatures(pdf). Retrieved from

http://www.cse.unr.edu/~bebis/CS477/Papers/DigitalSignatures.pdf

 Khatri M. (2013 December 20). Digital signatures, Security Concerns, and Suppress-

Replay Attacks(website). Retrieved from http://3w.dokisoft.com/digital-signatures-security-

concerns-and-suppress-replay-attacks/

 Mady. (2009 February). Drawbacks of Using Digital Signature(website). Retrieved from

http://computerfun4u.blogspot.com/2009/02/drawbacks-of-using-digital-signature.html

You might also like