General Navigation Buttons - Home | Search | Contact Us | Site Map | Whats New
products graphic
white space
products
Software Technology Roadmap
What's New
Background & Overview
Technology Descriptions
Defining Software Technology
Technology Categories
Template for Technology Descriptions
Taxonomies
Glossary & Indexes
Feedback & Participation
Software Engineering Information Repository (SEIR)
white space
About SEI|Mgt|Eng|Acq|Collaboration|Prod.& Services|Pubs
pixel
Rollover Popup Hints for Topic Navigation Buttons above
pixel
Public Key Digital Signatures


Status

Advanced

Note

We recommend Computer System Security- an Overview as prerequisite reading for this technology description.

Purpose and Origin

Public key digital signature techniques provide data integrity and source authentication capabilities to enhance data trustworthiness in computer networks. This technology uses a combination of a message authentication code (MAC) to guarantee the integrity of data and unique features of paired public and private keys associated with public key cryptography to uniquely authenticate the sender [Schneier 96, Abrams 95]. This technology was first defined in the early 1980s with the development of public key cryptography but has received renewed interest as an authentication mechanism on the Internet.

Technical Detail

Trustworthiness of data received by a computer from another computer is a function of the security capabilities of both computers and the communications between them. One of the fundamental objectives of computer security is data integrity [White 96]. Two aspects of data integrity are improved by public key digital signature techniques. These are sender authentication and data integrity verification. Positive authentication of the message source is provided by the unique relationship of the two encryption keys used in public key cryptography. Positive verification of message integrity is provided by the use of a message authentication code (sometimes called a manipulation detection code or a cryptographic checksum) that is produced by a message digest (sometimes called a data hashing) function. The use of a message authentication code and public key cryptography are combined in the public key digital signature techniques technology.

Sender authentication. Public key cryptography uses two paired keys. These are the public key and the private key (sometimes called the secret key), which are related to each other mathematically. The public key is distributed to anyone that needs to encrypt a message destined for the holder of the private key. The private key is not known to anyone but the holder of the private key. Because of the mathematical relationship of the keys, data encrypted with the public key can only be decrypted with the private key. Another feature of the paired key relationship is that if a message can be successfully decrypted with the public key then it must have been encrypted with the private key. Therefore, any message decrypted by a holder of the public key must have been sent by the holder of the private key. This is used to authenticate the source of a message. Public key cryptography can use one of several algorithms but the most common one is the Revest, Shamir, and Adleman (RSA) algorithm. It is used to produce the paired keys and to encrypt or decrypt data using the appropriate key.

Data integrity verification. Message digest functions produce a single large number called the message authentication code (MAC) that is unique1 to the total combination and position of characters in the message being digested. The message digest function distributed with RSA is called the MD5 message digest function. It produces a unique 128 bit number for each different message digested. If even one character is changed in the message, a dramatically-different 128 bit number is generated.

The overall process for using Public Key Digital Signatures to verify data integrity is shown in Figure 22.

Figure 22: Public Key Digital Signatures

The Digital Signature of a message is produced in two steps:

  1. The sender of the message uses the message digest function to produce a message authentication code (MAC).
  2. This MAC is then encrypted using the private key and the public key encryption algorithm. This encrypted MAC is attached to the message as the digital signature.
The receiver of the message uses the public key to decrypt the digital signature. If it is decrypted successfully, the receiver of the message knows it came from the holder of the private key. The receiver then uses the message digest function to calculate the MAC associated with the received message contents. If this number compares to the one decrypted from the Digital Signature, the message was received unaltered and data integrity is assured. Together, this technique provides data source authentication and verification of message content integrity.

There are many message digest functions and public key encryption algorithms that may be used in developing the public key digital signature technique. A discussion of these alternative algorithms and their merits is in Schneier [Schneier 96].

Usage Considerations

This technology is most likely to be used in networks of computers where all the communication paths can not be physically protected and where the integrity of data and sender authenticity aspects of trustability are essential. Military C4I networks and banking networks that are on a widespread local area network or a wide area network are prime examples of this use.

Implementation of the public key digital signature techniques establishes additional requirements on a network. The same message digest functions and public key cryptography algorithm used to process the digital signature must be used by both the sender and receiver. Public/private key pairs must be generated and maintained. Public keys must be distributed (or accessible in a public forum) and private keys protected.

Maturity

The components of this technology, public key encryption and message digest functions, have been in use since the early 1980s. The combined technology is mature and is available in implementations that range from small networks of PCs to protection of data being transferred over the Internet.

The algorithms supporting public key digital signatures have historically consumed large amounts of processing power. However, given recent advances in processors used in PCs and workstations; this is no longer a concern in most circumstances of use.

Costs and Limitations

Using this technology requires network management personnel with knowledge of public key cryptography and the use of software that implements public key cryptography and digital signature algorithms. It also requires security personnel and software that can generate, distribute, and control encryption/decryption keys and respond to the loss or compromise of keys.

Dependencies

Public key cryptography and message digest functions.

Alternatives

Data integrity and authentication can be provided by a combination of dedicated circuits, integrity protocols, and procedural control of sources and destinations. These approaches are not foolproof and can be expensive. Data integrity and authentication can also be provided using private key encryption and a third party arbitrator. This approach has the disadvantage that a third party must be trusted and the data must be encrypted and decrypted twice with two separate private keys.

Index Categories

This technology is classified under the following categories. Select a category for a list of related topics.

Name of technology

 Public Key Digital Signatures

Application category

 System Security (AP.2.4.3)

Quality measures category

 Trustworthiness (QM.2.1.4)

Computing reviews category

 Computer-Communication Networks Security and Protection (C.2.0)
Security and Protection (K.6.5)

References and Information Sources

[Abrams 95] Abrams, Marshall D.; Jajodia, Sushil; & Podell, Harold J. Information Security An Integrated Collection of Essays. Los Alamitos, CA: IEEE Computer Society Press, 1995.
[Garfinkel 95] Garfinkel, Simpson. PGP: Pretty Good Privacy. Sebastopol, CA: O'Reilly & Associates, 1995.
[Russel 91] Russel, Deborah & Gangemi, G.T. Sr. Computer Security Basics. Sebastopol, CA: O'Reilly & Associates, Inc., 1991.
[Schneier 96] Schneier, Bruce. Applied Cryptography. New York, NY: John Wiley & Sons, 1996.
[White 96] White, Gregory B.; Fisch, Eric A.; & Pooch, Udo W. Computer System and Network Security. Boca Raton, FL: CRC Press, 1996.

Current Author/Maintainer

Tom Mills, Lockheed Martin

External Reviewers

Jim Ellis, SEI
Scott A. Hissam, SEI

Modifications

4 Nov 03 (typo correction) 26 Jun 00 (references to "secret key" changed to "private key")

10 Jan 97 (original)

Footnotes

1 Of course they are not absolutely unique. We say unique here because it is extremely unlikely statistically for two files to have the same MAC and, more importantly, it is extremely difficult for an attacker/malicious user to create/craft two files having the same MAC.


The Software Engineering Institute (SEI) is a federally funded research and development center sponsored by the U.S. Department of Defense and operated by Carnegie Mellon University.

Copyright 2007 by Carnegie Mellon University
Terms of Use
URL: http://www.sei.cmu.edu/str/descriptions/pkds_body.html
Last Modified: 11 January 2007