Academic Open Internet Journal ISSN 1311-4360 |
Volume 20, 2007 |
Securing Digital signature in Mobiles
Zulkharnain
Researcher,
JNTU,
Hyderabad.
zulkharnain@gmail.com
Abstract
It is a basic
of Digital signature scheme that, the signing key is to be kept secret. Herein
I
discuss a smart card reader in a mobile device, for using Digital sign. Here
settings for
Digital sign applications as well as their problems are discussed; along with
that a
framework for Mobile security applications are also considered. The related
security
issues are also discussed. It is always necessary to
carefully manage private key
handling, and a solution for that is presented.
Keywords: PSE, Digital signature, Private Key, Public Key
1.
Introduction
Digital sign is a necessary condition in E-commerce. The best method for this
seems to
be public key usage here. Every user has to generate a key pair say Pk, and
Sk, where Pk
is public key and Sk is private key. Sk should not be shared with anyone else.
Let a
document X, need to be signed using Sk, than one needs to produce a signature
say
s = Sigsk (X)
A verifier obtains the pair (X, s). Now Pk must provide a means for providing
or
establishing whether s is a
valid sign. The signer is himself capable to produce
signatures. A public key infrastructure paradigm is used to interconnect public
key and a
real person. Digital sign is just a string of bits on some medium and can be
stolen. If a
hacker can get access to victim’s private key he can also digitally sign
on behalf of him.
The main goal of this paper is to concentrate on securing digital signature.
1.1 Attacks on signing environment
Usually while signing, the user’s private key is stored on his disk which
is than encrypted
using a Pass-phrase, normally. This is not secure if security hole is discovered
which
generates due to e-mail etc.
This digital sign can be bypassed if hard disk is read on
another computer. Using smart card digital signature can be protected inside
its non-
volatile memory, and can be protected by a password, and is also portable. Trojans
and
viruses can modify signing software such that it can make changes to the document
and
sign the other, without his knowledge. It also leads to repudiation. Smart cards
do not
have any means of direct communication with the users. A PSE (Personal Security
Environment) can be built on mobiles for using it as electronic wallet for producing
digital sign.
3. A security
solution
A mono-functional mobile can be used for signing securely. It is to be designed
such that
it is physically tamper resistant, with only one program running on it, which
can interact
with untrusted outer world through a clearly defined application level protocol.
It allows
the user to transfer only signed / unsigned documents. The signing key is to
be kept in a
well protected part of the memory. Most users need functionally integrated mobile
phone/PDA, but that has very less demand in market. Instead, multifunctional
signing
device can be designed so as to be user friendly and easier to implement. Mobile
phones/PDAs are easy for entering passwords for unlocking signing keys. Mobile
phones
have built in smart card reader and can be used for transferring signed documents.
They
can also upload software and have developer tools and programming info easily
available. Palm PDA has choice of several development tools and its OS documentation
is freely available. Its power and moderately price attracts a high usability.
It can also be
used only for signing purpose.
3.1 Design issues
Here in is proposed, a prototype PSE, for signing documents using Palm III PDA,
a smart
card and a smart card. I have chosen Palm, as it can does all cryptographic
operations, but
unfortunately is not suitable for cryptographic primitives. Time stamping methods
can be
used for keeping the signing key secure atleast for 20 year and must be 512
bit long.Smart card
as cryptographic
device usages help more security compared to Palm OS as
every part of memory can be read by every process. A library can also be implemented
compatible with PKCS 11 standard for supporting messages digesting, signing
and
verification. The hardware token needs smart card reader to be attached with
palm, which
is connected to serial port. Palm communicates exclusively with the smart card.
Such an
environment can be used by police to check electronic ID cards. During a request
for sign
for an active document PIN need to be entered and is sent to the token if successful.
Hashing is done using private key of user. Then signature is attached to the
document and
this signed document is kept in proprietary format.
4. Security concerns
An attacker can just modify variations of software to display favorable results.
Hence in
this scheme, the user has to carry his PDA, all the time else hackers may modify
PDA’s
hardware. This is also possible with PDA having pre-installed software. Similarly
the
sensitivity of smart card and its reader must be considered. An attacker can
replace smart
card with fake one, which can capture PIN and send to attacker. Now the attacker
has
both PIN and card, and can use them. This can be avoided by making card create
a key
pair and store public key in a computer. A certification authority may also
be used for it.
It can be verified everything RANDOM NONCE. Hacker can acquire victim’s
PDA that
has signing keys in PDA memory. He can also get PDA + smart card + reader. In
former
case he drops PDA memory contents to a PC and can extract the keys. He can perform
a
brute force attack on the user’s PIN which is used to encrypt key and
than can
successfully fake signed documents. Such attack can be pre-packed in some user
friendlyexploit-program,
like Games,
puzzles, calculator etc.,. In the former case, he can tamper
with signing program. Similarly in the latter case, he can transfer with signing
program
making the user believe that the sign is correct, when created. He can also
extract the key
from user’s smart card using a suitable device. The attacker can threaten
the user with
gun to sign, even without a signing environment. Technical security measures
can only
be used to protect assets which are less valuable than physical attack. The
proposed
system can be considered as secure because mounting a technical attack (like
repeatedly
stealing user’s PDA or reverse engineering smart card) requires a lot
of resources.
5.
Conclusions
Today digital sign must have an equally a legal value on par with handwritten
sign. In
addition to this one’s private key must be kept secure by all means. Care
must be taken to
signing environment particularly from Trojan horses. Here I have proposed a
PSE
consisting of a Palm PDA + Smart card + Reader. Using this one can convince
for
authenticity of document signature. Hence the user’s private key is kept
in smart card,
and signing and verification takes place in the device which can be kept in
security. In
addition to this if time stamping is done the system can be used daily without
signature
abuse. Thus where signature is valuable more security is needed.
6.
References
1) P.R Zinberman “ The Official PGP User guide” MIT press ‘95
2) D.W Davies
: “ Use of the Signature token to create a negotiable document”
in
advances in Cryptology: Proceedings of Crypto ’83, pp 377-382, New York,
USA, 1984, Plenym Publishing
3) A. Webner: Distribution of risks in implementation of Digital signatures
http://www.semper.org
4) D. Balfanz Handheld computers can be better Smart cards. In proceedings of
USENIX Security ’99, August.
5) C. Ellison Ten risks of PKI: ‘What you’re not being told about
PKI Computer
Security Journal’ 16(1): 1-7, 2000.
6) http://www.palm.com/.
7) A.K Lenstar Selecting Cryptography key sizes http:// www.cryptsavvy.com/
8) A. Shamir Playing hide and seek with stored keys http:// www.ncipher.com
Technical College - Bourgas,
All rights reserved, © March, 2000