Explain how digital signatures protect against sniffing and spoofing.
|
|
Sniffing and Spoofing
Encryption and decryption address the problem of sniffing
(eavesdropping), one of the three Internet security issues mentioned at
the beginning of this discussion. But encryption and decryption, by themselves,
do not address the other two problems we mentioned in Internet Security
Issues: sabotage (tampering) and spoofing (impersonation).
Authentication and sabotage detection rely on a mathematical function
called a one-way hash (which is used to create a message digest).
A one-way hash is a number of fixed length with the following characteristics:
- The value of the hash is unique for the hashed data.
- Any change in the data, even deleting or altering a single character, results
in a different hash value.
- The content of the original data cannot be deduced from the hash.
Remember that we mentioned in the Public-Key Encryption section,
that it is possible to use your private key for encryption and your public
key for decryption. We pointed out that while this doesn't provide privacy,
it is a crucial part of digitally signing any data. It works like
this—instead of encrypting the data itself, the signing software creates
a one-way hash of the data, then uses your private key to encrypt the hash.
The encrypted hash is known as a digital signature.
Figure 2.8
This example shows a simplified view of the way a digital signature
can be used to validate the integrity of signed data. Two items are
transferred to the recipient of the signed data:
- The original data
- The digital signature
The digital signature is a one-way hash (of the original data) that
has been encrypted with the signer's private key. To validate the
integrity of the data, the receiving software first uses the signer's public
key to decrypt the hash. It then uses the same hashing algorithm that
generated the original hash to generate a new one-way hash of the same
data. (Information about the hashing algorithm used is sent with the digital
signature, although this isn't shown in the example.) Finally, the receiving
software compares the new hash against the original hash. If the two hashes
match, the data has not changed since it was signed. If they don't match,
the data may have been tampered with since it was signed, or the signature
may have been created with a private key that doesn't correspond to the
public key presented by the signer.
Confirming the identity of the signer, however, also requires some way
of confirming that the public key really belongs to a particular person
or other entity. There are places where you can find public keys that allegedly
belong to public figures such as Bill Clinton or Al Gore.
The significance of a digital signature is comparable to the significance
of a handwritten signature. Once you have signed some data, it is difficult
to deny doing so later—assuming that the private key has not been compromised
or out of the owner's control. In some situations, a digital signature
may be as legally binding as a handwritten signature.
|