Strong Encryption is not enough - the need for Digital Signatures
The push for eCommerce has demonstrated the need,
not for greater bandwidth, nor (strictly) for greater end-to-end security,
but for authentication and authorization
of the end players.
Digital signatures were first discussed by Diffie and Hellman in their 1976
'New Directions in Cryptography',
but eCommerce is only recently demonstrating their worth
to a wider audience (and their patent has expired!).
Unlike traditional signatures,
a digital signature cannot be a constant;
it must be a function of the document that it signs.
A digital signature prevents two types of fraud -
- the forging of a signature by the receiver (or any third party), and
- the repudiation of the transmission of a message by the sender.
Two categories of digital signature are identified:
- True signatures, signed by the sender, verified by the receiver.
- Arbitrated signature may only be sent and verified through a
trusted third party.
The recipient is unable to verify the sender's
signature directly, but is assured of its validity through
the mediation of the arbitrator.
CITS3002 Computer Networks, Lecture 12, Cryptography's role in networking, p16, 22nd May 2024.
|
CITS3002