Cyber Law & Islamic Ethics

Slides:



Advertisements
Similar presentations
What is. Digital Certificate It is an identity.
Advertisements

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Digital Signatures and Hash Functions. Digital Signatures.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Pretty Good Privacy (PGP). How PGP works PGP uses both public-key cryptography and symmetric key cryptography, and includes a system which binds the public.
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Encryption and the Law: The need for a legal regulatory framework for PKI Yee Fen Lim Department of Law Macquarie University.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Cryptographic Technologies
In the CA I trust. A look at Certification Authorities James E. Shearer CSEP 590 March 8 th 2006.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
© Julia Wilk (FHÖV NRW) 1 Digital Signatures. © Julia Wilk (FHÖV NRW)2 Structure 1. Introduction 2. Basics 3. Elements of digital signatures 4. Realisation.
E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.
Cryptographic Security Cryptographic Mechanisms 1Mesbah Islam– Operating Systems.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.
Chapter 31 Network Security
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.
E-commerce Law Electronic signatures and security.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Cryptography, Authentication and Digital Signatures
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Risks of data manipulation and theft Gateway Average route travelled by an sent via the Internet from A to B Washington DC A's provider Paris A.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 50 Cryptography, Privacy, and Digital Certificates.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.
Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.
Encryption. What is Encryption? Encryption is the process of converting plain text into cipher text, with the goal of making the text unreadable.
DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Digital Signatures, Message Digest and Authentication Week-9.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
DIGITAL SIGNATURE.
Security & Privacy. Learning Objectives Explain the importance of varying the access allowed to database elements at different times and for different.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Private key
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Content Introduction History What is Digital Signature Why Digital Signature Basic Requirements How the Technology Works Approaches.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Guided by : VIPUL GAJJAR Prepared by: JIGAR KAKADIYA.
 Introduction  History  What is Digital Signature  Why Digital Signature  Basic Requirements  How the Technology Works  Approaches.
How the ESign Act Makes Esignatures Work
TAG Presentation 18th May 2004 Paul Butler
Computer Communication & Networks
TAG Presentation 18th May 2004 Paul Butler
Digital Signature.
NET 311 Information Security
Digital Signatures and Forms
CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9
Presentation transcript:

Cyber Law & Islamic Ethics DIGITAL SIGNATURE CICT3523

INTRODUCTION There are number of transactions require a signature in order to be legally effective. However, a ‘traditional manuscript signature is not feasible where the parties communicate through the Internet. Digital communication technology requires methods of signature which are very different from the manuscript signature.

There are two possibilities of signatures The incorporation of a scanned image of a manuscript signature into a word processing file, followed by the sending of that document as an e-mail attachment. The ‘signature’ of an electronic document by means of a mathematical process. This ‘electronic document’ is a set of number or code which represents text or other information. This is what we call digital signature.

WHAT IS A DIGITAL SIGNATURE FOR? For identification. Signature shows the identity of the signatory. That the signatory intended the signature to be his signature. That the signatory approves of and adopt the contents of the document.

For security and privacy purposes. The sender of the message will be ensured that the recipient is the intended person and nobody can read the message or change it. For privacy purposes- whereby many people do not want others to read the message. The integrity and privacy of information are protected.

For legality To enforce the signatory’s legal obligations, the recipient of the document needs to prove that the signatory has signed the document. The signature can prove that the signatory approves and adopt the contents of the document and it can create legal obligation on him.

Therefore, in order to encourage electronic transactions and curb forgeries and computer-generated fraud, digital signature Act has been legislated in a number of country including Malaysia. The law provides the legal infrastructure and makes digital signature effective and it gives a recognition to the digital signature

UNDERSTANDING THE TECHNOLOGIES ASPECTS OF DIGITAL SIGNATURE One form of digital signature that has been recognised is public key cryptography. Public key cryptography is based on asymmetric cryptosystem. It means a series of algorithms which provide a secure key pair.

There are two keys; Private key. the key of a key pair to create a digital signature. It should be known only to the subscriber (kept secret).

Public key. the key of a key pair used to verify a digital signature the public key is freely distributed to others.

Note Knowing a user’s public key does not give any information about private key. Thus, many people may know the public key but they cannot discover the private key and use it to forge digital signature.

THE PROCESS There are 2 process; one performed by the signer and other by the receiver of the digital signature. The digital signature creation. The signature itself is actually a ‘hash’ i.e a string of digits representing a combination of the document and a unique computer-generated code by the document’s signer using a private key. Digital Signature verification is the process of checking the digital signature by using public key.

EXAMPLE 1 Suppose that Shafiq wishes to send his message to ABC company. He wishes to make sure that only that company can read it. He looks up the company’s public key in the Key directory and uses it to encrypt the message. If the message is M and the public key is AB then the encrypted message is AB(M). The company receives the message and uses the private key to decode it. Let’s say the private key is SH. The process is SH[AB(M)]=M. If a third party intercepts the message, he cannot read it since he does not know the key that decode it. If he alters the message in some way then SH will no longer to decode the message since the altered message is no longer AB(M).

EXAMPLE 2 Suppose that ABC company wishes to make sure that Shafiq knows the message from them but they do not care if the whole world know its contents. He encodes the message with a private key. If the private key is SH, so the result is SH(M) is sent to Shafiq with the instructions to decode it using public key, AB. Anybody who knows the public key can decode it but Shafiq will know that ABC is the sender of the message because only that company knows the private key that created the message.

BENEFITS of DIGITAL SIGNATURE The digital Signature have no resemblance to handwritten signatures. They have a unique features as opposed to handwritten signature; Each of digital signature is unique meaning that if everyone in the world had a digital signature, the chances are extremely low any two would be the same.

The digital signature is interwoven with the document that is being signed in such a way that the signature cannot be cut and pasted onto another document. Trying to extract the signature from the document is futile and can be easily detected. Handwritten signature changes over time. Some people never sign their names the same way twice. It easily be forged. A digital signature will not cause the same difficulty because it never changes.

There is no chance that the signer denies that he did not send the message since the system will cause the authentication of the sender’s identity to be done when the message is decrypted using the sender’s public key.

THE LEGAL FRAMEWORK Malaysia has enacted the Digital Signature Act 1997 based on the State of Utah Law on digital signature. There are few reasons why the law should be enacted for this purpose. The main reasons are for regulatory and management purposes.

Certification Authorities Controller Subscriber Repository 4 PARTIES INVOLVED Certification Authorities Controller Subscriber Repository

1. Certification Authority (CA) In Malaysia, The CA is Digicert Sdn. Bhd. CA is trusted third party who provide the authentication of a sender’s identity to a third party in an e-commerce transaction. If the parties have not had previous dealings, however, the recipient will have no knowledge whether the public key does in fact correspond to the purported identity of the signatory. This is where the ID certificates come in.

ID certificate contains; CA issues a digital certificates of authenticity to signify the identity of a signer and the validity of an original signature. ID certificate contains; A copy of public key. A statement that the issuer of the certificate has checked the identity of the signatory, that the signatory does in fact process the signature data which corresponds to the public key, and the issuer has checked that the public key validates the identified person’s digital signature.

The Responsibilities Of The CA Must get a license from a controller to carry out business as CA. It is an offence if the CA operates without a license and the punishment is a fine of RM500,000 or imprisonment of 10 years or both. Must use a trustworthy system to issue certificate and to create a private key. Take all reasonable measures to check for proper identification of the subscriber to be listed in the certificate.

To make sure that the prospective subscriber rightfully holds the private key corresponding to the public key to be listed in the certificate and to make sure that the public key to be listed can be used to verify a digital signature affixed by the private key held by the subscriber. If the statement in the certificate turns out to be inaccurate, action can be brought against the CA.

2. The Controller of CA Controller is the authority responsible for the enforcement of the Act. Be appointed by the Minister concerned and they are public servants.

The Responsibilities Of The Controller Overall monitoring the activities of CA Issue a license to the CA Has power to investigate the activities of CA and conduct a prosecution against the CA Recognize a repository.

3. Subscriber Subscriber means a person who is the subject listed in a certificate, accept the certificate and holds a private key which corresponds to a public key listed in the certificate.

The Responsibilities Of Subscriber The subscriber rightfully holds the private key corresponding to the public key listed in the certificate All representations made by the subscriber to the CA are true. To notify the repository within a reasonable time of any facts that effect the validity of the certificate once it is issued.

4. Repository The controller will recognize the repository. For storing and retrieving certificates and other information relevant to digital signature. Once CA issues the certificate to the subscriber and the subscriber accepts it, the CA will publish a signed copy of the certificate in a recognized repository.

The Responsibilities Of Repository It would be from the repository that users of the public key would get the information of identification. Therefore, the Act does impose on them certain degree of liability. A repository will be liable for a loss incurred by a person if the person rely on the publication but the license has been suspended and revoked.

OTHER LEGAL ISSUES Digital signature has been recognized as an authentic signature under the Act and shall be legally binding as a document signed with a handwritten signature. Whether ISP would be affected or not? may not arise as the licensed CA is responsible to issue a certificate using a trustworthy system. The liability if any, may lie with the CA concerned.

PROBLEMS WITH DIGITAL SIGNATURE TECHNOLOGY The management of private key is difficult. It requires a person to remember the keys. It is impractical because for the key to be operative it would have to be long and complex. As a solution, storing in the computer or the smart card are the options. There is the possibility that the third party can access to it.

It can encourage e-commerce in Malaysia CONCLUSION Malaysia already legislated the law on digital signature namely Digital Signature Act 1998. It can encourage e-commerce in Malaysia