Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Integrating digital signatures with relational database: Issues and organizational implications By Randal Reid, Gurpreet Dhillon. Journal of Database.

Published byMagdalen Osborne Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Integrating digital signatures with relational database: Issues and organizational implications By Randal Reid, Gurpreet Dhillon. Journal of Database."— Presentation transcript:

1 1 Integrating digital signatures with relational database: Issues and organizational implications By Randal Reid, Gurpreet Dhillon. Journal of Database Management. Journal of Database Management. June 2003 Presented By Madhavi Kollu

2 2 Agenda/Topics to be covered  Encryption basics  Digital signature concepts  Normalization  Integration of Digital signatures and Relational databases  Conclusion

3 3 Encryption  Protects  The contents of a message  Insure confidentiality  Encryptions Types.  Symmetric Single key is usedSingle key is used  Asymmetric Two keys generated as a pairTwo keys generated as a pair  Figure 1 shows an asymmetric encryption

4 4 Encryption(2 )

5 5 Digital Signatures  Ensures  Data integrity  Authentication  Meets the E-sign act’s requirements  Figure 2 shows a digitally signed plain text message.

6 6 Digital Signatures(2)

7 7 Digital Signatures(3) Integrity of the Message Integrity of the Message  The data has not been modified since it was signed.  Cryptographic hash functions  SHA-1  MD5

8 8 Digital Signatures(4)  The hash is encrypted using sender’s private key.  The receiver runs the same hash algorithm against the plain text file.  The encrypted hash is decrypted using the sender’s public key. The two hashes are compared.  Figure 3 depicts the Digital signature process

9 9 Digital Signatures(5)

10 10 Digital Signatures(6) Authentication of the sender  Proof of the origin  Methodologies  The PGP (pretty good privacy) Provides authentication through a web-of-trust processProvides authentication through a web-of-trust process  X.509 structure Based on a hierarchical model, one trusted endorser, root certificate authorityBased on a hierarchical model, one trusted endorser, root certificate authority (Ex: www.verisign.com) (Ex: www.verisign.com)

11 11 Digital Signatures(7 )

12 12 Normalization  Prevents  Data redundancy  Data inconsistency  6 levels of normalizations are shown in Table 1.  Figure 5 is an example of this process.

13 13 Normalization(2)

14 14 Normalization(3)

15 15 Integration of digital signatures and Relational databases  Two Models of Integration  Separated model  Integrated model  Separated model  Manually transfers the data from the signed document into the relational database.  Stored electronically for later retrieval.  This model is shown in Figure 6.

16 16 Integration of digital signatures and Relational databases(2)

17 17 Integration of digital signatures and Relational databases(3)  Integrated model  The signed document is decomposed into elements and placed into the relational data structure including the digital signature and the certificate chain portions of the document.  To verify the transaction at a later point in time, the entire document is retrieved from the relational data structures and reassembled into its original form.  This model is shown in Figure 7.

18 18 Integration of digital signatures and Relational databases(4)

19 19 Comparing separate and integrated storage of signed documents Separate Model  Advantages  Inexpensive  Limitations  Redundancy and breakdown in the integrity of the system.  High error rates. Integrated Model  Advantages  Better performance and data integrity.  Limitations  Relatively high cost  Difficulty in the integration process

20 20 XML digital signature  XML digital signature specification. (http://www.w3.org/signature/). http://www.w3.org/signature/  Advances in XML digital signatures incorporates confidentiality, authenticity, data integrity and non repudiation.  The format for an XML digital Signature is shown in Figure 8.

21 21 XML digital signature(2)

22 22 Discussion & Conclusion  Separated model is a low-cost, but the integrated model - provides better performance and data integrity  Available products such as DBsign from Gradkell Systems, Inc (www.gradkell.com) www.gradkell.com  Challenges from an organizational standpoint in creating level of trust  Proper planning, tools and controls in place integration is achievable

23 23 QUESTIONS ???

Download ppt "1 Integrating digital signatures with relational database: Issues and organizational implications By Randal Reid, Gurpreet Dhillon. Journal of Database."

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
CIS 193A – Lesson6 CRYPTOGRAPHY RAPELCGRQ. CIS 193A – Lesson6 Focus Question Which cryptographic methods help computer users maintain confidentiality,

CIS 193A – Lesson6 CRYPTOGRAPHY RAPELCGRQ. CIS 193A – Lesson6 Focus Question Which cryptographic methods help computer users maintain confidentiality,
Lecture 5: Email security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Cryptography Basic (cont)

Cryptography Basic (cont)
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Technologies

Cryptographic Technologies
Electronic mail security -- Pretty Good Privacy.

Electronic mail security -- Pretty Good Privacy.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Web services security I

Web services security I
TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Similar presentations

Ads by Google