SECURITY REQUIREMENTS FOR MOBILE PAYMENTS

For the utilization of Internet and mobile com­munications there is a requirement for security services to provide communications integrity and privacy. Mobile communications is the capacity and capability to perform transactions at any time irrespective of geographical locations.

• Authentication

• Authorization

• Confidentiality

• Integrity

• Non-repudiation

• Hostility

• Information Security

• Vulnerability

5.1. Authentication

According to the Federal Information Processing Standards, authentication verifies “the identity of a user, process, or device, often as a prerequisite allowing access to resources in an information system.” Authentication is a simple process where the user enters a set of credentials to the system. If the credentials match the existing set in the system, then the user is given authorization otherwise, not. The purpose of authentication is to verify the specific set of information presented which represents that the request is authentic from a specified entity. This is important, for verifying the identity of an entity which is basis for all the rights and privileges granted to the entity. Whether the presenting entity is the computer program or a user makes no difference to the authentication process.

Authentication is the assurance that the com­municating person is the one who it claims it to be. A system authenticates the user to determine if the user is authorised to perform any electronic transaction or access the system.

To perform any electronic transaction the authentication process begins with the request. The client requests for the services which require authentication. The service providers asks for the unique token which acts as a means of providing authentication to the user and which proves the identity of the user. This unique token binds a user’s identity together with a secret and is given to user during registration. When the user pres­ents his unique token during authentication the authenticating party verifies user’s identity since unique token is unique to everybody.

Token can be classified as:

• Something you know i.e. Passwords.

• Something you have i.e. Hardware Tokens.

• Something you are i.e. Biometrics.

Today, these methods are called the three fac­tors of authentication. ISC2 also adds a fourth category called someplace you are, which is based on your location and typically uses GPS (global positioning system).

Authentications such as fixed passwords are considered to be weak authentication process and single factor authentication, which is based on something you know. It is prone to many at­tacks like eavesdropping, dictionary attack, and replay attack. Strong authentication schemes rely on more than one factor that means it combines the use of something you know (passwords) with something you have (hardware devices). Authenti­cation strategies can be divided into single-factor authentication and multi-factor authentication.

5.1.1. Single Factor Authentication (SFA)

Single-factor authentication is the traditional security process that requires a user name and password before granting access to the user.

SFA security relies on the diligence of the user, who should take additional precautions - for example, creating a strong password and ensur­ing that no one can access it.

5.1.1.1. Passwords

Most commonly, computers use passwords, the “something you know” factor, for basic authentica­tion. The most common way to maintain security is the use of passwords and usernames. This is the weak authentication mechanism which can be broken down by eavesdropping on the network connection or by sloppy handling of the users. Since more and more services are available on Internet, and many of these services require au­thentication mechanisms. It is difficult to manage different combinations of keys acting as username and password.

Passwords are the simplest authentication model to implement, and that is why password models are so common. Unfortunately, password models are also the weakest authentication model because passwords are guessed or stolen relatively easily. It can also make any password model vulnerable. Even if passwords are made complex by adding special characters to it, these measures can force users to write passwords down, which limits the value of the password because it can be more easily stolen.

Four types of attack on the passwords:

• Dictionary Attack: Simply use different dictionary files to crack passwords.

• Permutation of Words and Numbers:

For each word from a dictionary file, per­mute with 0, 1, 2 and 3 digit(s) to construct possible password candidates. Also make common number substitutions, such a 1 for I, 5 for S etc. 3.

• User Information Attack: Use user infor­mation collected from password files, e.g., user id, user full name, initial substring of name, to crack passwords.

• Brute Force Attack: We made this attack on any passwords that were only 6 charac­ters long.

5.1.1.2. Hardware Tokens

Some authentication systems commonly use tokens, which is any device or object that can authenticate a user. Common examples include physical keys, proximity cards, credit cards, or ATM cards.

5.1.1.3. Software Tokens

Software tokens are similar to hardware tokens. It is software implementations of hardware tokens. Software tokens run on the PC or on a separate multi-purpose device but hardware tokens are stored on an external device away from the PC. Software tokens support authentication of both parties and protect the used communication channel to transmit data for authentication. The disadvantage of software tokens is that it can be copied easily without the knowledge of the user.

5.1.1.4. Biometrics

Biometrics is automatic methodologies which use to identify a person on the basis of some biological or behavioural characteristic. Many biological characteristics, such as fingerprints, DNA (deoxyribonucleic acid) information etc. and behavioural characteristics, such as voice patterns, signature are distinctive to each person. Hence, biometrics is more capable and more reliable in distinguishing different individuals than any other techniques based on an ID document or a password. A biometric system is a pattern-recognition system that makes personal identification possible.

Biometric systems come in many varieties, with each variety measuring a physical characteristic found to be relatively unique to a specific indi­vidual, within a reasonable scale of individuals.

Biometric approaches are divided into two categories: physiological and behavioural. Physi­ological biometric is based on bodily characteris­tics, such as fingerprints, iris scanning and facial recognition. Behavioural biometric is based on the way people do things, such as keystroke dynamics, mouse movement and speech recognition.

The different types of biometric technologies are as follows:

• Facial Recognition is the technology that identifies people from still or video photo­graph images of their faces.

• Fingerprint Identification is the tech­nology that make authentication through fingerprint. A fingerprint is the pattern of ridges and furrows on the surface of a fingertip. No two persons have exactly the same arrangement of patterns, and the patterns of any one individual remain un­changed throughout life.

• Retinal Pattern Recognition is the tech­nology to authenticate people through scanning their eyes. The retina is the inner­most layer of the eye. The pattern formed by veins beneath the surface of the retina is unique to each individual.

• Iris-Based Identification is the technol­ogy that makes Iris-Based Identification is the technology that make authentication through iris scanning. The iris is the co­loured part of the eye. It lies at the front of the eye, surrounding the pupil.

• Signature Recognition system is based that each person has a unique style of hand­writing. This system can identify different individual through their signature charac­teristics.

• Voice Recognition or Speaker

Recognition is a technology through which voice of a person is recorded. The biometric technology uses the acoustic features of speech that have been found to differ between individuals. These acoustic patterns reflect both anatomy (i.e. shape and size of throat and mouth) and learned behavioural patterns (i.e. voice pitch, speaking style).

5.1.2. Multi Factor Authentication (MFA)

Multi-factor authentication is a method of user identification that combines a number of single factor authentications. It is used for priority customer information and high-risk financial transactions. The strength of an authentication mechanism can be judged on how many things it depends on. Using two types of the same factor is not multi-factor authentication. For example, a password and personal information are both what you know, so using them together would still be single-factor authentication. The strength of authentication keys can vary even within a fac­tor category. Mother’s maiden name, a four-digit code and a random eight-character alphanumeric password are all examples of authentication keys based on what you know, but they each provide different protection against discovery attacks. Consequently, the security of the authentication process is affected by the actual solution used. However, it is generally held that multi-factor authentication improves security. Multi-factor authentication is either two-factor or three-factor.

• Two-Factor Authentication: This uses two of the three factors of authentication. Accessing your account through an ATM is based on two factors of authentication: the PIN (something you know) and the ATM card (something you have).

• Three-Factor Authentication: This uses all three of the factors of authentication.

For example, to access a secure site you might need to pass a guard who checks your face against a stored image (some­thing you are), swipe an access card (some­thing you have), and enter a four-digit code (something you know).

5.1.2.1. One Time Password (OTP)

One-time passwords are passwords that are only valid for a single or small number of transactions. This contrasts with conventional passwords which are valid for many transactions as users are reluc­tant to voluntarily change passwords frequently. Since OTP’s are only valid for a limited number of uses, an attacker has a smaller window of time to gain access to resources guarded by such a password because any previously stolen passwords will likely have become invalid. As with traditional passwords, one-time passwords are vulnerable to man-in-the-middle attacks. By observing the OTP before it is successfully received by the authenticator, an attacker has a valid password. Because of this undesirable property, both OTP’s and conventional passwords must travel securely. Typically, the one-time password is generated by a hardware device that the person desiring to be authenticated carries to promote use across many physically distant domains. The hardware imple­ments an algorithm that generates passwords in a specific manner that the authenticator knows. The hardware device will often display the pass­word on a small screen for a user to type into the authenticator. In this hardware based approach, if the hardware or computer that generates the passwords were stolen, the thief would be able to authenticate himself just by reading the numbers on the display. Because of this reason, one-time passwords are often one part of a multi-factor authentication (MFA) system where two or more independent factors of authentication are used to identify a user.

Algorithms generating temporary passwords can be time-based or mathematical-based. Time­based algorithms generate passwords that are valid for a set period of time before automatically updated by the algorithm (often a hardware de­vice). Technically, a one-time is a misnomer as a password can be used multiple times as long as it is within one time period. A hardware device of this type typically always displays a password, and the password is constantly changing. The length of time that an OTP is valid is an important security parameter in these schemes because one password is valid until the time period expires and then updated. If a password is infrequently updated, an attacker has a longer window for exploitation. As the period length grows, the security of OTP’s approaches that of conventional passwords. For example, an eavesdropper could capture the OTP that has just been generated as it travels across a network. Once captured, the attacker has the entire lifetime of the password for unauthorized access. SecurID is a proprietary commercial sys­tem by RSA Security that uses hardware devices to generate passwords that change every thirty or sixty seconds.

5.1.3. Authorization

Authorization is the process by which it is de­termined if a person has right or permission to conduct a particular action. It is the mechanism by which a system determines what level of access a particular authenticated user should have to secure resources controlled by the system. Authorization information, for example, an access-control list, is stored and managed by the service. Internet services evolve rapidly and thus the set of potential actions and the users who may request them are not known in advance; this implies that authoriza­tion information is created, stored, and managed in a dynamic, distributed fashion. Users are often expected to gather credentials needed to authorize an action and present them along with the request. Because these credentials are not always under the control of the service that makes the authoriza­tion decision, there is a danger that they could be altered or stolen. Thus, a public-key signature is must to be part of the authorization framework.

In traditional authentication and access control, the notion of identity plays an important role. In a traditional system, an identity often means an existing user account. User accounts are estab­lished with the system prior to the issue of any request. Earlier PKI proposals try to establish a similar global “user account” system that gives a unique name to every entity in the system and then binds each public key to a globally unique “identity.” In Internet applications, the very notion of identity becomes problematic.

The term identity originally meant sameness or oneness. When we meet a previously unknown person for the first time, we cannot really identify that person with anything. In a scenario in which an authorizer and a requester have no prior rela­tionship, knowing the requester’s name or identity may not help the authorizer make a decision. The real property one needs for identity is that one can verify that a request or a credential is issued by a particular identity and that one can link the particular identity to its credentials.

5.1.4. Confidentiality

Confidentiality means preserving authorized re­strictions on information access and disclosure. It includes means for protecting personal privacy and proprietary information. A loss of confidentiality is the unauthorized disclosure of information.

Confidentiality is defined as the property that ensures that information is not made available or disclosed to unauthorized users. Confidentiality mechanisms are intended to prevent information dissemination to users who are not authorized to receive it.

A confidentiality mechanism may prevent ac­cess to the information or may conceal or alter the information to all but those who have privileges.

Confidentiality of information can be deter­mined by its impact level i.e. low, moderate, or high. It indicates the potential harm that could result to the subject individuals and/or the orga­nization were inappropriately accessed, used, or disclosed.

Confidentiality of transmission can be pro­tected by encrypting the communications or by encrypting the information before it is transmitted.

5.1.5. Integrity

Integrity is defined as the property that informa­tion is not altered or destroyed by unauthorised user. It is defined as precise, accurate, unmodified, and consistent. Precise means modified only in acceptable ways. Accurate means modified only by authorized people. To unmodify means to modify only by authorized processes. Consistent means meaningful and correct. Integrity policies seek to prevent accidental or malicious destruction of information. Traditionally, information integrity has been supported by security models based on access control mechanisms. These mechanisms mainly provide the authorization component of integrity requirements.

There are two categories that prevent the integrity threat.

• Preventing access to information through secure channels and routing control i.e. ac­cess control and stored data respectively.

• Detecting unauthorised modification by cryptography and digital signatures.

Electronic solutions are based on hash-algo­rithms, MAC (Message Authentication Codes) values and digital signatures.

5.1.6. Non Repudiation

It refers to illegal denial of request. Non-repudi­ation makes it impossible for someone to deny that he or she carried out a particular action. For example, a credit card purchase in which the bill of sale is signed by the cardholder is an example of a non-repudiable transaction. Neither the seller nor the buyer can deny that the transaction took place. A service that is used to provide assurance of the integrity and origin of data in such a way that the integrity and origin can be verified and validated by a third party as having originated from a specific entity in possession of the private key.

A contract is usually accepted by signing it. Every party gets its own copy of the contract. If the content becomes disputable, nobody can deny that the contract was signed since everybody has an identical copy (this assumes, of course, that the authenticity of the signatures can be verified). In distributing computing non-repudiation means that the sender should not be able to deny later that he has sent a message or that the receiver cannot deny that he has received the message. Typically, in electronic commerce, a client should not be able to deny that he has ordered a product. In telecom­munication services, a client should not be able to deny that he has ordered to use a service like video-on-demand or to use network resources to make a phone call. There is no particular threat against non-repudiation apart from denial. In the computer world, non-repudiation is carried out with digital signatures conceptually similar to ones in the real world.

5.1.7. Hostility

It is the trustworthiness of users, customers, merchants and other players in mobile environ­ment. The systems should provide enough stored information to detect the fraudulent later. Since we cannot assume that all participants in mobile transactions are honest, the mobile commerce system should provide enough mediated and stored information so that dishonest merchants, customers or other players can be found later with all aspects and is a general requirement for electronic transactions.

5.1.8. Information Security

In mobile transactions the information is trans­formed over wireless access network and is thus receivable by external parties more easily than wire line network. Information security prevents the external people to listen in or change the mes­sage content without it to be noticed by parties. The general way to maintain information security is encryption technology and Public Key Infra­structure. (PKI)

5.1.9. Vulnerability

Vulnerability is a flaw or weakness in a system’s design, implementation or operation that could be exploited to violate the system’s security. Security vulnerability is not a risk, a threat, or an attack. Vulnerabilities can be of four types.

• Threat Model vulnerabilities originate from the difficulty to fore see future threats (e.g. Signalling System).

• Design & Specification vulnerabilities come from errors or oversights in the de­sign of the protocol that make it inherently vulnerable (e.g. Wi-Fi).

• Implementation vulnerabilities are vulner­abilities that are introduced by errors in a protocol implementation.

• Operation and Configuration vulnerabili­ties originate from improper usage of op­tions in implementations. Not enforcing use of encryption in a Wi-Fi network, or selection of a weak stream cipher by the network administrator.

According to X.800, a security threat is a po­tential violation of security, which can be active (when the state of a system can be changed), or passive (unauthorized disclosure of information without changing the state of the system). A se­curity risk originates when security vulnerability is combined with a security threat.

5.2. Security Attacks

An attacker might want to gain access to an elec­tronic message for numerous reasons:

Gaining unauthorised access to information in order to violate someone’s privacy, impersonating user in order to shift the responsibility or originate a fraudulent activity are some of the reasons an attacker might want to access the information. There are four general categories of attacks on a transmitted message apart from a normal transac­tion flow.

• Interruption

• Interception

• Modification

• Fabrication

In general, there is a flow of information from a source to a destination. In normal message flow, the information passes from source to destination without any hindrance (Figure 9).

5.2.1. Interruption

Interruption is the action of preventing a message from reaching its intended recipient (Figure 10).

It can also occur when an ass asset of the sys­tem is destroyed or becomes unavailable. This is an attack on availability. This attack can easily be detected by single party or both the parties. Some examples of this type are as under:

• Destruction of hardware.

• Physical damage to communication links.

• Introduction of Noise.

• Removal of routing.

• Disabling of file or a program

• DoS attack.

5.2.1.1. Mitigate the Attack

• Use Firewalls - Firewalls have simple rules such as to allow or deny protocols, ports or IP addresses. Modern stateful firewalls like Check Point FW1 NGX and Cisco PIX

Figure 9. Normal flow

Figure 10. Interruption of a message

have a built-in capability to differentiate good traffic from DoS attack traffic.

• Keeping backups of system configuration data properly.

• Replication

5.2.2. Interception

Interception is where an unauthorised party gains access to information (Figure 11). This is an attack on confidentiality. The unauthorised party might be a person, program, or a computing system. A loss due to this kind of attack might be noticed quickly, but the interceptor might leave no trace by which the interception can be detected. This attack cannot be avoided in wireless communica­tions. Some examples of this type are as under:

• Wiretapping to capture data in a network.

• Illicit copying of files.

• Eavesdropping.

• Link monitoring.

• Packet capturing.

• System Compromisation.

5.2.2.1. Mitigate the Attack

Using Encryption - SSL, VPN, 3DES, BPI+ are deployed to encrypt the flow of information from source to destination so that if someone is able to snoop in on the flow of traffic, all the person will see is ciphered text.

• Traffic Padding: It is a function that pro­duces cipher text output continuously, even in the absence of plain text. A continuous random data stream is generated. When plaintext is available, it is encrypted and transmitted. When input plaintext is not present, the random data are encrypted and transmitted. This makes it impossible for an attacker to distinguish between tree data flow and noise and therefore impossible to deduce the amount of traffic.

5.2.3. Modification

Modification is where an unauthorised party not only gains access to an asset, but tampers with it (Figure 12). This is an attack on the integrity ofthe message. It can be detected if proper measures are taken. Some examples of this type are as under:

• Changing of values in a database for per­sonal gain.

• Altering of a program.

• Modifying the contents of the message transmitted on a network.

• Making use of delays in communications.

5.2.3.1. Mitigate the Attack

• Introduction of intrusion detection systems (IDS) which could look for different signa­tures which represent an attack.

Figure 11. Interception of a message

Figure 12. Modification of message

• Using Encryption mechanisms.

• Traffic padding.

• Keeping backups.

• Use messaging techniques such as check­sums, sequence numbers, digests, and au­thentication codes.

5.2.4. Fabrication

Fabrication occurs when an unauthorised party in­serts counterfeit objects into the computing system (Figure 13). This is an attack on the authenticity of the message. These insertions can sometimes be detected as forgeries, but if done skilfully they are virtually indistinguishable from the real thing. It also relates to non-repudiation. Some examples of this type are as under:

• Adding additional records to an existing file or a database.

• Insertion of spurious information into the network communication systems.

5.2.4.1. Mitigate the Attack

• Use of Authentication and authorization mechanisms

• Using Firewalls

• Use Digital Signatures - Digital signature scheme is a mathematical scheme for dem­onstrating the authenticity of a digital mes­sage or document.

Figure 13. Fabrication of a message

5.3. Security Mechanisms (Cryptography Overview)

Cryptography is the science of encryption and decryption. Modern encryption also includes the concept of a key, which is used by an algo­rithm to encrypt or decrypt a message. Security in cryptography comes from both the algorithm and the key. If the algorithm allows easy attacks, the system will be weak. A system is secure if it is computationally infeasible to recover the key or the plaintext from the cipher text. As time progresses, processes that were computationally infeasible become feasible with increased comput­ing power. Some cryptographic algorithms may therefore become outdated extremely quickly. A cryptosystem consists of an algorithm that is used to secure communications and the keys that are used for encryption and decryption. All plaintexts and cipher text belong also to the cryptosystem. A cryptographic algorithm is a mathematical func­tion that is used for encryption and decryption. A synonym for cryptographic algorithm is a cipher. A key is a series of data, a string of numbers and/ or characters. It has a certain length, which is usually given in bits. Typically, a key length can range from 56 bits up to several kilo bytes. It can be stored in a file or in a chip. A key can be sent to somebody through the network. A key can have a lifetime depending of the cryptosystem and the agreement for the use of the key. The main threat against the concept of key is the brute force attack i.e. trying all possible keys.

5.3.1. Symmetric Encryption

Symmetric encryption (or private-key encryp­tion) uses the same key to encrypt and decrypt a message (Figure 14). The length of the key is exponentially proportional to the strength of the encryption. Symmetric encryption usually uses short keys (less or equal to 128 bits). To ensure the best security, the key should be as random as pos­sible. A totally random key that is only used once is the ideal form of symmetric encryption, and such a scheme is called a One-Time Pad. The common standard for symmetric encryption is DES (Data Encryption Standard) which uses a 56-bit key. It is being phased out in favour of AES (Advanced Encryption Standard) recently defined by the NIST (National Institute of Standards and Technology). DES security can be expanded through the re­peated encryption of a message with two or three different keys. This process is called Triple DES. Symmetric encryption provides confidentiality. The strength of such ciphers cannot generally be proved mathematically. They make use of a few cryptographic functions (permutation, substitu­tion, XOR, addition and multiplication modulo a number) that are combined together to form the algorithm. Private-key cryptosystems enable to cipher roughly around 1000 times faster than the public-key ones. There are numerous symmetric algorithms. The main standard algorithms are DES, 3-DES, Blowfish, IDEA, CAST and AES.

Figure 14. (Symmetric) secret key encryption [359]

The main problem with Symmetric-key cryp­tography is that the sender and receiver have to share the same secret key. If they are in separate physical locations, they must trust a courier, or a phone system, or some other transmission medium to protect the secret key. Anyone who overhears or intercepts the secret key in transition can read, modify, or falsify messages encrypted with that key. Key management is in charge of the genera­tion, transmission and storage of keys. Because all keys in a Symmetric-key cryptography algorithm must be kept secret, it is essential to also provide secure key management for a Symmetric-key cryptography approach.

5.3.2. Asymmetric Encryption

Asymmetric (or public-key) encryption uses two different keys during the encryption and decryp­tion processes (Figure 15). The keys have certain mathematical qualities, which allow one key to be used to decrypt what the other key has encrypted. The keys have to be large enough in order to pre­vent one key being calculated from the other key. Because of these factors one key can be publicly distributed (the public key usually noted KU).

Alice knowing Bob’s public key can send an encrypted message to the Bob who owns the private key (usually noted KR). In this use, asymmetric encryption provides confidentiality. If Bob encrypts a message with his private key, asymmetric encryption provides both authenti­cation and confidentiality. Public keys are made available to applications, hosts and services. The public key authenticity can be certified by a Certificate Authority in order for a community of users to trust that a public key really belongs to a principal. Another approach is to keep public keys in a public repository managed by a trusted party or to let each user decide the keys he trusts. A private key belongs to an entity and is never revealed to anyone. It is used by the entity to decrypt incoming messages that are encrypted with the principal’s public key. It is also used to sign an outgoing message sent by the principal to anyone else. This provides non-repudiation and authentication, as anyone can use the principal’s public key to verify the signature, to be sure that the message originated from that principal. Public key technology is commonly used to secure short messages or very important messages where real­time encryption and decryption is not an issue. The main public-key algorithm standards are RSA (Rivest-Shamir-Adelman) and ECC (Elliptic Curve Cryptography).

Figure 15. (Asymmetric) public key encryption

5.3.3. Key Escrow and Perfect Forward Secrecy

A key escrow system uses public key cryptography to encrypt and decrypt messages. The difference between the standard public key implementation and a key escrow system is that with key escrow, copies of the private key are split into pieces and stored by a trusted third party. In the case of the Clipper Chip an 80-bit key was to be split into two 40-bit keys that were to be stored with two independent agencies. The benefit of a key escrow system is that if the private key is ever lost, it can be recovered from the independent agencies. The down side of this mechanism, from the perspective of privacy advocates that the government can also recover the private keys with a justice court order. The fact that key recovery encryption technology, has kept it one of the most hotly debated subjects in the cryptography field today. Perfect forward secrecy (PFS) in a key establishment protocol is the condition in which the compromise of a ses­sion key or long-term private key after a given session does not cause the compromise of any earlier session.

5.3.4. Hash Functions

Hash functions are employed in conjunction with Public-key cryptography algorithms to produce digital signatures. When implementing a digital signature, it is unusual to encrypt a whole mes­sage for security and performance reasons. A hash function works on a message with an arbitrary length, and returns a fixed-size hash value. This hash value is sometimes called message digest or digital fingerprint. The ideal cryptography hash function should be simple to calculate the message digest for any given message. It should be computationally impractical to find a message with a given message digest, computationally im­practical to alter a message without modifying its message digest, and it should be computationally impractical to find two different messages with the same message digest.

Hash functions are widely used currently. The message digest can be used in creating digital signature schemes. For security and performance reasons, most digital signature algorithms specify only to sign the digest of the message, not the entire message. In addition, a hash function can be used to control the integrity of a message. Determining whether any changes have been made to a message (or a file), for example, can be accomplished by comparing message digests calculated before, and after, transmission or any other event. A widespread hashing algorithm is called MD5 (Message Digest version 5). It gener­ates a 128-bit (16-byte) hash, and is considered reasonably secure. Other common used standard algorithms are SHA-1 and RIPEMD-160 (20-byte output). An added digest (or hash-value) provides integrity. The Secure Hash Algorithm (SHA) is the most widely used hash function. It was developed by NIST and its revised version is generally called SHA-1 or Secure Hash Standard in the standards document. SHA-1 is the most established of the SHA hash functions, and has been employed in widely used security applications and protocols. SHA-1 calculates a condensed representation of a message. When a message of any length < 264 bits is input, the SHA-1 produces a 160-bit message digest.

5.3.5. Digital Signature

Digital signature is a combination of several of the above technologies (public key and hash algorithms). A digital signature is the digest of a document encrypted with a private key. A digital signature is not only used to protect data integrity but also used to achieve authentication and non­repudiation. A digital signature mechanism can be employed to authenticate the identity of the sender of a message, and sometimes to ensure that the original content of the message that has been sent is unchanged. Digital signatures can protect the two parties against each other, because there is no complete trust between sender and receiver.

A digital signature includes three process steps: a key generation process, a signature signing pro­cess, and a signature verifying process (Figure 16).

A conventional signature is included in the document; it is a part of the document. Whenever we write a check, the signature is on the check; it is not a Separate document. But when we sign the document digitally, we send a signature as a separate document. The sender sends two docu­ments: the message and the signature. The receiver also receives two documents but he verifies the signature. If the signature is proven the message is kept otherwise it is rejected. Digital signatures like physical signatures, can verify that a specific user affixed their signature to a document and they can also verify that the document is the same as when the user affixed the digital signature. Digital signature systems (DSS) use public key cryptography methods to create digital signatures. The integrity of the digital signature is tied to the security of the user’s private key. As long as the user’s private key is secure, then only the user can affix their digital signature to a document.

Digital signature can be represented as a secure base in applications of mobile environment or mobile communications because it provides au­thentication, data integrity and non-repudiation cryptographic services. The digital signatures can be classified into two general categories: message digest based schemes and recovery based schemes. In message digest based digital signature scheme, the original message is first mapped to a check­sum by a one way function then this checksum is used to generate digital signature. The checksum used here is to provide data integrity. In message recovery based scheme, the receiver can recover the original message from the received signature.

6.