Parting

Is it possible to forge an electronic signature? Unknown people issued an electronic signature, forging the director’s passport, in order to send “wrong” declarations via TCS. What are the functions of a certification authority

Appreciated by many people. Moreover, since this software is currently new, many users have no idea what an electronic signature looks like.

General information

Everything is very trivial. If transmission of a certified document is observed, then the addressee receives a signature file and a file found by the subject of the broadcast.

If the recipient receives not an attachment, but a signed mail message, then the mail program will notify the recipient that the letter has been signed and will show the results of the signature revision.

The verification is carried out according to the same algorithm as verification of a regular signature on paper.

Determination of authenticity

Please note that knowledge about what digital signature looks like is not enough. It is important to make sure that the document is certified by a certain person. So, if an employee signs an order from the general director of an enterprise, then such a signature is unlikely to make the order valid. To ensure that the signature was made by the right person, it is compared with an ideal sample.

An electronic signature is the result of a cryptographic reorganization that involves user data and data from the document being signed. Therefore, the digital signature of different documents will not be identical; it is pointless to compare it with the standard. What to do in this case?

A constant value is compared - user data. However, full disclosure of data is not safe. A pair consisting of a secret and an unencrypted key is used as data for a digital signature. This means that the user data has a secret part that is involved in the formation of the signature and an open part that takes part in its verification.

To connect an unencrypted key with a user, you need a passport indicating that this key is public for that particular user. Digital certificates act as such a passport:

Person's name
An unclassified key, signed by a trusted third party (certificate authority), who attests to this connection with their signature.

Such a passport is placed on the computer once and all signatures on letters purchased from this user are subsequently verified with the support of this certificate, while the digital signature looks like, the addressee no longer asks a question, and immediately sees whether the signature is valid.

The director of a commercial company shared an interesting and, one might say, detective story with our readers.

The company submitted a VAT return for the 1st quarter of 2016, where the tax payable was 300 thousand rubles. I paid the tax. However, the next day someone submits an updated declaration on behalf of the company, where the tax payable is only 5 thousand rubles. The updated calculation was sent through another special operator and signed by the manager’s digital signature, which, as it turned out, was issued using his passport with a photo of another person pasted into it. The signature on the power of attorney to receive an electronic signature is also fake.

Who are these people and why did they need this? This was the question asked by the head of the company. An appeal to the police has been sent, a statement of refusal of the “left” digital signature has been written. But the question about the purpose of these manipulations undertaken by strangers haunts the director.

Now a year later, apparently at the end of the year, a statement comes from the tax office that our data on the declaration does not correspond, since we have an update on the declaration for the 1st quarter of 2016! Well, that means we’re starting to figure out what? Who? For what? after what corporate event??... an interesting and even I would say surprising fact turns out, it turns out that my organization has two digital signatures (the tax office informed us about this) from two different operators. Well, we know about one, we’ve been working with him for several years, everything is ok, but who’s the other??? The tax office gave us the second one.
We're calling. There is a nice girl there, she finds our LLC using the Taxpayer Identification Number (TIN), and reports that we are working, that we have an electronic digital signature, and that she even has documents from the general manager. dir for an application for the opening of this very digital signature. Well, I mean, in short, I ask you to provide them to me, to which she sends me scans of the documents without any problems... What do I see? A fake passport with a pasted-in photo of another person, a power of attorney to receive this digital signature with fake signatures, and not a single document has a stamp. In general, 100% fake, don’t go to your grandmother. Well, this operator, sighing with indifference, invites me to his office so that I can write a statement refusing this signature, which I refused and wrote a statement to the police. But this is not about what I should do - I have already completed all the actions with the tax office and the police, etc., I have another question for you:

This means I submit the VAT return for the 1st quarter of 2016 on 04/24/2016. I have about 300,000 rubles to pay. , someone draws up, in almost one or two days, according to absolutely wrong documents, an electronic digital signature on my behalf, in an office with which I have never had any business and attention 04/25/2016. submits an update from my LLC for almost 110,000 million rubles. , the tax payable is about 5 tr.
Accordingly, I don’t see this, I pay taxes according to my normal declaration, and then a year later this topic comes up. The question is what is the intent here?? Why did anyone need to do this??
- Alexander1982

Participants in the discussion suggested that perhaps the attackers wanted to receive an overpayment to a fake bank account, but something prevented them. Colleagues, following the traditions of the detective genre, express their assumptions about Mr. X, who possessed the information and had a motive for committing such actions.

You can join the discussion in the forum topic ""

Topic “Electronic digital signature”

1. The concept of an electronic digital signature and its technical support

2. Organizational and legal support for electronic digital signature.

1. The concept of electronic digital signature and its technical

security

In the world of electronic documents, signing a file using graphic symbols loses its meaning, since a graphic symbol can be forged and copied an infinite number of times. Electronic Digital Signature (EDS) is a complete electronic analogue of a regular signature on paper, but is implemented not using graphic images, but using mathematical transformations over the contents of the document.

Features of the mathematical algorithm for creating and verifying digital signatures guarantee the impossibility of forging such a signature by unauthorized persons,

EDS is a requisite of an electronic document intended to protect this document from forgery, obtained as a result of cryptographic transformation of information using the EDS private key and allowing identification of the owner of the key, and

also establish the absence of distortion of information in the electronic document.

The digital signature is a specific sequence of characters,

which is formed as a result of transforming the source document (or any other information) using special software. The digital signature is added to the original document when forwarded. The digital signature is unique for each document and cannot be transferred to another document. The impossibility of falsifying digital signatures is ensured by a significant number of mathematical calculations required for

her selection. Thus, upon receipt of a document signed with digital signature,

The use of digital signature ensures: simple resolution of disputes (registration of all actions of a system participant over time),

impossibility of changing the participant's application before the end date of the procurement.

In addition, digital signature contributes to: reducing costs for sending documents, quick access to auctions taking place anywhere in Russia.

Using an electronic signature is quite simple. No special knowledge, skills or abilities are required for this. Each digital signature user participating in the exchange of electronic documents,

unique open and closed (secret) are generated

cryptographic keys.

A private key is a private, unique set of information with a volume of 256 bits, stored in a place inaccessible to others on a floppy disk,

smart card, ru-token. A private key only works in tandem with a public key

Public key - used to verify the digital signature of received documents/files. Technically, this is a set of information with a volume of 1024 bits.

The public key is sent along with your letter signed with digital signature.

A duplicate of the public key is sent to the Certification Center, where a library of public EDS keys has been created. The library of the Certification Center ensures registration and secure storage of public keys to avoid attempts at forgery or distortion.

You place your electronic digital signature under the electronic document. In this case, based on the secret private key of the digital signature and the contents of the document, a certain large number is generated through cryptographic transformation, which is the electronic

the digital signature of a given user under a given specific document. This number is added to the end of the electronic document or saved in a separate file.

The signature includes the following information: name

signature public key file, information about the person who generated the signature, date of signature formation.

The user who has received a signed document and has the public key of the sender's digital signature, based on the text of the document and the sender's public key, performs a reverse cryptographic transformation that ensures verification of the sender's electronic digital signature. If the digital signature under the document is correct, this means that the document was actually signed by the sender and no changes have been made to the text of the document. Otherwise, a message will be issued that the sender's certificate is not valid.

Terms and Definitions: Electronic document- document, in

in which information is presented in electronic digital form.

Signing key certificate owner - an individual in whose name a signature key certificate has been issued by a certification center and who owns the corresponding private key of an electronic digital signature, which allows using electronic digital signature tools to create his own electronic digital signature in electronic documents

(sign electronic documents).

Electronic digital signature tools - hardware and (or)

software that ensures the implementation of at least one of the following functions - creation of an electronic digital signature in an electronic document using the private key of an electronic digital signature, confirmation using the public key of an electronic digital signature of the authenticity of an electronic digital signature in an electronic document, creation of private and public keys of electronic digital signatures signatures.

Certificate of electronic digital signature - a paper document issued in accordance with the rules of the certification system to confirm compliance of electronic digital signature means with established requirements.

Signing Key Certificate- a document on paper or an electronic document with an electronic digital signature of an authorized person of the certification center, which includes the public key of the electronic digital signature and which is issued by the certification center to the participant in the information system to confirm the authenticity of the electronic digital signature and identify the owner of the signature key certificate.

Signing Key Certificate User - individual,

using information about the signature key certificate received from the certification center to verify that the electronic digital signature belongs to the owner of the signature key certificate.

Public information system - an information system that is open for use by all individuals and legal entities and the services of which cannot be denied to these individuals.

Corporate information system - an information system, the participants of which may be a limited number of persons,

determined by its owner or by agreement of the participants of this

information system.

Verification Center- a legal entity performing the functions of: producing signature key certificates, creating electronic digital signature keys at the request of participants in the information system with a guarantee of keeping the private key of the electronic digital signature secret, suspending and renewing the validity of signature key certificates, as well as canceling them,

maintaining a register of signature key certificates, ensuring its relevance and the possibility of free access to it by participants in information systems, checking the uniqueness of public keys of electronic digital signatures in the register of signature key certificates and the archive of the certification center, issuing signature key certificates in the form of paper documents and (or) in electronic form

documents with information about their operation, carrying out, upon requests from users of signature key certificates, confirmation of the authenticity of an electronic digital signature in an electronic document in relation to the signature key certificates issued to them, providing information system participants with other services related to the use of electronic digital signatures.

At the same time, the certification center must have the necessary material and financial capabilities to allow it to bear civil liability to users of signature key certificates for losses that may be incurred by them due to the unreliability of the information contained in the signature key certificates.

2. Organizational and legal support for electronic

digital signature.

Legal support for electronic digital signatures should be understood not only as a set of legal acts,

ensuring the legal regime of digital signatures and digital signature means. This is a much broader concept. It only begins with the state law on electronic digital signatures, but develops further and subsequently covers all theoretical and practical issues related to e-commerce in general.

The world's first law on electronic digital signatures was adopted in March 1995 by the Legislative Assembly of the State of Utah (USA) and approved by the Governor of the state.

The law is called the Utah Digital Signature Act. The closest followers of Utah were the states of California, Florida, Washington,

where the corresponding legislative acts were soon also adopted.

The main goals of the first electronic signature law were proclaimed:

Minimizing damage from events of illegal use and forgery of electronic digital signatures;

providing a legal basis for the activities of systems and bodies for certification and verification of documents of an electronic nature;

legal support for e-commerce (commercial transactions carried out using computer technology);

giving legal character to some technical standards,

previously introduced by the International Telecommunication Union (ITU - International Telecommunication Union) and the US National Standards Institute (ANSI - American National Standards Institute), as well as the recommendations of the Internet Activity Board (IAB),

expressed in RFC 1421 - RFC 1424.

The law consists of five parts:

The first part introduces basic concepts and definitions related to the use of digital signatures and the functioning of digital signature tools. It also discusses the formal requirements for the content of an electronic certificate certifying the ownership of a public key to a legal entity or individual.

The second part of the law is devoted to licensing and legal regulation of the activities of certification centers.

First of all, it stipulates the conditions that individuals and legal entities must satisfy to obtain the appropriate license, the procedure for obtaining it, the restrictions of the license and the conditions for its revocation. An important point of this section are the conditions for recognizing the validity of certificates issued by unlicensed certifiers if the participants in an electronic transaction have expressed joint trust in them and reflected it in their agreement. In fact, the legal regime of the network certification model discussed above is fixed here.

The third part of the law formulates the responsibilities of certification centers and key owners. In particular, the following are considered here:

procedure for issuing a certificate;

the procedure for presenting the certificate and public key;

conditions for storing the private key;

actions of the certificate owner when a private certificate is compromised

certificate revocation procedure;

certificate validity period;

conditions for releasing the certification center from liability for the misuse of the certificate and digital digital signature;

the procedure for creating and using insurance funds,

intended to compensate for damage to third parties resulting from the unauthorized use of digital signatures.

The fourth part of the law is directly devoted to digital signatures.

Its main point is that a document signed with a digital signature has the same force as a regular document.

signed with a handwritten signature.

IN The fifth part of the law deals with the interaction of certification centers with administrative authorities, as well as the procedure for the functioning of so-called repositories - electronic databases that store information about issued and revoked certificates.

IN In general, the Utah digital signature law differs from other similar legal acts in its high detail.

The German Electronic Signature Act (Signaturgesetz) was introduced in 1997 and was the first European legislation of its kind. The purpose of the law is to create general conditions for the use of an electronic signature in which its forgery or falsification of signed data can be reliably established.

The Law contains the following main directions:

establishing clear concepts and definitions;

detailed regulation of the procedure for licensing certification bodies and the procedure for certifying public keys of users of digital signature tools (legal status, procedure for the functioning of centers

certification, their interaction with government agencies and other certification centers, requirements for a public key certificate for an electronic signature);

Consideration of issues of digital signature and data security,

signed with its help, from falsification;

The procedure for recognizing the validity of public key certificates.

The German Electronic Signature Act is regulatory in spirit.

Unlike the similar law in Germany, the US Federal Electronic Signature Act is a coordinating legal act. This is due to the fact that by the time it was adopted, the relevant regulatory legislation had already taken shape in most individual states.

As can be seen from the name of the Law (Electronic Signatures in Global and National Commerce Act), its main purpose is to ensure the legal regime of digital electronic signatures in electronic commerce. The signing of the Law by the President of the United States took place on the day of the national holiday - July 4, 2000 (Independence Day), which should give this legislative act special significance. According to observers, the adoption of this law symbolizes the entry of humanity into a new era - the era of e-commerce.

responsible for the functioning of its infrastructure. Without focusing on the specific rights and responsibilities of certification centers, which are given special attention in the laws of other countries, the US Federal Law refers them to the concept of digital signature infrastructure and in very general terms stipulates the interaction of elements of this structure with government agencies.

In Russia, with the main provisions of the Federal Law on

Electronic signature can be found in the example of the project. According to the draft, the Law consists of five chapters and contains more than twenty articles.

The first chapter discusses the general provisions relating to the Law.

Like similar laws in other countries, the Russian bill relies on asymmetric cryptography. The main purpose of the Law is to provide legal conditions for the use of digital signatures in electronic document management and the implementation of services for certifying the digital signatures of participants in contractual relations.

The second chapter discusses the principles and conditions for using an electronic signature. Here, firstly, the possibility is expressed, and secondly,

the conditions for the equivalence of handwritten and electronic signatures are given.

In addition, special attention is paid to the characteristic advantages of digital signature:

a person can have an unlimited number of private EDS keys, that is, create different electronic signatures for himself and use them in different conditions;

all copies of the document signed with an electronic signature have the force of the original.

The draft Russian Law provides for the possibility of limiting the scope of application of digital signatures. These restrictions may be imposed by federal laws, as well as introduced by the participants in electronic transactions themselves and reflected in agreements between them.

The provision of the article on digital signature means is interesting, which enshrines the statement that “digital signature means do not belong to the means

ensuring the confidentiality of information." Actually this is not true. By their nature, digital signature tools based on asymmetric cryptography mechanisms, of course, can be used to protect information. It is possible that this provision is included to avoid conflicts with other regulations that restrict the use of cryptography in society.

An important difference from similar laws of other states is

the provision of the Russian bill that the owner of the private key is liable to the user of the corresponding public key for losses arising in the event of improperly organized protection of the private key.

Another distinctive feature of the Russian bill is the list of requirements for the format of the electronic certificate. Along with the generally accepted fields that we discussed above, the Russian legislator requires the mandatory inclusion in the certificate of the name of the digital signature means with which this public key can be used, the certificate number for this means and its validity period,

the name and legal address of the certification center that issued this certificate, the license number of this center and the date of its issue. IN

In foreign legislation and international standards, we do not find requirements for such a detailed description of the EDS software, with

which generated the public key. Apparently, this requirement of the Russian bill is dictated by the country's security interests.

Mass use of software, the source code of which has not been published and therefore cannot be examined by specialists, poses a public threat. This applies not only to digital signature software, but also to any software in general, from operating systems to application programs.

The third chapter examines the legal status of certification centers (in

terminology of the bill - certification centers of public keys and electronic signatures). In Russia, the provision of electronic signature certification services is a licensed activity that can only be carried out by legal entities. Certification of the electronic signature of state institutions can only be carried out by state certification centers.

By its nature, the structure of certification bodies is

Thanks to digital signatures, many documents - passports, orders, wills, contracts - can now exist in electronic form, and any paper version will in this case be only a copy of the electronic original. Basic terms used when working with digital signature: A private key is some information 256 bits long, stored in a place inaccessible to others on a floppy disk, smart card, touch memory. A private key only works in tandem with a public key. Public key - used to verify the digital signature of received document files; technically, this is some information 1024 bits long. A public key only works when paired with a private key. Authentication code is a fixed-length code generated from data using a secret key and added to the data in order to detect the fact of changes in the data stored or transmitted over the communication channel.

Electronic digital signature means are hardware and/or software that provide:

Creating an electronic digital signature in an electronic document using the private key of the electronic digital signature; and/or - confirmation using the public key of the electronic digital signature of the authenticity of the electronic digital signature; - creation of private and public keys of electronic digital signatures. EDS is simple: Unique public and private (secret) cryptographic keys are generated for each EDS user participating in the exchange of electronic documents. The key element is the secret key: it is used to encrypt electronic documents and generate an electronic digital signature. Also, the secret key remains with the user and is issued to him on a separate medium: it can be a floppy disk, smart card or touch memory. It must be kept secret from others. A public key is used to verify the authenticity of the digital signature. The certification center has a duplicate of the public key, and a library of public key certificates has been created. The certification authority ensures the registration and secure storage of public keys to avoid distortions or attempts at forgery. When a user installs his electronic digital signature under an electronic document, based on the secret key of the digital signature and the contents of the document, a certain large number is generated through cryptographic transformation, which is the electronic digital signature of this user under this specific document. This number is added to the end of the electronic document or saved in a separate file. The following information is recorded in the signature. The user who has received a signed document and has the public key of the sender's digital signature, based on the text of the document and the sender's public key, performs a reverse cryptographic transformation that ensures verification of the sender's electronic digital signature. If the digital signature under the document is correct, this means that the document was actually signed by the sender and no changes have been made to the text of the document. Otherwise, a message will be issued that the sender's certificate is not valid.

Key management:

An important problem in all public key cryptography, including digital signature systems, is public key management. It is necessary to ensure that any user has access to the true public key of any other user, protect these keys from being replaced by an attacker, and also organize the revocation of the key if it is compromised. The problem of protecting keys from substitution is solved with the help of certificates. The certificate allows you to certify the data contained in it about the owner and his public key with the signature of any trusted person. Centralized certificate systems (such as PKI) use certificate authorities maintained by trusted organizations. In decentralized systems (for example, PGP), by cross-signing the certificates of familiar and trusted people, each user builds a network of trust. Key management is handled by certificate distribution centers. By contacting such a center, the user can obtain a user certificate and also check whether a particular public key has not yet been revoked.

EDS under a microscope:

Let's take a closer look at the operating principle of digital signatures. An electronic signature scheme usually includes the following components:

Algorithm for generating user key pairs; - signature calculation function; - signature verification function. The function of calculating a signature based on the document and the user's secret key calculates the signature itself. Depending on the algorithm, the signature calculation function can be deterministic or probabilistic. Deterministic functions always compute the same signature from the same input data. Probabilistic functions introduce an element of randomness into the signature, which enhances the cryptographic strength of digital signature algorithms. Currently, deterministic schemes are practically not used. Even initially deterministic algorithms have now undergone modifications that turn them into probabilistic ones (for example, in the RSA signature algorithm, the second version of the PKCS#1 standard added data pre-transformation (OAEP), which includes, among other things, noise). The signature verification function determines whether a given signature matches a given document and the user's public key. The user's public key is available to everyone, so anyone can verify the signature under this document. Since the documents being signed are of variable (and quite large) length, in digital signature schemes the signature is often placed not on the document itself, but on its hash. Cryptographic hash functions are used to calculate the hash, which ensures that changes to the document are detected when the signature is verified. Hash functions are not part of the digital signature algorithm, so any reliable hash function can be used in the scheme. Hashing is the transformation of the input data array into a short number of a fixed length (called a hash or hash code) so that, on the one hand, this number is significantly shorter than the original data, and on the other hand, it is highly likely to uniquely correspond to it.

Digital signature algorithms are divided into two large classes:

- regular digital signatures;
- digital signatures with document restoration.

Regular digital signatures must be attached to the document being signed. This class includes, for example, algorithms based on elliptic curves (ECDSA, GOST R 34.10-2001, DSTU 4145-2002). Digital signatures with document recovery contain the document being signed: during the signature verification process, the body of the document is automatically calculated. This class includes one of the most popular algorithms - RSA, which we will consider at the end of the article. It is necessary to distinguish between an electronic digital signature and a message authentication code, despite the similarity of the tasks being solved (ensuring the integrity of the document and non-repudiation of authorship). Digital signature algorithms belong to the class of asymmetric algorithms, while authenticity codes are calculated using symmetric schemes. We can say that a digital signature provides: - identification of the source of the document. Depending on the details of the document definition, fields such as "author", "changes made", "time stamp", etc. may be signed.

- protection against document changes. Any accidental or intentional change to the document (or signature) will change the hash and therefore invalidate the signature;
- impossibility of renouncing authorship. Since you can create a correct signature only by knowing the private key, and it is known only to the owner, the owner cannot refuse his signature on the document. It is quite obvious that the digital signature is not perfect at all. The following digital signature threats are possible.

Malicious intent can:

- try to forge a signature for the document he has chosen;
- try to match the document to the given signature so that the signature matches it;
- try to forge a signature for at least some document;
- in case of key theft, sign any document on behalf of the key owner;
- trick the owner into signing a document, for example, using a blind signature protocol;
- replace the owner's public key with your own, impersonating him. When using a strong hash function, it is computationally difficult to create a counterfeit document with the same hash as the genuine one. However, these threats may materialize due to weaknesses in specific hashing or signature algorithms or errors in their implementations.

RSA as the foundation of digital signature:

It is no secret that RSA has gained the most popularity among digital signature cryptographic algorithms (used when creating digital signatures with document recovery). At the beginning of 2001, the RSA cryptosystem was the most widely used asymmetric cryptosystem (public key cryptosystem) and is often called the de facto standard. Regardless of official standards, the existence of such a standard is extremely important for the development of e-commerce and the economy in general. A unified public key system allows the exchange of documents with electronic digital signatures between users in different countries using different software on different platforms; This capability is essential for the development of e-commerce. The spread of the RSA system has reached the point that it is taken into account when creating new standards. When developing digital signature standards, first of all, the ANSI X9.30 standard was developed in 1997, supporting the Digital Signature Standard. A year later, ANSI X9.31 was introduced, which placed an emphasis on RSA digital signatures, which corresponds to the actual situation, in particular for financial institutions. Until recently, the main obstacle to replacing paper workflow with electronic ones was the shortcomings of secure authentication; almost everywhere contracts, checks, official letters, legal documents are still executed on paper. The advent of RSA-based digital signatures has made electronic transactions quite safe and reliable. How does the RSA algorithm work?

The RSA algorithm assumes that the encrypted message sent can be read by the recipient and only by him. This algorithm uses two keys - public and secret. This algorithm is also attractive in the case when a large number of subjects (N) must communicate in an all-to-all manner. In the case of a symmetric encryption scheme, each of the subjects must somehow deliver their keys to all other participants in the exchange, and the total number of keys used will be quite large for a large value of N. The use of an asymmetric algorithm requires only the distribution of public keys by all participants, the total number of keys is N. The message is represented as a number M. Encryption is performed using the public function f(M), and only the recipient knows how to perform the f-1 operation. The addressee chooses two large prime numbers p and q, which he makes secret. He declares n=pq and a number d, c (d,p- 1)=(d,q-1)=1 (one possible way to satisfy this condition is to choose d greater than p/2 and q/2). Encryption is performed according to the formula: f(M) є Md mod n, where M and f(M) are both Ј n-1. It has been shown that it can be calculated in a reasonable amount of time even if M, d, and n contain a very large number of characters. The addressee computes M from Md using its knowledge of p and q. In accordance with Corollary 6, if dc є(p-1)1, then (Md)eє p1. The original text M is obtained by the addressee from the encrypted F(M) by transformation: M = (F(M))e (mod pq). Here, both the original text and the encrypted text are treated as long binary numbers. Similarly (Md)e є qM, if dc є (q-1)1. e satisfies these two conditions if cd є (p-1) (q-1)1. Theorem 1 states that we can let e=x when x is a solution to the equation dx + (p-1)(q-1)y = 1. Since (Md)e - M is divisible by p and q, it is also divisible on pq, therefore, we can determine M, knowing Md, calculating its value to the power of e and determining the remainder when divided by pq. To maintain secrecy, it is important that, knowing n, it is impossible to calculate p and q. If n contains 100 digits, selecting a cipher involves searching through ~1050 combinations. This problem has been studied for about 100 years. The RSA algorithm was patented (September 20, 1983, valid until 2000). Theoretically, it can be assumed that it is possible to perform operation f-1 without calculating p and q. But in any case, this task is not simple and the developers consider it difficult to factor. Suppose we have ciphertext f(M) and plaintext M, and we want to find the values of p and q. It is easy to show that such initial data is not enough to solve the problem - you need to know all possible values of Mi. Using the RSA algorithm on a specific example. Choose two prime numbers p=7; q=17 (in practice these numbers are many times longer). In this case, n = p*q will be equal to 119. Now you need to choose e, choose e=5. The next step involves forming the number d so that d*e=1 mod [(p-1)(q-1)]. d=77 (extended Euclidean algorithm used). d is the private key, and e and n characterize the public key. Let the text we need to encrypt be represented by M=19. C = Memod n. We get the ciphertext C=66. This "text" can be sent to the appropriate recipient. The recipient decrypts the received message using M= Cdmod n and C=66. The result is M=19. In practice, public keys may be placed in a special database. If you need to send an encrypted message to your partner, you can first request his public key. Having received it, you can run the encryption program and send the result of its work to the recipient. Hacking an electronic signature: Hacking an electronic signature actually comes down to hacking the encryption algorithm. In this case, we will consider possible hacking options using the RSA algorithm as an example. There are several ways to hack RSA. The most effective attack is to find a private key that matches the required public key. This would allow an attacker to read all messages encrypted with the public key and forge signatures. Such an attack can be carried out by finding the main factors (factors) of the general modulus n - p and q. Based on p, q and e (the general exponent), the attacker can easily calculate the particular exponent d. The main difficulty is in finding the main factors (factoring) n. The security of RSA depends on factoring, which is a difficult problem with no efficient solution. In fact, the problem of recovering a secret key is equivalent to the problem of factoring a module: you can use d to find the factors of n and vice versa - you can use n to find d. It should be noted that improvements in computing equipment alone will not reduce the strength of the RSA cryptosystem if the keys are of sufficient length. In fact, improving the equipment increases the strength of the cryptosystem. Another way to crack RSA is to find a method for calculating the e root of mod n. Since C = Me mod n, then the root of degree e of mod n is the message M. By calculating the root, you can open encrypted messages and forge signatures without even knowing the private key. This attack is not equivalent to factoring, but there are currently no known methods that can break RSA in this way. However, in special cases, when quite a lot of related messages are encrypted based on the same indicator of a relatively small value, it is possible to open the messages. The attacks mentioned are the only ways to decrypt all messages encrypted with a given RSA key. There are other types of attacks that, however, allow only one message to be decrypted and do not allow the attacker to open other messages encrypted with the same key. The possibility of decrypting part of an encrypted message was also studied. The simplest attack on a single message is an attack on the intended plaintext. The attacker, having the ciphertext, assumes that the message contains some specific text (for example, "Stirlitz to Pleischner"), then encrypts the assumed text with the recipient's public key and compares the resulting text with the existing ciphertext. This attack can be prevented by adding a few random bits to the end of the message. Another single message attack occurs if a sender sends the same message M to three correspondents, each of whom uses a common exponent e = 3. Knowing this, the attacker can intercept these messages and decrypt the message M. Such an attack can be prevented by by introducing several random bits into the message before each encryption. There are also several ciphertext attacks (or individual message signature forgery attacks) in which the attacker creates some ciphertext and obtains the corresponding plaintext, for example by tricking a logged in user into decrypting a forged message. Of course, there are also attacks that are not aimed at the cryptosystem directly, but at the vulnerabilities of the entire communications system as a whole. Such attacks cannot be considered as hacking of RSA, since they do not indicate the weakness of the RSA algorithm, but rather the vulnerability of a specific implementation. For example, an attacker could obtain a secret key if it is not stored with proper security. It must be emphasized that for complete protection it is not enough to protect the execution of the RSA algorithm and take mathematical security measures, i.e. use a key of sufficient length, since in practice attacks on the unprotected stages of key management in the RSA system are most successful.

An ordinary signature can also be forged, and so skillfully that only a thorough graphological examination will allow it to be distinguished from the real one. With an electronic analogue of a signature, this is possible, at least in relation to a key fob or smart card on which the secret key is stored.

A signature can be forged in the following ways:

1. From memory, remembering the signature seen,
2. By drawing, when the signature is reproduced using a sample of the original signature,
3. By copying, when the signature is outlined with ink or ballpoint paste against the light,
4. Using carbon paper,
5. By pressing strokes with a pointed object and then tracing pressure marks,
6. Using substances with copying ability (production of an intermediate cliche),
7. By photoprojection method,
8. Using a scanner and computer.

Send your good work in the knowledge base is simple. Use the form below

Students, graduate students, young scientists who use the knowledge base in their studies and work will be very grateful to you.

Posted on http://www.allbest.ru/

Introduction

Basic provisions

Types of algorithms

Forgery of signatures

Key management

Obtaining an electronic digital signature (EDS)

List of used literature

Introduction

Electronic digital signature is a requisite of an electronic document, intended to protect this electronic document from forgery, obtained as a result of cryptographic transformation of information using the private key of an electronic digital signature and allowing to identify the owner of the signature key certificate, as well as to establish the absence of distortions of information in the electronic document. An electronic digital signature in an electronic document is equivalent to a handwritten signature in a paper document, subject to the following conditions:

· the signature key certificate related to this electronic digital signature has not lost force (is valid) at the time of verification or at the time of signing the electronic document if there is evidence determining the moment of signing;

· confirmed by the authenticity of the electronic digital signature in the electronic document;

· an electronic digital signature is used in accordance with the information specified in the signature key certificate.

In this case, an electronic document with an electronic digital signature has legal significance in the implementation of the relations specified in the signature key certificate.

In the near future, it will be possible to conclude an agreement in electronic form, which will have the same legal force as a written document. To do this, it must have an electronic digital signature mechanism confirmed by a certificate. The owner of the signature key certificate owns the private key of the electronic digital signature, which allows him, using electronic digital signature tools, to create his own electronic digital signature in electronic documents (sign electronic documents). In order for other users to open the electronic document, a public key system for electronic signature has been developed.

In order to be able to seal an electronic document with an electronic digital signature mechanism, you must contact a certification center to obtain a signature key certificate. The signature key certificate must be entered by the certification authority into the register of signature key certificates no later than the effective date of the signature key certificate.

The first such certification center in Russia was launched in September 2002 by the Russian Research Institute for the Development of Shared Networks (RosNIIROS). By law, the certification center must confirm the authenticity of the public key of the electronic digital signature.

Basic provisions

The general essence of an electronic signature is as follows. A cryptographic hash function calculates a relatively short, fixed-length string of characters (a hash). This hash is then encrypted with the owner's private key - the result is a document signature. The signature is attached to the document, thus creating a signed document. A person who wants to establish the authenticity of a document decrypts the signature with the owner's public key and also calculates a hash of the document. A document is considered authentic if the hash calculated from the document matches the hash decrypted from the signature, otherwise the document is forged.

When conducting business correspondence, when concluding contracts, the signature of the responsible person is an indispensable attribute of the document, serving several purposes:

· guaranteeing the authenticity of the letter by comparing the signature with an existing sample;

· Fulfillment of these requirements is based on the following properties of the signature:

· the signature is authentic, that is, with its help the recipient of the document can prove that it belongs to the signer;

· the signature is unforgeable; that is, it serves as proof that only the person whose autograph is on the document could sign this document, and no one else;

· the signature is non-portable, that is, it is part of the document and therefore cannot be transferred to another document;

· a document with a signature is unchangeable;

· the signature is indisputable;

· any person who owns a sample signature can verify that the document is signed by the owner of the signature.

The development of modern means of paperless document management and electronic payment means is unthinkable without the development of means of proving the authenticity and integrity of a document. Such a tool is an electronic digital signature (EDS), which has retained the basic properties of a conventional signature.

ь Hash function or Hashing (English hashing) - conversion of an input data array of arbitrary length into an output bit string of a fixed length. Such transformations are also called reduction functions, and their results are called a hash, hash code, or message digest.

Kindsalgorithms

1. Symmetrical scheme

Symmetric electronic signature schemes are less common than asymmetric ones, since after the emergence of the concept of a digital signature, it was not possible to implement effective signature algorithms based on symmetric ciphers known at that time. The first who drew attention to the possibility of a symmetric digital signature scheme were the founders of the very concept of digital signature, Diffie and Hellman, who published a description of the algorithm for signing one bit using a block cipher. Asymmetric digital signature schemes rely on computationally complex problems that have not yet been proven difficult, so it is impossible to determine whether these schemes will break in the near future, as happened with the scheme based on the packing problem. Also, to increase cryptographic strength, it is necessary to increase the length of the keys, which leads to the need to rewrite programs that implement asymmetric schemes, and in some cases, redesign the equipment. Symmetric schemes are based on well-studied block ciphers.

In this regard, symmetrical circuits have the following advantages:

· The strength of symmetric electronic signature schemes follows from the strength of the block ciphers used, the reliability of which is also well studied.

· If the strength of the cipher turns out to be insufficient, it can easily be replaced with a more secure one with minimal changes in the implementation.

However, symmetrical EPs also have a number of disadvantages:

It is necessary to sign each bit of transmitted information separately, which leads to a significant increase in the signature. The signature can be two orders of magnitude larger than the message. The keys generated for signing can be used only once, since after registration, half of the secret key is revealed.

Due to the considered shortcomings, the symmetrical Diffie-Hellman electronic digital signature scheme is not used, but its modification, developed by Berezin and Doroshkevich, is used, in which a group of several bits is signed at once. This leads to a reduction in signature size, but an increase in the amount of computation. To overcome the problem of "disposability" of keys, the generation of separate keys from the master key is used.

2. Asymmetrical circuit

Diagram explaining signature and verification algorithms. Asymmetric electronic signature schemes belong to public key cryptosystems. Unlike asymmetric encryption algorithms, which encrypt using a public key and decrypt using a private key, digital signature schemes sign using a private key and verify using a public key.

The generally accepted digital signature scheme covers three processes:

· Key pair generation. Using a key generation algorithm, a private key is selected in an equally probable manner from a set of possible private keys, and the corresponding public key is calculated.

· Formation of signature. For a given electronic document, a signature is calculated using the private key.

· Verification of signature. For document and signature data, the validity of the signature is determined using the public key.

In order for the use of a digital signature to make sense, two conditions must be met:

· Verification of the signature must be carried out with a public key corresponding to the exact private key that was used during signing.

· Without possession of the private key, it must be computationally difficult to create a legitimate digital signature.

An electronic digital signature must be distinguished from a message authentication code (MAC).

3. Types of asymmetric EP algorithms

As mentioned above, for the use of electronic signature to make sense, it is necessary that the calculation of a legitimate signature without knowledge of the private key be a computationally complex process.

Ensuring this in all asymmetric digital signature algorithms relies on the following computational tasks:

· Discrete logarithm problem (EGSA)

· The problem of factorization, that is, decomposition of a number into prime factors (RSA)

Calculations can also be performed in two ways: on the basis of the mathematical apparatus of elliptic curves (GOST R 34.10-2001) and on the basis of Galois fields (DSA). Currently, the fastest discrete logarithm and factorization algorithms are subexponential. It has not been proven that the problems themselves belong to the class of NP-complete ones.

Electronic signature algorithms are divided into conventional digital signatures and digital signatures with document recovery. When verifying digital signatures with document recovery, the body of the document is restored automatically; it does not need to be attached to the signature. Conventional digital signatures require the document to be attached to the signature. It is clear that all algorithms that sign a document hash belong to ordinary electronic signatures. Electronic signature with document recovery includes, in particular, RSA.

Electronic signature schemes can be one-time or reusable. In one-time schemes, after verifying the authenticity of the signature, it is necessary to replace the keys; in reusable schemes, this is not required.

EP algorithms are also divided into deterministic and probabilistic. Deterministic electronic signatures, given the same input data, calculate the same signature. The implementation of probabilistic algorithms is more complex, since it requires a reliable source of entropy, but with the same input data, signatures can be different, which increases cryptographic strength. Currently, many deterministic schemes are modified into probabilistic ones.

In some cases, such as data streaming, digital algorithms may be too slow. In such cases, a fast digital signature is used. Signature acceleration is achieved by algorithms with fewer modular calculations and a transition to fundamentally different calculation methods.

Fakesignatures

electronic digital signature cryptographic

Analyzing the ability to forge signatures is called cryptanalysis. An attempt to falsify a signature or signed document is called an “attack” by cryptanalysts.

1. Attack models and their possible results

In their work, Goldwasser, Micali and Rivest describe the following attack models that are still relevant today:

· Public key attack. The cryptanalyst only has the public key.

· Attack based on known messages. The adversary has valid signatures on a set of electronic documents known to him, but not chosen by him.

· Adaptive attack based on selected messages. The cryptanalyst can obtain signatures of electronic documents that he chooses himself.

The work also describes the classification of possible results of attacks:

· Complete hacking of digital signature. Obtaining a private key, which means completely breaking the algorithm.

· Universal digital signature forgery. Finding an algorithm similar to the signature algorithm, which allows you to forge signatures for any electronic document.

· Selective forgery of digital signature. Ability to forge signatures for documents selected by a cryptanalyst.

· Existential forgery of a digital signature. The ability to obtain a valid signature for some document that is not selected by the cryptanalyst.

It is clear that the most “dangerous” attack is an adaptive attack based on selected messages, and when analyzing ES algorithms for cryptographic strength, it is this that should be considered (unless there are any special conditions).

With the error-free implementation of modern ES algorithms, obtaining the private key of the algorithm is an almost impossible task due to the computational complexity of the tasks on which the ES is built. It is much more likely that a cryptanalyst will search for collisions of the first and second types. A collision of the first kind is equivalent to an existential forgery, and a collision of the second kind is a selective one. Given the use of hash functions, finding collisions for the signature algorithm is equivalent to finding collisions for the hash functions themselves.

1. Fakedocument(collisionfirstkind)

An attacker may try to match a document to a given signature so that the signature matches it. However, in the vast majority of cases there can be only one such document. The reason is this:

The document is a meaningful text. The text of the document is drawn up in the prescribed form. Documents are rarely formatted as a Plain Text file, most often in DOC or HTML format. If a fake set of bytes has a collision with the hash of the original document, then the following 3 conditions must be met:

· A random set of bytes must fit a complexly structured file format.

· What a text editor reads in a random set of bytes must form text formatted in a prescribed form.

· The text must be meaningful, literate and relevant to the topic of the document.

However, in many structured data sets, you can insert arbitrary data into some service fields without changing the appearance of the document for the user. This is exactly what attackers take advantage of when they forge documents.

The likelihood of such an incident is also negligible. We can assume that in practice this cannot happen even with unreliable hash functions, since documents are usually large in size - kilobytes.

2. ReceipttwodocumentsWiththe samesignature(collision of the second kind)

An attack of the second type is much more likely. In this case, the attacker fabricates two documents with the same signature, and at the right moment replaces one with the other. When using a reliable hash function, such an attack must also be computationally complex. However, these threats can be realized due to weaknesses in specific hashing and signature algorithms, or errors in their implementations. In particular, this can be used to attack SSL certificates and the MD5 hashing algorithm.

3. Socialattacks

Social attacks are not aimed at hacking digital signature algorithms, but at manipulating public and private keys.

An attacker who steals a private key can sign any document on behalf of the key owner.

An attacker can trick the owner into signing a document, for example, using a blind signature protocol.

The main idea of “blind signatures” is as follows. Sender A sends a document to party B, which B signs and returns to A. Using the received signature, party A can calculate the signature of party B on the more important message t. At the end of this protocol, party B knows nothing about message t or the signature under this message.

This diagram can be compared to an envelope containing a document and a copy sheet. If you sign an envelope, the signature will be imprinted on the document, and when the envelope is opened, the document will already be signed.

The purpose of a blind signature is to prevent signer B from seeing the message A is signing and the corresponding signature on that message. Therefore, the signed message cannot be associated with party A in the future.

An attacker can replace the owner's public key with his own, impersonating him.

Using key exchange protocols and protecting the private key from unauthorized access reduces the risk of social attacks.

Controlkeys

1. Controlopenkeys

An important problem in all public key cryptography, including digital signature systems, is public key management. Since the public key is available to any user, a mechanism is needed to verify that this key belongs to its owner. It is necessary to ensure that any user has access to the true public key of any other user, protect these keys from being replaced by an attacker, and also organize the revocation of the key if it is compromised.

The problem of protecting keys from substitution is solved with the help of certificates. The certificate allows you to certify the data contained in it about the owner and his public key with the signature of any trusted person. There are two types of certificate systems: centralized and decentralized. In decentralized systems, by cross-signing the certificates of familiar and trusted people, each user builds a network of trust. Centralized certificate systems use certificate authorities maintained by trusted organizations.

The CA generates a private key and its own certificate, generates end-user certificates and certifies their authenticity with its digital signature. The center also revokes expired and compromised certificates and maintains databases of issued and revoked certificates. By contacting a certification authority, you can obtain your own public key certificate, another user’s certificate, and find out which keys have been revoked.

2. Storing the private key

Smart card and eToken USB keys.

The private key is the most vulnerable component of the entire digital signature cryptosystem. An attacker who steals a user's private key can create a valid digital signature for any electronic document on behalf of that user. Therefore, special attention must be paid to the way the private key is stored. The user can store the private key on his personal computer, protecting it with a password. However, this storage method has a number of disadvantages, in particular, the security of the key depends entirely on the security of the computer, and the user can sign documents only on this computer.

Currently, the following private key storage devices exist:

§ Floppy disks

§ Smart cards

§ USB keys

§ Touch-Memory tablets

Theft or loss of one of these storage devices can be easily noticed by the user, after which the corresponding certificate can be immediately revoked.

The most secure way to store a private key is to store it on a smart card. In order to use a smart card, the user must not only have it, but also enter a PIN code, that is, two-factor authentication is obtained. After this, the document to be signed or its hash is transferred to the card, its processor signs the hash and transmits the signature back. During the process of generating a signature in this way, the private key is not copied, so only a single copy of the key exists at all times. In addition, copying information from a smart card is more difficult than from other storage devices.

In accordance with the Law “On Electronic Signatures”, the owner is responsible for storing the private key.

Receiptelectronically- digitalsignatures(EDS)

EDS is issued by special organizations - certification centers (CAs) that have the appropriate licenses from the FSB of the Russian Federation. The process of issuing an electronic signature consists of checking the documents of the recipient of the electronic signature (in other words, identifying the intended owner of the key), generating a pair of keys (a public key for which the digital signature certificate is issued and which will be visible to all participants in the document flow, and a private key known only to the owner of the digital signature) and issuing a certification authority for a public key certificate in paper and electronic form.

A paper certificate is certified by the seal of the CA and signed by an authorized person of the CA, and an electronic certificate (usually a file with the .cer extension) is signed by an authorized person of the CA using their own digital signature.

After this, the certificate and key pair are written to the key media. As a key carrier, it is best to use secure media such as ruToken or eToken, which are flash devices with integrated security and privacy features (requirement of entering a PIN code, impossibility of deleting or copying a key pair). Attention - the private key is secret information of the owner of the digital signature and should not be transferred to anyone. It is recommended that you treat the key media with extreme care, do not leave it unattended and do not transfer it to third parties.

To work with digital signature, you need to install special software on your computer - a crypto provider. As a rule, a crypto provider can be purchased at a certification center along with an electronic digital signature. The most common crypto providers are programs produced by Lissi LLC (crypto provider "Lissi CSP") and Crypto-Pro LLC (crypto provider "CryptoPro CSP"). After installing the crypto provider, you need to insert the key media into the computer, after which it becomes possible to sign documents.

The EDS certificate is issued to a specific individual who is an employee of the Order Participant’s organization. It is necessary to obtain an electronic digital signature for an employee authorized to receive accreditation on the electronic platform on behalf of the Procurement Participant, and for employees authorized to carry out actions on behalf of the Procurement Participant to participate in open auctions in electronic form (including registration at open auctions and for signing a government contract).

You can obtain an electronic digital signature for only one employee, provided that this employee is authorized to carry out all of the listed actions on behalf of the Participant in placing the order. Such an employee may be, for example, the head of the organization of the Participant in placing the order or a person who has the appropriate power of attorney. Moreover, all documents confirming the authority of such employees are provided to the operator upon receipt of accreditation on the electronic trading platform.

Listusedliterature

1. Articles from the site “security of information systems” http://infobez.com/

2. Material from Wikipedia - the free encyclopedia http://ru.wikipedia.org/wiki/%D0%AD%D0%BB%D0%B5%D0%BA%D1%82%D1%80%D0%BE% D0%BD%D0%BD%D0%B0%D1%8F_%D1%86%D0%B8%D1%84%D1%80%D0%BE%D0%B2%D0%B0%D1%8F_%D0% BF%D0%BE%D0%B4%D0%BF%D0%B8%D1%81%D1%8C#.D0.9F.D0.BE.D0.B4.D0.B4.D0.B5.D0.BB .D0.BA.D0.B0_.D0.BF.D0.BE.D0.B4.D0.BF.D0.B8.D1.81.D0.B5.D0.B9

3. Data from the website of the Electronic Office Systems company http://www.eos.ru/eos_products/eos_karma/

4. Material from Wikipedia - the free encyclopedia http://ru.wikipedia.org/wiki/%D0%A5%D0%B5%D1%88%D0%B8%D1%80%D0%BE%D0%B2% D0%B0%D0%BD%D0%B8%D0%B5

5. Data from the website of the company “Crypto-pro” http://cryptopro.ru/products/csp/overview

6. Site data Tender - procurement http://tender-zakupki.ru/ecp.html

Posted on Allbest.ru

Is it possible to forge an electronic signature? Unknown people issued an electronic signature, forging the director’s passport, in order to send “wrong” declarations via TCS. What are the functions of a certification authority

General information

Determination of authenticity

Send your good work in the knowledge base is simple. Use the form below

Similar documents