So What Good is

By Larry Loeb  |  Posted 2005-10-03 Print this article Print

It?"> Whats the use of all this? So, what good are these "signatures"? Where do they help make things work? E-mail systems come to mind, of course. There are lots of commercial applications that use these concepts to either control or filter email.
It may well be that the real "killer app" for signatures is e-commerce. Microsoft was reported to have gotten an "electronic agent" clause inserted into the E-Sign bill that allows such an agent (i.e., a computer program ) to enter into a legally binding contract through the use of digital signatures.
This clause would enable a mouse click ("Buy me!") sent over the web to legally bind a user in a contract. One can only surmise what unscrupulous sites will do in the future with this concept. A button that is viewed as "Free Stuff" but instead charges you seems a no-brainer to implement. Being able to "bet the house" on a casino site may now mean your real house! The Validity of Signatures in Authentication The best use of signatures overall may be that they can serve as a negative indicator. That is, if you expect to find a digital signature with a message and find none (or one that computes out to an unexpected value) it forces you to authenticate the message by some other means or reject it entirely. It can be a flag that focuses attention on a message when that message is an exception to what is expected. The biggest conceptual problem with digital signatures is that a positive result (that is, everything seems OK) may not be a validator of message accuracy. Lets setup a classic scenario: By initiating a "man-in-the-middle" attack, an evil-doer would intercept the message from its original sender; usually by having the sender route the message to an address that appears to be for the intended recipient, but actually is used by the interceptor. The interceptor can then alter the message using public keys. How? Since it was sent to the interceptor, its most likely also been encoded with the interceptors public key. If thats the case, it means the interceptors private key will decode the message. (The sender thinks he has used the recipients public key.) If that part of the attack doesnt come off and the correct public key has been used, the interceptor cant alter the message, but may still be able to gain information about the sender and recipient through message analysis. He can also replace the entirely message with his own. It can then be sent it on its way to the intended recipient. The recipient decodes what seems to be a good signature by use of his private key. But, at worst, the attack altered the contents of the message during transit. Even if the contents are not altered, it should fail authentication since it did not come directly from the sender. In short, a digital signature may seem fine from a mathematical standpoint but actually signify nothing for authentication purposes. To rely on a signature as a positive indicator (as the E-Sign bill seems to do) is asking for trouble. Well look at some of the security issues raised by this bill in a later article. At least, we all should understand what a digital signature is—and what it is not. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel