Enhancing Data Trustworthiness via Assured Digital Signing

NANO SCIENTIFIC RESEARCH CENTRE PVT.LTD.,  AMEERPET, HYD

WWW.NSRCNANO.COM, 09640648777, 09652926926

DOT NET PROJECTS LIST--2013

DOT NET 2013 IEEE PAPERS

Enhancing Data Trustworthiness via Assured Digital Signing

Abstract:

            Digital signatures are an important mechanism for ensuring data trustworthiness via source authenticity, integrity, and source non-repudiation. However, their trustworthiness guarantee can be subverted in the real world by sophisticated attacks, which can obtain cryptographically legitimate digital signatures without actually compromising the private signing key. This problem cannot be adequately addressed by a purely cryptographic approach, by the revocation mechanism of Public Key Infrastructure (PKI) because it may take a long time to detect the compromise, or by using tamper-resistant hardware because the attacker does not need to compromise the hardware. This problem will become increasingly more important and evident because of stealthy malware (or Advanced Persistent Threats).

            In this paper, we propose a novel solution, dubbed Assured Digital Signing (ADS), to enhancing the data trustworthiness vouched by digital signatures. In order to minimize the modifications to the Trusted Computing Base (TCB), ADS simultaneously takes advantage of trusted computing and virtualization technologies. Specifically, ADS allows a signature verifier to examine not only a signature’s cryptographic validity but also its system security validity that the private signing key and the signing function are secure, despite the powerful attack that the signing application program and the general-purpose Operating System (OS) kernel are malicious. The modular design of ADS makes it application-transparent (i.e., no need to modify the application source code in order to deploy it) and almost hypervisor-independent (i.e., it can be implemented with any Type I hypervisor). To demonstrate the feasibility of ADS, we report the implementation and analysis of an Xen-based ADS system.

Existing System:                                                                   

            An appreciated problem is to attain stronger signature trustworthiness than the cryptographic assurance. However, existing solutions to this problem are not sufficient. Specifically, the cryptographic approach—including digital signatures of various flavors: threshold signature, proactive signatures, forward-secure signature, key-insulated signature, and intrusion-resilient signatures-can mitigate, but cannot prevent, the compromise of signature trustworthiness. PKI-like key revocation mechanisms are not sufficient because the compromise may not be detected until after a long time. It is also not sufficient to put the private signing keys in tamperresistant hardware devices. This is because the attacker can compromise the signing functions without compromising the private signing keys and without compromising the hardware devices; for example, the attacker uses stealthy malware to penetrate into the Operating System (OS) kernel and then asks the device to sign the attacker’s messages. In order to enhance signature trustworthiness in the real world, we need to address such powerful attacks.

Proposed System:

            We propose enhancing data trustworthiness via Assured Digital Signing (ADS), which allows a signature verifier to examine not only digital signatures’ cryptographic validity as in the current daily routine practice, but also their system security validity that the private signing keys and the signing functions are secure. In particular, ADS deals with the powerful attacks that the signing application program itself may be malicious (e.g., a backdoor was embedded by its vendor or developer), and that the underlying general-purpose OS kernel is malicious. In order to minimize the modifications to the Trusted Computing Base (TCB), we propose a modular design of ADS, which simultaneously takes advantage of trusted computing and virtualization technologies.

Software and Hardware Requirements

Hardware Required:                             

System                                    :           Pentium IV

Hard Disk                   :           80 GB

RAM                           :           512 MB

Software Required:

Operating System       :           Windows XP

Language                    :           C#

Modules:

·         Sender Login

·         Public, Private key Generation

·         Signature Creation

·         Transferring

·         Receiver Login

·         Signature Verification