Integrating digital signatures with relational database: Issues and organizational implications

1
Integrating digital signatures with relational
database Issues and organizational implications

• By Randal Reid, Gurpreet Dhillon.
• Journal of Database Management.
• June 2003
• Presented By
• Madhavi Kollu

2
Agenda/Topics to be covered

• Encryption basics
• Digital signature concepts
• Normalization
• Integration of Digital signatures and Relational
  databases
• Conclusion

3
Encryption

• Protects
• The contents of a message
• Insure confidentiality
• Encryptions Types.
• Symmetric
• Single key is used
• Asymmetric
• Two keys generated as a pair
• Figure 1 shows an asymmetric encryption

4
Encryption(2)
5
Digital Signatures

• Ensures
• Data integrity
• Authentication
• Meets the E-sign acts requirements
• Figure 2 shows a digitally signed plain text
  message.

6
Digital Signatures(2)
7
Digital Signatures(3)

• Integrity of the Message
• The data has not been modified since it was
  signed.
• Cryptographic hash functions
• SHA-1
• MD5

8
Digital Signatures(4)

• The hash is encrypted using senders private key.
• The receiver runs the same hash algorithm against
  the plain text file.
• The encrypted hash is decrypted using the
  senders public key. The two hashes are compared.
• Figure 3 depicts the Digital signature process

9
Digital Signatures(5)
10
Digital Signatures(6)

• Authentication of the sender
• Proof of the origin
• Methodologies
• The PGP (pretty good privacy)
• Provides authentication through a web-of-trust
  process
• X.509 structure
• Based on a hierarchical model, one trusted
  endorser, root certificate authority
• (Ex www.verisign.com)

11
Digital Signatures(7)
12
Normalization

• Prevents
• Data redundancy
• Data inconsistency
• 6 levels of normalizations are shown in Table 1.
• Figure 5 is an example of this process.

13
Normalization(2)
14
Normalization(3)
15
Integration of digital signatures and Relational
databases

• Two Models of Integration
• Separated model
• Integrated model
• Separated model
• Manually transfers the data from the signed
  document into the relational database.
• Stored electronically for later retrieval.
• This model is shown in Figure 6.

16
Integration of digital signatures and Relational
databases(2)
17
Integration of digital signatures and Relational
databases(3)

• Integrated model
• The signed document is decomposed into elements
  and placed into the relational data structure
  including the digital signature and the
  certificate chain portions of the document.
• To verify the transaction at a later point in
  time, the entire document is retrieved from the
  relational data structures and reassembled into
  its original form.
• This model is shown in Figure 7.

18
Integration of digital signatures and Relational
databases(4)
19
Comparing separate and integrated storage of
signed documents

• Integrated Model
• Advantages
• Better performance and data integrity.
• Limitations
• Relatively high cost
• Difficulty in the integration process

• Separate Model
• Advantages
• Inexpensive
• Limitations
• Redundancy and breakdown in the integrity of the
  system.
• High error rates.

20
XML digital signature

• XML digital signature specification.
• (http//www.w3.org/signature/).
• Advances in XML digital signatures incorporates
  confidentiality, authenticity, data integrity and
  non repudiation.
• The format for an XML digital Signature is shown
  in Figure 8.

21
XML digital signature(2)
22
Discussion Conclusion

• Separated model is a low-cost, but the integrated
  model - provides better performance and data
  integrity
• Available products such as DBsign from Gradkell
  Systems, Inc (www.gradkell.com)
• Challenges from an organizational standpoint in
  creating level of trust
• Proper planning, tools and controls in place
  integration is achievable

23
QUESTIONS ???