Digital Signatures – what document security do they provide?
Why digital signature security is not all it is cracked up to be
The concept of the digital signature was created when the idea of a Public Key Infrastructure (PKI) was thought to be a possibility. The idea was that using PKI you could link one individual to a uniquely described cryptographic identity (every entity in the Internet of things could be uniquely identified, and that identity could not be forged). And that would be a runaway winner for PDF security.
Now if you could get that to work it would be absolutely amazing! Right now, on the Internet it is possible to plain lie about your identity and nobody can be any the wiser. It’s a fact that anyone and everyone can pretend to be anyone they like, and exactly how would you know different?
So that was the game closing proposition of the digital signature – that you could be absolutely certain who you were ‘talking’ to.
The PDF security approach is to link the use of a PDF document to a specific digital signature – in other words, have the certainty that only the authorised recipient of the document could possibly use it because they and they alone could control that digital signature.
Amazing. Brilliant. Stunning. So why didn’t it take over and get rid of all the ID/Password stuff that we are forced to cope with on the plethora of web sites that we try to do business through?
Basically, there were two reasons why there were no wheels on the PKI wagon.
The first was cost. To make it work you needed a huge and amazingly costly infrastructure to sort out who was whom, and some mega-grade tokens that would make sure that only the authorised user could ever be using the identity. Nobody would pay for it – not even the banks! So finding end users with digital signatures that can be authenticated is a challenge.
The second was the fact that without the mega-grade tokens people could create duplicate or forged identities that meant they could pass on their ‘identities’ to anybody they chose. As a matter of technical fact I have a Key generator that allows me to generate the identity of a Certification Authority, and then to generate sub-authorities, and for them to generate identities.
But “Hello”, you say. Surely this is illegal? Well actually not. Obviously I do it because I am generating internal identities for my Corporation, and I want to be absolutely certain that nobody else could ever be in a position to compromise the security of my Corporation. Certainly I would never ever ‘trust’ some outside body to do my due diligence.
But if I am Hackers emporium then I am selling phony identities to anyone who cares to pay. And my customers are quite happy to give their supposed ‘identities’ to anybody, kind of destroying the certainty as to who is the authorised user.
And that is why the digital signature is a not a success as a control mechanism. Because it is possible to create digital signatures that look good even though they are not, and we are a long way from having digital signature systems commonly available that cannot be readily compromised.