Protecting digital signatures: it’s about time
The use of “digital signatures” has exploded during the pandemic. People all over the world have changed the way they travel, transact and work. In the manufacturing sector, organizations have gravitated towards hybrid work environments. In all of these cases, digital signatures are used to protect digital interactions and digital assets, from documents to software code.
Estimated reading time: 5 minutes
Unfortunately, all of these digital assets remain at risk as the signature’s certificate may have expired or been revoked. Fraudsters can make these certificates appear as if they are still valid. But their alterations and counterfeits can be fought with the help of timestamping services that give confidence to digital signatures.
The risk timeline
There is a time-based workflow associated with digital signatures that can best be understood by looking at the workflow for a traditional ink signature. When a legal document is signed, a notary is usually present. The task of the notary is threefold. First there must be verification of the identity of the person signing. Second, the notary must validate the date and time of the signature. After these two processes are completed, the third step is to log the signature with the date and time of the transaction and a fingerprint.
A version of this stream is used in the digital world. After a document is signed with a public key infrastructure (PKI) based digital signature, there is a non-repudiation step. Non-repudiation provides proof of the data’s origin and its integrity, making it difficult for, say, the party to a contract or a communication to deny the authenticity of the signature on a document, or that the message is in the first place. But this rejection step cannot necessarily be trusted.
When a PDF document is digitally signed with a PKI-based certificate, information about the person signing is added along with the date and time of the signature. However, this date and time is based on the computer’s local time, which is subject to change. This makes it easy for someone to fraudulently manipulate or falsify the date and time of the signature. If a fraudster can make a digital certificate appear valid even if it has expired or been revoked. All it takes is to change this local computer time. The only way to trust the digital signature is to ensure that the timestamp is reliable.
How trusted timestamps work
Trusted digital identities are needed for a wide variety of applications, ranging from authentication and data encryption to document and code signing. Digital PKI certificates are used to create them. To prove the existence of these signatures at some point in time, the Internet Engineering Task Force (IETF) created the PKI Time-Stamp Protocol (TSP).
When this protocol is used, it is not only possible to prevent the forgery of digital certificates and prevent unauthorized use of revoked certificates, but also to simplify time-based compliance recording. Using trusted timestamps also strengthens lawsuits and proves the long-term validity of a signature. For example, antivirus updates can be secured by using signatures with a trusted timestamp.
Without a timestamp, signatures expire or become invalid when the certificate expires or is revoked. End users are warned not to trust the code. But with a timestamp and long-term validation, the signature is still trusted, since the signing certificate was valid when the signature was applied.
Accurate and trusted timestamps are applied to a digital signature by a timestamping authority. The timestamping authority must comply with the RFC 3161 requirements established by the IETF. The RFC 3161 Time Stamp Protocol proves that the data has not been tampered with. Using a timestamp authority while signing a document or code then prevents the timestamp from being tampered with.
The process is as follows: First, the client application (for example, Microsoft Authenticode or Signtool) creates a hash of the document or code file. The has is a unique identifier of the data or file to be timestamped. This hash is sent to the Time Stamping Authority, which combines the hash of the file with a trusted timestamp and signs it with a private key. Then a timestamp token is created and sent back to the client. The timestamp token contains the information that the client application needs to verify the timestamp later. The process concludes by including the timestamp token in the file.
When the resulting timestamp data or file is later accessed, the client application uses the timestamp authority’s public key to validate that the timestamp comes from a trusted timestamp authority and recomputes a hash of the original data. This new hash is compared to the originally created hash. The hash check will fail if any changes have been made to the data since the timestamp was applied, this hash check. Warning messages are also displayed saying that the data has changed and the timestamp should not be trusted.
In many use cases, this process must be performed at very high throughputs. An example is signing files with antivirus signatures or signing firmware – there may be millions of timestamps that need to be applied each week. Trusted timestamp service providers make this easier. They provide enterprises with a highly available cloud-based platform for embedding timestamps.
These timestamps can be embedded in any software application, documents or digital files. Any manipulation of the timestamp file after the signature and timestamp are applied causes a hash mismatch that breaks the seal of the file and warns the user that the file can no longer be trusted. It is no longer in its original state and the data has been changed. Reliable timestamps are essential to the integrity of digital signatures because they are applied using independently verified and verifiable date and Coordinated Universal Time (UTC) sources.
Because they are not susceptible to manipulation like a local system clock, they promote the certainty of applying a digital signature. Trusted Timestamps will continue to see a growing demand among users to verify the date and time of their electronically or digitally signed documents, code, and other files. This can prevent forgery while creating longevity for these digital signatures, even after expiration, through long-term validation and non-repudiation of their time and date.
By Mrugesh Chandarana, Director of Product Management, Identity and Access Management Solutions, HID Global
What do you think of digital signatures? Share your thoughts on one of the social media pages below. You can also comment on our MeWe page by joining the MeWe social network.
