A PKI based timestamped secure signing tool for e-documents

Abstract

With digitization of documents becoming a buzz word, several research initiatives have been taken in the field. However, an associated challenge that arises is the process of certifying and validating document integrity and ensuring non-repudiation. E-signatures gave a solution but could not prove the signer's identity. Digital certificates were thereafter used along with signatures to prove the identity of the signer. In this paper we present a schema for embedding digital signature as well as certifying and verifying the content of electronic document in a secured and tamperproof manner. Digital signature is created with hash value of the document generated by a hashing algorithm and encrypting the hash value by private key of the signer. Finally, the document is time stamped by an authorized time stamping server. The paper incorporates a novel online validation mechanism for ensuring the usage of live certificate in signing the document and also checks the integrity of the document. It also suppresses the replay attack by encrypting user credential at one end and decrypting and verifying it at the other end with asymmetric key cryptography. Another unique mechanism incorporated to redundantly suppress replay attach is to embed a timestamp, generated by authorized third party time-stamping authority, which registers and verifies user identity. The system was exposed to security vulnerability assessment using a suite of tools as well as other mechanisms reported in literature. Results of attack assessment indicated that the system is capable of handling most of the dangerous threats and vulnerabilities.