This report aims at introducing the concepts and mechanisms behind Digital Signatures and the security framework on which it is based on: Public Key Infrastructure (PKI).
A brief introduction to other cryptographic concept is also provided in order to provide a wide view of the security features adopted in the last years to recent. The concepts implied by PKI are then applied in relation to Secure Shell (SSH), an industry standard used by administrators for accessing systems remotely in a safe way.
The practical assessment, included in the Appendix A, will introduce step-by-step the actions required in order to create a Certificate Authority and generate signed host certificates, which will then be used to verify identify of servers to remote clients, removing the need of exchanging public keys between parties before communication.
The report will conclude with a brief reflection on the changes implied by the security features adopted nowadays, with an eye towards current researches and future implementations.
The wide distribution of networked systems and the increasing usage of internet have heavily influenced today’s society, including businesses. In fact, several operations such as banking, sale and purchase of products and the exchange of information have emphasized electronic transactions , minimizing operations’ cost while enhancing productivity. This has identified information security as the major issue for any business or individual who exchange sensitive information, or perform operations , over an open environment such as the internet because there is a need to prevent such information from being tampered. Consequently, the need of enforcing the fundamentals of information security (confidentiality , integrity and reliability) during data transmission between communicating parties led to the creation of security features such as digital signatures , of which algorithms are based on the security framework called Public Key Infrastructure (PKI) .
Cryptography uses mathematical algorithms and processes to convert intelligible plaintext into unintelligible ciphertext, and vice versa. Applications of cryptography include:
• Data encryption for confidentiality
• Digital signatures to provide non-repudiation (accountability) and verify data integrity
• Certificates for authenticating people, applications and services, and for access control (authorization)
There are two main kinds of cryptography: shared secret and public key.
In shared secret cryptography, sender and receiver use the same key for both encryption and decryption purposes. Because of this symmetry, it is critical to keep the key secret and to avoid network-based key distribution as an attacker could intercept the shared key and decrypt data sent from communicating parties.
Also known as Public key Cryptography, it uses a pair of keys: a public key and a private key.
The public key is publicly available, so it can be transmitted over insecure connection while the private key is kept private to the owner.
The pair of keys can be used for both encryption or decryption purposes, depends on usage.
To ensure confidentiality, the data is encrypted using the public key and can only be decrypted by the private key .
To ensure non-repudiation and integrity, the data is encrypted using the private key and can only be decrypted with the public key.
Distribution of keys between parties is greatly simplified using this protocol.
A digital signature is a set of enciphered data created using a cryptographic algorithm, based on the concept of public key cryptography, its main scope is to protect communicating parties against each other in a situation where there is no complete trust, and something more than authentication is required. 
The First model of digital signature was first introduced in the paper “New directions for Cryptography” (IEEE Transactions on Information Theory, 1976) where Whitfield Diffie and Martin Hellman presented the idea that a form of digital signature could be made using PKE in a way that anyone could verify its authenticity but no one else could duplicate it.
Most secure web transactions today are already dependent on digital signatures, which are included as part of the digital certificate a server presents to a client to identify itself and vice versa.
Example of current uses of digital signatures:
- Inter-bank payment systems (BACS, SWIFT,CHAPS .)
- e-passports and other e-id cards
- VPN and Remote host connections
- SSL enabled websites
- Signing documents (PDFs, Emails, etc)
Figure 4 Disadvantages of Digital Signature
It must be mentioned that the digital signature scheme does not offer complete security against data theft or data manipulation. Numerous researchers have identified some of the weaknesses embedded in such security implementation, for example: