Cyber Crime UNIT : 3

Digital Signature : A digital signature is a mathematical technique which validates the

authenticity and integrity of a message, software or digital documents.

Application of Digital Signature

Authentication : Authentication is a process which verifies the identity of a user who wants
to access the system. In the digital signature, authentication helps to authenticate the
sources of messages.

Non-repudiation : Non-repudiation means assurance of something that cannot be denied. It

ensures that someone to a contract or communication cannot later deny the authenticity of
their signature on a document or in a file or the sending of a message that they originated.

Integrity : Integrity ensures that the message is real, accurate and safeguards from
unauthorized user modification during the transmission.

Algorithms in Digital Signature

A digital signature consists of three algorithms:

1. Key generation algorithm : The key generation algorithm selects private key randomly from
a set of possible private keys. This algorithm provides the private key and its corresponding
public key.

2. Signing algorithm : A signing algorithm produces a signature for the document.

3. Signature verifying algorithm : A signature verifying algorithm either accepts or rejects the
document's authenticity.

How digital signatures work

Digital signatures are created and verified by using public key cryptography, also known as
asymmetric cryptography. By the use of a public key algorithm, such as RSA, one can generate
two keys that are mathematically linked- one is a private key, and another is a public key.

The steps which are followed in creating a digital signature are:

1. Select a file to be digitally signed.

2. The hash value of the message or file content is calculated. This message or file content
is encrypted by using a private key of a sender to form the digital signature.
 3. Now, the original message or file content along with the digital signature is transmitted.
4. The receiver decrypts the digital signature by using a public key of a sender.
5. The receiver now has the message or file content and can compute it.
6. Comparing these computed message or file content with the original computed message.
The comparison needs to be the same for ensuring integrity.

What are the types of Digital Signature?

The simplest digital signature is a simple one since it has no encryption protection. Simple digital
signatures and basic digital signatures are pretty similar. The finest digital signature is Advanced
& Qualified, which is equally valid in court as a wet paper signature.

1. Simple Digital Signature

A Simple digital signature is a digital signature in it’s purest form because it isn’t encrypted.
Numerous drawbacks exist with this straightforward digital signature. This signature cannot
reveal the identity of the authenticator or modifications made to the document after the recipient
has left their mark since it is not encrypted. Simple digital signature categories can also be
extremely easily copied or faked. The usage of such digital signatures is not advised from a legal
and security point of view.

2. Basic Digital Signature

Comparing Basic Digital Signatures to Simple Digital Signatures, there aren’t many differences.
Basic Digital Signatures only differ from Simple Digital Signatures in that they may demonstrate
modifications made to a document after it has been signed. This signature cannot refer to a
confirmed identification, thus it cannot ensure the protection of your identity. Basic digital
signature service providers do not properly authenticate the user’s identity even employing the
cryptography method. Additionally, the signing procedure does not use two-factor
authentication. Documents of this type that have been signed digitally as a result generally lack
authority and legal force.

3. Advanced and Qualified Digital Signature

The most secure digital signature is Advanced & Qualified, which has the same legal value as a
wet signature on document. Advanced and qualified digital signatures maybe created with the
use of public key infrastructure and asymmetric cryptography technology. Advanced and
qualified digital signatures can indicate when, where, and what devices to use throughout the
document signing procedure. It is also simple to track any modifications made to the document
after it has been signed.

The procedure used to confirm the user’s identification by this digital signature service provider
makes it even unique. It also provides the two-step verification. The manner of authentication
employed varies as well, from mobile phone biometric scanning to SMS transmission of one-
time passwords. Documents signed using digital signatures are included in this category since
they already have an electronic certificate that is specifically linked to the signatory’s identity.

Categories / classes of digital signatures

Digital signature certificates (DSCs) can be classified into three groups:

Class 1: They are only specific certification on an email ID and username, so they cannot be
used for official business documents. Class 1 signatures offer a fundamental level of security and
are applied in situations where there is little risk of data compromise.

Class 2: This is frequently used for the electronic filing (e-filing) of tax papers, such as returns
for both the Goods and Services Tax (GST) and income taxes. Class 2 digital signatures check
the identity of the signer against a database that has already been confirmed. Class 2 signature
are used in contexts with minimal risks and effects of data compromise.

Class 3: The highest level of digital signatures, Class 3 requires the signer to present themselves
before a certification authority to verify their identity. Class 3 digital signatures are used in e-
auctions, e-tendering, e-ticketing, court filings, and other contexts where there are significant
risks to data or consequences from a security breach.

Benefits of Digital Signatures

 Legal documents and contracts: Digital signatures are legally binding. This makes them
ideal for any legal document that requires a signature authenticated by one or more parties
and guarantees that the record has not been altered.
  Sales contracts: Digital signing of contracts and sales contracts authenticates the identity
of the seller and the buyer, and both parties can be sure that the signatures are legally
binding and that the terms of the agreement have not been changed.
 Financial Documents: Finance departments digitally sign invoices so customers can trust
that the payment request is from the right seller, not from a bad actor trying to trick the
buyer into sending payments to a fraudulent account.
 Health Data: In the healthcare industry, privacy is paramount for both patient records and
research data. Digital signatures ensure that this confidential information was not modified
when it was transmitted between the consenting parties.
Drawbacks of Digital Signature
 Dependency on technology: Because digital signatures rely on technology, they are
susceptible to crimes, including hacking. As a result, businesses that use digital signatures
must make sure their systems are safe and have the most recent security patches and
upgrades installed.
 Complexity: Setting up and using digital signatures can be challenging, especially for
those who are unfamiliar with the technology. This may result in blunders and errors that
reduce the system’s efficacy. The process of issuing digital signatures to senior citizens can
occasionally be challenging.
 Limited acceptance: Digital signatures take time to replace manual ones since technology
is not widely available in India, a developing nation.

Legal issues of digital signature

1. Authentication and Non-Repudiation: One of the primary legal concerns with digital
signatures is ensuring that they provide sufficient authentication of the signer's identity and
prevent repudiation of the signed document. Laws and regulations often specify requirements for
the use of cryptographic techniques and secure processes to achieve these goals.
2. Data Privacy and Security: Digital signatures involve the processing and transmission of
sensitive personal and confidential information. Legal issues related to data privacy and security
must be addressed to protect against unauthorized access, disclosure, or alteration of digital
signature data. Compliance with data protection laws such as the General Data Protection
Regulation (GDPR) is crucial.
3. Validity and Enforceability: Digital signatures must meet specific legal criteria to be
considered valid and enforceable in court. These criteria often include requirements for the
integrity of the signed document, the authenticity of the signer's identity, and the reliability of the
signature generation process. Admissibility of digital signatures as evidence in legal proceedings
is another important consideration.
4. Electronic Records Management: Legal issues may arise concerning the storage, retention, and
accessibility of electronically signed documents. Organizations must establish policies and
procedures for the proper management of electronic records, including requirements for audit
trails, document archiving, and retrieval mechanisms.
5. Risk Management and Liability: Implementing digital signature solutions involves inherent
risks, including the risk of fraud, data breaches, and technical failures. Legal issues related to
liability and indemnification must be addressed through contracts, service level agreements, and
insurance policies to allocate responsibilities and mitigate potential losses.
 Technical issues of Digital signature
1. Algorithm Selection: Digital signatures rely on cryptographic algorithms for generating and
verifying signatures. Choosing appropriate algorithms is crucial to ensure security and
interoperability. Commonly used algorithms include RSA, DSA, and ECDSA for asymmetric
cryptography and SHA-2 or SHA-3 for hashing.
2. Key Management: Proper management of cryptographic keys is essential for the security of
digital signatures. This involves generating key pairs securely, protecting private keys from
unauthorized access, and securely distributing public keys to verification parties. Key revocation
mechanisms are also necessary to mitigate the risk of key compromise.
3. Message Digest and Hash Functions: Digital signatures typically operate on hashed
representations of the signed message rather than the entire message itself. Ensuring the integrity
and collision resistance of hash functions is essential to prevent forgery and tampering attacks.
Vulnerabilities in hash functions can compromise the security of digital signatures.
4. Time stamping and Long-Term Validity: Ensuring the long-term validity and integrity of
digitally signed documents requires mechanisms for timestamping and archival. Timestamping
services provide trusted timestamps that attest to the existence of a document at a specific point
in time, while archival systems securely store signed documents for future verification..
5. Security Considerations: Various security considerations must be addressed to protect against
common cryptographic attacks and vulnerabilities, such as chosen-plaintext attacks, side-channel
attacks, and implementation flaws. Robust security measures, including key length selection,
cryptographic parameter validation, and secure coding practices, are necessary to mitigate these
risks.
 What is an Electronic Signature?

An e-signature or electronic signature is define d as a signature in electronic form. In simple

words, we can say that, when a signatory signs a document through electronic form and not with
wet ink, it is known as an electronic signature. It is basically a process that utilises computers to
authenticate the signatory, and ensure the integrity of the paper.

Electronic records, also known as digital records or e-records, refer to any information that is
recorded, stored, and transmitted in digital format.

1. Text Documents: Text documents are one of the most basic types of electronic records. They
include word processing files, such as those created with Microsoft Word, Google Docs, or plain
text editors. Text documents may contain written content, tables, lists, and other textual
information.

2. Spreadsheets: Spreadsheets are electronic records used for organizing, analyzing, and
manipulating data in tabular format. They are commonly created with software like Microsoft
Excel, Google Sheets, or OpenOffice Calc. Spreadsheets can store numerical data, perform
calculations, and generate charts and graphs.

3. Presentations: Presentation files are used to create slideshows for delivering visual
presentations. They often include text, images, graphics, and multimedia elements. Common
presentation software includes Microsoft PowerPoint, Google Slides.

Biometrics

Biometrics is the measurement and statistical analysis of people's unique physical and behavioral
characteristics. The technology is mainly used for identification and access control or for
identifying individuals who are under surveillance.

1. Fingerprint Recognition: Utilizes the unique patterns of ridges and valleys on a person's
fingertips.

2. Facial Recognition: Analyzes facial features, such as the distance between eyes, nose, and
mouth, to identify individuals.
3. Iris Recognition: Scans the intricate patterns in the iris of the eye, which are unique to each
individual.

4. Retina Recognition: Examines the patterns of blood vessels at the back of the eye.

5. Voice Recognition: Analyzes the unique characteristics of an individual's voice, such as pitch,
tone, and cadence.

6. Hand Geometry Recognition: Measures and analyzes the shape and size of the hand, including
length and width of fingers.

7. Vein Recognition: Maps the pattern of veins in the palm or back of the hand.

8. DNA Recognition: Analyzes the unique genetic code of individuals for identification purposes,
though it's less commonly used due to complexity and invasiveness.

9. Signature Recognition: Analyzes the unique characteristics of a person's signature, such as

speed, pressure, and stroke order.

10. Ear Recognition: Analyzes the shape and structure of the ear, which is unique to each person.

Crime based on biometric

1. Identity Theft: Criminals may steal biometric data, such as fingerprints or facial recognition
patterns, to impersonate individuals or gain unauthorized access to sensitive information or
facilities.

2. Biometric Spoofing: This involves creating fake biometric data to deceive biometric
authentication systems. For example, using a high-resolution photograph to spoof facial
recognition systems or creating synthetic fingerprints to fool fingerprint scanners.

3. Biometric Data Breaches: If databases containing biometric data are compromised, it can lead
to serious privacy and security issues. Biometric data breaches can expose individuals to identity
theft, fraud, and unauthorized access.

4. Biometric Data Tampering: Criminals may attempt to manipulate biometric data to alter
someone's identity or create false records in databases.

5. Blackmail and Extortion: Criminals may use stolen biometric data to blackmail individuals,
threatening to expose sensitive information or misuse their identity.

6. Surveillance and Tracking: Unauthorized use of biometric surveillance systems for tracking
individuals without their consent or knowledge can infringe upon privacy rights and potentially
lead to stalking or harassment.
7. Forgery and Fraud: Criminals may use stolen biometric data to create forged documents or
commit financial fraud, such as accessing bank accounts or making unauthorized transactions.

8. Unlawful Access: Criminals may use stolen biometric credentials to gain unauthorized access to
secure locations, systems, or devices, bypassing traditional security measures.

9. Terrorism and Espionage: Biometric data may be exploited by terrorist organizations or

foreign intelligence agencies for espionage purposes or to carry out acts of terrorism.

10. Unauthorized Biometric Data Collection: Illegal collection of biometric data without consent
or in violation of privacy laws can result in legal consequences for individuals or organizations
involved.

Advantages of biometrics

 hard to fake or steal, unlike passwords;

 easy and convenient to use;

 generally, the same over the course of a user's life;

 nontransferable; and

 efficient because templates take up less storage.

Disadvantages:

 It is costly to get a biometric system up and running.

 If the system fails to capture all of the biometric data, it can lead to failure in identifying a
user.

 Databases holding biometric data can still be hacked.

 Errors such as false rejects and false accepts can still happen.

 If a user gets injured, then a biometric authentication system may not work -- for example, if
a user burns their hand, then a fingerprint scanner may not be able to identify them.

Digital Forensics in Information Security: What is Digital Forensics?

Digital Forensics is the process of preserving, obtaining, analyzing, and presenting electronic
data so that it can be used as evidence.
 Types of Digital Forensics:

Computer Forensics: This involves the recovery and analysis of data stored on computers
and other digital devices, such as hard drives, flash drives, and memory cards. The goal is
to uncover hidden or deleted files, recover lost or damaged data, and preserve evidence for
use in criminal or civil investigations.

Network Forensics :This type of Digital Forensics results in monitoring, analysis, and
preservation of network traffic to identify cyber security threats, investigate cybercrime, or
recover lost or stolen data.

Web Forensics : This involves the analysis of data related to web-based activities, such as
web pages, web server logs, and email communications. The goal is to uncover evidence of
cybercrime, investigate security breaches, or recover lost or stolen data.

Mobile device Forensics : Recovery and examination of data from mobile devices, such as
tablets and smartphones are known as mobile device forensics. This method of forensic
analysis is used to look into incidents including the loss or theft of a device, the recovery of
deleted data, or the inspection of a device as part of a criminal investigation.

Memory Forensics : This involves the analysis of data stored in a computer’s RAM. The
goal is to recover data that may not be stored on disk or other storage media and to
uncover hidden or malicious processes or activities.


Digital Forensics is a branch of forensic science which includes the identification, collection,
analysis and reporting any valuable digital information in the digital devices related to the
computer crimes, as a part of the investigation. In simple words, Digital Forensics is the process
of identifying, preserving, analyzing and presenting digital evidences.. It consists of 5 steps at

high leve
1. Identification of evidence: It includes of identifying evidences related to the digital crime in
storage media, hardware, operating system, network and/or applications. It is the most
important and basic step.
2. Collection: It includes preserving the digital evidences identified in the first step so that they
doesn’t degrade to vanish with time. Preserving the digital evidences is very important and
crucial.
3. Analysis: It includes analyzing the collected digital evidences of the committed computer
crime in order to trace the criminal and possible path used to breach into the system.
4. Documentation: It includes the proper documentation of the whole digital investigation,
digital evidences, loop holes of the attacked system etc. so that the case can be studied and
analysed in future also and can be presented in the court in a proper format.
5. Presentation: It includes the presentation of all the digital evidences and documentation in
the court in order to prove the digital crime committed and identify the criminal.