A CRITICAL STUDY ON DIGITAL SIGNATURE AND ITS SECURITY IN INDIA: ROHITH.R & RAGAVEE.U

A CRITICAL STUDY ON DIGITAL SIGNATURE AND ITS SECURITY  IN INDIA

Author: Rohith.R[1]

Co-Author: Ragavee.U [2]

Saveetha School of Law, Saveetha Institute of Medical and Technical Sciences, Saveetha University

ISSN: 2582-3655

ABSTRACT

Digital signature is considered to be a technique for validating the legitimacy of the digital message or digital document. The digital signature is functioning through Public-key Cryptography. During the early period, there was no presence of digital signature as there was only a traditional signature which is used to authenticate the document or Message, but the usage of traditional signature was time-consuming, cost-ineffective and there is a way for forgery and fraudulent activities. It is easy for the offender to easily manipulate the traditional signature and to sign the document in a fraudulent manner. It was difficult to verify the traditional signature. After the evolution of technology, the presence of digital signature came into force and the Information Technology Act recognizes the digital signature which made it easier for the online documents and message to be easily signed and verified by the way of using the digital signature. Another important factor is that digital signature cannot be used by another person as there is certain verification procedure followed for issuance of digital signature by the certifying authority,  it means that the digital signature usage is considered to be nonrepudiation that is once the signer digitally identifies the signature then it cannot be denied later. This research is done by a Non-doctrinal or Empirical type of research and the sampling method used in the survey is a simple random sampling method. This research used both primary and secondary data. The data were been analyzed using the SPSS tool for a precise finding. Thereby it shows that source of data. The research concludes that there is proper protective measures for securing digital signature as compared with traditional signatures in India.

KEYWORDS-Digital Signature, E-commerce, Technology, Public key, Message.

INTRODUCTION

The fast advancement of the Internet or Electronic based business has a new model of business exercises. Step by step instructions to this wide system of the transmission line to secure the authenticity of the information(Katz 2010). Stamp-based digital signature technology is proposed in this unique situation, and become the field of data security examine in the field of Computer system and technology(Mason). In spite of the fact that internet business on-line transmission of information security have had a solid interest, be that as it may, to meet the security needs of the digital signature seals the technology has not been excellent arrangement(Panko 2004). Guarantee information, respectability and non-revocation of exchanges each other depends on the seal of the digital signature framework must address the central issue is the digital signature framework seal the establishment(Panko 2004; Dang 2009; Housley 2009). Internet business may incorporate the utilization of electronic information trade, electronic cash trade, Internet promoting, sites, online databases, PC networks, and purpose of-offer PC frameworks. In this way, the security issue turns out to be significant in web-based business(Ruggieri 2014).


The two known to be purchasers and vendors on the Internet must guarantee that every single budgetary exchange is a genuine and dependable activity, and make clients, shippers and different gatherings have total certainty(Linh 2014). Along these lines, internet business must guarantee that the framework has an entirely solid security technology, in other words, the system must guarantee the four noteworthy wellbeing components, and they are classification, verification, honesty, accessibility, and non-denial of data. PKI (Public Key Infrastructure) is a framework, which offers administrations of public-key encryption and digital signature, in light of public-key encryption advances. It is issued by the Certifying Authority which is regularly monitored by the controller of the Certifying Authority. Numeric certificate library, mystery key reinforcement and reestablish framework, numeric certificate pull back framework and API.PKI, which depends to a great extent on cryptographic hypothesis and gives, for the most part, the administrations of verification and secrecy and integrality and non-revocation, transforms into the significant secure stage of confirmation and approval in computer application and ensures the data security of the system. CA is the piece of some portion of PKI, and it gives elements of granting, refreshing, pulling back and approving the digital certificate. PKI technology has just been exhaustively utilized in numerous fields mainly used for the purpose of computer framework and Internet Network.

The key to the PKl framework is the digital certificate of the executives (create, disperse, approve). A digital certificate is an electronic recognizable proof card like the job of the genuine ID card. It is issued by a verification officer known as Certifying authority. Individuals can utilize it to get in touch with one another to recognize the personality(Rohrmann 2014). Marking in a composed document intends to affirm it. furthermore, its job is two points: first, since it is hard to deny their own signature, which affirms the way that documents have been marked; Second, in light of the fact that the signature is hard to manipulate, it guarantees this document is legitimate and real. Digital signatures utilize deviated cryptography. In numerous examples they give a layer of approval and security to messages sent through a non-secure channel: Properly executed, a digital signature gives the beneficiary motivation to accept the message was sent by the guaranteed sender. Digital signatures are equal to customary manually written signatures in numerous regards, yet appropriately executed digital signatures are harder to fashion than the transcribed kind.  The aim of the research is to find whether the Digital signature is more secure compared with traditional signatures in India.

OBJECTIVE

  1. To study about Digital Signature
  2. To analyze the security of Digital Signature
  3. To compare the Traditional Signatures with Digital Signature.

REVIEW OF LITERATURE

As per traditional perspective, paper documents are approved and affirmed by composed signatures, which work genuinely well as a method for giving genuineness. For electronic documents, a comparable system is essential(Malaysia 2002). Digital signatures, which are only a series of ones and zeroes produced by utilizing a digital signature algorithm, fill the need for approval and verification of electronic documents. Approval alludes to the way toward guaranteeing the substance of the document, while verification alludes to the procedure of ensuring the sender of the document(Patricia 2001). The terms document and message are utilized interchangeably. Conventional and digital signature characteristics(Cabanellas 2018). A customary signature has the following remarkable qualities: relative simplicity of building up that the signature is bona fide, the trouble of producing a signature, the non-transferability of the signature, the trouble of changing the signature, and the nonrepudiation of signature to guarantee that the endorser can’t later deny signing(Mambi 2010). A digital signature ought to have all the previously mentioned highlights of a customary signature in addition to a couple of additional as digital signatures are being utilized in practical, but delicate, applications, for example, secure email and charge card exchanges over the Internet(Mambi 2010; Sood 2001). Since a digital signature is only a grouping of zeroes and ones, it is attractive for it to have the accompanying properties: the signature must be a piece design that relies upon the message being marked (accordingly, for the equivalent originator, the digital signature is diverse for various documents); the signature must utilize some data that is remarkable to the sender to avoid both fabrication and disavowal; it must be moderately simple to deliver; it must be generally simple to perceive and confirm the validness of digital signature; it must be computationally infeasible to manufacture a digital signature either by building another message for a current digital signature or developing a deceitful digital signature for a given message, and it must be useful to get copies of the digital signatures incapacity for parleying potential debates later(Elisa). To check that the got document is for sure from the guaranteed sender and that the substance has not been adjusted, a few methods, called validation procedures, have been created(Srivastava 2012). Be that as it may, message verification procedures can’t be straightforwardly utilized as digital signatures due to inadequacies of confirmation systems(Duggal 2002). For instance, in spite of the fact that message validation ensures the two gatherings trading messages from an outsider, it doesn’t ensure the two gatherings against one another. In expansion, rudimentary validation plans produce signatures that are the length of the message themselves(Stephen 1872). Essential ideas and wording Digital signatures are processed depend on the documents (message/data) that should be agreed upon what’s more, on some private data held distinctly by the sender(Latimer, n.d.). In practice, instead of utilizing the entire message, a hash capacity is connected to the message to get the message digest. A hash work, in this specific circumstance, takes a self-assertive estimated message as input and creates a fixed-size message digest as output(Daniel).O’Connor v Uber and Meyer v Uber,” she said. “In the primary case, the court was approached to consider the offended party’s argument that there was certifiably not a legitimate understanding since it was shown on ‘a modest iPhone screen when most drivers are going to go on obligation.’ The court dismissed that contention since it’s superfluous whether somebody peruses an agreement, as long as they have the chance to do as such.

STATUTES

Information Technology 2000

The expression “electronic signature” is characterized under section 2(ta) of the IT Act 2000 ( as embedded by Information Technology Amendment Act 2008 (ITAA) as pursues: “Electronic signature” signifies confirmation of any electronic record by a supporter by methods for the electronic procedure determined in the subsequent timetable and incorporates advanced signature”. The articulation “Computerized signature” is characterized under section 2(p) as pursues: “Advanced Signature” signifies validation of any electronic record by an endorser by methods for an electronic strategy or technique.

CASE LAWS

Berkson v Gogo

In “Berkson v Gogo is a case from 2015 in the Eastern District of New York. The supplier was blamed in a legal claim for tricking clients into pursuing a month to month Wi-Fi administration without their insight. The offended parties guaranteed that the site deceived them into intuition they were just obtaining a solitary month of utilization while disguising that it was really a membership agreement.”As part of the investigation, the court assessed countless important earlier choices that examined the manner in which terms are unveiled to shoppers on electronic stages. It was a long case, and the court took a gander at various exact investigations of perusing and survey conduct, including eye following patterns.The court presumed that all in all, an electronically displayed understanding is enforceable if: 1) the site exhibiting the understanding gives a sensibly reasonable client, on request, a notice of the particulars of the agreement, 2) the client is energized by the structure and substance of the page to inspect the terms through a hyperlink and 3) the hyperlink to the understanding is put where the client is probably going to see it.

Barwick v Geico

In Barwick v Geico was an Arkansas case. Geico issued a vehicle protection arrangement to somebody who connected for the strategy over the Internet. As a component of the procedure, the candidate deferred health advantages inclusion and electronically marked with that impact. Around then, Arkansas law said that health advantages inclusion must be rejected ‘recorded as a hard copy.’ However, Arkansas had likewise received the UETA preceding the date of the application.”The candidate was driving the vehicle secured by the strategy and was hit by another vehicle. They submitted hospital expenses under the strategy and Geico rejected the case. At the point when sued by Barwick, Geico indicated the electronic waiver of inclusion, which the candidate conceded marking. Be that as it may, the offended party guaranteed the waiver wasn’t powerful in light of the fact that it wasn’t recorded as a hard copy, as the resolution required. The court concurred with Geico, and a higher court maintained the decision, saying that Arkansas’ execution of UETA sponsored them up.

Adams v Quicksilver

In Adams v Quicksilver, It was in California in 2010. The offended party in a business question tested the legitimacy of her electronic mark on an assertion understanding. The agreement had been sent to her by means of a hyperlink in an email at the time she was enlisted. No secret word or other accreditation was required. The understanding had two spots where she needed to sign her name by composing in a clear field – one was toward the part of the arrangement.

Lorraine v Markel

In Lorraine v Markel, a case from 2007, the two gatherings in a protection debate appended messages as presentations for rundown judgment yet neither gave validation of the records themselves that would be expected to concede them into evidence.”The court’s nitty-gritty assessment secured how to get data conceded into proof. There are 14 who decides that influence tolerability. This conclusion strolls through every one of the perspectives and discloses how it applies to electronic proof. It’s still viewed as a fundamental case around there.”

METHODOLOGY

This research follows a non-doctrinal type of research and the sampling method used in this survey is a simple random sampling method. This study used both primary and secondary data. The secondary data used to form government documents, unpublished thesis, websites, journals, etc. The primary data was collected from the respondents using a simple random sampling method with a structured questionnaire.  Independent variables such as age, gender, educational qualification, occupation, marital status, monthly family income, monthly expenditure, etc were also collected. The first dependent variable is whether  Digital signature is more secure compared with traditional signatures and the second dependent variable is being aware of the concept of Digital Signature. The current paper is based on stratified random method of sampling and the sample size is limited to 1552 and this analysis is done through SPSS tool for acquiring better and accurate result and this survey is taken on Chennai only and most importantly the survey was made in an authenticated way for appropriate results and also tries to reveal the actual truths regarding this issues. This paper also includes various secondary sources to get through the current issue, but the results will be focused mainly on the primary data.

ANALYSIS AND RESULT

Frequency Table

Age
  Frequency Percent Valid Percent Cumulative Percent
Valid 18-30 years 852 51.6 54.9 54.9
30-50 years 442 26.8 28.5 83.4
Above 50 years 258 15.6 16.6 100.0
Total 1552 93.9 100.0  
Missing System   6.1    
Total 1552 100.0    

Age*Are you aware of the concept of Digital Signature?

Crosstab
Count
  Are you aware of the concept of Digital Signature? Total
Yes No Maybe
Age 18-30 years 481 240 131 852
30-50 years 73 258 111 442
Above 50 years 171 39 48 258
Total 725 537 290 1552

The above figure describes that in the total sample is 1552,around 725 of the samples agree with the statement that they are aware about the concept of Digital Signature, around 537 of the samples disagree with the statement that they are aware about the concept of Digital Signature and around 290 of the samples states that they may be aware about the concept of Digital Signature.

Chi-Square Tests
  Value df Asymp. Sig. (2-sided)
Pearson Chi-Square 250.177a 4 .000
Likelihood Ratio 270.729 4 .000
Linear-by-Linear Association 7.205 1 .007
N of Valid Cases 1552    
a. 0 cells (0.0%) have expected count less than 5. The minimum expected count is 48.21.

Hypothesis

H0 : There is  proper awareness about the concept of  digital signature

Ha : There is   awareness about the concept of   digital signature

From the above figure, the Pearson Chi-Square value drawn is 0.00, which is less than 0.05(P-value)

Age*The Digital signature is more secure compared with traditional signatures.

Crosstab
Count
  The Digital signature is more secure compared with traditional signatures. Total
Strongly Agree Agree Neutral Disagree Strongly Disagree
Age 18-30 years 47 143 100 312 250 852
30-50 years 5 36 213 101 87 442
Above 50 years 46 43 31 31 107 258
Total 444 444 344 222 98 1552

The above  analysis  describes that in the total samples of 1552  around 444  of the samples agree with the statement that Digital signature is more secure compared with traditional signatures, around 222 of the samples disagree with the statement  that Digital signature is more secure compared with traditional signatures. and around 344  of the samples  stated that they are neutral with the statement that Digital signature is more secure compared with traditional signatures., around 444 of the samples strongly agree with the statement that Digital signature is more secure compared with traditional signatures.and around 98 of the samples strongly disagree with the statement that Digital signature is more secure compared with traditional signatures.

Chi-Square Tests
  Value df Asymp. Sig. (2-sided)
Pearson Chi-Square 355.546a 8 .000
Likelihood Ratio 331.622 8 .000
Linear-by-Linear Association 10.155 1 .001
N of Valid Cases 1552    
a. 0 cells (0.0%) have expected count less than 5. The minimum expected count is 16.29.

Hypothesis

H0 : There is proper protective measures for securing digital signature as compared with traditional signatures.

Ha : There is no proper protective measures for securing digital signature as compared with traditional signatures.

From the above figure, the Pearson Chi-Square value drawn is 0.00, which is less than 0.05(P-value)

DISCUSSION

The analysis describes that in the total sample is 1552, around 725 of the samples agree with the statement that they are aware of the concept of Digital Signature, around 537 of the samples disagree with the statement that they are aware of the concept of Digital Signature and around 290 of the samples states that they may be aware of the concept of Digital Signature. And also the analysis describes that in the total samples of 1552  around 444  of the samples agree with the statement that Digital signature is more secure compared with traditional signatures, around 222 of the samples disagree with the statement that Digital signature is more secure compared with traditional signatures. and around 344  of the samples stated that they are neutral with the statement that Digital signature is more secure compared with traditional signatures., around 444 of the samples strongly agree with the statement that Digital signature is more secure compared with traditional signatures. and around 98 of the samples strongly disagree with the statement that Digital signature is more secure compared with traditional signatures.

The Pearson Chi-square test done through the SPSS tool provide a clear and precise analysis. As the Pearson Chi-square value drawn from the analysis was 0.000 and 0.000 respectively, which is less than 0.05. It means that the null hypothesis has been considered to be true. Thereby it shows that there is proper protective measures for securing digital signature as compared with traditional signatures.

RECOMMENDATION

It is essential to enhance the protective measures of a digital signature as E-commerce is increasing rapidly and thereby as the technology increases, eventually, the fraudulent activities are also increased on the internet. So to protect and prevent the digital signature from the criminal offenders, there must be proper awareness about the usage of a digital signature. 

CONCLUSION

The research concludes that public certainty is the key to E-Commerce building and utilizing. It originates from the data security and the legitimate assurance to security, so data wellbeing and protection insurance are the most significant issues in E-Commerce improvement in numerous nations in the world. The fundamental point of the content is to apply digital signature technology in E-Commerce trade and business, advance the answer for the security issues of digital signature technology in Web-based business and offer personality accreditation to the individuals who participate in E-Commerce exercises, which forestalls a wide range of potential wellbeing risks. The examination and use of digital signature technology in China have a uniqueness with the universal level, so here we just talk about digital signature technology without the security of the public key, and the wellbeing of the public key will be explored in the future.

REFERENCES

  1. Banday, Mohammad Tariq. n.d. “Applications of Digital Signature Certificates for Online Information Security.” Cyber Security and Threats..
  2. Cabanellas, Guillermo. 2018. Cyber Law in Argentina. Kluwer Law International B.V.
  3. Dang, Q. H. 2009. “Randomized Hashing for Digital Signatures.” https://doi.org/10.6028/nist.sp.800-106.
  4. Duggal, Pavan. 2002. Cyberlaw: The Indian Perspective.
  5. Housley, R. 2009. “Digital Signatures on Internet-Draft Documents.” https://doi.org/10.17487/rfc5485.
  6. Jihong, Chen. 2014. “Chinese Digital Evidence Law Overview and Suggestions for Multinational Enterprises.” Digital Evidence and Electronic Signature Law Review. https://doi.org/10.14296/deeslr.v5i0.1870.
  7. Katz, Jonathan. 2010. “Digital Signatures: Background and Definitions.” Digital Signatures. https://doi.org/10.1007/978-0-387-27712-7_1.
  8. Latimer, Paul. n.d. “Signatures, Squiggles and Electronic Signatures.” SSRN Electronic Journal. https://doi.org/10.2139/ssrn.1601169.
  9. Linh, Nguyen D. 2014. “The Electronic Signature Law in Vietnam: A Note.” Digital Evidence and Electronic Signature Law Review. https://doi.org/10.14296/deeslr.v3i0.1780.
  10. Malaysia. 2002. Cyber Laws of Malaysia: Contains Digital Signature Act 1997 (Act 562), Computer Crimes Act 1997 (Act 563), Telemedicine Act 1997 (Act 564) : As at 1st August 2002.
  11. Mambi, Adam J. 2010. ICT Law Book: A Source Book for Information and Communication Technologies & Cyber Law in Tanzania & East African Community. African Books Collective.
  12. Mason, Stephen. n.d. “Digital Signatures.” Electronic Signatures in Law. https://doi.org/10.1017/cbo9780511998058.008.
  13. Panko, Raymond R. 2004. “Digital Signatures and Electronic Signatures.” The Internet Encyclopedia. https://doi.org/10.1002/047148296x.tie045.
  14. Pekin, Law Firm &., and Law Firm Pekin. 2014. “The Electronic Signature Law in Turkey.” Digital Evidence and Electronic Signature Law Review. https://doi.org/10.14296/deeslr.v1i0.1725.
  15. Pena, Eduardo H. M., Luiz F. Carvalho, Sylvio Barbon, Joel J P, and Mario Lemes Proença. n.d. Anomaly Detection Using the Correlational Paraconsistent Machine with Digital Signatures of Network Segment. Infinite Study.
  16. Rohrmann, Carlos Alberto. 2014. “Comments about the Brazilian Supreme Court Electronic Signature Case Law.” Digital Evidence and Electronic Signature Law Review. https://doi.org/10.14296/deeslr.v3i0.1784.
  17. Ruggieri, Franco. 2014. “A Technician’s Views on the Digital Signature in Italy.” Digital Evidence and Electronic Signature Law Review. https://doi.org/10.14296/deeslr.v2i0.1746.
  18. Šepec, Miha. 2014. “Digital Data Encryption – Aspects of Criminal Law and Dilemmas in Slovenia.” Digital Evidence and Electronic Signature Law Review. https://doi.org/10.14296/deeslr.v10i0.2035.
  19. Sood, Vivek. 2001. Cyber Law Simplified. Tata McGraw-Hill Education.
  20. Srivastava, Aashish. 2012. “Legal Understanding and Issues with Electronic Signatures.” Electronic Signatures for B2B Contracts. https://doi.org/10.1007/978-81-322-0743-6_6.
  21. Stephen, James Fitzjames. 1872. The Indian Evidence Act (I. of 1872).
  22. Watney, Murdoch. 2014. “Challenges Pertaining to Cyber War under International Law.” 2014 Third International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec). https://doi.org/10.1109/cybersec.2014.6913962.

[1] Student,3rd Year,131701081,Saveetha School of Law,Saveetha Institute of Medical and Technical Sciences,Saveetha University

[2] Assistant Professor,Saveetha School of Law,Saveetha Institute of Medical and Technical Sciences,Saveetha University

Leave a Reply

Your email address will not be published. Required fields are marked *