Escolar Documentos
Profissional Documentos
Cultura Documentos
I. INTRODUCTION
E-mail or electronic mail is one of information technology that widely used by the business/employee in
communication activities. As it grows, the email not only as an additional component to communicate but also
has become a crucial requirement in business development itself [1][2]. Email is often incorporated as personal
data as well as the company in the communication business. During the process of sending an email, while the
destination address is correct, then the email will not lead problem in the future. However, the problem will
occur when email is sent to the wrong address and accepted by the unauthorized recipient. On the other hand, it
also needed the system that could verify if the parties are not responsible for any changes of email content while
the sender does not know about it [3]. This condition will arise a problem and misunderstanding between the
sender and the recipient.
________________________________________________________________________________________________
IRJCS: Impact Factor Value SJIF: Innospace, Morocco (2016): 4.281
Indexcopernicus: (ICV 2015): 79.58
2014- 17, IRJCS- All Rights Reserved Page -4
International Research Journal of Computer Science (IRJCS) ISSN: 2393-9842
Issue 11, Volume 4 (November 2017) www.irjcs.com
Digital Signature is a system that can be used to prevent the problem of email sending process. In this process,
the Digital Signature can perform the function of authentication, integrity, and non-repudiation for checking
email content [4]. Digital Signature is expected to prevent an error while sending the document via email and can
execute a verification process. Furthermore, the email can be categorized as a correct or legitimate email. The
implementation of Digital Signature including an encryption function that can protect the data, so that the
content of the data will not be able to understand by unauthorized parties [5]. Therefore, there is a requirement
of a system that can integrate the implementation of digital signature and encryption in the process of sending
data via email. The digital signature will increase the security of email users regarding the legitimacy or validity
of the receiving data [6]. On the other hand, the public awareness about the importance of an email
communication must be improved. The transaction has to be maintained according to validity and safety process
of sending data/information via email [4]. The user can understand regarding how the digital signature is
working and the process of its integrity to the client email application. The objectives of this study are:
1. To perform analysis and to demonstrate that the use of digital signature can improve the authentication,
integrity, security, and non-repudiation of data that is sent by email
2. To implement the data encryption for protecting content from the unauthorized user.
The organization of this paper is as follows. Section II presents the research methodology. Section III discuss the
research methodology. Section III describes the topology design of implementation and testing. Section IV
discusses the findings. This paper is closed by a conclusion in Section V.
________________________________________________________________________________________________
IRJCS: Impact Factor Value SJIF: Innospace, Morocco (2016): 4.281
Indexcopernicus: (ICV 2015): 79.58
2014- 17, IRJCS- All Rights Reserved Page -5
International Research Journal of Computer Science (IRJCS) ISSN: 2393-9842
Issue 11, Volume 4 (November 2017) www.irjcs.com
Secret Key = X
hi H M i , hi 1
Mi
hi 1
One way Hash Function
hi
Figure 4. Hash Function
E. Digital Signature
Digital Signature is applied to authentication functions, integrity checking, and non-repudiation functions on data
or document. Digital Signature created in the cryptographic values that depend on message and message sender.
Some functions of Digital Signature are as follows:
a. Provides Integrity checking process
Data integrity is related to securing of unauthorized data changes. For maintaining data integrity, the system must
have the ability to detect data manipulation by unauthorized parties, including insertion, deletion, and another
data submission into actual data.
b. Provide Authentication process
Authentication relates to identification/ recognition, both in the system and the information itself. Two parties
who communicate with each other must introduce each other. The information transmitted over the channel must
be authenticated, the contents of the data, the delivery time, and so on.
c. Provide non-repudiation process
Non-repudiation is an attempt to prevent any denial of the transmission/creation of any information by the
sender. In the data sending process using Digital Signature, the encryption method is only in the data
hash/Message Digest which is intended to authentication processing for the sender. Here is an overview of the
process, and the basic concepts of Digital Signature [17][18]. Figure 5 shows a public key exchange illustration. If
User A and User B want to exchange keys and communicate, then:
a. User A and User B create two keys
User A creates two keys, public key Kpublic [User A] and a private key Kprivate [User A]
User B creates two keys, public key Kpublic[User B] and a private key Kprivate[User B]
b. They communicate each other to exchange the key
User A and User B exchange public keys each other. User B gets Kpublic[User A] from User A, and User
A gets Kpublic [User B] from User B.
User A encrypts Message Digest P to User B with function C = E(P, Kprivate[User A])
User A sends the C data to User B
User B receives C from User A and open the text-light with the function P = D(C, Kpublic[User A])
The same process occurs when User B is going to sending a message to User A:
User B encrypt Message Digest P to User A with function C = E(P, Kprivate[User B])
User A receives C from User B and opens the Message Digest data with function:
P = D(C, Kpublic[User B])
The Digital Signature is performed in data/document through several steps as follows:
a. A hash function is used on data to be sent based on the Hashing / Message algorithm. The result in Message
Digest or a Hashing value to the data to be sent.
b. Message Digest is encrypted using the private key and generates data called Digital Signature.
c. Each data submission which accompanied by Digital Signature to ensure that the data is valid and no one to
make changes without the consent of the data sender (called integrity).
________________________________________________________________________________________________
IRJCS: Impact Factor Value SJIF: Innospace, Morocco (2016): 4.281
Indexcopernicus: (ICV 2015): 79.58
2014- 17, IRJCS- All Rights Reserved Page -7
International Research Journal of Computer Science (IRJCS) ISSN: 2393-9842
Issue 11, Volume 4 (November 2017) www.irjcs.com
Message Message
Digest Digest
Message
Digest
Yes
Digital Signature combines the Hash function to checking data integrity and encryption functions using public key
cryptography for the authentication process. Figure 6 illustrates the formation process and digital signature
verification.
F. Encryption Function in Data Delivery Process
The use of encryption in the data delivery process is doing for the following purposes [19] :
a. Preventing from sniffing, or the existence of data tapping during the data transmission process which affects
the existence of data during the transmission process/data.
b. Improving data security if the data is on the parties who are not entitled. The process will perform if there is
an error found in data delivery due to human error.
Figure 7 illustrates the encryption and decryption process by using asymmetric encryption. This process can be
described in the following:
1. Public key exchanges are performed as outlined in the previous chapter.
If User A and User B want to exchange keys and communicate, then:
User A and User B exchange public-keys with each other. User B gets Kpublic[User A] from User A, and
User A gets Kpublic[User B] from User B.
User A encrypts data to be transmitted P to User B with function
C = E(P, Kpublic[User B])
User A is sending the C data to User B
User B receives C from User A and open the text-light with the function P = D(C, Kprivate[User B])
2. The same thing happens when User B is going to sending a message to User A:
User B encrypt Message Digest P to User A with function:
C = E(P, Kpublic[User A])
User A receives C from User B and open Message Digest data with function:
P = D(C, Kprivate[User A])
b. HOST B (rhema@riesaputra.info)
HOST B uses google mail server as MTA and MDA, while Open PGP act to perform digital signature and encryption
function. HOST B will deliver data/information via email using a digital signature and encryption functionality to
HOST A.
c. HOST C (abc@yahoo.com)
HOST C uses yahoo mail server as MTA and MDA without digital signature and encryption functions. HOST C is
used for acceptance process email testing from HOST A. Those emails are encrypted using a digital signature.
d. HOST X (fake identity for xyz@gmail.com)
HOST X employs as fake email sender in Android for email spoofing or email address identity fraud. HOST X will
try to transmit data/information to HOST B while HOST A faked email addresses without the use of digital
signatures and encryption.
For the test environment in this research, several preparatory steps are taken to implement, and testing process
in the following:
1. Implementation preparation stage
Several steps should be prepared namely: Create a new email account, enable IMAP protocol for withdrawal
the email content, installation process of gpg4win-2.1.0, add-on installation process, and installation process
Enigmail-1.4.6-sm + tb.xpi to access email by using a software program related to e-mail content delivery,
receipt of email content, digital signatures, and encryption
2. Implementation and Function Testing Stage
Implementation and testing run on the overall function of data/information transmission through email, and
the digital signature on the transfer of data/information.
3. Test Result Analysis
This stage we conduct analysis results of the implementation and testing function that has been done so that it
can be concluded that a comprehensive review of case studies carried out.
IV. RESULTS AND DISCUSSION
The test results analysis based on design implementation topology is as follows:
a. In the case of sending email without digital signatures and encryption, it is hard to identify the origin of
recipient email message. The contents of email cannot be ascertained according to its validity because it cannot
be verified. Furthermore, it cannot be ensured the confidentiality of the email contents because it is not
encrypted during the sending process (Figure 10).
From: xyz@gmail.com Sender email (HOST X)
________________________________________________________________________________________________
IRJCS: Impact Factor Value SJIF: Innospace, Morocco (2016): 4.281
Indexcopernicus: (ICV 2015): 79.58
2014- 17, IRJCS- All Rights Reserved Page -11
International Research Journal of Computer Science (IRJCS) ISSN: 2393-9842
Issue 11, Volume 4 (November 2017) www.irjcs.com
b. For the sending process of data/information through email which is using digital signature and encryption, the
data transmitted remained safe and kept confidentially. This process is performed in the case of incorrect of
the recipient address. For example, email delivery error from Host A to Host C. The contents of the email
cannot be read by the recipient of the email (Host C) which is not entitled to receive it (Figure 11).
c. It can be proved that the process of sending data/information by email which uses digital signature and
encryption have particularly the ability to make the process of digitally sign and encryption processes.
Furthermore, the recipient can do the verification and decryption process on the email content which is
received. The test result can be seen in Figure 12.
From Rhema.Riesaputra Sat Feb 15 18:22:49 2016
X-Apparently-To: abc@yahoo.com via 98.139.211.222; Sat, 15 Feb 2016 Recipient Address (HOST C)
18:22:54 -0800
cnlwdGVkLmFzYwNhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0DAzI-
X-YMailISG: 8gdi9vMWLDvSOsTAUHc1iY1rgivNTr..7QX.5kAyfZ2.1.X4
k6WEBi3KY.djmpQR1SUyMVDQtYMT._GgBM7hpfWLmUpvLGMLRpX2BpLjYE51
KaCBtapJvgaEtos3_VjLVBqg1OstjaxvvoCT1Joa7ATGKNw.pZnSDc1BTA7D
8Id6bHjjH5yOvqVwyRUhOnXrGAPpB9WuAMODB4kucG3RbL6VTwRMnj6drgkh
IJ3dfk.hwmyvNDExw2ERtzFd7Cznaxwn6irR_UVdQgRWZJ.IV5_6W4TrcpWu
.YHgedDtcjkIzdXGm1egNocCxiBRoVg0GZYt8RAPRmJCks9AKnhwN0m53oEY
DTU4s0b29d8.XfnwKkOwTFJdx1Q3rmHnr58LqwWxCqZa8WeRJ3r8HcgVX0v0
0tEiTNvrne8fNZtXFSEkPH0nmARFCVS4YOCxHbVc8fEzSinjkyXuQ1yyyPWH
M3E9x3wSPPbxJqw9TxSukPYwKdmX3ERru9c2xMi3dVW5DToAQoOxBSLS78N6
yC4Se7qAACSDAdfLQz62_IQ7Bca57r77HAKrCZnlvB_d0fskAMJyfDkgqhDx
zzbr4PBMHeFSA3p.IGRwxKUVAUeTohZbpV5XD528fJc9hqLGoyoZkuzt.10y
vw_rvs6bHR21mjK2SpP1TzZW6DbE8PjwGt1vVPVWOBe6OLYRxVGVsJUVLNJ9
Rk0Vj4PNhzE.XqCwX1aZIgunMbz3yfZ0XH092XAANsUpDT4y5cjhJ12wOz96
HOST A sent an encrypted email
DT9U3C0R3aq2_M6rbZK0tCNWhOd9VLlBVDpQywa7I7u9Zo6IiiQNsPMuxxLw
eZm9fSC0HqQ.AFfleSzphnRSmt6vRD12po0xL.FHpySB01m7LMkDG9ip5bBM
bWrwtfcaAcBezyQcO2T3NCiUKNLSjZ6R7y0R8.jkoCDRq3J4.w4rQKRViG5G
7vzc.maNqkLxNLTVwX2aCH6m2_VqGdk4M_JffdiTSeH_KYw4LrCfJ6M8p6eY
vKI.faFZGM_XcaZfSB7T9TCUKhNHHR9nNtOlu.uejxPY__YPvJSr6fLrex9h
Sw20MAh2AfQeu64Oc.jDPrrFWpjqlRPSuu3QRbOKZkrl3ZEafL19yrd4.Yr5
LX_8xHeg447.TDusgGeQ37vFWsTUgT4SwMTQS9SHNPfPXqeo3I5Ffv7oeQj0
wKY4euYVrAc4uAD48lNOasvWpZYeQ12OjnI7nCfscxcKKXXtxQt88Pc7zswY
.ViPLVMTYdykueVAJXoU5ZBaFiS.IlDJSD3Wxh.nCkXyMxa60rKfAA9MyqLV
cP.p136HdzYC317f64rptVa_Npnesr8gblKrCFeSWR47o24Sea3c.zkXwLAP
HZpFoPW6jkQ4ww5uAK1f4B.TIsOmkm2oQdQTrd38ZGTJ0Yy4mk.hvsAH2q1r
GHRZcKFquBTNVLPFtwsjo4OlfNrBiM.nZGjm36jAWMXqEtSzMH_ia1aAgFML
7AQ9o_dyeLBaswxUyGJg8rIk.uysECXm4KuiMz22W_Aurhyi9HfgHbJZO8IY
02X4qIvYmCIGq7kQCSfmzj3f7RpvGG_nBJUL.bY-
Suggestion
As for suggestions and to improve the function of digital signature and encryption technology related to this case
study, can be described as follows:
1. It is recommended to determine the time/expiration period on each key certificates are created and
transmitted. The period key certificate can be adjusted to the needs how long the delivery of communications
data/information via email will be done.
2. The additional applications for digital signature and email encryption such as Open PGP applications should
not be downloaded from unreliable sources. Verify with the checksum method to see if the application is
obtained from a trusted source. Verify the checksum method to determine whether the application is obtained
from reliable sources.
b=qHdYbj1nvQ4rGdgoVDuyZR7FQO8QcrSsiag83kv1VWXxh6Z+PCLUBwMGVXFadbjQSN
zT5IhtgZSCjYNX3J/p6KHTxpEAZS0fmYDqCU8oh45wAEZ40yIiWp9vDXGe0xX2fNlJ3m
q09UYGuTta+qojsdcai80wz6jL7S8ZMjTr69Sft2teczlgMwNQ9eC8JmaJuvq53PMQ5x Digital Signature
InSjtTDEkX9x3V3kVMAYFQjiyQjwCB4B1kivRbHAGoYgEE7TxSU4EJR4uiQa/ggTz6jN
YJbjNPSy04/5OxttHm+dh6AVNyEm6/8f9VBTlYghkJXS9I/zyOJTNrTknBSkvSUDysPG
+OhA==
X-Received: by 10.68.112.164 with SMTP id ir4mr16079439pbb.153.1392483775384;
Sat, 15 Feb 2016 09:02:55 -0800 (PST)
Return-Path: <rhema.riesaputra@gmail.com>
Received: from [127.0.0.1] ([203.176.181.60])
by mx.google.com with ESMTPSA id qq5sm28760033pbb.24.2014.02.15.09.02.53
for <rhema@riesaputra.info>
(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
Sat, 15 Feb 2016 09:02:54 -0800 (PST)
Message-ID: <52FF9DB8.30800@gmail.com>
Date: Sun, 16 Feb 2016 00:02:48 +0700
From: "Rhema.Riesaputra" <rhema.riesaputra@gmail.com>
Information concerning Mail User
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Agent HOST A
Thunderbird/17.0.8
Information about Subject Email that
Subject: Bonus Transfer sent by HOST A
X-Enigmail-Version: 1.5.2 Add-On Information according to Mail
User Agent HOST A
This is an OpenPGP/MIME encrypted message (RFC 4880 and 3156)
--OWQkRscQI5glTBhEi0bKs2QqhaP1sKEbI
Content-Type: application/pgp-encrypted
Content-Description: PGP/MIME version identification
hQELAwHK4MrK5+PgAQf4wgZ0fmGpHSk1+grv/Lgc2LKhy+633eJTaQwcA2ciZb0T
dHd/5sDWlV+5iDkwmy7EGAB8YUM+zF3xLe4OAIeidu+qoImk1Ks+GmuoMVZeZWFp
Jp4F/hBx1jmmgBrWGsh8xxsw0nMELLHyQvnalNM5EUPMxwU0lTIHkKoKjq5UXLKb
L/qUyJF3izIAaoG0VvU0vg3ZdeHY/f6cSl2YOYHl1G5C3ZGRnizbEsaylVC0fekR
/1knXoCbzVIx07PNAsO6Ld/R2OAKDt36z/Rzdfawu1T/2lnF7fKo9vU091yA2CLL
sErObyGwNZ1VkveuNSFAw+QOZ0tNtrOJi1pU6iczhQEMA6jIyC1aVcTcAQf/aaZt
b9APb3umRqQxX6q9YzqvHheDR9O0RqgvL+hDPPWvL5QYjwn0rOQgcTlC0sEISgR1
Wx6QD/c2fNvTNYqpKgZnG3xSzcP7AxBZEjh62Rg9jkaiqYEU7s1k/oKIxvqtvr+7 The example of encrypted data/
XJ4azMT25Rx2evhNNg5iJyb7XwY2OkAJIRF10qU8lcNA0fHFERBuUcCYsEiO+m2W information that sent by HOST A
UGpPATFxrRv2JM6lg4joaaHDv96QZG1iUW+W3PO9ajoI6SqbwDzIJzaZ8rmTU1KU using application Open PGP
Mkq3/j+LaQkpbcFkMtdvfSLd1I1w/LDqhIz69U4R63d0YWxThMfunC1dUA2olSHI
yR+/VthcFzFk6GgrcdLpAaLhyhOHB4YIGtDZHjpuESZ01WkzxCCr8WSF0/I26qgu
fOUv/xtOl4xeIgBi4aB5g5pCkocpUrJV5M/n9J9erKrwryorOFiY8sg77MEPBftf
KX5YAqpfmHaRdWp240+FxSUXkezRwMvQzq5gc5R0AmwUKPIVdIzIW2IbBHOFwq08
ECIKWIXntjboC7zIiINj6NjbMesjkgVXRkgC+iH+RvAeg7AVaI8Xr3vbiYYfHb58
PxMs0Z3xVJQ1hEYqL8Yov6spdIkEHHmpK7LA8HBVqqNBkiuALRG+lF3jjmJvaHdJ
v8OohUGm8j27wILAZUtXGMb9iSgPp9hnQFG3jqdwLpuh9kBSZliC+JnpNoY1aRWR
DMKfeYEV6rk0qfNsRNuvH5yZuHfEk7ckATl84n/7Y3FdHRa8w7UOzf7GfQ2etwEH
/VmmyZnmtC1e8WFlhK/wHbH0mQrTzduceoI/iT4n3hnEZ3YO68QJTWW+BRrxXFXE
Z2FC2f6YFuR/muv00FLTHV8GvQlFD600JVYWTym+m4lvhrZPOaircWErKLbqxkvQ
BaDlBAuQtW07jdZVpdUI+Jp9J6xuh8ufchGrb0YVfL3GFJIQC4xRYlYK9ba11XDW
wzYWi/7Do3kLYeYcNKqgYpxDwn4Tv9+hv//5hT4/gUZ7T+Iq8AiZzSwQXTN4GYta
ztiP8foI7dcNgTbEPDptey9ch3mYvOtvE5lJbWZ2t+CDMf01eZ0kSc5ppFE/Gcii
b0wvgcudUndZ6TP68x5IpaZe7pK5gqzfFvg1zBuampDgrsXNyJPQahwz
=mJzV
-----END PGP MESSAGE-----
________________________________________________________________________________________________
IRJCS: Impact Factor Value SJIF: Innospace, Morocco (2016): 4.281
Indexcopernicus: (ICV 2015): 79.58
2014- 17, IRJCS- All Rights Reserved Page -13
International Research Journal of Computer Science (IRJCS) ISSN: 2393-9842
Issue 11, Volume 4 (November 2017) www.irjcs.com
REFERENCES
1. Danielle S. Agnew and K. Hill, EMAIL ETIQUETTE RECOMMENDATION FOR TODAYS BUSINESS STUDENT, in
Academies International Conference, 2009.
2. A. Adriansyah and Kasmad Ariansyah, APLIKASI SHORT MESSAGE SERVICE (SMS)DAN EMAIL SEBAGAI
MEDIAKOMUNIKASI DATA DALAM SISTEM PEMANTAUAN SUHU, Bul. Pos dan Telekomunikasi., vol. 9, no. 2,
2011.
3. Lijun Liao and Jorg Schwenk, Secure Emails in XML Format Using Web Services, in Web Services, 2007.
ECOWS 07. Fifth European Conference on, 2007.
4. S. Koppula and J. Muthukuru, Secure Digital Signature Scheme Based on Elliptic Curves for Internet of Things,
Int. J. Electr. Comput. Eng., vol. 6, no. 3, pp. 10021010, 2016.
5. Yoshiaki Shiraishi, M. Mohri, and Hitoshi Miyazaki, A Three-Party Optimistic Certified Email Protocol Using
Verifiably Encrypted Signature Scheme for Line Topology, in Cyber Security and Cloud Computing (CSCloud),
2015 IEEE 2nd International Conference on, 2016.
6. M. A. Sadikin and R. W. Wardhani, IMPLEMENTATION OF RSA 2048-BIT AND AES 256-BIT WITH DIGITAL
SIGNATURE FOR SECURE ELECTRONIC, Commun. Inf. Technol. J., vol. 10, no. 2, pp. 6369, 2016.
7. Eric Conrad, S. Misenar, and J. Feldman, CISSP Study Guide. Syngress, 2010.
8. Rafik Hamza, A novel pseudo random sequence generator for image-cryptographic applications, J. Inf. Secur.
Appl., vol. 35, pp. 119127, 2017.
9. S. Sharma and Harshali Zodpe, Implementation of cryptography algorithm for E-passport security, in
International Conference on Inventive Computation Technologies (ICICT), 2016.
10.[10] S. Feizi, A. Ahmadi, and Ali Nemati, A hardware implementation of Simon cryptography algorithm, in
International Conference on Computer and Knowledge Engineering (ICCKE), 2014, 2014. S. Harris, ALL IN ONE
CISSP. Mc Graw Hill, 2008.
11.A. Wahab, R. B. Bahaweres, A. Mudrik, Muhaemin, and R. Sarno, Performance analysis of VoIP client with
integrated encryption module, in Communications, Signal Processing, and their Applications (ICCSPA), 2013
1st International Conference on, 2013.
12.A. Roy and S. Karforma, A Survey on Digital Signatures and Its Applications, J. Comput. Inf. Technol., vol. 3,
2012.
13.E. F. Yakhya, Penerapan Algoritma Kriptografi Kunci Publik untuk Repository Organisasi, no. Bandung,
Institut Teknologi Bandung, Jl Ganesha, 2013.
14.RSA Algorithm. H. Bidgoli, Handbook of Information Security, Key Concepts, Infrastructure, Standards, and
Protocols. John Wiley & Sons, Inc, 2012.
15.X. Weihua, An Digital Signature Method Applied for Distributed Rending Submit System, in IEEE ICIS, 2017.
16.H. K. B. Ponnapalli and A. Saxena, A Digital Signature Architecture for Web Apps, IT Prof., no. April, pp. 4249,
2013.
17.Y. A. N. Xu, M. Wang, H. Zhong, J. I. E. Cui, L. U. Liu, and V. N. L. Franqueira, Verifiable Public Key Encryption
Scheme With Equality Test in 5G Networks, IEEE Access, vol. 5, 2017.
________________________________________________________________________________________________
IRJCS: Impact Factor Value SJIF: Innospace, Morocco (2016): 4.281
Indexcopernicus: (ICV 2015): 79.58
2014- 17, IRJCS- All Rights Reserved Page -14