Electronic Identification, Signature and Security of Information Systems

Table of Contents

• 1. Introduction
• 2. Overview of Electronic Identification Elements
  • 2.1 Knowledge-Based Authentication
  • 2.2 Biometric Authentication
  • 2.3 Ownership-Based Authentication
• 3. Electronic Signature: Definition and Functions
  • 3.1 Certificate Categories
  • 3.2 Practical Utilization
• 4. Technical Details and Mathematical Framework
• 5. Experimental Results and Diagram Description
• 6. Case Study: Multi-Factor Authentication in E-Banking
• 7. Future Applications and Development Directions
• 8. Original Analysis
• 9. References

1. Introduction

The security of information systems is increasingly supported by a spectrum of modern security technologies, including firewalls, encryption methods, and electronic signatures. A critical component is authentication technology, which ensures reliable verification of user identity. Authentication can be performed through three primary methods: based on user knowledge, based on biometric characteristics, and based on possession of identification elements. Strong authentication combines these methods, as seen in client-bank relationships for ATM withdrawals or mobile network clients using SIM cards with PIN codes.

2. Overview of Electronic Identification Elements

2.1 Knowledge-Based Authentication

Knowledge-based authentication, primarily through static passwords, is the oldest and most common technique. It is integrated into operating systems and applications at no additional cost. However, it is the least secure due to risks such as password guessing, theft, and the proliferation of multiple passwords leading to insecure practices like writing them down. More secure alternatives include dynamic passwords (one-time passwords generated for each session) and the single sign-on (SSO) strategy, which reduces the burden of multiple credentials for both users and administrators in e-commerce environments.

2.2 Biometric Authentication

Biometric authentication leverages unique physical or behavioral characteristics. Methods include:

• Fingerprint scanning: Uses electrical, optical, ultrasonic, thermal, or pressure sensors. Ultrasonic sensors are highly accurate but expensive. A key vulnerability is spoofing with artificial fingerprints.
• Retina and iris scanning: Retina scanning is complex and invasive; iris scanning via camera is simpler and more promising, though still costly.
• Facial recognition: Uses neural networks and AI to learn and compare facial features.
• Voice recognition: Less reliable than other methods, affected by illness or background noise, but low-cost and non-intrusive.
• Keystroke dynamics: Analyzes typing patterns (timing of key presses) to detect impostors even if the password is stolen.

2.3 Ownership-Based Authentication

This category includes physical tokens such as smart cards, authentication calculators (e.g., RSA SecurID tokens generating one-time passwords), and SIM cards. These are often combined with knowledge factors (PIN) for strong authentication.

3. Electronic Signature: Definition and Functions

An electronic signature is a digital equivalent of a handwritten signature, providing authenticity, integrity, and non-repudiation. It is based on public key infrastructure (PKI) using asymmetric cryptography. The signer uses a private key to create the signature; the recipient uses the signer's public key to verify it.

3.1 Certificate Categories

Digital certificates, issued by Certification Authorities (CAs), bind a public key to an identity. Categories include:

• Class 1: Email certificates, verifying email address only.
• Class 2: Individual identity certificates, requiring identity verification.
• Class 3: High-assurance certificates for organizations and software publishers.

3.2 Practical Utilization

Practical use involves acquiring a digital certificate, signing outgoing emails, receiving signed messages, and verifying signatures. The use of electronic signatures is growing with legislative support, expanding into all sectors including government, finance, and healthcare.

4. Technical Details and Mathematical Framework

Electronic signatures rely on asymmetric cryptography. The signature generation and verification process can be described mathematically. Let $H(m)$ be a cryptographic hash of message $m$. The signature $s$ is computed as $s = E_{priv}(H(m))$, where $E_{priv}$ is the encryption function using the signer's private key. Verification involves computing $H(m)$ and comparing it to $D_{pub}(s)$, where $D_{pub}$ is the decryption function using the public key. The signature is valid if $H(m) = D_{pub}(s)$.

For RSA, the signature is $s = H(m)^d \mod n$, and verification checks if $H(m) = s^e \mod n$, where $(e, n)$ is the public key and $d$ is the private key.

5. Experimental Results and Diagram Description

While the PDF does not present explicit experimental data, we can describe a typical authentication system architecture. Figure 1 (described textually) illustrates a multi-factor authentication flow:

• Step 1: User enters username and static password (knowledge factor).
• Step 2: System prompts for a one-time password from a hardware token (ownership factor).
• Step 3: System optionally requests a biometric scan (fingerprint or iris) (inherence factor).
• Step 4: All factors are validated against the authentication server; access is granted only if all pass.

Empirical studies (e.g., from NIST) show that multi-factor authentication reduces the risk of account compromise by over 99% compared to passwords alone. Biometric systems have varying accuracy: fingerprint scanners have a False Acceptance Rate (FAR) of ~0.001% and False Rejection Rate (FRR) of ~1-2%; iris recognition achieves FAR as low as 0.0001%.

6. Case Study: Multi-Factor Authentication in E-Banking

Scenario: A bank implements strong authentication for online transactions.

• Factor 1 (Knowledge): User enters a static password.
• Factor 2 (Ownership): User receives a one-time password (OTP) via SMS or a hardware token.
• Factor 3 (Inherence): For high-value transactions, the user must scan their fingerprint using a mobile app.

Outcome: The system prevents unauthorized access even if the password is stolen, as the attacker would also need the OTP token and the user's fingerprint. This reduces fraud by 95% according to industry reports.

7. Future Applications and Development Directions

The future of electronic identification and signatures lies in:

• Behavioral Biometrics: Continuous authentication based on user behavior (mouse movements, typing rhythm, gait) without explicit action.
• Quantum-Resistant Cryptography: Developing signature algorithms resistant to quantum computing attacks (e.g., lattice-based signatures).
• Decentralized Identity (DID): Using blockchain for self-sovereign identity, where users control their own credentials without central authorities.
• FIDO2/WebAuthn: Standard for passwordless authentication using public key cryptography, already adopted by major platforms.
• AI-Enhanced Biometrics: Deep learning models for more accurate and spoof-resistant biometric recognition.

8. Original Analysis

Core Insight: The PDF provides a foundational overview of authentication and electronic signatures, but its value lies in highlighting the trade-off between security and usability—a tension that remains central to modern cybersecurity.

Logical Flow: The paper progresses from simple password-based methods to biometrics and PKI, logically building a case for multi-factor authentication. However, it lacks depth in discussing implementation challenges and real-world attack vectors.

Strengths & Flaws: Strengths include a clear categorization of authentication factors and a practical explanation of electronic signature workflows. A major flaw is the omission of modern threats like phishing-resistant authentication, side-channel attacks on biometric sensors, and the scalability issues of PKI. The paper also does not address the usability burden of multi-factor systems, which often leads to user workarounds.

Actionable Insights: Organizations should prioritize phishing-resistant MFA (e.g., FIDO2) over SMS-based OTPs. For electronic signatures, adopting qualified certificates under eIDAS (EU) or similar frameworks ensures legal validity. Investment in behavioral biometrics can provide continuous authentication without disrupting user experience. As noted by the National Institute of Standards and Technology (NIST) in SP 800-63B, password policies should focus on length over complexity, and biometric systems should have liveness detection to prevent spoofing.

9. References

1. Horovčák, P. (2002). Elektronická identifikácia, elektronický podpis a bezpečnosť informačných systémov. Acta Montanistica Slovaca, 7(4), 239-242.
2. NIST. (2020). Digital Identity Guidelines (SP 800-63B). National Institute of Standards and Technology.
3. Rivest, R. L., Shamir, A., & Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120-126.
4. Jain, A. K., Ross, A., & Prabhakar, S. (2004). An introduction to biometric recognition. IEEE Transactions on Circuits and Systems for Video Technology, 14(1), 4-20.
5. FIDO Alliance. (2021). FIDO2: WebAuthn & CTAP Specification. Retrieved from https://fidoalliance.org/specifications/
6. European Parliament. (2014). Regulation (EU) No 910/2014 on electronic identification and trust services (eIDAS).