Proposed Approach of Digital Signature Technology for Building a Web Security System Based on SHA-2, MRC6 and ECDSA

Abstract

The current web security algorithms faced some drawbacks which making them under breakdown situations, these algorithms are such as SHA-1 and MD5 which they are already hacked. This work proposes a new digital signature scheme for building a web security system that can avoid using these algorithms, so we use SHA-2 algorithm instead of them since this algorithm can be considered as not hacking algorithm at least for next years. This algorithm is currently used for database security of a client-server system, while our work exploits this algorithm for another purpose regarding to authentication process to secure users login and create new users processes. Our technology approach is proposed to use digital signature architecture based on the MRC6 algorithm to encrypt data and SHA-2 algorithm to create a digital signature by Elliptic Curve Digital Signature Algorithm (ECDSA). So, data are encrypting by the MRC6 algorithm, then extracting hash values from these data for using its inside ECDSA algorithm to generate a digital signature, after that, we merge these encrypted data with a digital signature to send them together to web server. Implemented results show that our proposed architecture can achieve the conceptual goals for web security including; confidentiality, integrity and non-repudiation, and authentication. Finally our proposed architecture is implemented using C# and SQL server.