Friday, January 2, 2009

Watermarks, signatures and security

I just had this idea... I was thinking about computerising organisaitonal processes which require an approval signature. Suppose manager X needs to approve request R. If he has a drawing tablet, he could digitally sign a document -- that is to say associate it with the document either by overlaying it or attaching it. However, that's somewhat susceptible to hacking by taking an image of a signature and associating it with some other document. That is to say, it's hard to guarantee that the associated signature is 100% confirmed on the document being signed.

Supposing, instead, that I had software which did this:
1.) Take signature input from drawing pad
2.) Generate a hash from the signature image
3.) Use the hash as a salt for a watermark
4.) Create a watermarked document
5.) Overlay the signature image onto the watermarked document image
6.) Lodge the image hash in some collision detection database

It seems to me like I should be able to encode the signature hash into the watermark document somehow. Then, it seems like I should be able to guarantee that the watermarked document was created using the signature that's on the document.

A forger/hacker could not then take the signature and do the same thing to another document, because the duplicate hash would then get picked up by the collision detection database. Further, each colliding document could be identified by its watermark and signature hash. All anyone using the system need to is check that the document is watermarked. The system guarantees that all watermarked documents are properly authorised.

Should a *real* hash collision occur, the authorising supervisor could just re-sign the document.

This relies on every signature being subtly different. That is, the tablet must have quite high resolution to capture the slight differences of pen pressure and letter shape in each signature. This doesn't seem beyond the realms of possibility however.

And, once all it said and done, there exists a system where:
* The approving manager can just sign digital documents completely straightforwardly
* All authorised documents are stored and tracked
* All digitally watermarked documents have a full history

What does the blogosphere think?