Digital signatures are a technological innovation designed to facilitate the document authentication process. They obviate the need to spend time printing documents and then affixing “wet” signatures.
Digital signatures are becoming increasingly popular in Indonesia, especially since the Covid-19 pandemic hit. Besides being practical, they are also considered more secure, because each one is unique, like a fingerprint. Without a verified identity, it is difficult to falsify documents and the data contained in them.
However, this does not mean that digital signatures are immune from cybercrime risk. What should be done, then, to ensure that digital signatures are fully protected?
One of the most dangerous threats is malware attacks. Digital signatures contain an embedded system to identify the user accessing the document. The system is programmed to restrict access from unknown users or perform suspicious activities. This alone cannot protect digital signatures from malware attacks, though, because malware can camouflage itself to resemble an authenticated user. Some malware even takes the form of an anti-virus application. So, how can we protect a digital signature from this kind of danger?
What you need to do is to implement a system that restricts access to private keys so that only the owner of the digital signature can access it. This can be done using an accurate biometric-based identity verification system.
With biometrics, only you can use a digital signature and no one else. This method is much more secure than having to perform signature-access management with password-based authentication and verification protocols.
Hackers can avoid thorough detection. One of the most famous methods used for this is the master-key compromise procedure. This method doesn’t exploit a leak from the digital signature itself, but rather takes advantage of a flaw in the Android system that cannot detect mismatches in app data. As a result, hackers can also create Android applications that contain malware code on the system.
The most effective solution in dealing with this kind of problem is simply to be careful when downloading applications. If you encounter a message that the download source is not approved and cannot be verified, immediately cancel the process.
In the face of security risks, many companies are focusing on building their defensive walls. In fact, strengthening the internal system itself is no less important. With a strong internal defense system, the level of digital-signature security is even higher.
Companies should consider using digital certificates as well as key management systems. Security can also be increased by storing private keys on a network separate from the general activities of the company. Lastly, your company’s security infrastructure should be provided by a trusted and reputable electronic-certificate provider.
Digital-signature technology itself already offers an adequate security system. Even so, that does not mean you can be careless when using digital signatures. For increased security, we recommend using signatures that are issued and have been certified by a Certificate Authority (CA). In addition to having an official certification, VIDA also has a digital-signature infrastructure based on cloud computing with global standard security protocols.
So, how do you go about obtaining a secure and certified digital signature? Make sure you choose a vendor that has a good reputation and has been approved by the competent authority. One such vendor is VIDA. As a Certificate Authority, VIDA has been registered and certified at the Ministry of Communication and Information (Kominfo).
Read: Digital Signatures Hold Potential for New Opportunities in the Digital Economy