iHDoc mobile doc signing

Technical Report

iHDoc - Secure NFC Mobile-Based Digital Document Signatures Prototype

Introduction

Digital signatures play a vital role in ensuring the security, authenticity, and integrity of digital documents. Traditional document signing methods often rely on cloud-based infrastructures or Public Key Infrastructure (PKI) systems, which introduce vulnerabilities such as man-in-the-middle (MiTM) attacks and increased computational demands. To address these challenges, the iHDoc prototype offers a lightweight, secure, and proximity-based approach for digital document signing. Built upon the theoretical foundation of the iDSign framework, iHDoc utilizes Identity-based Cryptography (IBC) to eliminate the need for large certificates and complex certificate management. The system leverages NFC in Host Card Emulation (HCE) mode for proximity-based mutual authentication and Bluetooth for fast data transfer. This novel approach makes iHDoc suitable for resource-constrained mobile devices, ensuring offline, in-person signing of documents with enhanced security.

Key Features

• Proximity-based Mutual Authentication: Utilizes NFC HCE mode for secure communication, in-person digital signing.

• Lightweight Cryptography: Eliminates the need for certificates using Identity-Based Cryptography (IBC) to minimize computational costs.

• Bluetooth Data Transfer: Uses Bluetooth for fast and efficient transfer of large documents.

• Offline Capabilities: iHDoc works in offline environments, unlike cloud-based solutions.

• Enhanced Security: Protects against Man-in-the-Middle (MiTM) attacks using mutual authentication and session key establishment.

Working of iHDoc

The iHDoc system is designed to facilitate in-person, proximity-based digital document signing on Android mobile devices. The system architecture consists of three main components: the Private Key Generator (PKG), the Signer device, and the Signee device.

1. Device Registration:

   • The Signer and Signee devices register their unique identities (like an email or phone number) with the Private Key Generator (PKG).

   • The PKG generates identity-based cryptographic keys for each device and securely transmits the public and private key pairs to the respective devices.

2. Mutual Authentication and Session Key Establishment:

   • The Signer and Signee devices initiate mutual authentication by tapping their devices together using NFC in Host Card Emulation (HCE) mode.

   • Using the iDSign framework, both devices authenticate each other by exchanging ephemeral keys and unique identifiers, enabling the establishment of a shared session key.

   • This session key is used to secure further communication between the two devices.

3. Document Transfer via Bluetooth:

   • Following successful authentication, the Signee device sends the document to be signed to the Signer device over an automated Bluetooth connection.

   • This Bluetooth transfer ensures fast, efficient, and secure transmission of larger files that NFC alone may not support.

4. Digital Signature Generation:

   • The Signer device generates a digital signature for the document using the Hess Identity-Based Signature (IBS) scheme.

   • The document hash, the Signer’s private key, and cryptographic parameters are used to create the signature, which is then encrypted using the session key (HTK) for secure transmission.

5. Signature Integration:

   • The encrypted signature is transmitted back to the Signee device via the secure Bluetooth connection.

   • The Signee device decrypts the signature, integrates it with the document, and stores it as a digitally signed document.

   • This final signed document can be verified on any device using the public key of the Signer.

6. Storage and Verification:

   • The digitally signed document is stored locally on the Signee device and can be verified at any time using the public key of the Signer.

   • Verification ensures the authenticity and integrity of the document, confirming that it has not been altered since it was signed.

Demo Video

Experience the working of the iHDoc prototype in action. Watch how digital document signing is simplified, secure, and fast on Android mobile devices below :-

Software

Complete Software Kit (App and Server Code) :