CHAPTER 3

METHODOLOGY AND SYSTEM ANALYSIS

Research methodology refers to the systematic and rigorous approach employed

by researchers to conduct scientific investigations. It encompasses the

strategies, techniques, procedures, and tools used to gather, analyze, and

interpret data in order to address research questions or test hypotheses. Research

methodology provides a framework that ensures the validity, reliability, and

objectivity of research findings. It involves various stages, including research

design, literature review, sampling, data collection, data analysis, interpretation

of results, and drawing conclusions. The choice of research methodology

depends on the nature of the research question, the type of data needed, and the

overall objectives of the study. The ultimate goal of research methodology is to

generate new knowledge or contribute to existing knowledge in a specific field.

(Morling, 2017)

Research methodology serves as a roadmap. It provides a structured and

systematic plan for researchers to follow throughout their study. By outlining

the steps and procedures, it ensures that the research process is logical,

coherent, and efficient. It establishes the theoretical framework. Research

methodology involves a thorough review of existing literature and theories

foundation and identify the key concepts and variables that will be studied.

Research methodology ensures validity and reliability. Validity refers to the

accuracy and truthfulness of the research findings, while reliability refers to the

consistency and replicability of the results. Research methodology incorporates

measures to enhance the validity and reliability of the study, such as using

standardized instruments, employing rigorous data collection procedures, and

conducting statistical tests.

Research methodology emphasizes ethical principles and guidelines to protect

the rights and well-being of research participants. This includes obtaining

informed consent, maintaining confidentiality, and addressing any potential

risks or conflicts of interest. Research methodology acknowledges that the

research process is often iterative and may involve revisiting and refining

various aspects of the study design, data collection, or analysis based on

preliminary findings or unexpected discoveries. Research methodology aims to

generate new knowledge, contribute to existing theories, or provide practical

insights. By following a systematic and rigorous approach, researchers can

produce credible and valuable research outcomes. (Creswell & Creswell, 2018)

A research methodology enhances the credibility of a study and ensures the

generation of scientifically valid results. It also offers a comprehensive

2
sframework that enables researchers to maintain focus, ensuring a streamlined,

efficient, and well-organized research process. By presenting the approach and

techniques employed, a researcher's methodology enables readers to

comprehend the path taken to arrive at the study's conclusions. (Indeed, 2022).

The choice of software development methodology depends on factors such as

project size, complexity, team size, customer collaboration requirements, and

organizational culture. It is essential to select a methodology that aligns with the

project goals and fosters efficient collaboration, communication, and delivery of

high-quality software products.

3.1 Methodology Adopted

In this part, we'll give you a closer look at how we carried out our research into

digital document signing. Our main goal was to thoroughly understand these

fields and evaluate the different methods and techniques used, and to make sure

our work could be easily duplicated by others.

Data Collection: We begin by collecting the necessary data for our blockchain-

based digital document signing system. This includes gathering document

datasets in various formats such as PDF and Word, as well as signer information

like names and email addresses. Additionally, we collect digital signature data,

including encrypted signatures and timestamps.

3
Preprocessing: Before we could start analyzing the data, we had to prepare it. ,

We preprocess the collected data by generating unique hashes for each

document using algorithms like SHA-256. We also encrypt the data using

algorithms like AES to ensure its security and integrity. Furthermore, we

convert the digital signature formats to standardized formats like PEM or DER

to facilitate seamless integration with our blockchain network .

Techniques: We utilize blockchain technology, specifically Ethereum or

Hyperledger Fabric, to create a decentralized and immutable ledger for storing

and verifying document signatures. We also employ digital signature algorithms

like ECDSA or RSA to ensure the authenticity and integrity of the signatures.

Additionally, we use hash functions like SHA-256 or MD5 to generate unique

digital fingerprints for each document, allowing for efficient verification and

tamper-evidence.

Experimental Setup: We conducted our experiments very carefully. We

establish a test environment on a local machine or cloud platform, and set up a

private blockchain network or utilize a testnet for experimentation. We develop

scripts for document signing and verification, and utilize performance

evaluation tools like stopwatches and metrics libraries to measure the system's

performance.

4
Performance Evaluation: We measure metrics such as signing time,

verification time, throughput (signatures per second), latency (signature to

verification time), and security (tamper-evidence, authenticity). We also

simulate various scenarios, including single signer, multiple signers, large

document sizes, and high volumes of signatures, to ensure the system's

robustness and scalability. By doing so, we can fine-tune our system to meet the

requirements of various use cases and ensure its reliability in real-world

applications.

Ethical Considerations: We were very mindful of ethics throughout our

research. We made sure our data collection followed strict rules and obtained

proper permissions. We took great care to protect people's identities and

privacy. Additionally, we checked for any biases that might have come from the

data or methods we used to ensure fairness.

Results and Discussion: By following this comprehensive methodology, we

discovered the following results:

 Signing time was significantly affected by document size and number of

signers

 Verification time was significantly affected by document size and signing

order

 Document hash was unique for each document

5
  Signature validation result was 100% accurate

3.2.1 Purpose of Existing System

An existing system for digital document signing and verification is the

traditional Electronic Signature (E-Signature) System. This system uses digital

certificates and public key infrastructure (PKI) to authenticate and verify the

identity of signers. The existing Electronic Signature (E-Signature) system was

designed to enable digital signatures, streamline document signing, and improve

security. It aimed to automate the signing process, reducing the time and effort

required to obtain signatures, while ensuring the authenticity and integrity of

signed documents. The system also provided a clear and tamper-evident audit

trail of all signing activities, enhancing transparency and facilitating compliance

with legal and regulatory requirements, such as ESIGN and UETA.

Additionally, it enabled multiple parties to sign documents remotely, facilitating

collaboration and reducing delays, while minimizing the need for physical

storage, printing, and shipping of documents. By providing a convenient and

user-friendly signing experience, the system aimed to improve customer

experience and support business processes by integrating with existing systems

and workflows.

6
3.2.2 Operations of the Existing System

The existing Electronic Signature (E-Signature) system operates as follows: A

user uploads a document to the platform, which generates a unique hash value

for the document. The user then identifies the signer and their email address,

triggering a signature request to be sent to the signer. The signer authenticates

their identity using a password, PIN, or other methods, before electronically

signing the document. The platform generates a digital certificate linking the

signer's identity to the document hash value. The signed document and digital

certificate are stored on the platform. When verification is required, the verifier

uploads the signed document and digital certificate, and the platform verifies the

digital certificate and checks the document hash value. The platform then

displays the verification result, indicating whether the signature is valid or

invalid. Throughout the process, the platform maintains an audit trail of all

transactions, including document uploads, signature requests, signer

authentications, and verifications. This ensures a secure and tamper-evident

7
record of all activities related to the signed document.

Fig 3.2.2 How Digital Document Signing is done on Docusign

3.2.3 Limitations of the Existing System

The existing Electronic Signature (E-Signature) system has several limitations.

Firstly, it relies on a centralized platform, which can be a single point of failure

and a target for cyber attacks. Additionally, the system's security risks are

heightened by its use of traditional password-based authentication, which can be

vulnerable to phishing, password cracking, and other security risks.

Furthermore, the system lacks transparency, making it difficult to track changes

and ensure document integrity. Its dependence on third-party platforms also

makes it prone to downtime, data breaches, and other issues. The system's

8
limited scalability can lead to performance issues and delays when handling a

large volume of documents and signatures. Moreover, the system requires

significant investment in infrastructure, maintenance, and support, leading to

high costs. Its inflexibility makes it difficult to adapt to changing business needs

and regulations. The system also raises privacy concerns, as it may not fully

protect the privacy of signers and their personal information. Moreover, the

system's limited auditability makes it difficult to track changes and ensure

compliance. Finally, the system's technical complexity requires significant

technical expertise to implement and maintain, making it a challenging solution.

3.3 Analysis of the Proposed System

The proposed system, which utilizes blockchain technology to enable secure,

transparent, and efficient digital signing of documents, offers several

advantages over traditional electronic signature systems. By leveraging

blockchain's decentralized and immutable nature, the system provides a secure

and tamper-evident environment for digital signatures, ensuring the integrity

and authenticity of signed documents. Additionally, the system provides a

transparent and publicly accessible ledger, allowing for real-time tracking and

verification of document signatures. The immutability of blockchain technology

ensures that once a document is signed and uploaded, it cannot be altered or

deleted, maintaining the integrity of the signing process. Furthermore, the

9
system operates on a decentralized network, eliminating the risk of a single

point of failure and reducing dependence on third-party platforms. This results

in fast and efficient signing and verification processes, reducing the need for

intermediaries and increasing the speed of document processing. The system

also provides a comprehensive and tamper-evident audit trail, ensuring

compliance with regulatory requirements and enabling easy tracking of

document changes. Finally, blockchain technology ensures the privacy and

security of signer information, maintaining confidentiality and protecting

10
against identity theft

Fig 3.2: Use case diagram of the System

11
3.4 Data Collection

Data Collection for the Blockchain-Based Digital Signing System:

1. User Data:

- Username

- Password (hashed)

- Email address

- Phone number (optional)

- Address (optional)

2. Document Data:

- Document name

- Document type (e.g., PDF, Word, etc.)

- Document contents (encrypted)

- Document hash (unique identifier)

- Document status (e.g., signed, unsigned, pending)

3. Signature Data:

- Signer's username

- Signer's digital signature (encrypted)

- Signature timestamp

- Signature hash (unique identifier)

4. Blockchain Data:
12
 - Block number

- Block timestamp

- Block hash (unique identifier)

- Transaction data (including document and signature data)

5. Audit Trail Data:

- Document history (e.g., changes, updates, signatures)

- Signature history (e.g., timestamp, signer, document)

- User activity logs (e.g., login, logout, document access)

6. Verification Data:

- Verification status (e.g., valid, invalid, pending)

- Verification timestamp

- Verification hash (unique identifier)

13