semnaturi pkc
Post on 02-Jun-2018
232 Views
Preview:
TRANSCRIPT
-
8/10/2019 semnaturi PKC
1/26
1
AcademiaTehnicaMilitaraBucuresti
20102011
Curs:Curs:
SECURITATE INFORMATICASECURITATE INFORMATICA
Prof.Dr.VictorValeriuPATRICIU
B.ElectronicSignaturesandPKIB.ElectronicSignaturesandPKI
-
8/10/2019 semnaturi PKC
2/26
2
AUTENTIFICAREA PRIN SEMNATURI ELECTRONICEAUTENTIFICAREA PRIN SEMNATURI ELECTRONICE
Semnaturi, Certificate digitale,
Liste de revocare, Cai de certificare
Componente PKI : CA, RA, Repository, Useri
Arhitectur PKI
Certificate X.509 CRL-uri
Construirea si validarea cailor de certificare
Time-Stamping
Digital (Electronic) Signature
-creating & verifying-
-
8/10/2019 semnaturi PKC
3/26
3
Digital Signatures
It signs a message digest
Two digital algorithm types:
- digital signature with message recovery (ex.RSA)
- digital signature without message recover (ex.DSA)
Digital Signatureswith Message Recovery without Message Recovery
-
8/10/2019 semnaturi PKC
4/26
4
Recommended Signature Key Length and Algorithms
-for e-commerce use-
Signature Algorithms
-1024 bits key RSA;
-1024 bits key DSA;
-160 bits key DSA with elliptic curves
Hash Functions:
-RIPEMD 160
-SHA-1
Public-Key Distribution
-
8/10/2019 semnaturi PKC
5/26
5
Public-Key Distribution
Digital Certi ficate
Is a person really who claim?
How do you know that the public keyyou got from a person really bellongs to
this person?
Solution: CERTIFICATE- like anInformation Highway Driver Licence
-
8/10/2019 semnaturi PKC
6/26
6
Digital Certificate X 509 V3
Certifi cate contents:
Version number is 3
Serial number is a monotonicallyincreasing integer value (guarantiesthe unicity of serial number forissuing CA)
Issuer name is populated with X.500s ngu s e name
Subject public key corresponds to astandard algorithm
Signature field identifies a standardsignature algorithm.
Digital Certif icate X 509 V3-extensions-
X.509 v3 standard extensionsstandard extensions -separated into groups :
1. key information (authority key identifier, subject key identifier, key
,
2. policy information (certificate policies and policy mappings)
3. user and CA attribu tes (subject alternative name, issuer alternative
name, subject directory attributes)
4. certification path constraints (basic constraints, name constraints,
policy constraints)
Authority key identifier extension contains a key identifier, if not necessary
the issuer name and the serial number
CRL distribution points extension contains the location where CRL may be
found
Authority information access extension contains the repository in which the
own CA certificate may be found
-
8/10/2019 semnaturi PKC
7/26
7
Sample Digital Certif icate
End-Entity Certif icates
Are issued to sub ects that are not CAs
Contain public keys used for verifying digital
signatures or for performing key management
Subject: human user or system (Web server orrouter)
- User certificates
- System certificates
-
8/10/2019 semnaturi PKC
8/26
8
End-Entity CertificatesUser certificates System certificates
.distinguished name or DNSstyle
.distinguished name or DNSstyle
Validity period No more than 3 years No more than 3 years
Key usage extension Is critical extension. Is critical extension
Extended key usage Non-critical extension.
or e servers- an
For routers- IPsec
Certificate policiesextension
Non-critical extension. A singlepolicy
Non-critical extension. A singlepolicy
Subject alternative nameextension
Non-critical extension. Includesthe user e-mail address.
Non-critical extension. Includesthe computer DNS name. Forrouters contains the IP address.
CA Certif icates
Are issued to subjects that are CAs
Contain public keys used for verifying digital signatures on
certificates and CRLs
Must contain sufficient information for certificate users to
construct certification paths and locate CRLs
Subject: other CA in the same enterprise or a CA in other
3 types:- CA certificates within an enterprise PKI
- CA certificates between enterprise PKIs
- CA certificates in a Bridge CA Environment
-
8/10/2019 semnaturi PKC
9/26
9
Self-Issued Certif icates
Issuer and Subject are the same
Used to establish trust oints distribute a new si ninpublic key or modify the certificate policies supportedin a PKI
3 types:- Trust point establishment
- Rollover certificates (Introduce a new certificate or CRLsigning key. A CA issues a pair of key rollover certificates
-. ,the new private key. Second - contain the new public key,signed with the old private key. In this way subscribers withcertificates signed with the old private key and subscriberswith certificates signed with the new private key can validateeach others certificates.
- Policy rollover certificates
Public Key Infrastructure
PKI- Set of components (hard & soft), that workto ether for usin in a secure manner ublic-ketechnology
CA- a trusted authority -which provides astatement (the Digital Certificate) that the enclosed
public key belongs to the person whose name isattached
- -
-organization to its employees-company to its employees
-university to its students
-public CA (like VeriSign) to their clients
-
8/10/2019 semnaturi PKC
10/26
10
Certificate Authority
CA
Certificate Directory
(X.500, DNS, etc.)
e,public-key
e
rtificate
Encrypted & Signed Message
Na
UserUser
Root CA
CA Hierarchy
CA CA
CACA
-
8/10/2019 semnaturi PKC
11/26
11
Certificate Revocation
A certificate must be revoked when:-the private key pair is compromised ;-the private key pair is lost;-the person leaves the company.
All users know to no longer trust in certificates; Relaying parties check CRL before using a certificate; Caching a CRL in a local cache Rather than one long CRL, keep multiple shorter CRLs .
Distribute the CRL to multi le laces and s read the loadusing the certificate extension fieldcRLDistributionPoints.
Use a sufficiently scalable and powerfulCR server. OCSP-On-line Certificate Status Protocol: inquires of
issuing CA wheter a certificate is still valid. (resp. YES/NO)
X.509 CRL format
-
8/10/2019 semnaturi PKC
12/26
12
Certificate Verificationwith Directory
Certificate Paths
A Certif ication path is an ordered sequence of certificates between the end entity and the trusted
. ., .certificate chain that begins at the end entity andends at the root CA
Certificates may be chained to form a certification
path. This is illustrated in figure; User B has beenissued a certificate by CA 3, which has been issueda certificate by CA 2, which in turn has been issued a
. ,public key, he can verify each certificate in thecertification path until he reaches User B certificateand verifies it. At that point, A now knows Bs publickey and can verify his signatures.
-
8/10/2019 semnaturi PKC
13/26
13
Certificate Paths
Two alternative
PKI topologies
-
8/10/2019 semnaturi PKC
14/26
14
Cross-Certification
MIT
ABC Co. XYZ Co.
CorporateSales
MarketingResearch
London NYC H.R.
LCS
Sloan
PKI Components
The End-Entities (EE)
The Certificate Authority (CA)
The Certificate Repository (CR)
Digital Certificates (X.509 V3)
-
8/10/2019 semnaturi PKC
15/26
15
PKI Components
End-Entity (EE)
An End-Entity is defined as a user of PKIcertificate and/or end-user system that is the
subject of a certificate
In a PKI system, End-Entity is a generic term
for a subject that uses some services orfunctions of the PKI system, which may be a
or some other entities), or arequestor(it might
be application program) for certificate or CRL.
-
8/10/2019 semnaturi PKC
16/26
16
Certificate Authority (CA)
The Certificate Authority (CA) is the signer of the
cer ca es. e , o en oge er w e , e
Registration Authority (RA), has the responsibility of
the certificate subject entity's identification.
The logical domain in which a CA issues and manages
certificates is called security domain, which might be
implemented to cover an organization, company, alarge department, a test cell, or another logical
community in real cases.
A CAs primary operations include certificate issuance,
certificate renewal, and certificate revocation.
Registration Authority (RA)
Registration Author ity (RA) is an optional
component in a PKI.
In some cases, the CA incorporates the role of an
RA. Where a separate RA is used, the RA is a trusted
End-Entity certified by the CA, acting as a subordinate
server of the CA. The CA can delegate some of its management
unc ons o e . or examp e, e may per orm
personal authentication tasks, report revoked
certificates, generate keys, or archive key pairs.
The RA, however, does not issue certificates or
CRLs.
-
8/10/2019 semnaturi PKC
17/26
17
Certificate Repository (CR)
CR store, issues & revokes certificates. X.509 certificate format fit to anX.500 directory, a CR is
best implemented as a directory, accessed byLightweight
Directory Access Protocol (LDAP v3).
RFC 2587, Internet X.509 PKI Operational Protocols -
LDAPv2, defines theaccess method to a repository with
which an End-Entity or a CA can retrieve or modify the
certificate and CRL information stored in a CR. CR can beaccessed with LDAP commands or procedures (bind,
search,modify, unbind).
RFC 2559,Internet X.509 PKI LDAPv2 Schema, defines the
attributes and object classes to be supported by an
LDAP CR server.
Directories
RFC 2587 specifies 3 object classes user- use or cer ca e o er en r es; mus con a n
a user certificate attribute; all certificates whose subjectname matches the name of entry should be stored in thisattribute
PKI CA- used for CA entries; may contain a CAcertificate, CRL, ARL and cross-certificate pair attributes;CA certificate attribute contains CA certificates whosesubject name matches the name of entry; thesecertificates may be self-issued or issued by other CAs;
CRL distribution point- may include CRL, ARL, and deltaCRL attributes; the name of the entry will match the namein the CRL distribution point extension;
-
8/10/2019 semnaturi PKC
18/26
18
X.500 Directories
Various servers called Directory Server Agents
DSA
Clients called Directory User Agent (DUA)
DSA responds to DUA queries with information
X.500 Directory uses 2 basic protocols:
- Directory Access Protocol (DAP)- supports information
- Directory Service Protocol (DSP)- supports information
requests between DSAs; DSAs may augment DSP by
shadowing, with the Directory Information Shadowing
Protocol (DISP), used to replicate the contents of a DSA;
LDAPLightweight Directory Access Protocol- v2
Developed by the University of Michigan
Standardised in IETF;
If a LDAP directory receives a request for an entry that is notlocally held, it checks a table of remote directories; if one directoryis likely to contain the entry, the directory returns a referral to theother directory;
The referral contains the directory name and the system thatsupport them;
The architecture does not rovide trans arenc a client mustdetermine the physical location before it obtains any information;
Generally, if certificates or CRLs are not available in the firstLDAP directory checked, they will not be found.
PKI repositories based on LDAP generally use a single repository.
Most CA products include an LDAP client and can performauthenticated directory updates automatically.
-
8/10/2019 semnaturi PKC
19/26
19
Signed Document Format
ETSI Electronic Signature Format- these specificationsdefine an electronic si nature that remains valid overlong periods (see next figure);
to archive this goal, the signature format includesevidence of its validity, by using a TSA to provideverifiable time;
the format of signature includes 3 levels of signature:
ES (Electronic Signature) - containes the policy identifier,
ES-T- adds the timestamp over digital signature
ES-C- adds references to all the certificates and statusinformation that apply to this signature(usually CRLs);
ETSI Electronic Signature Format
-
8/10/2019 semnaturi PKC
20/26
20
XML Signature
The explosive growth in the use of the Web for business-to-business(B2B) e-commerce has intensified attention on the eXtensible Markup
anguage a common, open, n erne s an ar a ac a es
data exchange over the Internet.
Recognizing that existing Web technologies, such as HTML, are
inadequate for implementing the scale and diversity of transaction
protocols envisioned for the Web, the World Wide Web Consortium
(W3C) and the Internet Engineering Task Force (IETF) have
developed XML and XML-related technologies to meet this requirement.
Like an data bein exchan ed over a network XML communicationsand transactions must be secured. In this respect, to maintain the
integrity of the transaction or communication, an XML document, just
like any other document or transaction, should be capable of
authentication and non-repudiation, and its content should remain intact
(integrity) and confidential.
XML Signature
XML is a very powerful, general-purpose meta-language used to enabledata interchan e between diverse s stems latforms and internationallanguages. This robust, adaptable, easy-to-use data format can capture
both the structure and semantics of data making it possible to create a
wide variety of new Web applications.
Like HTML, XML uses tags (words bracketed by < and >) and
attributes (of the form name="value") to help place structured data intoASCII files. XML is different from HTML in that it is a meta-language (a
language for describing other languages) and therefore, does not define
spec c ags an a r u es, u ra er prov es ru es o e ne ose ags
and attributes.
XML makes it easy for diverse Web applications to interact with each
other because it provides a standard way to parse and interpret data.
XML-encoded data becomes its own self-contained database ( intelligent
data data that knows about itself).
-
8/10/2019 semnaturi PKC
21/26
21
XML Signature
From a technical point of view, XML is a syntax for describing thesemantics (meaning) and structure of data. The following fragment of
XML illustrates these features:
Wally Road
123 Billings Gate
wally@entrust.com
e ags enve op ng a a e ne e seman cs o e a a. n e
example, the string "Wally Road" is identified as the name of a person
who will be paying something. The tag preceding the data is called the
start tag; the tag following the data is called the end tag.
A start tag and its corresponding end tag define an XML element.
In the example, Wally Road is an element.
XML Signature
W3C and IETF are elaborate the standard format and functions forXML signing;
The XML si nature is a XML data structure wich containes
the signature value and
the data necessary in the verification process;
The XML signature makes the following fonctions :
represent the digital signature of documents (XML or non XML) in
a XML format; 3 types of digital signature :
- the signature encapsulates the data being signed (enveloppe)-
within itself (enveloppante)
- the object to be signed can be separate from the XML Signature,but reside within the same resource as the signature (dtache)
it uses pointers for selection the document zones to be included in
signature process;
permits URL references for documents.
-
8/10/2019 semnaturi PKC
22/26
22
XML Signature Structure
XML Signature Types
-
8/10/2019 semnaturi PKC
23/26
23
XML Signature Creation
1. Determine the resources to be signed.
2. Calculate the digest of each resource. In XML Signatures, each
reference is specifed by a element and its digest is placed
in a child element.
3. Collect the elements (with their associated digests) within
a element.
4. Calculate the digest of the element, sign the digest using
a valid private signature key, and put the signature value in a
element. Determine the resources to be signed.
. ey ng n orma on s o e nc u e , p ace n e ey n o
element.
6. Place the , , and elements
into the element. The element is the XML
Signature.
XML Signature Verification
1. Obtain the ublic ke certificate, either from or from an
external source, and retrieve the public verification key.
2. Re-calculate the digest of the element. Use the public
verification key to verify that the value of the element
is correct when compared with the digest of the element.
3. If step 2 passes, re-calculate the digests on the related data objects ofthe references contained within the element using
either the URI it contains, or by other means. Compare the calculated
element's corresponding element.
4. If step 3 passes, validate the public verification certificate by finding a
certificate path to the trusted certificate (root of trust), such that this
path, and the certificates it contains, are valid.
-
8/10/2019 semnaturi PKC
24/26
24
HTML Signature
1. On client request (Get HTTP), a forms is preparing with
an a let and all are downloaded on client PC
2. The applet is downloaded by JVM, after the code
signature verification;
3. The user fulfill the forms and request the signature; the
applet show a signature window;
4. By activation, the data are signed and are sended by
applet to the server; the format is S/MIME;5. The HTTP server route the information on the security
server;
6. Using the public key of sender, the security server
verifies the signature by accessing the LDAP server;
7. The data are sended to the application server.
HTML Signature
-
8/10/2019 semnaturi PKC
25/26
25
Timestamping
PKI can enable new services between clients andrus e - r ar es y suppor ng
confidentiality and mutual authentication;
Timestamp Servers- allow a client to prove at a laterdate that some datum existed before a particular time(ex. A signature was generated before a particulartime);
A rotocol was recentl com leted b IETF PKIXWorking Group and become RFC 3161 in 2001-Internet X.509 PKI Time Stamp Protocol (TSP);
TSP describes the format of a request sent to a TimeStamping Authority (TSA) and the response returned;
Timestamping
a timestamp so that she can prove that it existsat this point in time:
- Alice digitally signs the document;
- Alice sends the document hash and the signature to the TSA ina TSP request;
- Alice sends the hash, not the document (the contents of
- TSA authenticates Alice;
- TSA generates a signed response to Alice;
- Alice validates the digital signature and stores the response forlater use before a legal authority;
-
8/10/2019 semnaturi PKC
26/26
Timestamping
top related