1 / 54

International Standards

International Standards. Public Key Infrastructure. Public key systems. Each entity has a key pair (s,p) Confidentiality C=E(p,M) and M = D(s,C) Authenticy Signature = S(s,M) and V(p,Signature) = accept. RSA Signature. RSA keys P, Q primes PQ=N ed 1 (mod (P-1)(Q-1)) P, Q, d private

mhallman
Télécharger la présentation

International Standards

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. InternationalStandards Public Key Infrastructure

  2. Public key systems • Each entity has a key pair (s,p) • Confidentiality C=E(p,M) and M = D(s,C) • Authenticy Signature = S(s,M) and V(p,Signature) = accept

  3. RSA Signature • RSA keys • P, Q primes • PQ=N • ed 1 (mod (P-1)(Q-1)) • P, Q, d private • e, N public

  4. RSA Signature example • Transform the data to be signed to a unique form: enc • MD = Hash(enc) • PAD to N • D = 00 01 FF ... FF 00 MD • Sign • S = Dd (mod N) • Send data and S

  5. RSA Signature example • Transform the signed data to the unique form: enc • MD = Hash(enc) • Decrypt • D = Se (mod N) • Remove padding and compare MD

  6. Key management • Key creation • Key distribution • Key renewal • Key revocation • Key validation control

  7. Certification authorities • CA • Trusted Third Party • (s,p) • Publish public keys • Signs • Entity’s identity • Entity’s public key • Certificate

  8. Cross certification Chains Certificate authorities

  9. Revoke Register Renew Use Issue Store The life cycle of a user certificate

  10. ASN.1 Everything is build upon ASN.1 X.509 PKCS PKIX S/MIME OCSP Public Key Cryptographic Standard #1 RSA encryption Standard #5 Password-Based Encryption #7 Cryptographic Message Syntax #8 Private-Key Infomation #10 Certification Request #12 Personal Information Exchange Syntax International standards

  11. Abstract Syntax Notation One • ASN.1 • Language to describe structured data • Everything is specified in ASN.1 • Types and values • Simple • Structured

  12. ASN.1 simple types • INTEGER • NULL • BOOLEAN • ENUMERATED • BIT STRING • OCTET STRING • OBJECT IDENTIFIER

  13. OBJECT IDENTIFIER • Giving object name • Distinguish between different types of obejcts • Algorithms • Types (X509 Extensions og name attributes) • Object identifier tree • CCITT {0} • ISO {1} • Both {2}

  14. Examples • RSA • pkcs-1 OBJECT IDENTIFIER ::= { iso(0) member-body(2) us(840) rsadsi(113549) pkcs(1) 1} • rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } • sha1WithRSAEncryption ::= { pkcs-1 5 } • X.509 • Id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} • Id-at-commonName OBJECT IDENTIFIER ::= {id-at 3}

  15. Characters and times • Characters • Printable • TeleTex • IA5 • Visible • Times • UTC • Generalized

  16. Structured types • SET and SET OF • SEQUENCE and SEQUENCE OF • CHOICE • ANY • Used when there are ”holes” in the definition. • TAGS • Everything has a tag

  17. TAGS • Creates new types from old types • Used to distinguish types CHOICE ::= { a Integer, b Integer } CHOICE ::= { a [0] Integer, b [1] Integer } • IMPLICIT (new tags replaces old tag) • EXPLICIT (new tag is added) • DEFAULT and OPTIONAL

  18. Encoding Rules • Serialize and deserialize objects • Basic • Length of objets can be indefinite • Objects in sets are not sorted • Distinguished • (Packed and Confidential)

  19. ENCODING • Identifier Length Content

  20. Identifier • Class • Universal 0 0 described in the ASN.1 standard • Context-specific 1 0 not described in the ASN.1 standard • Form • Simple 0 • Structurered 1 • Tag number • 5 bit (11111 used for large tag numbers) -> 0..30

  21. EXAMPLE • X.509 (EXPLICIT TAGGING) Extensions [3] SEQUENCE OF ... • SEQUENCE OF is an Universal structured type with tag 16 -> Class = 00, C = 1, 16 = 10000 : 0011 0000 = 30 • Extensions [3] is a Context-Specific structured type with tag 3 -> Class = 10, C = 1, 3 = 00011 :1010 0011 = A3

  22. LENGTH • Short 7 bit gives 127 Octets • Long (simplified) • 1000 0001 = 81 • 1000 0002 = 82

  23. LENGTH • Indefinite

  24. CONSTRUCTED ENCODING • Simple types can be encoded like a structured object • BITs, OCTETs, Characters Example: Octetstring ”ABCDEF0123456789”

  25. Revoke Register Renew Use Issue Store The life cycle of a user certificate

  26. User registration • Ensure entity’s indentification • Registration Office • Post Office • System administrator • Bank • ... • Result • PIN code for authentification to CA • Private key and certifcate

  27. Revoke Register Renew Use Issue Store The life cycle of a user certificate

  28. Issueing certificates • Generate a key pair (s,p) • Prove s by signing indentity and p M = p||id Signature = S(s,M) • Send M and Signature to CA • CA verifies identity and signature • CA issues certificate

  29. EXAMPLE • Certificate request CertificationRequest ::= SEQUENCE { certificationRequestInfo CertificationRequestInfo signatureAlgorithm AlgorithmIdentifier signature BIT STRING } CertificationRequestInfo ::= SEQUENCE { version Version, subject Name, subjectPublicKeyInfo SubjectPublicKeyInfo, attributes [0] IMPLICIT Attributes } • Internet Explorer • No user authentication

  30. PKIX • Public Key Infrastructure X.509 • Family of standards • Protocols for • issue certificate • certificate management • time stamps • status of certificates • Certificate and CRL profile • Certificate Practise Statement

  31. PKIX CMP • Certificate Management Protocols • Protocol messages for • Certificate requests • Certificate renewal • Certificate revocation • ... • Certificate request provides authentication • User gets secret key at registration (out-of-band) • Used to protect the certificate request • provide authentication (MAC)

  32. PKIX CMP PKIMessage ::= SEQUENCE { header PKIHeader, body PKIBody, protection [0] PKIProtection OPTIONAL, extraCerts [1] SEQUENCE OF Certifcate OPTIONAL} PKIHeader ::= SEQUENCE { sender GeneralName, recipient GeneralName, messageTime [0] GeneralizedTime OPTIONAL, protectionAlg [1] AlgorithmIdentifier OPTIONAL, senderKeyID [2] OCTET STRING OPTIONAL, ... } Body contains the ”real” content

  33. Authentication User gets secret key after registration (eg. PIN letter) Used to protect request Password Based MAC PKIBODY ::= CHOICE { ... CERTReqMessages, ... } CertReqMessage ::= SEQUNCE { CertReq CertRequest, pop ProofOfPossession OPTIONAL, regInfo Attributes OPTIONAL} CertRequest ::= SEQUENCE { certReqId INTEGER, certTemplate CertTemplate } CertTemplate ::= SEQUENCE { Version [0] INTEGER, serialNumber [1] INTEGER, signingAlg [2] AlgorithmIdentifier, issuer [3] Name, subject [4] Name, validity [5] Validity, publickey [6] SubjectPublicKeyInfo, ... extensions [9] Extensions } PKIX CMC Issue

  34. X.509 Certificates • The most widespread on the Internet • In version 3 Extentions were added • Basically holes where you can put anything • Adds flexibility • Causes interoperability problems

  35. X.509 Certificates • Certificate • Version • Serial number • Signature algorithm • Issuer • Validity • Subject • Public key • Extensions • Signature

  36. X.509 Syntax Certificate ::= SEQUENCE { tbsCertificate TBSCertificate, signatureAlgorithm AlgorithmIdentifier, signatureValue BIT STRING } TBSCertificate ::= SEQUENCE { version [0] DEFAULT v1, serialNumber Integer, signature AlgorithmIdentifier, issuer Name, validity Validity, subject Name, subjectPublicKeyInfo SubjectPublicKeyInfo, .. extensions [0] Extensions OPTIONAL }

  37. Basic Constraints Is this a CA certificate Chain length Key Usage Extended Private key usage period Key Identifiers Alternative Name Name constraints CRL Distribution Points Policy Issuers policy Identifier 1.3.6.1.4.1.4386.2.2.2.1.1 CPS http://www.certifikat.dk/repository User notice This certificate is issued under TDC Internet Cas Certificate Policy for Class II Certificates (OID=1.3.6.1.4.1.4386.2.2.2.1.1). Constraint Mapping X.509 standard extensions

  38. The entity is correct Usage Authenticity and confidentiality and maybee more Publish certificate status Registration is done properly Entitiy Correct authentication to LRA Respect key usage Protect private key If compromised revoke certificate Check validity before use Receiver Check certificate Phone number Certificate Policy

  39. Qualified Certificate CA’s says that the certificate is a QC issued by CA with a public statement indicates a policy consistent with CA living human entity with pseudonym or real name of subject Biometric Information Procuration Admission Monetary Limit Majority Certificate Status X.509 other extensions

  40. Revoke Register Renew Use Issue Store The life cycle of a user certificate

  41. Certificate storage • Browser • Disk • Token • Next time

  42. Encoded X.509 One public key PKCS#8 Private key PKCS#7 Public key Certificate chains PKCS#12 Private key and chain Authenticated by you Certificate and private key storage

  43. Revoke Register Renew Use Issue Store The life cycle of a user certificate Can you?

  44. Encryption Recipient certificate should be validated before use Signature Recipient should validate signer certificate Certificate usage • Certificate validation • Signature and validity • Chain • Revocation

  45. CRL Signed list of serial numbers of all revoked certifcates for a particular CA OCSP Signed reply Instant Certificates Certificate holds their own status and time stamp Requester gets a updated and re-signed certificate CertificateList ::= SEQUENCE { tbsCertList TBSCertList, algorithm AlgorithmIdentifier, signature BIT STRING} TBSCertList::= SEQUENCE { version INTEGER, signature AlgorithmIdentifier, Issuer Name, thisUpdate Time, nextUpdate Time OPTIONAL, revoedCertificates SEQUENCE OF Entry, crlExtensions OPTIONAL } Entry ::= SEQUENCE { userCertificate SerialNumber, revocationDate Time, entryExtension Extensions OPTIONAL} Revocation

  46. CRL extension Serial number Delta CRL Base number Entry extension Invalidity date Reason code 0 unspecified 1 key comprimisied 2 CA comprimisied 3 affiliation changed 4 superseeded 5 cessation of operation 6 certificate on hold 8 remove from CRL 9 privilege withdrawn CRL extensions

  47. CRL

  48. Revoke Register Renew Use Issue Store The life cycle of a user certificate

  49. PKCS#7 Behind everything Signed data Encrypted data Uses certificates Transport data CRL and certificate Behind S/MIMEv2 Used by standard email clients CMS Extends PKCS#7 Key exchange Previously agreed conventional key Key agreement DH scheme Can use certificate Behind S/MIMEv3 Cryptographic Message Syntax

  50. PKCS#7 Signed data SignedData ::= SEQUENCE { version INTEGER, digestAlgorithms DigestAlgorithmIdentifiers, contentInfo ContentInfo, certificates Certificates OPTIONAL, crls CRLs OPTIONAL, signerInfos SignerInfos } SignerInfo ::= SEQUENCE { version INTEGER, ISN IssuerAndSerialNumber, digestAlgorithm AlgorithmIdentifier, authenticatedAttributes Attributes OPTIONAL digestEncryptionAlgorithm AlgorithmIdentifier, encryptedDigest OCTET STRING }

More Related