Printable Certificate of Authenticity - PowerPoint by rfu13167

VIEWS: 477 PAGES: 54

Printable Certificate of Authenticity document sample

More Info
									     International
        Standards
Public Key Infrastructure
Public key systems
 Each entity has a key pair (s,p)
 Confidentiality
                C=E(p,M) and M = D(s,C)

 Authenticy
      Signature = S(s,M) and V(p,Signature) = accept
RSA Signature
 RSA keys
 P, Q primes
 PQ=N
 ed 1 (mod (P-1)(Q-1))
 P, Q, d private
 e, N public
RSA Signature example
 Transform the data to be signed to a
  unique form: enc
 MD = Hash(enc)
 PAD to N
  – D = 00 01 FF ... FF 00 MD

 Sign
  – S = Dd (mod N)

 Send data and S
RSA Signature example
 Transform the signed data to the
  unique form: enc
 MD = Hash(enc)
 Decrypt
  – D = Se (mod N)

 Remove padding and compare MD
Key management
 Key creation
 Key distribution
 Key renewal
 Key revocation
 Key validation control
Certification authorities
 CA
  – Trusted Third Party
  – (s,p)
  – Publish public keys

 Signs
  – Entity’s identity
  – Entity’s public key

 Certificate
Certificate authorities
 Cross certification
 Chains
The life cycle of a user certificate

    Revoke                  Register
                Renew


     Use                     Issue



                 Store
International standards
 ASN.1                         Public Key Cryptographic
                                 Standard
  – Everything is build upon
    ASN.1                       #1 RSA encryption
                                 Standard
 X.509
                                #5 Password-Based
                                 Encryption
 PKCS                          #7 Cryptographic Message
                                 Syntax
 PKIX
                                #8 Private-Key Infomation
 S/MIME                        #10 Certification Request

 OCSP                          #12 Personal Information
                                 Exchange Syntax
Abstract Syntax Notation One
 ASN.1
 Language to describe structured data
  – Everything is specified in ASN.1

 Types and values
  – Simple
  – Structured
ASN.1 simple types
 INTEGER
 NULL
 BOOLEAN
 ENUMERATED
 BIT STRING
 OCTET STRING
 OBJECT IDENTIFIER
OBJECT IDENTIFIER
 Giving object name
  – Distinguish between different types of obejcts
      Algorithms
      Types (X509 Extensions og name attributes)


 Object identifier tree
  – CCITT {0}
  – ISO {1}
  – Both {2}
Examples
 RSA
  – pkcs-1 OBJECT IDENTIFIER ::= { iso(0) member-body(2)
    us(840) rsadsi(113549) pkcs(1) 1}
  – rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 }
  – sha1WithRSAEncryption ::= { pkcs-1 5 }

 X.509
  – Id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4}
  – Id-at-commonName OBJECT IDENTIFIER ::= {id-at 3}
Characters and times
 Characters
  –   Printable
  –   TeleTex
  –   IA5
  –   Visible

 Times
  – UTC
  – Generalized
Structured types
 SET and SET OF
 SEQUENCE and SEQUENCE OF
 CHOICE
 ANY
  – Used when there are ”holes” in the definition.

 TAGS
  – Everything has a tag
TAGS
 Creates new types from old types
 Used to distinguish types
  CHOICE ::= {
     a      Integer,
     b      Integer }
  CHOICE ::= {
     a      [0] Integer,
     b      [1] Integer }

 IMPLICIT (new tags replaces old tag)
 EXPLICIT (new tag is added)
 DEFAULT and OPTIONAL
Encoding Rules
 Serialize and deserialize objects
 Basic
  – Length of objets can be indefinite
  – Objects in sets are not sorted

 Distinguished
 (Packed and Confidential)
ENCODING
     Identifier Length Content

    I   L                   C




    I   L   I   L   I   L       C   I   L   C
Identifier
 Class
  – Universal 0 0 described in the ASN.1 standard
  – Context-specific 1 0 not described in the ASN.1 standard

 Form
  – Simple 0
  – Structurered 1

 Tag number
  – 5 bit (11111 used for large tag numbers) -> 0..30
       8     7       6   5    4       3        2   1
        Class     P/C             Tag number
EXAMPLE
 X.509 (EXPLICIT TAGGING)
  Extensions [3] SEQUENCE OF ...

  - SEQUENCE OF is an Universal structured type with tag 16
    -> Class = 00, C = 1, 16 = 10000 : 0011 0000 = 30

  - Extensions [3] is a Context-Specific structured type with
    tag 3 -> Class = 10, C = 1, 3 = 00011 :1010 0011 = A3




                  A3   L+2   30   L   C
LENGTH
 Short 7 bit gives 127 Octets
         8           7           6           5           4           3           2           1
         0           L           L           L           L           L           L           L

 Long (simplified)
     8       7   6       5   4       3   2       1   8       7   6       5   4       3   2       1
     1       0   0       0   0       0   0       1   L       L   L       L   L       L   L       L



  – 1000 0001 = 81
  – 1000 0002 = 82
LENGTH
 Indefinite

         8           7           6           5           4           3           2           1
         1           0           0           0           0           0           0           0


     8       7   6       5   4       3   2       1   8       7   6       5   4       3   2       1
     0       0   0       0   0       0   0       0   0       0   0       0   0       0   0       0
CONSTRUCTED ENCODING
 Simple types can be encoded like a
  structured object
  – BITs, OCTETs, Characters

  Example: Octetstring ”ABCDEF0123456789”


         04        16              ABCDEF0123456789


    24        20        04   8   ABCDEF01   04   8    23456789
The life cycle of a user certificate

    Revoke                  Register
                Renew


     Use                     Issue



                 Store
User registration
 Ensure entity’s indentification
 Registration Office
  –   Post Office
  –   System administrator
  –   Bank
  –   ...

 Result
  – PIN code for authentification to CA
  – Private key and certifcate
The life cycle of a user certificate

    Revoke                  Register
                Renew


     Use                     Issue



                 Store
Issueing certificates
 Generate a key pair (s,p)
 Prove s by signing indentity and p
          M = p||id   Signature = S(s,M)

 Send M and Signature to CA
 CA verifies identity and signature
 CA issues certificate
EXAMPLE
 Certificate request
  CertificationRequest ::= SEQUENCE {
    certificationRequestInfo CertificationRequestInfo
    signatureAlgorithm        AlgorithmIdentifier
    signature                 BIT STRING }
  CertificationRequestInfo ::= SEQUENCE {
    version                   Version,
    subject                   Name,
    subjectPublicKeyInfo      SubjectPublicKeyInfo,
    attributes                [0] IMPLICIT Attributes }

 Internet Explorer
 No user authentication
PKIX
 Public Key Infrastructure X.509
  – Family of standards
  – Protocols for
        issue certificate
        certificate management
        time stamps
        status of certificates
  – Certificate and CRL profile
  – Certificate Practise Statement
PKIX CMP
 Certificate Management Protocols
  – Protocol messages for
        Certificate requests
        Certificate renewal
        Certificate revocation
        ...
  – Certificate request provides authentication
      User gets secret key at registration (out-of-band)
      Used to protect the certificate request
         – provide authentication (MAC)
PKIX CMP
 PKIMessage ::= SEQUENCE {
   header                    PKIHeader,
   body                      PKIBody,
   protection                [0] PKIProtection OPTIONAL,
   extraCerts                [1] SEQUENCE OF Certifcate OPTIONAL}
 PKIHeader ::= SEQUENCE {
   sender                    GeneralName,
   recipient                 GeneralName,
   messageTime               [0] GeneralizedTime OPTIONAL,
   protectionAlg             [1] AlgorithmIdentifier OPTIONAL,
   senderKeyID               [2] OCTET STRING OPTIONAL,
   ... }


           Body contains the ”real” content
PKIX CMC Issue
 Authentication                      CertRequest ::= SEQUENCE {
                                         certReqId INTEGER,
  – User gets secret key after           certTemplate CertTemplate }
    registration (eg. PIN letter)
  – Used to protect request           CertTemplate ::= SEQUENCE {
       Password Based MAC               Version     [0] INTEGER,
                                         serialNumber [1] INTEGER,
                                         signingAlg [2] AlgorithmIdentifier,
  PKIBODY ::= CHOICE {
                                         issuer      [3] Name,
  ...
    CERTReqMessages,                     subject     [4] Name,
  ... }                                  validity    [5] Validity,
                                         publickey [6]
  CertReqMessage ::= SEQUNCE {           SubjectPublicKeyInfo, ...
     CertReq CertRequest,                extensions [9] Extensions }
     pop      ProofOfPossession
                          OPTIONAL,
     regInfo  Attributes OPTIONAL}
X.509 Certificates
 The most widespread on the Internet
 In version 3 Extentions were added
  – Basically holes where you can put anything
  – Adds flexibility
  – Causes interoperability problems
X.509 Certificates
 Certificate
  –   Version
  –   Serial number
  –   Signature algorithm
  –   Issuer
  –   Validity
  –   Subject
  –   Public key
  –   Extensions
  –   Signature
X.509 Syntax
 Certificate ::= SEQUENCE {
   tbsCertificate          TBSCertificate,
   signatureAlgorithm      AlgorithmIdentifier,
   signatureValue          BIT STRING }
 TBSCertificate ::= SEQUENCE {
   version                 [0] DEFAULT v1,
   serialNumber            Integer,
   signature               AlgorithmIdentifier,
   issuer                  Name,
   validity                Validity,
   subject                 Name,
   subjectPublicKeyInfo    SubjectPublicKeyInfo,
   ..
   extensions              [0] Extensions OPTIONAL }
X.509 standard extensions
 Basic Constraints             CRL Distribution
  – Is this a CA certificate     Points
  – Chain length
                                Policy
 Key                            – Issuers policy
  – Usage                            Identifier
                                          –   1.3.6.1.4.1.4386.2.2.2.1.1
  – Extended                         CPS
  – Private key usage period              –   http://www.certifikat.dk/repository
                                     User notice

 Key Identifiers
                                          –   This certificate is issued under TDC
                                              Internet Cas Certificate Policy for
                                              Class II Certificates
                                              (OID=1.3.6.1.4.1.4386.2.2.2.1.1).

 Alternative Name               – Constraint
                                 – Mapping
 Name constraints
Certificate Policy
 The entity is correct           Entitiy
                                   – Correct authentication to
 Usage                              LRA
  – Authenticity and               – Respect key usage
    confidentiality and maybee     – Protect private key
    more
                                   – If compromised revoke
                                     certificate
 Publish certificate
                                   – Check validity before use
  status
                                  Receiver
 Registration is done             – Check certificate
  properly
                                  Phone number
X.509 other extensions
 Qualified Certificate
   –   CA’s says that the certificate is a QC
   –   issued by CA with a public statement
   –   indicates a policy consistent with CA
   –   living human entity with pseudonym or real name of subject

 Biometric Information
 Procuration
 Admission
 Monetary Limit
 Majority
 Certificate Status
The life cycle of a user certificate

    Revoke                  Register
                Renew


     Use                     Issue



                 Store
Certificate storage
 Browser
 Disk
 Token
 Next time
Certificate and private key storage
 Encoded X.509
  – One public key

 PKCS#8
  – Private key

 PKCS#7
  – Public key
  – Certificate chains

 PKCS#12
  – Private key and chain
  – Authenticated by you
The life cycle of a user certificate

      Revoke                Register
                Renew

Can
you
       Use                   Issue
 ?



                 Store
Certificate usage
 Encryption                        Signature
  – Recipient certificate should      – Recipient should validate
    be validated before use             signer certificate




             Certificate validation
                – Signature and validity
                – Chain
                – Revocation
Revocation
 CRL                              CertificateList ::= SEQUENCE {
                                      tbsCertList TBSCertList,
  – Signed list of serial             algorithm AlgorithmIdentifier,
    numbers of all revoked            signature BIT STRING}
    certifcates for a particular
    CA                             TBSCertList::= SEQUENCE {
                                     version     INTEGER,
 OCSP                               signature AlgorithmIdentifier,
                                     Issuer      Name,
  – Signed reply                     thisUpdate Time,
                                     nextUpdate Time OPTIONAL,
 Instant Certificates               revoedCertificates SEQUENCE OF Entry,
                                     crlExtensions         OPTIONAL }
  – Certificate holds their own
    status and time stamp
                                   Entry ::= SEQUENCE {
  – Requester gets a updated          userCertificate SerialNumber,
    and re-signed certificate         revocationDate Time,
                                      entryExtension Extensions OPTIONAL}
CRL extensions
 CRL extension       Entry extension
  – Serial number      – Invalidity date
  – Delta CRL          – Reason code
      Base number            0   unspecified
                              1   key comprimisied
                              2   CA comprimisied
                              3   affiliation changed
                              4   superseeded
                              5   cessation of operation
                              6   certificate on hold
                              8   remove from CRL
                              9   privilege withdrawn
CRL
The life cycle of a user certificate

    Revoke                  Register
                Renew


     Use                     Issue



                 Store
Cryptographic Message Syntax
 PKCS#7                      CMS
  – Behind everything          – Extends PKCS#7

 Signed data                 Key exchange
                               – Previously agreed
 Encrypted data                 conventional key

 Uses certificates           Key agreement
                               – DH scheme
 Transport data
  – CRL and certificate       Can use certificate
 Behind S/MIMEv2             Behind S/MIMEv3
  – Used by standard email
    clients
PKCS#7 Signed data
 SignedData ::= SEQUENCE {
     version               INTEGER,
     digestAlgorithms      DigestAlgorithmIdentifiers,
     contentInfo           ContentInfo,
     certificates          Certificates OPTIONAL,
     crls                  CRLs OPTIONAL,
     signerInfos           SignerInfos }
 SignerInfo ::= SEQUENCE {
   version                 INTEGER,
   ISN                     IssuerAndSerialNumber,
   digestAlgorithm         AlgorithmIdentifier,
   authenticatedAttributes Attributes OPTIONAL
   digestEncryptionAlgorithm        AlgorithmIdentifier,
   encryptedDigest                  OCTET STRING }
PKCS#7 Enveloped data
 EnvelopedData ::= SEQUENCE {
   version                 INTEGER,
   recipientInfos          RecipientInfos,
   encryptedContentInfo    EncryptedContentInfo }
 RecipientInfo ::= SEQUENCE {
   version                 INTEGER,
   ISN                     IssuerAndSerialNumber,
   keyEncryptionAlgorithm AlgorithmIdentifier,
   encryptedKey            OCTET STRING }
 EncryptedContentInfo ::= SEQUENCE {
   contentType             ContentType,
   contententEncryptionAlgorithm AlgorithmIdentifier,
   encryptedContent        OCTET STRING OPTIONAL}
S/MIME
 Secure/Multipurpose Internet Mail
  Extensions
 De facto standard for secure email
 Combination of MIME and PKCS #7
  – Take a MIME entity
  – Wrap it in a PKCS #7 structure
      Sign or encrypt
  – Add MIME headers to the result
  – Repeat if both signature + encryption is to be applied
The life cycle of a user certificate

    Revoke                  Register
                Renew


     Use                     Issue



                 Store
Certificate management
 Renew                        Revoke
  – Like issue, but             – Sign message
  – You have an old private
    key                        Telephone
  – You have a name

								
To top