774-资讯科学系

Public-keyinfrastructure:X.509-Certificate曾文貴資訊科學系交通大學InfoSecLab,NCTUCIS2AuthenticationofpublickeysPublickeyusage:–EncryptionAlice(?)Bob(Alice,KUA)(Alice,KUA)E(KUA,M)?InfoSecLab,NCTUCIS3Authenticationofpublickeys(cont.)–VerificationofadigitalsignatureAlice(?)BobVer(KVA,(M,))(Alice,KVA)(Alice,KVA)?InfoSecLab,NCTUCIS4AuthenticationofpublickeysHowdoesBobknowthatthereceivedkeyKUA(orKVA)isvalid,i.e.,“authentic”,“notrevoked”,and“notexpired”?TrustedagentBob(1)Alice,KUA/KVA(2)(3)InfoSecLab,NCTUCIS5AuthenticationofpublickeysOff-line/on-lineapproachTrustedagentTBob:KVT(1)(Alice,KUA,Sig(KRT,Alice,KUA))TrustedagentT1TrustedagentT2PKI(X.509):On-line(John,KUJ,Sig(KRT1,Alice,KUJ))InfoSecLab,NCTUCIS6DirectoryserviceDirectory–Aserverordistributedsetofserversthatmaintainsadatabaseofinformationaboutusers.–Thedatabaseconsistsofusernamesandtheircorrespondinginformation,suchasnetworkaddress(foremailservice,etc),public-keycertificate,etc.ITU-TX.500series:defineadirectoryserviceInfoSecLab,NCTUCIS7X.509PartofX.500directoryserviceBasedonpublic-keyencryptionanddigitalsignatureProvidepublic-keycertificatesofusersDefineauthenticationprotocolsbasedonpublic-keycertificatesUsedinS/MIME,IPsecurity,SSL/TLS,SET,etc.InfoSecLab,NCTUCIS8CA(CertificateAuthority)ACAisatrustedserverthatissuescertificates.CAXhasaprivatesigningkeyKRXandawell-knownverificationkeyKVXcorrespondingtoKRXTherearealotofCA’s,usuallyarrangedinthetreestructureInfoSecLab,NCTUCIS9InfoSecLab,NCTUCIS10CA(cont.)AYXZBCLSRTMNInfoSecLab,NCTUCIS11Certificate網路身份證AcertificateisissuedbyaCAXAcertificateofauserAconsistsof:–ThenameoftheissuerCAX–his/herpublickeyKUA–thesignatureSig(KRX,A,KUA)bytheCAX–theexpirationdate–Rangeofapplication,suchas,encryption/signature–…InfoSecLab,NCTUCIS12CertificateacquisitionAlice:(1)GenerateKUA,,KRACAX:(3)GenerateSig(KRX,Alice,KUA)(2)Alice,KUA,IDproof(4)Sig(KRX,Alice,KUA)CertA,X=[Alice,KUA,Sig(KRX,Alice,KUA)]Note:CAdoesnotknowKRAInfoSecLab,NCTUCIS13Certificate(cont.)AcertificateisputinthedirectorybytheCAorbytheusersothateveryonecanqueryitsdata.Thedirectorydoesnotcreatethepublickey.Itmerelyprovidesaneasilyaccessiblelocationforuserstoobtaincertificates.InfoSecLab,NCTUCIS14CertificateformatInfoSecLab,NCTUCIS15Certificateformat(cont.)ArealexampleInfoSecLab,NCTUCIS16CertificateelementsVersion:currentlyv2andv3Serialnumber:anintegervalue,uniquewiththeissuingCA.Signaturealgorithmidentifier:thealgorithmusedtosignthecertificatetogetherwithparametersIssuername:X.500nameoftheCAthatcreatedandsignedthiscertificatePeriodofvalidity:consistoftwodates,thefirstandlastonwhichthecertificateisvalidInfoSecLab,NCTUCIS17Certificateelements(cont.)Subjectname:thenameoftheuserSubject’spublic-keyinformation:thepublickeyoftheuser,thesysteminwhichthiskeycanbeusedandparametersIssueruniqueidentifier:toidentifythenameoftheissuingCAincaseofambiguityoccurredinX.500Extensions:forotherpurposes(inV3)Signature:coversalloftheotherfieldsofthecertificate.Itcontainsthehashcodeoftheotherfields,encryptedwiththeCA’sprivatekey.Thisfieldincludesthesignaturealgorithmidentifier.InfoSecLab,NCTUCIS18NotationsCAA=CA{V,SN,AI,CA,TA,A,Ap}–YX:thecertificateofuserXissuedbyCAY–Y{I}:thesigningofIbyY.ItconsistsofYwithanencryptedhashcodeappended.WhenuserZgetscertificateYXandCAY’spublickey,he/shecanverifythevalidityofYX.InfoSecLab,NCTUCIS19VerifycertificatesToverifyXB,onehastogetthepublickeyofCAXandthenverifythiscertificate.X.509usesHierarchicalstructuretosearchtheappropriateverificationkeyofthecertificate.InfoSecLab,NCTUCIS20X.509hierarchyInfoSecLab,NCTUCIS21X.509hierarchy(cont.)AwantstoverifyB’scertificateZBAhasonlyCAX’spublickeyPathtofindCAZ’spublickey:–XW–WV–VY–YZ–ZBInfoSecLab,NCTUCIS22RevocationofcertificatesEachCAshouldmaintainacertificaterevocationlist(CRL)thatcontains–CertificatesthatarerevokedbeforetheexpirationdateDirectoryservice:providetherevocationlistofaCAInfoSecLab,NCTUCIS23Realexample申請GCA電子憑證自然人申請憑證流程圖.htm相關應用.htm–網路報繳稅.htm–公路電子監理•資料查詢GCA的電子憑證–gca0000000.cer個人的電子憑證–0400002280.cerInfoSecLab,NCTUCIS24VeriSignCA3classesforcertificates(digitalID),dependingonassuranceoftheholder’sidentityEveryonecangetafreeclass-1digitalIDVeriSignhomepageVersion.htmHomework–GetapersonalcertificatefromGCA–GetadigitalIDfromVeriSignInfoSecLab,NCTUCIS25VeriSignCA(cont.)CheckingApplicationsClass1UniquenameemailWebbrowsingsecureemailClass2aboveEnrollmentinformationaddresscheckOn-linesubscriptionInter-&intra-companyemailSoftwarevalidationpasswordreplacementClass3abovepersonalpresenceIDdocumentse-bankingcorp.databaseaccessmembershipon-lineservicestrongencryptioncontentintegrityservice(timestamp)InfoSecLab,NCTUCIS26AuthenticationprocedureswithpublickeysEachpartyknowsanother’spublickeyby“certificate”orothermeansLevelsofauthentication–One-wayauthentication–Two-wayauthentication–Three-wayauthenticationInfoSecLab,NCTUCIS27One-wayauthenticationInfoSecLab,NCTUCIS28Two-wayauthenticationInfoSecLab,NCTUCIS29Three-wayauthentication