Matej Bel University Cascaded signatures Ladislav Huraj Department of Computer Science Faculty of Natural Sciences Matthias Bel University Banska Bystrica

Matej Bel Matej Bel UniversityUniversity

Cascaded signaturesCascaded signatures

Ladislav HurajLadislav Huraj

Department of Computer Science Department of Computer Science Faculty of Natural Sciences Faculty of Natural Sciences

Matthias Bel University Matthias Bel University

Banska BystricaBanska Bystrica

Slovak republicSlovak republic

[email protected]@fpv.umb.sk


Cascaded signaturesCascaded signatures

A cascaded signature is a signature over a document and other signatures over the same document that had been issued a priori

• Some real applications of this structure

• How cascaded signatures improve efficiency of Public Key Infrastructure


TerminologyTerminology

Public Key Infrastructure (PKI)

enables to exchange data securely and privately

Digital signature

integrity and non-repudiation

Certificate

a binding, through a cryptographic digital signature, of a public key, a validity interval and/or conditions, and identity, authorization, or other

information


TerminologyTerminology

Certification Authority (CA)

is a trusted third party, which issues certificates to subjects by signing it

Certification Path

a set of certificates that provide a chain of trust that together with the public key of the initial object in the path can be processed to obtain the final object in the path.


Using of cascaded signatureUsing of cascaded signature

The modelsThe models


SDSI/SPKISDSI/SPKI

• Certificates are defined as signed objects

• A cascaded signature is what we get if we sign the signed object at the end of a previously signed list

( Signed: ( Object-Hash: ( SHA1: &345678 ) ) ( Date: 1996-02-14T11:46:05.046-0500 ) ( Signer: ( Principal: ( Global-Name: VeriSign!!’s "Bob" ) ... ) ) ( Signature: &8dff4123 ) ( Signed: ) ( Object-Hash: ( SHA1: &86731b) ( Date: 1996-03-19T07:00:11.341-0500 ) ( Signer: ( Principal: ( Global-Name: VeriSign!!’s "Alice" ) ...)) ( Signature: &7830ca12 ) ) )


SDSI/SPKISDSI/SPKI

• digital time-stamping

• running the correct program

• reconfirmation – SDSI does not have CRL - Certificate Revocation List (CRL) - a

data structure that enumerates digital certificates that have been invalidated by their issuer prior

– the signer can specify the reconfirmation period that is appropriate for that signature


S/MIMES/MIME

• Secure Multipurpose Internet Mail Extensions (S/MIME) is a protocol for sending secure e-mail

• Signing certificates are one extension in S/MIME

• They are useful in any environment where certificates might be transmitted with signed messages

• This attribute is used to thwart attacks based on falsification of certificates


SSecurity Embassyecurity Embassy

If trustworthy authority masquerades it makes it difficult for the client to prove that this has happened

One solution Security Embassy

SE builds electronic evidence on behalf of her owner in a remote (untrusted) domain

SE received in input some signed data, performs a signature verification with the public key configured,

then SE sings these data using its private key.

Signed data serve for audit trail


• Chained protocol

• A delegates rights to B, which acts on D using the delegated rightsA B:<A, TA>

whereTA=<A,B,Pra,ra,ta>A

A gives rights Pra to B, for duration limited by ta

• B can sent itself signed request to D, request token chaining with delegated tokenB D: <B,TB>,<A,TA>

whereTA=<A,B,Pra,ra,ta>A

TB=<B,D,rb>B

Delegation of rightsDelegation of rights

B,TB A,TA



• Nested protocol• The second delegation protocol based on nested tokens• The single stage delegation is exactly the same as that

given in the case of chained tokens• A B: <A, TA>

where TA = <A,B,Pra,ra,ta>A

• Here is the message for a second stage delegation, from B to CB C: <B, <B,C,Prb,rb,tb, <TA> >B, A>

TAB,C,Prb,rb,tb



• Misplaced assumptions of trust

• E.g. A trusts B but does not trust C in delegation. Therefore B does not pass any delegation from A to C. The delegation sequence A-B-C will not be allowed under the correct behaviour of A and B because A does not trust C and A trusts B to behave correctly (in that B will not pass any delegation from A to C).

• In the chained protocol, if C can get hold of tokens TA-B

and TB-C from the system using say wiretapping, as these

are valid delegation tokens, C can form a chain giving the appearance that the delegation chain A-B-C is in force, even when B has not actually such a delegation.


Nested certificatesNested certificates

• Nested certificates are used to guarantee the integrity and correctness of the signature over a subject certificate

• A nested certificate is considered as a certificate for another certificate

• The two requirements of a nested certificate are: 1) to certify that the subject certificate content has been signed by the claimed CA and 2) to certify that the subject certificate content has not been maliciously modified


• Nested certificate contains:

- the existing signature over the subject certificate content

- the hash of its subject certificate content

• Subject certificate verification: the actual hash and the actual signature over the subject certificate must be compared with the ones stored in the nested certificate.

• Nested certificates are used to guarantee the integrity and correctness of the signature over a subject certificate.


Nested certificate Subject certificate

Content

Signature of SC

Hash of Content

Signature

Signature of SC



• Subject certificate verification method does not employ public key cryptosystem operations.

• Subject certificate verification is faster.

• A large number of nested certificates must be issued in order to have nested certificate paths in the global certificate network. But the certificates are issued only once.

• Preferred in many systems for which minimization of the time complexity for verifiers is more important.


ConclusionConclusion

• The principle of cascaded signature itself is the same in all these systems. However, the purpose, for which it was created, differs

• A cascaded signature was created to:

– a) extend and complete the information• digital time stamp and confirmation of the correct program

– b) confirm validity• reconfirmation of signatures of authorization certificates,

issuing cascaded proxies, issuing cascaded Dsig signature label, Security Embassy principle, S/MIME signing certificates and nested certificates


ConclusionConclusion

Implementing of the cascaded signature into infrastructure improves the efficiency of certificate verification when delegating rights among the entities, as well as when accelerating the verification process.

Thank you for your attentionThank you for your attention

Documents

Matej Bel University Cascaded signatures Ladislav Huraj Department of Computer Science Faculty of Natural Sciences Matthias Bel University Banska Bystrica