Upload
allan-marsh
View
214
Download
0
Embed Size (px)
Citation preview
Matej Bel Matej Bel UniversityUniversity
Cascaded signaturesCascaded signatures
Ladislav HurajLadislav Huraj
Department of Computer Science Department of Computer Science Faculty of Natural Sciences Faculty of Natural Sciences
Matthias Bel University Matthias Bel University
Banska BystricaBanska Bystrica
Slovak republicSlovak republic
[email protected]@fpv.umb.sk
Matej Bel Matej Bel UniversityUniversity
Cascaded signaturesCascaded signatures
A cascaded signature is a signature over a document and other signatures over the same document that had been issued a priori
• Some real applications of this structure
• How cascaded signatures improve efficiency of Public Key Infrastructure
Matej Bel Matej Bel UniversityUniversity
TerminologyTerminology
Public Key Infrastructure (PKI)
enables to exchange data securely and privately
Digital signature
integrity and non-repudiation
Certificate
a binding, through a cryptographic digital signature, of a public key, a validity interval and/or conditions, and identity, authorization, or other
information
Matej Bel Matej Bel UniversityUniversity
TerminologyTerminology
Certification Authority (CA)
is a trusted third party, which issues certificates to subjects by signing it
Certification Path
a set of certificates that provide a chain of trust that together with the public key of the initial object in the path can be processed to obtain the final object in the path.
Matej Bel Matej Bel UniversityUniversity
Using of cascaded signatureUsing of cascaded signature
The modelsThe models
Matej Bel Matej Bel UniversityUniversity
SDSI/SPKISDSI/SPKI
• Certificates are defined as signed objects
• A cascaded signature is what we get if we sign the signed object at the end of a previously signed list
( Signed: ( Object-Hash: ( SHA1: &345678 ) ) ( Date: 1996-02-14T11:46:05.046-0500 ) ( Signer: ( Principal: ( Global-Name: VeriSign!!’s "Bob" ) ... ) ) ( Signature: &8dff4123 ) ( Signed: ) ( Object-Hash: ( SHA1: &86731b) ( Date: 1996-03-19T07:00:11.341-0500 ) ( Signer: ( Principal: ( Global-Name: VeriSign!!’s "Alice" ) ...)) ( Signature: &7830ca12 ) ) )
Matej Bel Matej Bel UniversityUniversity
SDSI/SPKISDSI/SPKI
• digital time-stamping
• running the correct program
• reconfirmation – SDSI does not have CRL - Certificate Revocation List (CRL) - a
data structure that enumerates digital certificates that have been invalidated by their issuer prior
– the signer can specify the reconfirmation period that is appropriate for that signature
Matej Bel Matej Bel UniversityUniversity
S/MIMES/MIME
• Secure Multipurpose Internet Mail Extensions (S/MIME) is a protocol for sending secure e-mail
• Signing certificates are one extension in S/MIME
• They are useful in any environment where certificates might be transmitted with signed messages
• This attribute is used to thwart attacks based on falsification of certificates
Matej Bel Matej Bel UniversityUniversity
SSecurity Embassyecurity Embassy
If trustworthy authority masquerades it makes it difficult for the client to prove that this has happened
One solution Security Embassy
SE builds electronic evidence on behalf of her owner in a remote (untrusted) domain
SE received in input some signed data, performs a signature verification with the public key configured,
then SE sings these data using its private key.
Signed data serve for audit trail
Matej Bel Matej Bel UniversityUniversity
• Chained protocol
• A delegates rights to B, which acts on D using the delegated rightsA B:<A, TA>
whereTA=<A,B,Pra,ra,ta>A
A gives rights Pra to B, for duration limited by ta
• B can sent itself signed request to D, request token chaining with delegated tokenB D: <B,TB>,<A,TA>
whereTA=<A,B,Pra,ra,ta>A
TB=<B,D,rb>B
Delegation of rightsDelegation of rights
B,TB A,TA
Matej Bel Matej Bel UniversityUniversity
Delegation of rightsDelegation of rights
• Nested protocol• The second delegation protocol based on nested tokens• The single stage delegation is exactly the same as that
given in the case of chained tokens• A B: <A, TA>
where TA = <A,B,Pra,ra,ta>A
• Here is the message for a second stage delegation, from B to CB C: <B, <B,C,Prb,rb,tb, <TA> >B, A>
TAB,C,Prb,rb,tb
Matej Bel Matej Bel UniversityUniversity
Delegation of rightsDelegation of rights
• Misplaced assumptions of trust
• E.g. A trusts B but does not trust C in delegation. Therefore B does not pass any delegation from A to C. The delegation sequence A-B-C will not be allowed under the correct behaviour of A and B because A does not trust C and A trusts B to behave correctly (in that B will not pass any delegation from A to C).
• In the chained protocol, if C can get hold of tokens TA-B
and TB-C from the system using say wiretapping, as these
are valid delegation tokens, C can form a chain giving the appearance that the delegation chain A-B-C is in force, even when B has not actually such a delegation.
Matej Bel Matej Bel UniversityUniversity
Nested certificatesNested certificates
• Nested certificates are used to guarantee the integrity and correctness of the signature over a subject certificate
• A nested certificate is considered as a certificate for another certificate
• The two requirements of a nested certificate are: 1) to certify that the subject certificate content has been signed by the claimed CA and 2) to certify that the subject certificate content has not been maliciously modified
Matej Bel Matej Bel UniversityUniversity
• Nested certificate contains:
- the existing signature over the subject certificate content
- the hash of its subject certificate content
• Subject certificate verification: the actual hash and the actual signature over the subject certificate must be compared with the ones stored in the nested certificate.
• Nested certificates are used to guarantee the integrity and correctness of the signature over a subject certificate.
Nested certificatesNested certificates
Nested certificate Subject certificate
Content
Signature of SC
Hash of Content
Signature
Signature of SC
Matej Bel Matej Bel UniversityUniversity
Nested certificatesNested certificates
• Subject certificate verification method does not employ public key cryptosystem operations.
• Subject certificate verification is faster.
• A large number of nested certificates must be issued in order to have nested certificate paths in the global certificate network. But the certificates are issued only once.
• Preferred in many systems for which minimization of the time complexity for verifiers is more important.
Matej Bel Matej Bel UniversityUniversity
ConclusionConclusion
• The principle of cascaded signature itself is the same in all these systems. However, the purpose, for which it was created, differs
• A cascaded signature was created to:
– a) extend and complete the information• digital time stamp and confirmation of the correct program
– b) confirm validity• reconfirmation of signatures of authorization certificates,
issuing cascaded proxies, issuing cascaded Dsig signature label, Security Embassy principle, S/MIME signing certificates and nested certificates
Matej Bel Matej Bel UniversityUniversity
ConclusionConclusion
Implementing of the cascaded signature into infrastructure improves the efficiency of certificate verification when delegating rights among the entities, as well as when accelerating the verification process.
Thank you for your attentionThank you for your attention