CPK Theory And Parctice

Network and Information Security Lab, Peking UniversityMay 14, 2008

CPK CryptosystemCombined Public Key Cryptosystem

Theory and Practice


Timeline

1978

Kohnfelder Certificate Idea

1976

Public Key Cryptography,

Public fileDiffie, Hellman

Identity BasedCryptography,the first idea

Shamir

1984

X.509 Certificate v1,X.500, CA

ITU-T

1988

first IBS schemeShamir

1986


Timeline

2000

No Practical IBE schemewas founded since

1984

PGP,Web of TrustZimmerman

1991

SPKI,SDSI

1995

X.509 Certificate v3,PKIX

1996


Timeline

2001

First PracticalIBE scheme from Weil Pairing

Boneh, Franklin

CocksIBE,

not bandwidth efficient

CPKkey management, IBE, IBS

Nan, Chen

2004


Public File

• Public File (1976)

• Public File ( trusted directory ) is a key directory that users could consult to find other user’s public key


Certificate

• Loren Kohnfelder, “Toward a Practical Public-Key Cryptosystem”

• Separate trust and look-up


X.500, X.509v1


PEM (Privacy Enhanced Mail)

• PEM use ITU’s X.509 Certificate

• X.509 in PEM VS X.509 in X.500

• Bind name and public key

• Access control

• DN can’t be accepted

• Failed :(


PGP

• Global distinguished name, by email address

• Need no global TTP or CA

• Web of trust


PKIX

CertificateArchitecture


SPKI

• Simple Public Key Infrastructure, by C. Ellison

• Emphasizes on authorization rather than authentication

• SPKI Certificates bind attributes to Public Key directly


PKI Challenges


PKI Challenges

89 PKI in federal agencies of US from 1998 to 2005


Identity Based Cryptography

• Idea from Shamir 1984, the public key can be arbitrary string.

• The private key is generated by a trusted authority named PKG (private key generator) and distributed to users.

• Shamir’s original motivation was to simplify the certificate management in email system.

• Identity based encryption (IBE), identity based signature scheme (IBS).


IBC Schemes

• 1986 first IBS scheme

• 2001 first practical IBE scheme

❖ Boneh-Franklin IBE from pairing

❖ Cocks IBE

• 2004 CPK (Combined Public Key)

❖ Support IBE and IBS


Certificate vs IdentityDigital Public Key Certificates

• Features

– Digital object (no typing!)

– Tamper-evident

– Issued by a TTP

– Complete user identification

– Fixed expiration

• Drawbacks

– Must trust issuer

Serial Number:

Certificate for:

Company:

Issued By:

Email Address:

Activation:

Expiration:

Public Key:

206

Bob Smith

Fox Consulting

Awfully Big Certificate Co.

[email protected]

Jan. 10, 2000

Jan. 10, 2002

24219743597430832a2187b6219a

75430d843e432f21e09bc080da43

509843

ABC’s digital signature

0a213fe67de49ac8e9602046fa7de2239316ab233dec

70095762121aef4fg66854392ab02c4

[email protected]


Encryption in PKI

Certificate

Online CertificateDatabase

Recipient’sCertificate

CertificateRequest

Encryption

RecipientSender

At least 3 steps


Encryption in CPK

Sender Recipient

Identity Based Encryption

Encryption Public Key isRecipient’s identity,

i.e. the phone number

Only 1 step!


Encryption in CPK

Sender Recipient


Encryption Public Key isRecipient’s identity,

i.e. the phone number

Only 1 step!


Definition

• Setup run by PKG, with the security parameter t as input, the public system params, and the secret master-key which will be kept inside PKG, as output.

• Extract run by PKG, with the params, master-key and the user’s identity string ID as input, the user’s private key dID as output. The output private key will be sent back to user through secure channel.


Definition (cont.)

• Encrypt run by user, with params, recipient’s ID and message M as input; encrypted cipher text C as output. Sender should get trusted copy of params before encrypt.

• Decrypt run by receiver, with params, his private key dID and the cipher text C as input; the decrypted plaintext M as output. Receiver should authenticate himself to the PKG and retrieve his private key dID before decrypt.


Definition of IBS

• Also include four algorithms:

❖ Setup, Extract, Sign and Verify

• The signer’s private key is generated from PKG, PKG can forge a signature.

• So IBS can not be used in “non-negative” applications.


Applications

• Alternative to PKI, without key and certificate management.

• Expiration of public keys

• Delegations of decryption keys


Key Revocation in PKI

• Check the validation of certificate/public key before apply it.

❖ CRL (Certificate Revocation List)

❖ OCSP (Online Certificate Status Protocol)


Revocation in IBC

• Identity can be revoked, such as hardware serial number.

• Identity can not be revoked, such as email address, phone number: Identity’ = Identity || time. The private key for identity appended with time is not valid for a limited period.

❖ Example: [email protected] || MAY2008

• Mechanisms similar to PKI.

mailto:[email protected]



CPK (Combined Public Key)

• One of identity based cryptography scheme

• CPK (Combined Public Key)

❖ At first, it is a key management scheme

❖ Second, it provides identity based encryption and and signature scheme.


Elliptic Curve Cryptography

y2 = x3 + ax + b (mod p)

G is a point on elliptic curve, n is the order of cyclic group <G>

Private key d is random selected integer in [1, n-1]

Corresponding public key Q = dG.


Private Matrix Generation

The trusted authority PKG (Private Key Generator) generates a m×n matrix in which elements are randomly generated ECC private keys (integers in [1, n-1]). The private matrix should be kept secretly in PKG.

sij !R [1, n" 1]

!

"""#

s11 s12 · · · s1n

s21 s22 · · · s2n...

.... . .

...sm1 sm2 · · · smn

$

%%%&

private matrix

RNGRand integers

In PKG


Public Matrix Generation

!

"""#

s11G s12G · · · s1nGs21G s22G · · · s2nG

......

. . ....

sm1G sm2G · · · smnG

$

%%%&

public matrix!

"""#

s11 s12 · · · s1n

s21 s22 · · · s2n...

.... . .

...sm1 sm2 · · · smn

$

%%%&

private matrix

key pair

Public Matrix is generated by PKG from the Private Matrix, elements in Public Matrix is the public key of corresponding private key in Private Matrix. The public matrix is publicly available for all users.

In PKG


Map Algorithm

!h1, h2, . . . , hn" # H(ID)

Map algorithm H(ID) is a cryptographic hash algorithm, maps an arbitrary string ID to column indexes of private matrix and public matrix.

hi is the index of i-th column of public/private matrix.


Private Key Extraction

Input user’s identity ID

Map identity to indexes of matrix

Select one element through each column of the private matrix by the index

Add selected private keys,the result is user’s private key corresponding to his identity ID.

!

"""#

s11 s12 · · · s1n

s21 s22 · · · s2n...

.... . .

...sm1 sm2 · · · smn

$

%%%&

dID =n!1!

i=0

shi,i (mod p)

!h1, h2, . . . , hn" # H(ID)

IDIn PKG


Public Key Extraction

!

"""#

s11G s12G · · · s1nGs21G s22G · · · s2nG

......

. . ....


$

%%%&

QID =n!1!

i=0

shiiG

!h1, h2, . . . , hn" # H(ID)

ID

Input user’s identity ID

Map identity to indexes of matrix

Select one element through each column of the Public matrix by the index

Add (elliptic curve point add) selected private keys, the result is user’s public key corresponding to his identity ID.

In User



CPK-Encrypt (Message, ID, PublicMatrix) {CPK-ExtractPublicKey (ID, PublicMatrix) -> PublicKeyECIES-Encrypt (Message, PublicKey) -> Ciphertext}

CPK-Decrypt (Ciphertext, PrivateKey) {ECIES-Decrypt (Ciphertext, PrivateKey) -> Plaintext}

ECIES: Elliptic Curve Integrated Encryption Scheme


Identity Based Signature

CPK-Sign (Message, PrivateKey) {ECDSA-Sign (Message, PrivateKey) -> Signature}

CPK-Verify (Message, PublicMatrix, SignerID, Signature) {CPK-ExtractPublicKey(PublicMatrix, SignerID) -> PublicKeyECDSA-Verify(Message, Signature, PublicKey);}

ECDSA: Elliptic Curve Digital Signature Algorithm


Big Picture

!h1, h2, . . . , hn" # H(ID)

!

"""#

s11G s12G · · · s1nGs21G s22G · · · s2nG

......

. . ....


$

%%%&QID =

n!1!

i=0

shiiG

!

"""#

s11 s12 · · · s1n

s21 s22 · · · s2n...

.... . .

...sm1 sm2 · · · smn

$

%%%&dID =

n!1!

i=0

shi,i (mod p)H(ID)

H(ID)


Security

• Collisions

❖ 32×32 require map algorithm provides 32×5 = 160 bits

❖ Birthday after 280 accounts

• Collusion

❖ 32×32 require 1024 non-linear related collusion private keys.


Collusion Resistance

• Verification only applications, small matrix

• Without the threat of large scale collusion: matrix size compatible to collusion scale.

• With the threat of large scale collusion:

❖ extend matrix size

❖ protect private key by hardware

❖ revoke the matrix periodically


CPK USB Token

Tamper Resistant Key Storage

CPK USB Token

32-BitSecure

CPU

PubKeyCryptoEngine

USBInterface

CPKAES,SHA1ECC

0.6s per ECDSA signature generation or ECDH computation


Collision Resistance

• Expand matrix size.

❖ matrix size larger than MAX collusion amount.

• Tamper resistant module for the protection of private keys.

❖ Smart Card,

❖ USB Secure Token,

❖ TPM, etc.


Original Scheme

!h1, h2, . . . , hn" # H(ID)

!

"""#

s11G s12G · · · s1nGs21G s22G · · · s2nG

......

. . ....


$

%%%&QID =

n!1!

i=0

shiiG

!

"""#

s11 s12 · · · s1n

s21 s22 · · · s2n...

.... . .

...sm1 sm2 · · · smn

$

%%%&dID =

n!1!

i=0

shi,i (mod p)H(ID)

H(ID)


Generalized Scheme

H(ID) ! "a1, a2, . . . , an#, ai $ Z!p

{s1, s2, . . . , sn} dID =n!

i=1

aisi

Private Key Set User’s Private Key

H(ID)

QID =n!

i=1

(gsi)ai{gs1 , gs2 , . . . , gsn}

Public Key Set User’s Public Key

H(ID)

General DH group ❮g❯, private key is s, public key is gs.

ExtractPublic Key

ExtractPrivate Key

MapAlgorithm


Extensions

• CPK can be established on any cryptosystems with the property that the combination of key pairs are still valid keypair.

• For example:

❖ Cryptosystems based on Diffie-Hellman Group, in which private key is integer d, the

corresponding public key is gd

❖ Cryptosystems based on elliptic curve cryptography.


Extensions

• The CPK scheme can convert any cryptosystem with key combination property into identity based cryptosystem, not only IBE and IBS, but also:

❖ Identity based Signcryption by converting signcryption schemes based on DH group.

❖ Identity based short signature, convert BLS short signature to identity based short signature (160 bits signature compare to 320 bit DSA or ECDSA signature).


Advantage of CPK

• Simple

• Efficient, especially for resource constrained environment, such as embedded device.

• Support different cryptosystems, ElGamal (ElGamal Encryption, DSA, ...), Elliptic Curve Cryptography, Pairing Based Cryptography and others.


Key Length

Bits of Security

ECC (CPK)

Pairing (BF-IBE)

RSA

80 160 512 1024

112 224 1024 2048

128 256 1536 3072

192 384 3840 7680

256 512 7680 15360


Performance

• CPK (on Core 2 1.83GHz CPU)

❖ ~ 400 times/s CPK-ECIES encryption, decryption CPK-ECDSA signature verification. ~1900 times/s CPK-ECDSA signature generation

• Pairing (P3 1GHz CPU)

❖ ~ 30 to 90 times of pairing computation

• CPK is faster and require less codes.


Real-world Applications

Secure Email


CPK

CPK Secure Mail

To: [email protected]: [email protected]: hello

Contents: this is the plaintext message to be signed and encrypted by CPK.

Original mail

To: [email protected]: [email protected]: xxxxxx

Contents: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Signature:xxxxxxxxxxxxxxxxx

Encryptionkey ID

To be encrypted Data

Enveloped mail











WebIBC:Identity Based Cryptography

for Client Side Securityin Web Applications


Target

• Web based applications like Gmail or Google Doc can do harm to user security and privacy.

• Our solution: bring public key cryptography to Web browsers, include public key encryption and signature generation.

• All the cryptography operations and key usage are inside the browser and implemented in JavaScript and HTML only, require no plug-ins and provider “open source” guarantee.


Challenges

• Private key: JavaScript can not read keys in local file system.

• Public key: acquire other’s public key or certificate is not easy for JavaScript programs in Web browser.


Solution

• Private key: utilize fragment identifier in bookmark URL as the private key storage. The fragment identifier in URL will never be transfered through the Internet.

• Public key: in CPK, i.e. identity based cryptosystem, the email address and other meaningful string is the public key.

http://www.domain.com/#skey=sdfBksLdfljksDjfls=

fragment identifier starts from #

fragment identifier

http://www.domain.com/hello.html#





Workflow

Browser

PKG

WebApp

! ID

" skey

# m

pk.js

$ URL

% setup

& save

' message

( webibc.js, mpk.js

) do

* forward

Secure Channel

Public Channel


Workflow

1. The authority trusted by Alice and Bob establishes a PKG, which will generate the system parameters including the public matrix.

2. Web application embeds WebIBC into these systems together with the public system parameters released by the PKG.

3. Alice registers to the PKG with her ID.

4. PKG returns Alice’s private key.


Workflow

5. Alice can append the private key as an fragment identifier to the Web application’s URL, then save it as a bookmark into the browser.

6. Now Alice can use this bookmark to log into the web application. It should be noted that the browser will send the URL without the fragment identifier, so the private key is secure.


Workflow

7. The WebIBC JavaScript files will also be downloaded from the server, including the public matrix of system.

8. Alice uses this web application as normal, entering Bob’s email address and message content into the form. When Alice presses the send button, WebIBC JavaScript programs will get the email address from the form as public key and get private key from URL, encrypt and sign the message.


Workflow

9. Then message will be sent to the server.

10. Because the message has been protected, the Web application can do no evil to the message but only forward it to Bob. Bob can also login into his web application and decrypt the message by his private key in the fragment identifier and verify the message through the public matrix, similar to Alice.


Performance

0.5KB 2KB 10KB

Safari

Firefox

IE

Opera

1383.7 1,492 2,071

1,523 1,661 2,401

1,459 1,698 2,791

2,110 2,349 3,628

0

1000

2000

3000

4000

Safari Firefox IE Opera

0.5 KB2 KB10 KB

ms

ms

ms

ms



Code Signing


CPK Code Signing

• Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered.

• All sorts of code should be signed, including tools, applications, scripts, libraries, plug-ins, and other “code-like” data.


Code Signing Overview

• A unique identifier, used to identify the code or to determine to which groups or categories the code belongs.

• A collection of checksums of the various parts of the program, such as the identifier, the main executable, the resource files.

• A digital signature, which signs the seal to guarantee its integrity.


What it can do

• Content Source: End users can confirm that the software really comes from the publisher who signed it.

• Content Integrity: End users can verify that the software has not been altered or corrupted since it was signed.


What it can NOT do

• It can’t guarantee that the code is free of security vulnerabilities.

• It can’t guarantee that a program will not load unsafe or altered code—such as untrusted plug-ins—during execution.

• It can’t determine how much to “trust” the code.

• Attacks from administrator.


Other Disadvantages

• The user is likely to be bothered with additional dialog boxes and prompts for unsigned code that they don’t see with signed code, and unsigned code might not work as expected with some system components.

• Computation and storage overhead.


Code Signing Applications

• Anti-virus, anti-rootkit

• Parent control

• Trusted computing.


Code Signing on Linux

exec()

sys_execve()

LSM HookCodesign

Kernel Module

Codesign

User-space

Daemon

Netlink Socket

True/False

mmap()


Code Signing on Linux

• Codesign Tool: used to create, check, and display code signatures.

• Kernel Module: Implement LSM (Linux Security Module) hook to check the signature in ELF.

• User-space Daemon: Do the checking, called by kernel module through Netlink socket.


Code Signing Extension

Check

Engine

Intranet

Policy DB

Kernel Module

Daemon

Host

host root

enterprise admin

Kernel Module

Daemon

Host

host root

Kernel Module

Daemon

Host

host root


CPK Code Signing in Solaris

• Support signing on ELF binary, Java byte code and shell scripts.

• Based on Solaris kernel level cryptographic framework

❖ MPI (multi-precision integer library)

❖ ECC (elliptic curve cryptography library)

❖ Block cipher, Digest algorithms ...


User Space

Kernel Space

execl( ) execle() execv()

execve ( )

_syscall( SYS_execve )

execve()


Kernel Space

exece()

exec_common()

gexec()

elfexec() aoutexec() intpexec() javaexec()

uts/common/os/exec.c

functions in kernel modules: uts/common/exec/*

switch (exectype)

elf a.out script java


Kernel Space (with CPK)

exece()

exec_common()

gexec()

elfexec()

with CPK

signature

checking

uts/common/os/exec.c

switch (exectype)

elf a.out script java

intpexec()

with CPK

signature

checking

javaexec()


CPK Kernel Modules

common/

crypto/

ecc

common/crypto/cpk

common/

mpi

common/

crypto/

sha1,sha2

uts/common/exec/elf

(with CPK checking)

Pub MatrixPolicy

uts/common/exec/intp

(with CPK checking)



CPK in Solaris


CPK Crypto Library

• A module of libcrypto

• Support error stack

• Support Id based cryptography

• Support ASN.1 encoding

• Support PKCS #7 cryptography message syntax


Compatible to Standards

• SECG (Standards for Efficient Cryptography Group) SEC 1: Elliptic Curve Cryptography, version 1.7 (current working draft).

• IBCS (Identity Based Cryptography Standard), the identity syntax (draft).

• PKCS #7: Cryptography Message Syntax

• PKCS #11:Cryptographic Token Interface

• ASN.1/DER encoding


Supported Platforms

• Solaris, loadable module

• POSIX, CPK library

• Win32, CPK library, require pthread Win32

• Java, on Solaris with Cryptographic Framework supported.


CPK Soft Token

!"#

$%&'()*+,#&-*+./0*,123$45667

4%8/+9',$+:;-%,<+/)*=%+>

?*-/,48%-,189@;>0'66A'%7

2+%B9C*+,#&-*+./0*,123$45667

;>0'66D

>*+&*8A'%

;>0'66D

'%.--%>*&A'%

;>0'66D

0;>A'%

89@0;>

!$E

!/B/,F;;

$G$HH,F;;

CPK Software Stack

2F?,

)%C(8*

$%))/&C,

I9&*,J%%8>9-

2F?,

)%C(8*


CPK Hard TokenCPK Hard Token (current)

!"#$%&'()!*+(,%$-./"%0

12.3

#&41'4

#&4560

7"3'1-.%(839.%:$5.(;<=7!>??@

7<=(A$%B9"0.3

C"0.3(A$%B/$%.

=.%3.#(D.E.#

)'.%(D.E.#


OpenSolaris cryptoadm

# cryptoadm list -vm Provider: /SunStudioProjects/p11/dist/Debug/Sun12-Solaris-x86/libcpkp11.so Number of slots: 1 Slot #1 Description: CPK Crypto Softtoken Manufacturer: Guan Zhi PKCS#11 Version: 2.20 Hardware Version: 0.0 Firmware Version: 0.0 Token Present: True Slot Flags: CKF_TOKEN_PRESENT Token Label: CPK PKCS#11 Software token Manufacturer ID: Guan Zhi Model: 1.0 Serial Number: Hardware Version: 0.0 Firmware Version: 0.0 UTC Time: PIN Length: 0-0 Flags:


Key Management Framework

!"#$%&$'()*+(),,-

!"#$%&'$(&)*+,-

.-)+,-$.-)+,-$

./-00./-001!21!2

!-3$"454'-6-5*$#,46-78,9!-3$"454'-6-5*$#,46-78,9

.:.;.:.;

..;..;

<4=4>?<4=4>?

<@:<@:

<@:

<@:

(,8=&A-,

(,8=&A-,

B..C:(1

B..C:(1

D&'-?*C"DE

D& '-?*C"DE

@F:"C"DE

@F:"C"DE

!"#!"#

D-=-08G6-5*D-=-08G6-5*

@-,*&H&)4*-@-,*&H&)4*-

I40&A4*&85I40&A4*&85

(,8=&A-,?(,8=&A-,?

!-3!-3

"'6*"'6*

(,8=&A-,?(,8=&A-,?

B..C:(1B..C:(1

$$ (!$!-,J-,8?

(!$!-,J-,8?

(+J0&)$!-3

(+J0&)$!-3

(!KLL;(!KLL;

([email protected]([email protected] N..N.. #&0-?#&0-? L@.(L@.( @F;@F; (!1O(!1O

25,8006-5*25,8006-5*

(,8=&A-,?(,8=&A-,?

!"#$%#&'()*

(,8',466&5'$:(1

#+*+,-$#+*+,-$

15*-',4*&85$7&*/15*-',4*&85$7&*/

!"#!"#


CPK in Solaris KMF

!"#$%&$'()*+(),,-

!"#$%&'$(&)*+,-

.-)+,-$.-)+,-$

./-00./-001!21!2

!-3$"454'-6-5*$#,46-78,9!-3$"454'-6-5*$#,46-78,9

.:.;.:.;

..;..;

<4=4>?<4=4>?

<@:<@:

<@:

<@:

(,8=&A-,

(,8=&A-,

B..C:(1

B..C:(1

D&'-?*C"DE

D& '-?*C"DE

@F:"C"DE

@F:"C"DE

!"#!"#

D-=-08G6-5*D-=-08G6-5*

@-,*&H&)4*-@-,*&H&)4*-

I40&A4*&85I40&A4*&85

(,8=&A-,?(,8=&A-,?

!-3!-3

"'6*"'6*

(,8=&A-,?(,8=&A-,?

B..C:(1B..C:(1

$$ (!$!-,J-,8?

(!$!-,J-,8?

(+J0&)$!-3

(+J0&)$!-3

(!KLL;(!KLL;


25,8006-5*25,8006-5*

(,8=&A-,?(,8=&A-,?

!"#$%#&'()*

(,8',466&5'$:(1

#+*+,-$#+*+,-$

15*-',4*&85$7&*/15*-',4*&85$7&*/

!"#!"#


CPK in Solaris KMF

!"#$%&$'()*+(),,-

!"#$%&'$(&)*+,-

.-)+,-$.-)+,-$

./-00./-001!21!2

!-3$"454'-6-5*$#,46-78,9!-3$"454'-6-5*$#,46-78,9

.:.;.:.;

..;..;

<4=4>?<4=4>?

<@:<@:

<@:

<@:

(,8=&A-,

(,8=&A-,

B..C:(1

B..C:(1

D&'-?*C"DE

D& '-?*C"DE

@F:"C"DE

@F:"C"DE

!"#!"#

D-=-08G6-5*D-=-08G6-5*

@-,*&H&)4*-@-,*&H&)4*-

I40&A4*&85I40&A4*&85

(,8=&A-,?(,8=&A-,?

!-3!-3

"'6*"'6*

(,8=&A-,?(,8=&A-,?

B..C:(1B..C:(1

$$ (!$!-,J-,8?

(!$!-,J-,8?

(+J0&)$!-3

(+J0&)$!-3

(!KLL;(!KLL;


25,8006-5*25,8006-5*

(,8=&A-,?(,8=&A-,?

!"#$%#&'()*

(,8',466&5'$:(1

#+*+,-$#+*+,-$

15*-',4*&85$7&*/15*-',4*&85$7&*/

!"#!"#CPK



Graphical e-Stamp


CPK e-Stamp

CPK Digital Signature

• Signer’s identity is converted to a stamp graph on the fly.


Supported Document Types



e-Bank Security forChina Minsheng Banking Corp.


民生银行CPK电子印章系统


CPK票据电子印章系统结构


制章流程


ID-Key制作流程


签章,验章流程


服务器端签章,验章功能


客户端签章,验章功能


印章的维护和管理



Secure Gateway


Services

保密数据交换平台

授权管理系统密级标识系统密级标识策略中心

Web浏览电子邮件电子文档即时通讯


Architecture

!"#!$

#$78&

%&'( %&'(

Email!"Web!"#$%&!"

)*#!$+,-.

%

&

/

0

%

&

1

2

3

4

5

6

%

&

7

8

5

6

'()"*+,

-./%&0123456


Security Middle Ware

Introduction Common Data Security Architecture

Below CSSM are add-in security modules that perform cryptographic operations andmanipulate certificates. Add-in security modules may be provided by independent software andhardware vendors as competitive products. Applications use CSSM to direct their requests tomodules from specific vendors or to any module that performs the required services.Applications can use multiple service providers of all types concurrently. Add-in modulesaugment the set of available security services.

CDSA’s extensible architecture allows new module types to be included that accommodateprudent division of labor. Signing services and key management services can be added at theSystem Security Services Layer and the Security Add-in Modules layer in CDSA. An appropriatedegree of visibility of lower layers may be reflected at higher layers, such that a completesecurity profile can be managed uniformly. Independent software and hardware vendors mayspecialize in their chosen area of expertise and package their products as appropriate. Forexample, hardware-specific cryptographic device vendors can also provide tamper-resistantstorage facilities in the same add-in module.

Applications in C and C++

ElectiveModule

Manager

DL ModuleManager

CL ModuleManager

AC ModuleManager

TP ModuleManager

CSPManager

Data Store

NewCategoryof Service

Data StorageLibrary

CertificateLibrary

AuthorizationComputation

Library

Trust ModelLibrary

CryptographicServiceProvider

Security ContextsIntegrity Services

CSSM Security API EM-API

SPI TPI ACI CLI DLI EMI

Layered Services

Figure 1-1 The Common Data Security Architecture for all Platforms

1.2.3 Layered Security Services

Layered Security Services are between application and basic CSSM services. Software at thislayer may:

• Define high-level security abstractions (such as secure electronic mail services)

• Provide transparent security services (such as secure file systems or private communication)

• Make CSSM security services accessible to applications developed in languages other thanthe C language

• Provide tools to manage the security infrastructure

Applications can invoke the CSSM APIs directly, or use layered services to access securityservices on a platform. The use of security services through a layered service can be opaque.Legacy layered services, such as the Sockets protocol and HTTP, can be enhanced with security

Part 1: Common Data Security Architecture (CDSA) 7

Applications


Security Middle Ware

Introduction Common Data Security Architecture

Below CSSM are add-in security modules that perform cryptographic operations andmanipulate certificates. Add-in security modules may be provided by independent software andhardware vendors as competitive products. Applications use CSSM to direct their requests tomodules from specific vendors or to any module that performs the required services.Applications can use multiple service providers of all types concurrently. Add-in modulesaugment the set of available security services.

CDSA’s extensible architecture allows new module types to be included that accommodateprudent division of labor. Signing services and key management services can be added at theSystem Security Services Layer and the Security Add-in Modules layer in CDSA. An appropriatedegree of visibility of lower layers may be reflected at higher layers, such that a completesecurity profile can be managed uniformly. Independent software and hardware vendors mayspecialize in their chosen area of expertise and package their products as appropriate. Forexample, hardware-specific cryptographic device vendors can also provide tamper-resistantstorage facilities in the same add-in module.

Applications in C and C++

ElectiveModule

Manager

DL ModuleManager

CL ModuleManager

AC ModuleManager

TP ModuleManager

CSPManager

Data Store

NewCategoryof Service

Data StorageLibrary

CertificateLibrary

AuthorizationComputation

Library

Trust ModelLibrary

CryptographicServiceProvider

Security ContextsIntegrity Services

CSSM Security API EM-API

SPI TPI ACI CLI DLI EMI

Layered Services

Figure 1-1 The Common Data Security Architecture for all Platforms

1.2.3 Layered Security Services

Layered Security Services are between application and basic CSSM services. Software at thislayer may:

• Define high-level security abstractions (such as secure electronic mail services)

• Provide transparent security services (such as secure file systems or private communication)

• Make CSSM security services accessible to applications developed in languages other thanthe C language

• Provide tools to manage the security infrastructure

Applications can invoke the CSSM APIs directly, or use layered services to access securityservices on a platform. The use of security services through a layered service can be opaque.Legacy layered services, such as the Sockets protocol and HTTP, can be enhanced with security

Part 1: Common Data Security Architecture (CDSA) 7

Applications


Secure Gateway Hardware


Secure Gateway Software

软件系统

安全增强操作系统

安全增强内核

安全模块


Reference

• Xianghao Nan, Zhong Chen. CPK Algorithm Patent, Publication Number - WO/2006/074611.

• Zhi Guan, Zhen Cao, Xuan Zhao, Ruichuan Chen, Zhong Chen, Xianghao Nan. WebIBC: Identity Based Cryptography for Client Side Security in Web Applications. ICDCS '08, 2008.

• Zhen Cao, Hui Deng, Yuanchen Ma, and Po Hu. Integrating Identity Based Cryptography with Cryptographically Generated Addresses in Mobile IPv6. In Proceeding of ICCSA '07, LNCS 4706, 2007.

• Qi Jing, Jianbin Hu, Zhong Chen. C4W: An Energy Efficient Public Key Cryptosystem for Large-Scale Wireless Sensor Networks. In IEEE International Conference on Mobile Ad hoc and Sensor Systems (MASS) '06, 2006.

• Wen Tang, Xianghao Nan, and Zhong Chen. Combined public key cryptosystem. Proceedings of International Conference on Software,Telecommunications and Computer Networks (SoftCOM‚Äô04), 2004.

Technology

CPK Theory And Parctice