mediated signatures towards
play

Mediated Signatures - Towards Advanced Undeniability of Digital - PowerPoint PPT Presentation

M. Kutyowski Mediated Signatures - Towards Advanced Undeniability of Digital Data in Technical Digital Signatures Qualified Signatures and Legal Framework Validity of the Signature Standard Implementation Risk Issues Reasons of


  1. M. Kutyłowski Mediated Signatures - Towards Advanced Undeniability of Digital Data in Technical Digital Signatures Qualified Signatures and Legal Framework Validity of the Signature Standard Implementation Risk Issues Reasons of Failure Przemysław Kubiak 1 , Mirosław Kutyłowski 1 , Mediated Signatures Anna Lauks-Dutka 1 , Michał Tabor 2 Cryptographic Description Mediated RSA Example Institute of Mathematics and Computer Science 1 , Application Scenario Legal Framework Wrocław University of Technology Trusted Information Consulting 2 , Warsaw LIT 2010, May 3

  2. Outline M. Kutyłowski Advanced Digital Signatures 1 Advanced Qualified Signatures Digital Signatures Validity of the Signature Qualified Signatures Validity of the Standard Implementation Signature Standard Implementation Risk Issues Risk Issues Reasons of Failure Reasons of Failure Mediated Signatures Cryptographic Mediated Signatures 2 Description Mediated RSA Cryptographic Description Example Application Scenario Mediated RSA Example Legal Framework Application Scenario Legal Framework

  3. Outline M. Kutyłowski Advanced Digital Signatures 1 Advanced Qualified Signatures Digital Signatures Validity of the Signature Qualified Signatures Validity of the Standard Implementation Signature Standard Implementation Risk Issues Risk Issues Reasons of Failure Reasons of Failure Mediated Signatures Cryptographic Mediated Signatures 2 Description Mediated RSA Cryptographic Description Example Application Scenario Mediated RSA Example Legal Framework Application Scenario Legal Framework

  4. The Concept of Qualified Signatures M. Kutyłowski Advanced Digital Signatures Qualified Signatures signature Validity of the Signature creation data Standard Implementation ( secret key ) Risk Issues Reasons of Failure Mediated Signatures Cryptographic Description signature Mediated RSA Example verification data Application Scenario Legal Framework ( public key )

  5. The Concept of Qualified Signatures M. Kutyłowski Qualified Certificate Advanced 1 certificate issuer Digital Signatures Qualified Signatures signature 2 date of issue and expiration Validity of the Signature creation data 3 ID of the certificate holder: Standard Implementation ( secret key ) Risk Issues family name: Kutyłowski Reasons of Failure given name: Mirosław Mediated personal number (PESEL): Signatures Cryptographic ... Description signature Mediated RSA Example 4 2048 RSA public key: verification data Application Scenario Legal Framework 0x00308187028181 . . . ( public key ) 5 signature of the issuer . . .

  6. The Concept of Qualified Signatures M. Kutyłowski Advanced Digital Signatures digital signature Qualified Signatures Validity of the document signature creation data SIGN Signature Standard Implementation ( secret key ) Risk Issues Reasons of Failure Mediated Signatures Cryptographic signature Description validation Mediated RSA signature + VERIFY verification data Example output Application Scenario document ( public key ) Legal Framework

  7. Checking the Signature 1 Verification of the signature M. Kutyłowski (using the public key from the certificate) Advanced Digital Signatures 2 Verification of the identity of the key holder Qualified Signatures – checking the certificate Validity of the Signature Standard Implementation Risk Issues Reasons of Failure Mediated Signatures Cryptographic Description Mediated RSA Example Application Scenario Legal Framework

  8. Checking the Signature 1 Verification of the signature M. Kutyłowski (using the public key from the certificate) Advanced Digital Signatures 2 Verification of the identity of the key holder Qualified Signatures – checking the certificate Validity of the Signature Standard Implementation Risk Issues Reasons of Failure Mediated Signatures Cryptographic Description Cryptographic Point of View Mediated RSA Example Application Scenario If signature verifies correctly then: Legal Framework it was created with the proper signing key, or the signing scheme has been broken

  9. Checking the Signature 1 Verification of the signature M. Kutyłowski (using the public key from the certificate) Advanced Digital Signatures 2 Verification of the identity of the key holder Qualified Signatures – checking the certificate Validity of the Signature problem: the signing key can be: stolen (with a smart Standard Implementation Risk Issues card), retained by the certification provider, leaked Reasons of Failure (trapdoor), smart card can be misused, ... Mediated Signatures Cryptographic Description Additional Mechanisms Cryptographic Point of View Mediated RSA Example Each certificate: Application Scenario If signature verifies correctly then: Legal Framework has limited validity it was created with the proper period signing key, or can be revoked by the signing scheme has been issuer / signer broken

  10. Standard Implementation – Properties M. Kutyłowski Advanced Digital Signatures A secret (signing) key : Qualified Signatures Validity of the stored on a cryptographic smart card Signature Standard access secured with a PIN number Implementation Risk Issues Reasons of Failure Status of the certificate can be checked with : Mediated Signatures OCSP (Online Certificate Status Protocol) Cryptographic Description Mediated RSA recent CRL (Certificate Revocation List) – Example Application Scenario risky for the verifier Legal Framework

  11. Standard Implementation – Properties M. Kutyłowski Advanced Digital Signatures Qualified Signatures Key idea : Validity of the Signature enable signing offline Standard Implementation Risk Issues Reasons of Failure Reality : Mediated Signatures verification must be performed online Cryptographic Description signing time unknown Mediated RSA Example Application Scenario Legal Framework

  12. Risk Issues 1 loosing control over a signature creation device M. Kutyłowski Advanced Digital Signatures Qualified Signatures Validity of the Signature Standard Implementation Risk Issues Reasons of Failure Mediated Signatures Cryptographic Description Mediated RSA Example Application Scenario Legal Framework

  13. Risk Issues 1 loosing control over a signature creation device M. Kutyłowski 2 poor randomness ( ⇒ cryptographic compromise) Advanced Digital Signatures Qualified Signatures Validity of the Signature Standard Implementation Risk Issues Reasons of Failure Mediated Signatures Cryptographic Description Mediated RSA Example Application Scenario Legal Framework

  14. Risk Issues 1 loosing control over a signature creation device M. Kutyłowski 2 poor randomness ( ⇒ cryptographic compromise) Advanced 3 kleptography ( ⇐ malicious manufacturer) Digital Signatures Qualified Signatures Validity of the Signature Standard Implementation Risk Issues Reasons of Failure Mediated Signatures Cryptographic Description Mediated RSA Example Application Scenario Legal Framework

  15. Risk Issues 1 loosing control over a signature creation device M. Kutyłowski 2 poor randomness ( ⇒ cryptographic compromise) Advanced 3 kleptography ( ⇐ malicious manufacturer) Digital Signatures 4 retaining the key ( ⇐ if generated by a provider of the Qualified Signatures Validity of the certification cervices) Signature Standard Implementation Risk Issues Reasons of Failure Mediated Signatures Cryptographic Description Mediated RSA Example Application Scenario Legal Framework

  16. Risk Issues 1 loosing control over a signature creation device M. Kutyłowski 2 poor randomness ( ⇒ cryptographic compromise) Advanced 3 kleptography ( ⇐ malicious manufacturer) Digital Signatures 4 retaining the key ( ⇐ if generated by a provider of the Qualified Signatures Validity of the certification cervices) Signature Standard Implementation 5 revoking certificates ( ⇒ for complicating the legal Risk Issues Reasons of Failure situation) Mediated Signatures Cryptographic Description Mediated RSA Example Application Scenario Legal Framework

  17. Risk Issues 1 loosing control over a signature creation device M. Kutyłowski 2 poor randomness ( ⇒ cryptographic compromise) Advanced 3 kleptography ( ⇐ malicious manufacturer) Digital Signatures 4 retaining the key ( ⇐ if generated by a provider of the Qualified Signatures Validity of the certification cervices) Signature Standard Implementation 5 revoking certificates ( ⇒ for complicating the legal Risk Issues Reasons of Failure situation) Mediated 6 signatures based on qualified certificate but not on a Signatures Cryptographic secure signature creation device Description Mediated RSA Example Application Scenario Legal Framework

  18. Risk Issues 1 loosing control over a signature creation device M. Kutyłowski 2 poor randomness ( ⇒ cryptographic compromise) Advanced 3 kleptography ( ⇐ malicious manufacturer) Digital Signatures 4 retaining the key ( ⇐ if generated by a provider of the Qualified Signatures Validity of the certification cervices) Signature Standard Implementation 5 revoking certificates ( ⇒ for complicating the legal Risk Issues Reasons of Failure situation) Mediated 6 signatures based on qualified certificate but not on a Signatures Cryptographic secure signature creation device Description Mediated RSA Example 7 decline of mathematical/technical strength Application Scenario Legal Framework

Recommend


More recommend