CHAPTER 6CERTIFICATESCAI & SIMULATION LAB.

(3) (2) (3) (3) (1)

CAI&Simul

, . - , ,

CAI&Simul

Webster Dictionary : a document containing a certified statement, especially as to the truth of something : (recognized), (trusted) ( )

: (Public Key Certificate) person, device, (entity) . (Certification Authority) (person) (entity) (digitally signed). : .

CAI&Simul

1. (Public Key User) : (copy) (message originator) (verifier)Certification authority(CA) : (CERT) Manual Public-Key Distributiondiskette (Public key Certificate) (public key value) (certificates subject) person, device, (other) entity. , (legal entity) CA (subscriber) .

CAI&Simul

Digital Signature(CA) (Identification Info.)(Subject) (CA) (CERT)CA

CAI&Simul

(2) . . . Certificates can be distributes without needing to be protected via the traditional communications security service of confidentiality, authentication, and integrity. ( ) (confidentiality) . (authentication) (integrity) .CERTs Self Protecting : (CA : .) : CA .

Primary Benefit: party (CAs public key) , party .

CAI&Simul

CA , : : CA . () CA . CA . ( CA () CA ) (recursively) , CA . Certificate chain, Certificate path root CA . root (nola) certificate path , CA .

CAI&Simul

(2) = B = ACertificate 1 = A = BCertificate 2 = = CCertificate 3Root Public Key( A)

Public Key key PairNola

CAI&Simul

, (basic Certificate) (Certification path model) Timeliness . - . . Start date/time Expiration date/time . ex) (compromised) , .

CAI&Simul

() . Closed Community: (one legal entity) ( ) confederation. ) ATM CA . Open Community: , CA , CA . CA Third-party CA .

CAI&Simul

() CA , CA .

(1) CA .

(2) (1) .

CAI&Simul

2. - Key-Pair

Private-Key Key-Pair holder system , back-up (archival) , back-up (archival) Public-Key (certificate authority) ( for input to certificate generation functions) .

CAI&Simul

(2)Key-pair Key-pair holder system key-pair . (non-repudiation) . private-key (lifetime) (party) private-key - .ANSI X9.57 standard Central System: Key-Pair key-pair holder . ( , ) key-pair . CA .

, backup, archival .

CAI&Simul

, : person, device, entity . 1. tamper-resistant hardware module, token ex) smart card, PCMCIA card . 2. password PIN . , password PIN (symmetric key) .

CAI&Simul

/ . , . , .

CAI&Simul

() -, ex) ex)

1. . . , , . 2. . 3. (archived) . 1. 4. () . .

CAI&Simul

(2) 1. backup, archived. . 2. , backup/archived . Ex) RSA , . Diffie-Hellman , , backup . 3. . (1) .

CAI&Simul

CA , (subscriber) CA . certificate application CA , . , ( ) . ( ) 3 : .

CAI&Simul

(2) online web browser front-end CA service .CA , . - online database

1. Off-line : , , password . 2. , , .

CAI&Simul

. . private-key . (subscriber) , , . CA , , , (certificate repository) . CA , . .

CAI&Simul

private-key (person, device entity) identity public-key . (personal presence)(Identification documents)

CAI&Simul

(local) LRA(Local Registration Authority) . .

(registering) , (de-registering), (identifying and authenticating)key-pair backed-up keys . (suspension or revocation) . personal token , token .

CAI&Simul

.CA -revocation . , . , . . , , , CA . CA . , .

CAI&Simul

4. , . , . (dissemination)

certificates self protecting

CAI&Simul

attach. ( ) . CA CA attach . .

CAI&Simul

, . (locally) . , . (public) (repository) (attractive) , query , . ITU X.500 Directory Service : , , . Microsoft Exchange Directory, Lotus Note Directory, Novells Netware Directory Directory Service(NDS)LDAP(internet Lightweight Directory Access protocol)X.500 access protocol- database .

CAI&Simul

, . ) S/MIME MOSS (chapter.5) e-mail , . Web .

CAI&Simul

6.5 X.509 Certification FormatISO/IEC/ITU X.509 version 1 : 1988version 2 : 1993version 3 : 1996

CAI&Simul

X.500 Names X.509 X.500 directory system Version 1&2 X.500 names : subject issuers DNDITRDN , , , entry DN . EX> common name, telephone number, e-mail addressDN RDN entry DN entry root entry , DN entry entry entry EX) Common Name = Roy Mills

CAI&Simul

Figure 6.4 Example X.500 Name Construction

CAI&Simul

X.500 NamesIssuer unique identifier & subject unique identifier fieldX.509 version 2 : X.500 access control facility X.500 name Unique Identifier implementation View EX> X.500 name (uniqueness) Relative Distinguish Name EX> employee number

CAI&Simul

Object Registration(1) algorithm identifier : CA Algorithm identifiersa) Digital signature, using DSS with the SHA hash functionb) Digital signature, using RSA with the MD5 hash functionc) Encryption Key establishment, using RSA key transportd) Encryption key establishment, using a certified Diffie-Hellman technique Object registration system : Object identifier mechanismObject identifiertop-most level (value)0 (for ITU use), 1(for ISO use), 2 (for joint ISO-ITU use)

CAI&Simul

Figure 6.5 Object Identifier Example1(ISO)2 (Joint-ISO-ITU-T)O(ITU-T)16 (country)840 (US)1 (organization)15678(sharons)1 (algorithms)4 (policies)66 (sharons-super-algorithm)Object Identifier:{Joint-ISO-ITU-T(2) country(16)us(840) organization (1) sharons (15678) algorithms (1) sharons-super-algorithm (66) }

CAI&Simul

Table 6.2 Some Common Algorithm identifiers

CAI&Simul

Extended(version 3) Certificate Format (1) X. 509 version 1 & 2 (1993-94)X. 509 (a) subject - , subject (b) subject-identifying information (c) Application (d) (e) X.509 version 3

CAI&Simul

Figure 6.6 X.509 version 3 Certificate Version Serial NumberSignature algorithm IdentifierIssuer(CA) X.500 nameValidity Period(start and Expiry Dates/Time)Subject X.500 nameSubject Public Key Information Algorithm IdentifierPublic Key ValueIssuer Unique IdentifierSubject Unique Identifier Certification Authoritys Digital Signature Generate Digital Signature Certification Authority Private Key ExtensionsIssuer (Certification Authority) X. 500 Name OptionalExtension Simple flag: Non-critical, critical

CAI&Simul

Naming in X.509 Version 3 version X.509 version 3 naming entity (name) .X.509 name internet e-mail address;Internet domain name;X.400 e-mail address;X.500 directory name;EDI party name;Web Uniform Resource Identifier;Internet IP address;Registered identifier;other name

CAI&Simul

Standard Certificate ExtensionsStandard extension groupKey and policy informationsubject issuer key indicator of certificate policy.Implementation of PKI Subject and Issuer attributessubject issuer name subject Certification path constraint Extension related to certificate revocation lists(CRLs)ISO/IEC, ITU, ANSI X9

CAI&Simul

Standard Certificate ExtensionsKey and Policy Information ExtensionAuthority Key Identifier - key identifier pointerkey identifier certificate pointerSubject Key IdentifierKey UsagePrivate-key Usage PeriodCertificate PoliciesPolice Mapping

CAI&Simul

Standard Certificate ExtensionsSubject and Issuer Attributes extensions Subject Alternative Name: X.500 name (E-mail)Issuer Alternative Name : name Subject Directory Attributes :subject Certification Path Constraints extensions Basic Constraints:subject CA name Constraints:name-space Policy Constraints: constrain

CAI&Simul

6.6 Certificate Revocation start date/time + expiration date/time CA name , subject , CA .subscriber CA subscriber CA source local registration authority

CAI&Simul

Certificate Revocation Lists(CRLs)CA CRL : CA time-stamped , CRL , serial number CRL CRL CRL CRL Off-cycle CRL

CAI&Simul

Figure 6.7 Simple Certificate Revocation Lists(CRLs)Issuer Name CRL Issue Time/DateCertificate Serial NumberRevocation Time/DateCertification Serial NumberRevocation Time/Date

Certification Serial NumberRevocation Time/DateIssuers Digital Signature Generate Digital SignatureCertification Authoritys private Key

CAI&Simul

Broadcast Revocation Lists(1)Pull method of CRL distribution (periodic revocation list )Push method : (secure e-mail, protected transaction protocol)

CAI&Simul

Broadcast Revocation Lists(2)MISSI(The U.S. Department of Defense Multi-level Information System)Broadcast Revocation Lists MOSAIC , broadcast X.509 version 2 indirect CRLsCKL (Compromised Key list) secure e-mail secure e-mail Broadcast revocation list entire network global, open commercial infrastructure

CAI&Simul

Immediate Revocation real-time revocation checking or online status checking CA CA online transaction: CA , Real-time . (operation )(a) Removal From repository: (b) Trusted certificate server or directory: (a) (c) Fine granularity periodic CRLs

CAI&Simul

Revocation Process Time-line(a) Issue of CRL 1 : CRL(b) Compromise occurs(c) Revocation Request(d) Revocation Time(e) Issue of CRL 2: CRL

CAI&Simul

Revocation Process Time-linePeriod (b) - (c) CA subscriber Period (c) - (b) : CA Period (d) - (e) CRL 2 (periodic CRL ) (Immediate revocation ) Period after (e) CA ,

CAI&Simul

Figure 6.9 X.509 CRL Format

CAI&Simul

General ExtensionsGeneral extensionCRL NumberReason CodeInvalidity Datereason code extensionKey CompromiseCA CompromiseAffiliation ChangedSupercededCessation of Operation Standard Extension General extensions CRL distribution points Delta-CRLs remove from CRL Indirect CRLs; and, Certificate suspensionCertificate holdAuthority Key IdentifierIssuer Alternative Name

CAI&Simul

CRL Distribution PointsCRL CRL entry Subject : X. 509 version 1&2one for end-user subjects one for other CA CRL

CAI&Simul

CRL Distribution PointsX. 509 version 3 & version 2 CRL CA CRL distribution point name CRL Distribution Points , CRL Issuing Distribution PointCRL Distribution Point name CRL CRL CRL CRL

CAI&Simul

Delta-CRLsCRL CRL CRL CRL DataBase PC Delta CRL Indicatordelta CRL reason code extension entry

CAI&Simul

Indirect CRLs CA CRL . CRL CA . CRL performance . CRL distribution point CRL extension CRL ,CRL field CRL CRL CRL Issuing Distribution Point extension CRL entry Certification IssuerCRL entry default

CAI&Simul

Certificate Suspension CA CA Certificate suspension (ASNI X9)CRL item . entry CRL . held reason code CRL entry extension Instruction code instruction identifier inclusion CA card/token .

CAI&Simul

version: x.509 . serial number : CA , . signature algorithm identifier:CA Issuer: CA x.500 namevalidity : /subject : x.500 subject public-key information : subject ( )Issuer unique idnetifier : subject unique identifier : extension .extension part version 2 .extension type: extension type object identifier valueCritical indicator:Critical/Non-criticalSubject Alternative Name subject name field.Issuer Alternative Name: name field(a) community . . . (b) , CRL . CA CRL .