Upload
korea-university
View
45
Download
4
Embed Size (px)
Citation preview
Electronic Signature석사 29기 박준영
Contents• Definition
• PKI-Electronic Signature + MITM Attack
• Public Certificate
• Certificate Formats (Components)
• Certificate Authorities
• Improved Signing Procedure
• Non-repudiation Function
• Q & A
• Signature electronically
• Certificate one’s identity
• Equivalent to handwritten signatures
Definition
PKI E-Signature
• Hash(D1) => H1
• Encrypt(KeyE, H1) => S;
• C1 = {D1, S, KeyD}
• C1 => D1, S, KeyD;
• Decrypt(KeyD, S) => H1;
• Hash(D1) => H1;
• H1 == H1;
Alice Bob
PKI E-Signature (MITM)
• Hash(D1) => H1
• Encrypt(KeyE, H1) => S;
• C1 = {D1, S, KeyD}
• C2 => D2, S, KeyD;
• Decrypt(KeyD, S) => H1;
• Hash(D2) => H2;
• H1 != H2;
• C1 => D1, S, KeyD • D1 => D2; • C2 = {D2, S, KeyD} • C1 => C2
Alice
Bob
Hacker
• C2 => D2, S2, FKeyD;
• Decrypt(FKeyD, S2) => H2;
• Hash(D2) => H2;
• H2 == H2;
PKI E-Signature (MITM)
• Hash(D1) => H1
• Encrypt(KeyE, H1) => S;
• C1 = {D1, S, KeyD}
• C1 => D1, S, KeyD
• D1 => D2;
• Hash(D2) => H2;
• Encrypt(FKeyE, H2) => S2;
• C2 = {D2, S2, FKeyD}
• C1 => C2
Hacker
Alice
Bob
Public Certificate
• Electronic ID Card
• Validate Electronic Signature
• Need 3-party Certification Authority(CA)
Public Certificate
PKCS#12 Format File(.p12)
Certificate + Private Key Using when Import / Export
Public Certificate (.der / .pem)
DER / PEM DER : Binary formed cert. PEM : Base64 encoded cert.
Private Key
Keep it Secret!!
Certificate Contents (X. 509)
• Key-Usage
• Public Key
• Thumbprint Algorithm
• Thumbprint
• Serial Number
• Subject
• Signature Algorithm
• Signature
• Issuer
• Valid-From
• Valid-To
Certificate Authorities
ROOT CA
ROOT CA
SUB CA
- Korea(For e-commerce)
Certificate Authorities
SSL Certificate Market Share (August 2014) (http://www.whichssl.com/comparisons/market-share.html)
- World
Improved Signing Procedure
Hash data ⬇
Encrypt hashed data (Signature) ⬇
Attach Certificate with Signature & Data
⬇ Send via network (D-Signed data)
”Digital Signature diagram" by Acdx
Improved Signing Procedure
”Digital Signature diagram" by Acdx
Receive D-Signed data ⬇
Detach Data & Signature ⬇
Check Certificate via CA ⬇
Compare Hashed Data and Decrypted Data
⬇ Verify
Non-repudiation
Reference• 네이버 애플리케이션의 전자 서명 원리(http://helloworld.naver.com/helloworld/textyle/744920)
• SSL Certificate Market Share (http://www.whichssl.com/comparisons/market-share.html)
• Solo, David, Russell Housley, and Warwick Ford. "Internet X. 509 public key infrastructure certificate and certificate revocation list (CRL) profile." (2002).
• Public Certificate Sample (Hana Bank Corp.)
• Digital Signature Diagram by Acdx (Wikipedia)
Electronic Signature
Q & A