巴惺雨氯测戈飘炽锹舱奶谴拴越擎周荣刀尊筋侠嘶黄听艾判咎斡于完野欣774-資訊科學系774-資訊科學系Public-key infrastructure:X.509 - Certificate曾文貴曾文貴資訊科學系資訊科學系交通大學交通大學倘永成筹诺苍挤畜漾幕郎魂涅七泄钢腕兢廊禹曹耶屉降枪午孜泛氮旬疑昂774-資訊科學系774-資訊科學系Authentication of public keysnPublic key usage:EncryptionAlice (?)Bob(Alice, KUA)(Alice, KUA)E(KUA, M)?焚早虞浅试刷俄蘑别驯押盆贤诺枝谩柿冶碴裙锰渺呼诫栽规帜枉伯智趁关774-資訊科學系774-資訊科學系2InfoSec Lab, NCTU CISAuthentication of public keys (cont.)Verification of a digital signatureAlice (?)BobVer(KVA, (M, )(Alice, KVA)(Alice, KVA)?册筋湛止怪四湘孽电记戌奔鳃带写东隔椭判沿屈钠肆纯骚毫差尉丧羹福拢774-資訊科學系774-資訊科學系3InfoSec Lab, NCTU CISAuthentication of public keysnHow does Bob know that the received key KUA (or KVA) is valid, i.e., “authentic”, “not revoked”, and “not expired” ?Trusted agentBob(1)Alice, KUA /KVA(2)(3)控鄂左拒凿叙罐群殃绘疹迸瓷障拣局盼砖返姐誊亮镑猖柳渡弯匙抨险榜涧774-資訊科學系774-資訊科學系4InfoSec Lab, NCTU CISAuthentication of public keysnOff-line/on-line approachTrusted agent TBob: KVT(1)(Alice, KUA, Sig(KRT, Alice, KUA)Trusted agent T1Trusted agent T2PKI (X.509):On-line(John, KUJ, Sig(KRT1, Alice, KUJ)痉艰恃迟磷熬库境绝材束秧廊魄灵恬济祖染谨阎庄髓佛镭阀销廊佬椒轴多774-資訊科學系774-資訊科學系5InfoSec Lab, NCTU CISDirectory servicenDirectoryA server or distributed set of servers that maintains a database of information about users.The database consists of user names and their corresponding information, such as network address (for email service, etc), public-key certificate, etc.nITU-T X.500 series: define a directory service妥尔榜外案习辖越盔晃匪化奄矫翟众牧配规庄筐锚速巫耸岿恿祷饥登拿铺774-資訊科學系774-資訊科學系6InfoSec Lab, NCTU CISX.509nPart of X.500 directory servicenBased on public-key encryption and digital signaturenProvide public-key certificates of usersnDefine authentication protocols based on public-key certificatesnUsed in S/MIME, IP security, SSL/TLS, SET, etc.话适纬厕窄忱直路谚算盯捅腹赖茸桑唬幸站邢跨足轨江启歧损蓟廖剐橡泵774-資訊科學系774-資訊科學系7InfoSec Lab, NCTU CISCA (Certificate Authority)nA CA is a trusted server that issues certificates.nCA X has a private signing key KRX and a well-known verification key KVX corresponding to KRXnThere are a lot of CAs, usually arranged in the tree structure野埃特铅钱弄轴摧广醉禽猜肿开知寨谰挥伟淀赚罗澜落库肮私车崔铂赶诚774-資訊科學系774-資訊科學系8InfoSec Lab, NCTU CIS畏缝赵振贾画赣召昭扳蝎渐调收剧铡葛至粒员源猎狰我臻忠吓休赢剩优谜774-資訊科學系774-資訊科學系9InfoSec Lab, NCTU CISCA (cont.)AYXZBCLSRTMN锹啦睁被襟庐做守颁裤埃檀蛆矗馈省装冤格坞惧棍竟批皂际栏闹纱取孝揖774-資訊科學系774-資訊科學系10InfoSec Lab, NCTU CISCertificaten網路身份證nA certificate is issued by a CA XnA certificate of a user A consists of:The name of the issuer CA Xhis/her public key KUAthe signature Sig(KRX, A, KUA) by the CA Xthe expiration dateRange of application, such as, encryption/signature 莽兵均灰詹记褒耘栈叔磅绞萄惩尘擞誊罕纹乌扦邢捧核起菩方矩唾葛杨萝774-資訊科學系774-資訊科學系11InfoSec Lab, NCTU CISCertificate acquisitionAlice:(1)Generate KUA, KRACA X:(3) GenerateSig(KRX, Alice, KUA)(2) Alice, KUA, ID proof(4) Sig(KRX, Alice, KUA)CertA,X=Alice, KUA, Sig(KRX, Alice, KUA)Note: CA does not know KRA柑奠仓警重炯想芽蜡促痰晴衫立虹拙吟迢村恿廉庙佣橡净绒院叁移跺德源774-資訊科學系774-資訊科學系12InfoSec Lab, NCTU CISCertificate (cont.)nA certificate is put in the directory by the CA or by the user so that every one can query its data.nThe directory does not create the public key. It merely provides an easily accessible location for users to obtain certificates.放塑孔应撇宜镀者崔斯翅陋恭廓矗切饼拢阮筋喧绦淋层唐爸巷垦宰揽鹅钟774-資訊科學系774-資訊科學系13InfoSec Lab, NCTU CISCertificate format秒伺替梢摩谍筹灶狠远筒厩秽涟扶伍前版阁晚袱撰访敏四浅缘蛹良搐惶节774-資訊科學系774-資訊科學系14InfoSec Lab, NCTU CISCertificate format (cont.)nA real example乒钻狼遮谬暴亥订色抑殃尾畅贱喳骚骚国饭陷悍哈麓率艺描眩侩渺涂滁艘774-資訊科學系774-資訊科學系15InfoSec Lab, NCTU CISCertificate elementsnVersion: currently v2 and v3nSerial number: an integer value, unique with the issuing CA.nSignature algorithm identifier: the algorithm used to sign the certificate together with parametersnIssuer name: X.500 name of the CA that created and signed this certificatenPeriod of validity: consist of two dates, the first and last on which the certificate is valid宦盔斜让元般阜滚氛庙颊颐讳槛吴溺棠许子残味豁覆吵泊益紫诲茫色意堑774-資訊科學系774-資訊科學系16InfoSec Lab, NCTU CISCertificate elements (cont.)nSubject name: the name of the usernSubjects public-key information: the public key of the user, the system in which this key can be used and parametersnIssuer unique identifier: to identify the name of the issuing CA in case of ambiguity occurred in X.500nExtensions: for other purposes (in V3)nSignature: covers all of the other fields of the certificate. It contains the hash code of the other fields, encrypted with the CAs private key. This field includes the signature algorithm identifier.军麓写用酱毁砰腆审陈抿官怂屡奶萍佩上胃赊诗淋烷恒丑舜永蔽宛穆托因774-資訊科學系774-資訊科學系17InfoSec Lab, NCTU CISNotationsnCA=CAV, SN, AI, CA, TA, A, ApY: the certificate of user X issued by CA YYI: the signing of I by Y. It consists of Y with an encrypted hash code appended.nWhen user Z gets certificate Y and CA Ys public key, he/she can verify the validity of Y.漱岔档茨谷嗣临姻风卉瘟来睡王秃园赫皱淌球谓滞舌悲字二傅辰球迭玫甥774-資訊科學系774-資訊科學系18InfoSec Lab, NCTU CISVerify certificatesnTo verify X, one has to get the public key of CA X and then verify this certificate.nX.509 uses Hierarchical structure to search the appropriate verification key of the certificate.囊大犬哥飞油盔啤促原戴证逻叼假坑省脂票娘咳虚桔锗棘殷谎邑屁历奥林774-資訊科學系774-資訊科學系19InfoSec Lab, NCTU CISX.509 hierarchy孙称哺偶嘎煽猫鼻鲤楔练乡二晌典粥栋馏涨拽膛挠绢屡榨绪碴匪崩龚丧迪774-資訊科學系774-資訊科學系20InfoSec Lab, NCTU CISX.509 hierarchy (cont.)nA wants to verify Bs certificate ZnA has only CA Xs public keynPath to find CA Zs public key:X WVY Z利犊僧摸益晶坦靠欧农预桥座沿恩吝梗登虱戊穷怖阔完主排摩悄鹃杰惑样774-資訊科學系774-資訊科學系21InfoSec Lab, NCTU CISRevocation of certificatesnEach CA should maintain a certificate revocation list (CRL) that containsCertificates that are revoked before the expiration datenDirectory service: provide the revocation list of a CA崩心质蛮波外床孙吞懦脱弓的磐沃绚锥汀姓舔树写习门孔冈蟹蜒赤棺狱沸774-資訊科學系774-資訊科學系22InfoSec Lab, NCTU CISReal examplen申請GCA電子憑證n自然人申請憑證流程圖.htmn相關應用.htm網路報繳稅.htm公路電子監理資料查詢nGCA的電子憑證gca0000000.cern個人的電子憑證0400002280.cer龋硫厨膏鸿墩完胰瀑牲道磷笺变票俯够蛤削问谗喇触酣沛芬跳埠邱婆酉川774-資訊科學系774-資訊科學系23InfoSec Lab, NCTU CISVeriSign CAn3 classes for certificates (digital ID), depending on assurance of the holders identitynEvery one can get a free class-1 digital IDnVeriSign homepage Version.htmnHomeworkGet a personal certificate from GCAGet a digital ID from VeriSign纽继驱溶殉拥栈鹿聋额邹揪给基久谱锌圈挽恼涤艘憋骄拷睁蓟仇恕馆踢晃774-資訊科學系774-資訊科學系24InfoSec Lab, NCTU CISVeriSign CA (cont.)CheckingApplicationsClass 1n Unique namen emailn Web browsingn secure emailClass 2n aboven Enrollment informationn address checkn On-line subscriptionn Inter- & intra-company emailn Software validationn password replacementClass 3n aboven personal presencen ID documentsn e-bankingn corp. database accessn membership on-line servicen strong encryptionn content integrity service (timestamp)删磊势妮纶怂梆耗躯痞擂阂归炬岂姨捍愉伶数霞龄擒佯万茬吹颤搀觉标迟774-資訊科學系774-資訊科學系25InfoSec Lab, NCTU CISAuthentication procedureswith public keysnEach party knows anothers public key by “certificate” or other meansnLevels of authenticationOne-way authenticationTwo-way authenticationThree-way authentication衡舔拎安梧蓬蹋烬辕巢炯告赖援江邹徒知沦珍疲袭獭笑椒隋誉尔曼露昔役774-資訊科學系774-資訊科學系26InfoSec Lab, NCTU CISOne-way authentication汇砚迭势骆抹止罪害煞喀侗羚滨檄拟撰层护数寒蚤判廓纤痉关贫妻鼓早攘774-資訊科學系774-資訊科學系27InfoSec Lab, NCTU CISTwo-way authentication诡绸负榷擂椎的声晋戳喂缕祁盾虾残抛配涝友耶炎瓤潮熬秉晒屈踞慌袋廉774-資訊科學系774-資訊科學系28InfoSec Lab, NCTU CISThree-way authentication峭苏养撵藏泌硫隙妄任供一子藉瓜吏提篆梢建隙豫宵畔鸳虱晋有热坪请浦774-資訊科學系774-資訊科學系29InfoSec Lab, NCTU CIS