electronic signature

Electronic Signature석사 29기 박준영

Contents• Definition

• PKI-Electronic Signature + MITM Attack

• Public Certificate

• Certificate Formats (Components)

• Certificate Authorities

• Improved Signing Procedure

• Non-repudiation Function

• Q & A

• Signature electronically

• Certificate one’s identity

• Equivalent to handwritten signatures

Definition

PKI E-Signature

• Hash(D1) => H1

• Encrypt(KeyE, H1) => S;

• C1 = {D1, S, KeyD}

• C1 => D1, S, KeyD;

• Decrypt(KeyD, S) => H1;

• Hash(D1) => H1;

• H1 == H1;

Alice Bob

PKI E-Signature (MITM)

• Hash(D1) => H1

• Encrypt(KeyE, H1) => S;

• C1 = {D1, S, KeyD}

• C2 => D2, S, KeyD;

• Decrypt(KeyD, S) => H1;

• Hash(D2) => H2;

• H1 != H2;

• C1 => D1, S, KeyD • D1 => D2; • C2 = {D2, S, KeyD} • C1 => C2

Alice

Bob

Hacker

• C2 => D2, S2, FKeyD;

• Decrypt(FKeyD, S2) => H2;

• Hash(D2) => H2;

• H2 == H2;

PKI E-Signature (MITM)

• Hash(D1) => H1

• Encrypt(KeyE, H1) => S;

• C1 = {D1, S, KeyD}

• C1 => D1, S, KeyD

• D1 => D2;

• Hash(D2) => H2;

• Encrypt(FKeyE, H2) => S2;

• C2 = {D2, S2, FKeyD}

• C1 => C2

Hacker

Alice

Bob

Public Certificate

• Electronic ID Card

• Validate Electronic Signature

• Need 3-party Certification Authority(CA)

Public Certificate

PKCS#12 Format File(.p12)

Certificate + Private Key Using when Import / Export

Public Certificate (.der / .pem)

DER / PEM DER : Binary formed cert. PEM : Base64 encoded cert.

Private Key

Keep it Secret!!

Certificate Contents (X. 509)

• Key-Usage

• Public Key

• Thumbprint Algorithm

• Thumbprint

• Serial Number

• Subject

• Signature Algorithm

• Signature

• Issuer

• Valid-From

• Valid-To

Certificate Authorities

ROOT CA

ROOT CA

SUB CA

- Korea(For e-commerce)

Certificate Authorities

SSL Certificate Market Share (August 2014) (http://www.whichssl.com/comparisons/market-share.html)

- World

Improved Signing Procedure

Hash data ⬇

Encrypt hashed data (Signature) ⬇

Attach Certificate with Signature & Data

⬇ Send via network (D-Signed data)

”Digital Signature diagram" by Acdx

Improved Signing Procedure

”Digital Signature diagram" by Acdx

Receive D-Signed data ⬇

Detach Data & Signature ⬇

Check Certificate via CA ⬇

Compare Hashed Data and Decrypted Data

⬇ Verify

Non-repudiation

Reference• 네이버 애플리케이션의 전자 서명 원리(http://helloworld.naver.com/helloworld/textyle/744920)

• SSL Certificate Market Share (http://www.whichssl.com/comparisons/market-share.html)

• Solo, David, Russell Housley, and Warwick Ford. "Internet X. 509 public key infrastructure certificate and certificate revocation list (CRL) profile." (2002).

• Public Certificate Sample (Hana Bank Corp.)

• Digital Signature Diagram by Acdx (Wikipedia)

Electronic Signature

Q & A