Signature Validity States

Size: px
Start display at page:

Download "Signature Validity States"

Transcription

1 Validity States Danny De Cock Katholieke Universiteit Leuven/Dept. Elektrotechniek (ESAT) Computer Security and Industrial Cryptography (COSIC) Kasteelpark Arenberg 10, bus 2452 B-3001 Heverlee Belgium Slide 1

2 Validity A B C D E F G H I J K Time verification generation Start using key pair Publish public key Key pair generation Public key expires Private key expires [CJ]: New valid signatures may be generated [AC], [K, [: All signature verifications fail [J, [: Illegal to generate new signatures [C, [: s can be legally binding if verified in [CJ[ Slide 3

3 Validity with Revocation A B C D E F G H I J K Key pair generation verification generation Revoked certificate Suspended certificate Incident Last valid signature before the incident [GH]: s created in [GI] should be invalid, H may be equal to I [I, [: Illegal to generate new signatures [CG[: New valid signatures may be generated [AC], [H, [: verification returns invalid [CF]: s validated before F may be valid forever Time Public key expires Private key expires Slide 4

4 Long Term s Alice produces a digital signature on data D that will resist time: Alice collects a time stamp ts 1 from a trusted third party (TTP) Alice produces a digital signature DigSig Alice (D,ts 1 ) on the time stamp ts 1 and the data D TTP validates a digital signature DigSig Alice (D,ts 1 ) at time ts 2 TTP computes a digital signature DigSig TTP (DigSig Alice (D,ts 1 ),ts 2 ) if and only if the TTP Has validated Alice s digital signature, and Confirms that the signature and Alice s full certificate chain was valid at time ts 2 Alice can now indefinitely rely on DigSig TTP (DigSig Alice (D,ts 1 ),ts 2 ), even if her public key must be revoked, e.g., at time ts 3 (after ts 2 ), or if her public key expires ts 1 DigSig Alice (D,ts 1 ) ts 2 DigSig TTP (DigSig Alice (D,ts 1 ),ts 2 ) ts 3 Time Note: This procedure assumes that no cryptographic weaknesses are discovered in the signature generation and validation algorithms and procedures Slide 5

5 Archiving Signed Data Digital signatures remain valid forever if one stores: The digitally signed data The digital signature on the data The signer s certificate A proof of validity of the signer s certificate The verification timestamp of the signature Bottom line: The integrity of this data should be protected! There is no need to retrieve the status of a certificate in the past! Protect your proofs in a digital vault Slide 6

6 Generation/Verification 2 3 PIN Creation Engine 1 4 Hash OCSP Hash Verification Engine Bob 12 P Alice 7 CRL 1. Compute hash of message 2. Prepare signature 3. Present user PIN 4. SCD generates digital signature 5. Collect digital signature 6. Retrieve signer certificate 10. Compute hash on received message 7. Verify the certificate s revocation status. Verify digital signature 8. Retrieve public key from signer certificate 12. SVD outputs valid signature 9. Retrieve digital signature on the message or invalid signature Beware Bob should validate Alice s certificate Beware Belgian eid Card, Technical Aspects Slide 7

7 Generation Steps 2 3 PIN Creation Engine P 1 4 hash 5 Alice Alice s application 1. Calculates the cryptographic hash on the data to be signed 2. Prepares her eid card to generate an authentication signature or to generate a non-repudiation signature 3. Alice presents her PIN to her eid card 4. Her card generates the digital signature on the cryptographic hash 5. The application collects the digital signature from her eid card Bob receives an envelope with a digitally signed message and a certificate Belgian eid Card, Technical Aspects Slide 8

8 Bob Verification Steps 6. Retrieves the potential sender s certificate 7. Verifies the certificate s revocation status 8. Extracts Alice s public key from her certificate 9. Retrieves the signature from the message 10. Calculates the hash on the received message. Verifies the digital signature with the public key and the hash 12. If the verification succeeds, Bob knows that the eid card of Alice was used to produce the digital signature 6 The message comes from Alice is a business decision OCSP CRL hash Bob Verification Engine 12 Belgian eid Card, Technical Aspects Slide 9

Belgian eid Card Technicalities

Belgian eid Card Technicalities Belgian eid Card Technicalities Danny De Cock Danny.DeCock@esat.kuleuven.be Katholieke Universiteit Leuven/Dept. Elektrotechniek (ESAT) Computer Security and Industrial Cryptography (COSIC) Kasteelpark

More information

EXBO e-signing Automated for scanned invoices

EXBO e-signing Automated for scanned invoices EXBO e-signing Automated for scanned invoices Signature Policy Document OID: 0.3.2062.7.2.1.12.1.0 Approval Status: Approved Version: 1.0 Page #: 1 of 13 1. Introduction 1.1. Scope This document covers

More information

IFY e-signing Automated for scanned invoices

IFY e-signing Automated for scanned invoices IFY e-signing Automated for scanned invoices Signature Policy Document OID: 0.3.2062.7.2.1.13.1.0 Approval Status: Approved Version: 1.0 Page #: 1 of 13 1. Introduction 1.1. Scope This document covers

More information

Background. Network Security - Certificates, Keys and Signatures - Digital Signatures. Digital Signatures. Dr. John Keeney 3BA33

Background. Network Security - Certificates, Keys and Signatures - Digital Signatures. Digital Signatures. Dr. John Keeney 3BA33 Background Network Security - Certificates, Keys and Signatures - Dr. John Keeney 3BA33 Slides Sources: Karl Quinn, Donal O Mahoney, Henric Johnson, Charlie Kaufman, Wikipedia, Google, Brian Raiter. Recommended

More information

Chapter 9: Key Management

Chapter 9: Key Management Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures Slide #9-1 Overview Key exchange Session vs. interchange

More information

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III Cryptography III Public-Key Cryptography Digital Signatures 2/1/18 Cryptography III 1 Public Key Cryptography 2/1/18 Cryptography III 2 Key pair Public key: shared with everyone Secret key: kept secret,

More information

Certificateless Public Key Cryptography

Certificateless Public Key Cryptography Certificateless Public Key Cryptography Mohsen Toorani Department of Informatics University of Bergen Norsk Kryptoseminar November 9, 2011 1 Public Key Cryptography (PKC) Also known as asymmetric cryptography.

More information

Digital signatures: How it s done in PDF

Digital signatures: How it s done in PDF Digital signatures: How it s done in PDF Agenda Why do we need digital signatures? Basic concepts applied to PDF Digital signatures and document workflow Long term validation Why do we need digital signatures?

More information

Public-key Cryptography: Theory and Practice

Public-key Cryptography: Theory and Practice Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Chapter 1: Overview What is Cryptography? Cryptography is the study of

More information

Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1

Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1 Information Security message M one-way hash fingerprint f = H(M) 4/19/2006 Information Security 1 Outline and Reading Digital signatures Definition RSA signature and verification One-way hash functions

More information

PKI Services. Text PKI Definition. PKI Definition #1. Public Key Infrastructure. What Does A PKI Do? Public Key Infrastructures

PKI Services. Text PKI Definition. PKI Definition #1. Public Key Infrastructure. What Does A PKI Do? Public Key Infrastructures Public Key Infrastructures Public Key Infrastructure Definition and Description Functions Components Certificates 1 2 PKI Services Security Between Strangers Encryption Integrity Non-repudiation Key establishment

More information

Server-based Certificate Validation Protocol

Server-based Certificate Validation Protocol Server-based Certificate Validation Protocol Digital Certificate and PKI a public-key certificate is a digital certificate that binds a system entity's identity to a public key value, and possibly to additional

More information

Public Key Establishment

Public Key Establishment Public Key Establishment Bart Preneel Katholieke Universiteit Leuven February 2007 Thanks to Paul van Oorschot How to establish public keys? point-to-point on a trusted channel mail business card, phone

More information

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment. CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How

More information

Public Key Infrastructures

Public Key Infrastructures Foundations for secure e-commerce (bmevihim219) Dr. Levente Buttyán associate professor BME Hálózati Rendszerek és Szolgáltatások Tanszék Lab of Cryptography and System Security (CrySyS) buttyan@hit.bme.hu,

More information

ICS 180 May 4th, Guest Lecturer: Einar Mykletun

ICS 180 May 4th, Guest Lecturer: Einar Mykletun ICS 180 May 4th, 2004 Guest Lecturer: Einar Mykletun 1 Symmetric Key Crypto 2 Symmetric Key Two users who wish to communicate share a secret key Properties High encryption speed Limited applications: encryption

More information

ETSI TS V1.2.2 ( )

ETSI TS V1.2.2 ( ) TS 101 733 V1.2.2 (2000-12) Technical Specification Electronic signature formats 2 TS 101 733 V1.2.2 (2000-12) Reference DTS/SEC-004001 Keywords IP, electronic signature, security 650 Route des Lucioles

More information

Course Administration

Course Administration Lecture 6: Hash Functions, Message Authentication and Key Distribution CS 392/6813: Computer Security Fall 2010 Nitesh Saxena *Adopted from Previous Lectures by Nasir Memon Course Administration HW3 was

More information

Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy Homework 3 Due: Monday, 11/28/2016 at 11:55pm PT Solution: Will be posted

More information

Digital Certificates Demystified

Digital Certificates Demystified Digital Certificates Demystified Ross Cooper, CISSP IBM Corporation RACF/PKI Development Poughkeepsie, NY Email: rdc@us.ibm.com August 9 th, 2012 Session 11622 Agenda Cryptography What are Digital Certificates

More information

CT30A8800 Secured communications

CT30A8800 Secured communications CT30A8800 Secured communications Pekka Jäppinen October 31, 2007 Pekka Jäppinen, Lappeenranta University of Technology: October 31, 2007 Secured Communications: Key exchange Schneier, Applied Cryptography:

More information

EDTA, itext and INBATEK Conference. Bangkok, July 27, 2017

EDTA, itext and INBATEK Conference. Bangkok, July 27, 2017 EDTA, itext and INBATEK Conference Bangkok, July 27, 2017 Digital Signatures in PDF Basic concepts applied to PDF Architectures: server-side vs. client-side Digital signatures and document workflow Long

More information

Add or remove a digital signature in Office files

Add or remove a digital signature in Office files Add or remove a digital signature in Office files This article explains digital signatures (also known as digital ID), what they can be used for, and how you can use digital signatures in the following

More information

Public-Key Infrastructure NETS E2008

Public-Key Infrastructure NETS E2008 Public-Key Infrastructure NETS E2008 Many slides from Vitaly Shmatikov, UT Austin slide 1 Authenticity of Public Keys? private key Alice Bob public key Problem: How does Alice know that the public key

More information

L8: Public Key Infrastructure. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

L8: Public Key Infrastructure. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806 L8: Public Key Infrastructure Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806 9/21/2015 CSCI 451 - Fall 2015 1 Acknowledgement Many slides are from

More information

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman Public Key Infrastructure PKI National Digital Certification Center Information Technology Authority Sultanate of Oman Agenda Objectives PKI Features etrust Components Government eservices Oman National

More information

Digital Certificates. PKI and other TTPs. 3.3

Digital Certificates. PKI and other TTPs. 3.3 Digital Certificates. PKI and other TTPs. 3.3 1 Certification-service providers Spanish Law 59/03 Art. 2.2 or Directive 1999/93/EC Art. 2.11: Certification-service providers means an entity or a legal

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 8: Protocols for public-key management Ion Petre Department of IT, Åbo Akademi University 1 Key management two problems

More information

Lecture Notes 14 : Public-Key Infrastructure

Lecture Notes 14 : Public-Key Infrastructure 6.857 Computer and Network Security October 24, 2002 Lecture Notes 14 : Public-Key Infrastructure Lecturer: Ron Rivest Scribe: Armour/Johann-Berkel/Owsley/Quealy [These notes come from Fall 2001. These

More information

UNIT - IV Cryptographic Hash Function 31.1

UNIT - IV Cryptographic Hash Function 31.1 UNIT - IV Cryptographic Hash Function 31.1 31-11 SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service

More information

Ten Risks of PKI : What You re not Being Told about Public Key Infrastructure By Carl Ellison and Bruce Schneier

Ten Risks of PKI : What You re not Being Told about Public Key Infrastructure By Carl Ellison and Bruce Schneier Presented by Joshua Schiffman & Archana Viswanath Ten Risks of PKI : What You re not Being Told about Public Key Infrastructure By Carl Ellison and Bruce Schneier Trust Models Rooted Trust Model! In a

More information

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature Key Management Digital signatures: classical and public key Classic and Public Key exchange 1 Handwritten Signature Used everyday in a letter, on a check, sign a contract A signature on a signed paper

More information

ETSI TS V1.3.1 ( )

ETSI TS V1.3.1 ( ) TS 101 733 V1.3.1 (2002-02) Technical Specification Electronic signature formats 2 TS 101 733 V1.3.1 (2002-02) Reference RTS/SEC-004009 Keywords IP, electronic signature, security 650 Route des Lucioles

More information

Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy Homework 3 Due: Monday, 11/28/2016 at 11:55pm PT Solution: Will be posted

More information

Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop

Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop PACS Integration into the Identity Infrastructure Salvatore D Agostino CEO, IDmachines LLC 8 th Annual

More information

Lecture 4: Cryptography III; Security. Course Administration

Lecture 4: Cryptography III;  Security. Course Administration Lecture 4: Cryptography III; Email Security CS 336/536: Computer Network Security Fall 2014 Nitesh Saxena Course Administration HW/Lab 1 Posted Due at 11am on Sep 29 Labs are active starting this week

More information

ETSI TS V1.2.1 ( ) Technical Specification

ETSI TS V1.2.1 ( ) Technical Specification TS 102 778-3 V1.2.1 (2010-07) Technical Specification Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; Part 3: PAdES Enhanced - PAdES-BES and PAdES-EPES Profiles

More information

Validation Policy r tra is g e R ANF AC MALTA, LTD

Validation Policy r tra is g e R ANF AC MALTA, LTD Maltese Registrar of Companies Number C75870 and VAT number MT ANF AC MALTA, LTD B2 Industry Street, Qormi, QRM 3000 Malta Telephone: (+356) 2299 3100 Fax:(+356) 2299 3101 Web: www.anfacmalta.com Security

More information

Pretty Good Privacy (PGP)

Pretty Good Privacy (PGP) Pretty Good Privacy (PGP) -- PGP services -- PGP key management (c) Levente Buttyán (buttyan@crysys.hu) What is PGP? general purpose application to protect (encrypt and/or sign) files can be used to protect

More information

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr Content

More information

Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh

Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011 Outline Introduction Shared-key Authentication Asymmetric authentication protocols

More information

CSC 5930/9010 Modern Cryptography: Public-Key Infrastructure

CSC 5930/9010 Modern Cryptography: Public-Key Infrastructure CSC 5930/9010 Modern Cryptography: Public-Key Infrastructure Professor Henry Carter Fall 2018 Recap Digital signatures provide message authenticity and integrity in the public-key setting As well as public

More information

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018 Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS

More information

ETSI ES V1.1.3 ( )

ETSI ES V1.1.3 ( ) ES 201 733 V1.1.3 (2000-05) Standard Electronic Signature Formats 2 ES 201 733 V1.1.3 (2000-05) Reference DES/SEC-003007-1 Keywords IP, electronic signature, security 650 Route des Lucioles F-06921 Sophia

More information

INSTRUCTION FOR OPERATION WITH DESKTOP SIGNER

INSTRUCTION FOR OPERATION WITH DESKTOP SIGNER INSTRUCTION FOR OPERATION WITH DESKTOP SIGNER Version 1.50, February 2017 B-Trust Instruction Page 1 TABLE OF CONTENTS I. About the Program... 3 II. System requirements... 3 III. Installation... 4 IV.

More information

Internet Engineering Task Force (IETF) Request for Comments: 6283 Category: Standards Track. July 2011

Internet Engineering Task Force (IETF) Request for Comments: 6283 Category: Standards Track. July 2011 Internet Engineering Task Force (IETF) Request for Comments: 6283 Category: Standards Track ISSN: 2070-1721 A. Jerman Blazic S. Saljic SETCCE T. Gondrom July 2011 Abstract Extensible Markup Language Evidence

More information

Overview of Authentication Systems

Overview of Authentication Systems Overview of Authentication Systems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-07/

More information

6 Public Key Infrastructure 6.1 Certificates Structure of an X.509 certificate X.500 Distinguished Name and X.509v3 subjectalternativename

6 Public Key Infrastructure 6.1 Certificates Structure of an X.509 certificate X.500 Distinguished Name and X.509v3 subjectalternativename 6 Public Key Infrastructure 6.1 Certificates Structure of an X.509 certificate X.500 Distinguished Name and X.509v3 subjectalternativename Certificate formats (DER, PEM, PKCS #12) 6.2 Certificate Authorities

More information

Resolution of comments on Drafts ETSI EN to ETSI EN May 2014

Resolution of comments on Drafts ETSI EN to ETSI EN May 2014 Resolution of comments on Drafts ETSI EN 319 142-1 to ETSI EN 319 142-7 31 May 2014 PAdES Foreword: Please note that the following disposition of comments is provided to the light of the current context

More information

Security Digital Certificate Manager

Security Digital Certificate Manager System i Security Digital Certificate Manager Version 6 Release 1 System i Security Digital Certificate Manager Version 6 Release 1 Note Before using this information and the product it supports, be sure

More information

Authentication in Distributed Systems

Authentication in Distributed Systems Authentication in Distributed Systems Introduction Crypto transforms (communications) security problems into key management problems. To use encryption, digital signatures, or MACs, the parties involved

More information

IBM. Security Digital Certificate Manager. IBM i 7.1

IBM. Security Digital Certificate Manager. IBM i 7.1 IBM IBM i Security Digital Certificate Manager 7.1 IBM IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in

More information

Overview & Specification

Overview & Specification Electronic Signature Overview & Specification Version: 1.0 Author: Qatar Public Key Infrastructure Section Document Classification: PUBLIC Published Date: May 2018 Version: 1.0 Page 1 of 31 Document Information

More information

Configuring SSL CHAPTER

Configuring SSL CHAPTER 7 CHAPTER This chapter describes the steps required to configure your ACE appliance as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination. The topics included in this section

More information

CSE 565 Computer Security Fall 2018

CSE 565 Computer Security Fall 2018 CSE 565 Computer Security Fall 2018 Lecture 11: Public Key Infrastructure Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Public key infrastructure Certificates Trust

More information

Cryptographic Checksums

Cryptographic Checksums Cryptographic Checksums Mathematical function to generate a set of k bits from a set of n bits (where k n). k is smaller then n except in unusual circumstances Example: ASCII parity bit ASCII has 7 bits;

More information

Policy for electronic signature based on certificates issued by the hierarchies of. ANF Autoridad de Certificación

Policy for electronic signature based on certificates issued by the hierarchies of. ANF Autoridad de Certificación Registro Nacional de Asociaciones. Número 171.443. CIF G-63287510 Policy for electronic signature based on certificates issued by the hierarchies of Paseo de la Castellana,79-28046 - Madrid (Spain) Telephone:

More information

Configuring SSL. SSL Overview CHAPTER

Configuring SSL. SSL Overview CHAPTER CHAPTER 8 Date: 4/23/09 This topic describes the steps required to configure your ACE (both the ACE module and the ACE appliance) as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination.

More information

IBM i Version 7.2. Security Digital Certificate Manager IBM

IBM i Version 7.2. Security Digital Certificate Manager IBM IBM i Version 7.2 Security Digital Certificate Manager IBM IBM i Version 7.2 Security Digital Certificate Manager IBM Note Before using this information and the product it supports, read the information

More information

Chapter 10: Key Management

Chapter 10: Key Management Chapter 10: Key Management Session and Interchange Keys Key Exchange Key Generation Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures Slide #10-1 Overview Key exchange Session

More information

Requiring Digital Signatures and Certificates

Requiring Digital Signatures and Certificates DocuSign Quick Start Guide Requiring Digital Signatures and Certificates Overview If you are doing business in an industry or region of the world that demands digital signatures, you can leverage DocuSign

More information

Bart Preneel PKI. February Public Key Establishment. PKI Overview. Keys and Lifecycle Management. How to establish public keys?

Bart Preneel PKI. February Public Key Establishment. PKI Overview. Keys and Lifecycle Management. How to establish public keys? art Preneel How to establish public keys? Public Key Establishment art Preneel Katholieke Universiteit Leuven Thanks to Paul van Oorschot point-to-point on a trusted channel mail business card, phone direct

More information

Configuring SSL. SSL Overview CHAPTER

Configuring SSL. SSL Overview CHAPTER 7 CHAPTER This topic describes the steps required to configure your ACE appliance as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination. The topics included in this section are:

More information

ECE 646 Lecture 3. Key management

ECE 646 Lecture 3. Key management ECE 646 Lecture 3 Key management Required Reading Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E Chapter 14 Key Management and Distribution Using the same key for multiple

More information

Introduction to Cryptography Lecture 10

Introduction to Cryptography Lecture 10 Introduction to Cryptography Lecture 10 Digital signatures, Public Key Infrastructure (PKI) Benny Pinkas January 1, 2012 page 1 Non Repudiation Prevent signer from denying that it signed the message I.e.,

More information

Public Key Infrastructures

Public Key Infrastructures Public Key Infrastructures Certcoin Cryptography and Computer Algebra Prof. Johannes Buchmann Dr. Johannes Braun Background Blockchain Distributed database, consisting of a list of blocks Decentralized

More information

When HTTPS Meets CDN: A Case of Authentication in Delegated Services. J. Liang, J. Jiang, H. Duan, K. Li, T. Wan, J. Wu

When HTTPS Meets CDN: A Case of Authentication in Delegated Services. J. Liang, J. Jiang, H. Duan, K. Li, T. Wan, J. Wu When HTTPS Meets CDN: A Case of Authentication in Delegated Services J. Liang, J. Jiang, H. Duan, K. Li, T. Wan, J. Wu Problem statement: TLS, an End-to-End Protocol 2 Problem Statement: End-to-End Protocol

More information

APPLICATIONS AND PROTOCOLS. Mihir Bellare UCSD 1

APPLICATIONS AND PROTOCOLS. Mihir Bellare UCSD 1 APPLICATIONS AND PROTOCOLS Mihir Bellare UCSD 1 Some applications and protocols Internet Casino Commitment Shared coin flips Threshold cryptography Forward security Program obfuscation Zero-knowledge Certified

More information

Verteilte Systeme (Distributed Systems)

Verteilte Systeme (Distributed Systems) Verteilte Systeme (Distributed Systems) Lorenz Froihofer l.froihofer@infosys.tuwien.ac.at http://www.infosys.tuwien.ac.at/teaching/courses/ VerteilteSysteme/ Security Threats, mechanisms, design issues

More information

Diffie-Hellman. Part 1 Cryptography 136

Diffie-Hellman. Part 1 Cryptography 136 Diffie-Hellman Part 1 Cryptography 136 Diffie-Hellman Invented by Williamson (GCHQ) and, independently, by D and H (Stanford) A key exchange algorithm o Used to establish a shared symmetric key Not for

More information

SSL Certificates Certificate Policy (CP)

SSL Certificates Certificate Policy (CP) SSL Certificates Last Revision Date: February 26, 2015 Version 1.0 Revisions Version Date Description of changes Author s Name Draft 17 Jan 2011 Initial Release (Draft) Ivo Vitorino 1.0 26 Feb 2015 Full

More information

Garantía y Seguridad en Sistemas y Redes

Garantía y Seguridad en Sistemas y Redes Garantía y Seguridad en Sistemas y Redes Tema 2. Cryptographic Tools Esteban Stafford Departamento de Ingeniería Informá2ca y Electrónica Este tema se publica bajo Licencia: Crea2ve Commons BY- NC- SA

More information

Topics. Dramatis Personae Cathy, the Computer, trusted 3 rd party. Cryptographic Protocols

Topics. Dramatis Personae Cathy, the Computer, trusted 3 rd party. Cryptographic Protocols Cryptographic Protocols Topics 1. Dramatis Personae and Notation 2. Session and Interchange Keys 3. Key Exchange 4. Key Generation 5. Cryptographic Key Infrastructure 6. Storing and Revoking Keys 7. Digital

More information

Understanding HTTPS CRL and OCSP

Understanding HTTPS CRL and OCSP Understanding HTTPS CRL and OCSP Santhosh J PKI Body of Knowledge: Development & Dissemination Centre for Development of Advanced Computing (C-DAC) Bangalore Under the Aegis of Controller of Certifying

More information

Electronic Seal Administrator Guide Published:December 27, 2017

Electronic Seal Administrator Guide Published:December 27, 2017 Electronic Seal Administrator Guide Published:December 27, 2017 Copyright Version 4.25.2.3 Copyright 2003-2018 DocuSign, Inc. All rights reserved. For information about DocuSign trademarks, copyrights

More information

OPTIMISTIC NON-REPUDIABLE INFORMATION EXCHANGE

OPTIMISTIC NON-REPUDIABLE INFORMATION EXCHANGE OPTIMISTIC NON-REPUDIABLE INFORMATION EXCHANGE Steve Kremer and Olivier Markowitch Université Libre de Bruxelles, Computer Science Dept. Bld du Triomphe C.P.212, 1050 Bruxelles, Belgium skremer@ulb.ac.be,

More information

Fall 2010/Lecture 32 1

Fall 2010/Lecture 32 1 CS 426 (Fall 2010) Key Distribution & Agreement Fall 2010/Lecture 32 1 Outline Key agreement without t using public keys Distribution of public keys, with public key certificates Diffie-Hellman Protocol

More information

Cryptanalysis of a fair anonymity for the tor network

Cryptanalysis of a fair anonymity for the tor network Cryptanalysis of a fair anonymity for the tor network Amadou Moctar Kane KSecurity, BP 47136, Dakar, Senegal amadou1@gmailcom April 16, 2015 Abstract The aim of this paper is to present an attack upon

More information

e-sign and TimeStamping

e-sign and TimeStamping e-sign and TimeStamping Dr. Balaji Rajendran Centre for Development of Advanced Computing (C-DAC) Bangalore Under the Aegis of Controller of Certifying Authorities (CCA) Government of India 1 Recent Developments:

More information

SM9 identity-based cryptographic algorithms Part 2: Digital signature algorithm

SM9 identity-based cryptographic algorithms Part 2: Digital signature algorithm SM9 identity-based cryptographic algorithms Part 2: Digital signature algorithm Contents 1 Scope... 1 2 Normative references... 1 3 Terms and definitions... 1 3.1 message... 1 3.2 signed message... 1 3.3

More information

ETSI TS V1.5.1 ( )

ETSI TS V1.5.1 ( ) TS 101 733 V1.5.1 (2003-12) Technical Specification Electronic Signatures and Infrastructures (ESI); Electronic Signature Formats 2 TS 101 733 V1.5.1 (2003-12) Reference RTS/ESI-000017 Keywords electronic

More information

Certificate Revocation : A Survey

Certificate Revocation : A Survey Certificate Revocation : A Survey Gaurav Jain Computer Science Department University of Pennsylvania. Abstract With the increasing acceptance of digital certificates, there has been a gaining impetus for

More information

T Cryptography and Data Security

T Cryptography and Data Security T-79.4501 Cryptography and Data Security Lecture 10: 10.1 Random number generation 10.2 Key management - Distribution of symmetric keys - Management of public keys Stallings: Ch 7.4; 7.3; 10.1 1 The Use

More information

Disclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates

Disclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates Disclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates Index INDEX... 2 1. DISCLOSURE TEXT APPLICABLE TO NATURAL PERSON CERTIFICATES ISSUED ON QSCD...

More information

Kerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos

Kerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos Kerberos and Public-Key Infrastructure Key Points Kerberos is an authentication service designed for use in a distributed environment. Kerberos makes use of a thrusted third-part authentication service

More information

CertDigital Certification Services Policy

CertDigital Certification Services Policy CertDigital Certification Services Policy Page: 2 ISSUED BY : DEPARTAMENT NAME DATE ELECTRONIC SERVICES COMPARTMENT COMPARTMENT CHIEF 19.03.2011 APPROVED BY : DEPARTMENT NAME DATE MANAGEMENT OF POLICIES

More information

Avira Certification Authority Policy

Avira Certification Authority Policy Avira Certification Authority Policy Version: 1.0 Status: Draft Updated: 2010-03-09 Copyright: Avira GmbH Author: omas Merkel Introduction is document describes the Certification Policy (CP) of Avira Certification

More information

ISO/IEC INTERNATIONAL STANDARD

ISO/IEC INTERNATIONAL STANDARD INTERNATIONAL STANDARD ISO/IEC 15945 First edition 2002-02-01 Information technology Security techniques Specification of TTP services to support the application of digital signatures Technologies de l'information

More information

SSH Communications Tectia SSH

SSH Communications Tectia SSH Secured by RSA Implementation Guide for 3rd Party PKI Applications Last Modified: December 8, 2014 Partner Information Product Information Partner Name Web Site Product Name Version & Platform Product

More information

Xolido Sign Desktop. Xolido Sign Desktop. V2.2.1.X User manual XOLIDO. electronic signature, notifications and secure delivery of documents

Xolido Sign Desktop. Xolido Sign Desktop. V2.2.1.X User manual XOLIDO. electronic signature, notifications and secure delivery of documents Xolido Sign Desktop Xolido Sign Desktop V2.2.1.X XOLIDO electronic signature, notifications and secure delivery of documents Xolido Systems, S.A. C/ Pío del Río Hortega, 8 2ª Planta, Oficina 7 47014 Valladolid

More information

DIGITALSIGN - CERTIFICADORA DIGITAL, SA.

DIGITALSIGN - CERTIFICADORA DIGITAL, SA. DIGITALSIGN - CERTIFICADORA DIGITAL, SA. TIMESTAMP POLICY VERSION 1.1 21/12/2017 Page 1 / 18 VERSION HISTORY Date Edition n.º Content 10/04/2013 1.0 Initial drafting 21/12/2017 1.1 Revision AUTHORIZATIONS

More information

Computer Security 3e. Dieter Gollmann. Chapter 15: 1

Computer Security 3e. Dieter Gollmann.  Chapter 15: 1 Computer Security 3e Dieter Gollmann www.wiley.com/college/gollmann Chapter 15: 1 Chapter 15: Key Establishment Chapter 15: 2 Introduction Crypto transforms (communications) security problems into key

More information

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by

More information

Certification Policy of CERTUM s Certification Services Version 4.0 Effective date: 11 August 2017 Status: archive

Certification Policy of CERTUM s Certification Services Version 4.0 Effective date: 11 August 2017 Status: archive Certification Policy of CERTUM s Certification Services Version 4.0 Effective date: 11 August 2017 Status: archive Asseco Data Systems S.A. Podolska Street 21 81-321 Gdynia, Poland Certum - Powszechne

More information

Configuring Certificate Authorities and Digital Certificates

Configuring Certificate Authorities and Digital Certificates CHAPTER 43 Configuring Certificate Authorities and Digital Certificates Public Key Infrastructure (PKI) support provides the means for the Cisco MDS 9000 Family switches to obtain and use digital certificates

More information

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018 Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to

More information

Kurose & Ross, Chapters (5 th ed.)

Kurose & Ross, Chapters (5 th ed.) Kurose & Ross, Chapters 8.2-8.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) Addison-Wesley, April 2009. Copyright 1996-2010, J.F Kurose and

More information

Send documentation comments to

Send documentation comments to CHAPTER 6 Configuring Certificate Authorities and Digital Certificates This chapter includes the following topics: Information About Certificate Authorities and Digital Certificates, page 6-1 Default Settings,

More information

Key Escrow. Desirable Properties

Key Escrow. Desirable Properties Key Escrow Key escrow system allows authorized third party to recover key Useful when keys belong to roles, such as system operator, rather than individuals Business: recovery of backup keys Law enforcement:

More information

Grid Security Infrastructure

Grid Security Infrastructure Grid Computing Competence Center Grid Security Infrastructure Riccardo Murri Grid Computing Competence Center, Organisch-Chemisches Institut, University of Zurich Oct. 12, 2011 Facets of security Authentication

More information