EDTA, itext and INBATEK Conference. Bangkok, July 27, 2017

Similar documents
Digital signatures: How it s done in PDF

UELMA Exploring Authentication Options Nov 4, 2011

eidas-compliant signing of PDF

Digital Certificates Demystified

ETSI TS V1.2.1 ( ) Technical Specification

EXBO e-signing Automated for scanned invoices

Electronic Seal Administrator Guide Published:December 27, 2017

BlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE. Cryptographic Appliances with Integrated Level 3+ Hardware Security Module

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman

Resolution of comments on Drafts ETSI EN to ETSI EN May 2014

IFY e-signing Automated for scanned invoices

Background. Network Security - Certificates, Keys and Signatures - Digital Signatures. Digital Signatures. Dr. John Keeney 3BA33

Overview & Specification

Transforming the Document Signing Process

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

PKI Knowledge Dissemination Program. PKI Standards. Dr. Balaji Rajendran Centre for Development of Advanced Computing (C-DAC) Bangalore

Signature Validity States

CS 425 / ECE 428 Distributed Systems Fall 2017

INSTRUCTION FOR OPERATION WITH DESKTOP SIGNER

Certificateless Public Key Cryptography

Lecture 2 Applied Cryptography (Part 2)

Electronic Signature Format. ECOM Interoperability Plug Test 2005

CSE 565 Computer Security Fall 2018

Getting to Grips with Public Key Infrastructure (PKI)

ETSI TS V1.1.1 ( )

Leveraging the LincPass in USDA

Implementing FAA Form electronically

FIS and DCS User Guide - Supplement

Cryptography and Network Security

IBM i Version 7.2. Security Digital Certificate Manager IBM

ETSI TS V1.8.3 ( ) Technical Specification. Electronic Signatures and Infrastructures (ESI); CMS Advanced Electronic Signatures (CAdES)

ETSI TS V1.5.1 ( )

Axway Validation Authority Suite

ETSI ESI and Signature Validation Services

Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1

Encryption. INST 346, Section 0201 April 3, 2018

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

ETSI TS V1.3.1 ( )

About & Beyond PKI. Blockchain and PKI. André Clerc Dipl. Inf.-Ing. FH, CISSP, CAS PM TEMET AG, Zürich. February 9, 2017

Public-key Cryptography: Theory and Practice

Kurose & Ross, Chapters (5 th ed.)

Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms

1.264 Lecture 28. Cryptography: Asymmetric keys

The most important development from the work on public-key cryptography is the digital signature. Message authentication protects two parties who

Digital Certificates. PKI and other TTPs. 3.3

ETSI TS V7.1.0 ( )

Ten Risks of PKI : What You re not Being Told about Public Key Infrastructure By Carl Ellison and Bruce Schneier

SSL/TSL EV Certificates

ETSI TS V1.2.2 ( )

DIGITALSIGN - CERTIFICADORA DIGITAL, SA.

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Overview. SSL Cryptography Overview CHAPTER 1

CERTIFICATE POLICY CIGNA PKI Certificates

Garantía y Seguridad en Sistemas y Redes

Internet Engineering Task Force (IETF) Request for Comments: 5754 Updates: 3370 January 2010 Category: Standards Track ISSN:

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Cryptography (Overview)

Secure digital certificates with a blockchain protocol

Policy for electronic signature based on certificates issued by the hierarchies of. ANF Autoridad de Certificación

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

ETSI ES V1.1.3 ( )

ETSI TS V1.1.1 ( )

INFORMATION TECHNOLOGY COMMITTEE ESCB-PKI PROJECT

Intertek esignature Customer Reference Document

EUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); PAdES digital signatures; Part 2: Additional PAdES signatures profiles

Chapter 9: Key Management

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

HARDWARE SECURITY MODULES (HSMs)

Server-based Certificate Validation Protocol

Interagency Advisory Board Meeting Agenda, February 2, 2009

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Who s Protecting Your Keys? August 2018

Cryptography MIS

ETSI TS V1.3.1 ( )

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

PKI Credentialing Handbook

Technical Specification Electronic Signatures and Infrastructures (ESI); CMS Advanced Electronic Signatures (CAdES)

Acrobat Security Administration Guide

SSL Certificates Certificate Policy (CP)

Design and Implementation of a RFC3161-Enhanced Time-Stamping Service

ICS 180 May 4th, Guest Lecturer: Einar Mykletun

Public Key Cryptography

INFORMATION TECHNOLOGY COMMITTEE ESCB-PKI PROJECT

1) Revision history Revision 0 (Oct 29, 2008) First revision (r0)

Electronic and digital signatures in Adobe Sign for government.

Information technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks

Configuring Certificate Authorities and Digital Certificates

Send documentation comments to

APNIC elearning: Cryptography Basics

FIPS Non-Proprietary Security Policy. Level 1 Validation Version 1.2

SignCloud. Remote Digital Signature System

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

CCNA Security 1.1 Instructional Resource

Internet Engineering Task Force (IETF) Request for Comments: 6403 Category: Informational ISSN: M. Peck November 2011

Ref:

Add or remove a digital signature in Office files

CSE 127: Computer Security Cryptography. Kirill Levchenko

Adobe Sign and 21 CFR Part 11

Transcription:

EDTA, itext and INBATEK Conference Bangkok, July 27, 2017

Digital Signatures in PDF Basic concepts applied to PDF Architectures: server-side vs. client-side Digital signatures and document workflow Long term validation How Blockchain made me love everything I hate about digital signatures

Basic Concepts Hashing algorithms Encryption algorithms Certificate Authorities Digital signatures 3

Three goals Integrity we want assurance that the document hasn t been changed somewhere in the workflow. Authenticity we want assurance that the author of the document is who we think it is (and not somebody else). Non-repudiation we want assurance that the author can t deny his authorship. 4

Concept 1: Integrity check using hash Generate Hash Document Secure Server / Website Retrieve Hash AF1B4C...D34E AF1B4C...D34E Compare! 5

Concept 1: Hashing Hashing algorithm a cryptographic hash function to turn an arbitrary block of data into a fixed-size bit string. Available algorithms MD5: Ron Rivest (broken) SHA: SHA-1: NSA (broken! See https://shattered.io/ ) SHA-2: NSA / NIST SHA-3: Keccak (made in Belgium!) RIPEMD: KULeuven 6

Concept 2: Encryption Asymmetric key algorithms Encryption Digital signing 7

Concept 2: Some name dropping Public Key Cryptography Standards PKCS#1: RSA Cryptography Standard (Rivest, Shamir, Adleman) PKCS#7: Cryptographic Message Standard (CMS) PKCS#11: Cryptographic Token Interface PKCS#12: Personal Information Exchange Syntax Standard PKCS#13: Elliptic Curve Cryptography Standard (ECDSA) Federal Information Processing Standards (FIPS) DSA: Digital Signature Algorithm (DSA) European Telecommunications Standards Institute (ETSI) CMS Advanced Electronic Signatures (CAdES) 8

Concept 3: Certificate Authorities 9

Concept 3: example Self-signed: Signed by Adobe: Signed by GlobalSign: Signed by GlobalSign 10

Concept 3: example 11

Concept 3: the green check mark PKCS#12: Personal Information Exchange Syntax Standard public and private key are stored in a file PKCS#11: Cryptographic Token Interface public and private key are stored on a device In the context of PDF and the green check mark : Certified Document Services (CDS): Adobe s root certificate Adobe Approved Trust List (AATL): Trusted root certificates (since Acrobat 9) 12

Concept 1 + Concept 2 + Concept 3 Producer Provides data as-is: [A] Provides hash of data, encrypted using private key: [B] Provides public key Consumer Creates hash from data [A]: hash1 Decrypts hash [B] using public key: hash2 If (hash1 == hash2) document OK! 13

Goals met? Integrity Hashes are identical Authenticity Identity is stored in public key signed by CA A time-stamp can be added Non-repudiation If hash can be decrypted with public key, the document was signed with the corresponding private key 14

Differences between EU and US In the US, we make a distinction Electronic signatures don t necessarily involve PKI Digital signatures when a PKI infrastructure is involved In Europe, we speak of electronic signatures As a synonym for digital signatures All laws and regulations take this wording There s no sharp distinction between electronic and digital signatures (which leads to confusion) I always speak of digital signatures 15

Applied to PDF ISO 32000-1 ETSI TS 102 778 (PAdES) ISO 32000-2 16

Standards ISO ISO-32000-1 (2008) based on PDF 1.7 (2006) ISO-32000-2 defines PDF 2.0 (2017) ETSI: TS 102 778 (2009-2010) PAdES 1: Overview PAdES 2: Basic CMS based (ISO-32000-1) PAdES 3: Enhanced CAdES based (ISO-32000-2) PAdES 4: LTV Long Term Validation PAdES 5: XAdES based (XML content) PAdES 6: Visual representation guidelines ETSI: TS 103 172 (2011-2013) PAdES Baseline Profile 17

Signatures in PDF There are no bytes in the PDF that aren t covered, other than the PDF signature itself. (*) The digital signature isn t part of the ByteRange. The concept to initial a document doesn t exist; you sign the complete document at once, not on a page per page basis. (*) Signature stored in the document 18

What s inside a signature? ISO-32000-2: At minimum the PKCS#7 object shall include the signer s X.509 signing certificate. This certificate shall be used to verify the signature value in /Contents. Best practices ( should also have): Full certificate chain Revocation information (CRL / OCSP) Timestamp Certificate authority needed Timestamp authority needed %PDF-1.x... /ByteRange... /Contents< DIGITAL SIGNATURE Signed Message Digest Certificate chain Revocation information Timestamp >... %%EOF 19

Architectures Server-side signing Client-side signing Deferred signing 20

Server-side signing SERVER %PDF-1.x...... %%EOF Application <</Type/Sig/ /Contents < >>> Device Signed Message Digest 21

Use cases server-side signing Company signature Invoices Contracts Signing services in the Cloud E.g. Docusign Security management responsibilities! 22

Client-side signing Device Application CLIENT %PDF-1.x... <</Type/Sig/ /Contents < Signed Message Digest >>>... %%EOF 23

Use cases client-side signing Desktop applications Adobe Acrobat / Reader Home-made, e.g. using itext In a web context The PDF software runs on the client, e.g. using Java Web Start Access to the token or smart card through MSCAPI PKCS#11 1 signature / second Custom smart card library Security User has smart card and PIN or USB token and passphrase 24

Deferred signing CLIENT Device App Application SERVER %PDF-1.x... <</Type/Sig/ /Contents < Signed Message Digest >>>... %%EOF 25

Use cases deferred signing Signing on an ipad/tablet App on the device has a low footprint Easy to integrate into a document management system Example: eazysign (Zetes) Disadvantage At most 1 signature / second You need to trust the server that the hash you receive is actually the hash of the document you want to sign. ISAE 3000 the standard for assurance over non-financial information. ISAE3000 is issued by the International Federation of Accountants (IFAC). The standard consists of guidelines for the ethical behavior, quality management and performance of an ISAE3000 engagement. Generally ISAE3000 is applied for audits of internal control, sustainability and compliance with laws and regulations. 26

Digital signatures and workflow Author signatures Recipient signatures Locking fields / documents 27

Serial signatures A PDF document can be signed more than once, but parallel signatures aren t supported, only serial signatures: additional signatures sign all previous signatures. 28 %PDF-1.x % Original document DIGITAL SIGNATURE 1... %%EOF % Additional content 1... DIGITAL SIGNATURE 2... %%EOF % Additional content 2... DIGITAL SIGNATURE 3... %%EOF You can t track who has already signed and who hasn t. Rev1 Rev2 Eventually there should be a PDF with every signature Rev3

Digital signatures: types Certification (aka author) signature Only possible for the first revision Involves modification detection permissions: No changes allowed Form filling and signing allowed Form filling, signing and commenting allowed Approval (aka recipient) signature Workflow with subsequent signers New in PDF 2.0: modification detection permissions 29

Other possible icons Signer s identity is unknown Document has been altered or corrupted 30

Certified by Alice 31

Read, approved and signed by Bob 32

Bob s signature invalidated by Chuck 33

Read, approved and signed by Carol 34

Read, approved and signed by Dave 35

Signature and lock broken by Chuck 36

Long-term validation Revocation Timestamps LTV 37

Certificates expire 2013 2014 2015 Expiration date 38

Certificates get revoked 2013 2014 2015 Revocation date Expiration date 39

CA: CRL and OCSP 40

How to survive revocation / expiration? 2013 2014 2015 Revocation date Expiration date 41

Timestamps 42

What to do when: There s no CRL/OCSP/TS in the document? The certificate is about to expire in one of your documents? The hashing/encryption algorithm is about to be deprecated? 43

Document Security Store (DSS) %PDF-1.x... /ByteRange... /Contents< DIGITAL SIGNATURE Signed Message Digest Certificate >... %%EOF %PDF-1.x... /ByteRange... /Contents< DIGITAL SIGNATURE Signed Message Digest Certificate >... %%EOF DSS for DIGITAL SIGNATURE VRI, Certs, OCSPs, CRLs 44

Document-level timestamp %PDF-1.x... /ByteRange... /Contents< DIGITAL SIGNATURE Signed Message Digest Certificate >... %%EOF DSS for DIGITAL SIGNATURE VRI, Certs, OCSPs, CRLs %PDF-1.x... /ByteRange... /Contents< DIGITAL SIGNATURE Signed Message Digest Certificate >... %%EOF DSS for DIGITAL SIGNATURE VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 ETSI.RFC3161 45

%PDF-1.x... /ByteRange... /Contents< DIGITAL SIGNATURE Signed Message Digest Certificate >... %%EOF DSS for DIGITAL SIGNATURE VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 Every signed document needs to be kept alive %PDF-1.x... /ByteRange... /Contents< DIGITAL SIGNATURE Signed Message Digest Certificate >... %%EOF DSS for DIGITAL SIGNATURE VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 DSS for TS1 DOCUMENT TIMESTAMP TS2 46

How Blockchain can help 47

Chain of Blocks Block 0 Block 1 Block 2 Block 3 hash hash hash hash 48

Records are distributed 49

Challenge to add block to chain 50

Proof of work done! 51

Longest chain is valid chain hash hash hash hash hash hash hash 52

Blockchain and Web of Trust 53

Web of trust record Signed signed with private key of user Bob Certificate of user Alice Certificate of user Bob Identity Public key of user Bob 54

Web of Trust Bob trusts Alice Carol Carol Trusts Bob Bob Alice Dave Dave trusts Carol Frank Erin 55

Blockchain for documents 56

Document record Document ID: [<ABCDEF>, <ABCDEF>] Timestamp Signed Document hash Certificate of signer Identity Public key Compressed property list 57

File identifiers: mandatory in PDF 2.0 Impossible to know if an ID pair is unique if you don t know which IDs are already in use. 58

Check if a record already exists ID unique? No? Create new ID Yes? Propagate! 59

Use case: certificate of authenticity 60

Use case: certificate of authenticity This Picasso is real Alice Gallery owner [<AAAA>,<AAAA>] January 1, 2017 signeda[#certificatehash ABC] Public Key Alice Property: owner = John Doe [<BBBB>,<BBBB>] February 1, 2017 SignedB[#CERTIFICATEHASH 123] Public Key Bob Property: owner = Chuck Coe 1 st attempt to offer a forged painting with a fake certificate fails because the certificate can t be found on the chain. 61 Chuck This Picasso is real Bob Pretends to be John Doe Offers fake Picasso for sale Gallery owner

Use case: certificate of authenticity This Picasso is real Alice Gallery owner [<AAAA>,<AAAA>] January 1, 2017 SignedA[#CERTIFICATEHASH ABC] Public Key Alice Property: owner = John Doe 2 nd attempt to offer a forged painting with a fake certificate fails because the hashes don t correspond. [<AAAA>,<AAAA>] February 1, 2017 SignedB[#CERTIFICATEHASH DEF] Public Key Bob Property: owner = Chuck Coe 62 Chuck This Picasso is real Bob Pretends to be John Doe Offers fake Picasso for sale Gallery owner

Use case: certificate of authenticity Alice Gallery owner [<AAAA>,<AAAA>] January 1, 2017 SignedA[#CERTIFICATEHASH ABC] Public Key Alice Property: owner = John Doe This Picasso is real John Doe This Picasso is real Offers real Picasso for sale [<AAAA>,<AAAA>] February 1, 2017 SignedB[#CERTIFICATEHASH ABC] Public Key Bob Property: owner = Richard Roe Bob Gallery owner History shows that John Doe owned an object of art from January 1, 2017 until February 1, 2017, and that Richard Roe is the current owner 63

Use case: certificate of authenticity Alice Gallery owner [<AAAA>,<AAAA>] January 1, 2017 SignedA[#CERTIFICATEHASH ABC] Public Key Alice Property: owner = John Doe [<AAAA>,<AAAA>] January 1, 2017 SignedC[#CERTIFICATEHASH ABC] Public Key Carol Property: owner = John Doe Carol Insurance services 64 This Picasso is real Chuck This Picasso is real Pretends to be John Doe Offers fake Picasso for sale [<AAAA>,<AAAA>] February 1, 2017 SignedB[#CERTIFICATEHASH ABC] Public Key Bob Property: owner = Chuck Coe Bob Gallery owner Carol notices pending sale Alerts John and Bob 3 rd attempt to offer a forged painting with a real certificate fails because Carol monitors the certificate for John Doe.

Use case 2: Supply chain 65

Supply chain Bob (vendor) Carol (courier) Dave (bank) [<1234>,<5678>] SignedByBob[#DEF1] Status=quote [<1234>,<5A6E>] SignedByCarol[#EF23] Status=shipment [<1234>,<F458>] SignedByDave[#B798] Status=paid [<1234>,<1234>] SignedByAlice[#ABCD] Status=quoterequest Alice (customer) [<1234>,<ABCD>] SignedByAlice[#1234] Status=PO [<1234>,<5A6E>] SignedByAlice[#EF23] Status=accepted 66

Use case 3: Long-Term Validation Castello di Amorosa, Calistoga (Napa Valley), CA 67

Renewing a signature Alice (debtor) [<ABC123>,<ABC123>] SignedByAlice(#CAB578FA) Hashing Algo X Bob makes it impossible for Alice to exploit flaws that are discovered in old algorithms, or to take advantage of increased processing power to forge the document and calculate a matching hash. [<ABC123>,<ABC123>] SignedByBob(#CAB578FA) Hashing Algo X Bob (creditor) [<ABC123>,<ABC123>] SignedByBob(#FA358CBC01) Hashing Algo Y [<ABC123>,<ABC123>] SignedByBob(#BA687EA115DF) Hashing Algo Z Other use case: last will and testament. 68

Thank you!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback