signature validity states - ku leuvendecockd/slides/20181021.signature... · danny de cock...
TRANSCRIPT
21 October 2018
Slide 1
Signature Validity States
Danny De [email protected]
Katholieke Universiteit Leuven/Dept. Elektrotechniek (ESAT)
Computer Security and Industrial Cryptography (COSIC)
Kasteelpark Arenberg 10, bus 2452
B-3001 Heverlee
Belgium
21 October 2018
© KULeuven/ESAT/COSIC, https://www.godot.be/slides Slide 3
Signature Validity
Time
[C,∞[: Signatures can be legally binding
if verified in [CJ[
[CJ]: New valid signatures may be generated
[AC], [K,∞[: All signature verifications fail
Public key expires
Private key expires
Key pair generation
Publish public key
Start using key pair
Signature generation
Signature verification
[J,∞[: Illegal to generate new signatures
A B C D E F G H I J K
21 October 2018
Slide 4
Signature Validity with Revocation
Time
Key pair
generation
Signature
generation
Signature
verification
[CF]: Signatures validated before F may be valid forever
[CG[: New valid signatures may be generated
[AC], [H,∞[: Signature verification returns invalid
A B C D E F G H I J K
Public key expires
Private key expiresIncident
Revoked certificate
Suspended certificate
Last valid signature before the incident
[I,∞[: Illegal to generate new signatures
[GH]: Signatures created in [GI] should be invalid, H may be equal to I
© KULeuven/ESAT/COSIC, https://www.godot.be/slides
21 October 2018
Slide 5
Long Term Signatures
◼ Alice produces a digital signature on data D that will resist time:⚫ Alice collects a time stamp ts1 from a trusted third party (TTP)
⚫ Alice produces a digital signature DigSigAlice(D,ts1) on the time stamp ts1and the data D
⚫ TTP validates a digital signature DigSigAlice(D,ts1) at time ts2
⚫ TTP computes a digital signature DigSigTTP(DigSigAlice(D,ts1),ts2) if and only if the TTP◼ Has validated Alice’s digital signature, and
◼ Confirms that the signature and Alice’s full certificate chain was valid at time ts2
⚫ Alice can now indefinitely rely on DigSigTTP(DigSigAlice(D,ts1),ts2), even if her public key must be revoked, e.g., at time ts3 (after ts2), or if her public key expires
◼ Note: This procedure assumes that no cryptographic weaknesses are discovered in the signature generation and validation algorithms and procedures
Timets1 DigSigAlice(D,ts1) ts2 DigSigTTP(DigSigAlice(D,ts1),ts2) ts3
© KULeuven/ESAT/COSIC, https://www.godot.be/slides
21 October 2018
Slide 6
Archiving Signed Data
◼ Digital signatures remain valid forever if one
stores:
⚫ The digitally signed data
⚫ The digital signature on the data
⚫ The signer’s certificate
⚫ A proof of validity of the signer’s certificate
⚫ The verification timestamp of the signature
◼ Bottom line:
⚫ The integrity of this data should be protected!
⚫ There is no need to retrieve the status of a
certificate in the past!
⚫ Protect your proofs in a digital vault
© KULeuven/ESAT/COSIC, https://www.godot.be/slides
21 October 2018
Belgian eID Card, Technical Aspects
© KULeuven/ESAT/COSIC, https://www.godot.be/slides
Slide 7
Signature Generation/Verification
Hash
1
5
86
Signature
Verification
Engine
Bob
9
12
11
11
1. Compute hash of message
2. Prepare signature
3. Present user PIN
4. SCD generates digital signature
5. Collect digital signature
6. Retrieve signer certificate 10. Compute hash on received message
7. Verify the certificate’s revocation status 11. Verify digital signature
8. Retrieve public key from signer certificate 12. SVD outputs ‘valid signature’
9. Retrieve digital signature on the message or ‘invalid signature’
Beware – Bob should validate Alice’s certificate – Beware
P
4
Signature
Creation
Engine
PIN
32
10
11
7Alice
OCSP
CRL
Hash
21 October 2018
Belgian eID Card, Technical Aspects
© KULeuven/ESAT/COSIC, https://www.godot.be/slides
Slide 8
Signature Generation Steps
Alice’s application
1. Calculates the cryptographic hash on the data to be signed
2. Prepares her eID card to generate an authentication signature or to generate a non-repudiation signature
3. Alice presents her PIN to her eID card
4. Her card generates the digital signature on the cryptographic hash
5. The application collects the digital signature from her eID card
Bob receives an envelope with a digitally signed message and a certificate
hash
1
5
AliceP
4
Signature
Creation
Engine
PIN
32
21 October 2018
Belgian eID Card, Technical Aspects
© KULeuven/ESAT/COSIC, https://www.godot.be/slides
Slide 9
Signature Verification Steps
Bob
6. Retrieves the potential sender’s certificate
7. Verifies the certificate’s revocation status
8. Extracts Alice’s public key from her certificate
9. Retrieves the signature from the message
10. Calculates the hash on the received message
11. Verifies the digital signature with the public key and the hash
12. If the verification succeeds, Bob knows that the eID card of Alice was used to produce the digital signature
“The message comes from Alice” is a business decision
86
Signature
Verification
Engine
Bob
9
12
11
11
hash10
11
7
OCSP
CRL