Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Electronic Signature

524 views

Published on

Electronic Signature
Security / Information Security / 전자서명 / 공인인증 / Public Certificate

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Electronic Signature

  1. 1. Electronic Signature 석사 29기 박준영
  2. 2. Contents • Definition • PKI-Electronic Signature + MITM Attack • Public Certificate • Certificate Formats (Components) • Certificate Authorities • Improved Signing Procedure • Non-repudiation Function • Q & A
  3. 3. • Signature electronically • Certificate one’s identity • Equivalent to handwritten signatures Definition
  4. 4. PKI E-Signature • Hash(D1) => H1 • Encrypt(KeyE, H1) => S; • C1 = {D1, S, KeyD} • C1 => D1, S, KeyD; • Decrypt(KeyD, S) => H1; • Hash(D1) => H1; • H1 == H1; Alice Bob
  5. 5. PKI E-Signature (MITM) • Hash(D1) => H1 • Encrypt(KeyE, H1) => S; • C1 = {D1, S, KeyD} • C2 => D2, S, KeyD; • Decrypt(KeyD, S) => H1; • Hash(D2) => H2; • H1 != H2; • C1 => D1, S, KeyD • D1 => D2; • C2 = {D2, S, KeyD} • C1 => C2 Alice Bob Hacker
  6. 6. • C2 => D2, S2, FKeyD; • Decrypt(FKeyD, S2) => H2; • Hash(D2) => H2; • H2 == H2; PKI E-Signature (MITM) • Hash(D1) => H1 • Encrypt(KeyE, H1) => S; • C1 = {D1, S, KeyD} • C1 => D1, S, KeyD • D1 => D2; • Hash(D2) => H2; • Encrypt(FKeyE, H2) => S2; • C2 = {D2, S2, FKeyD} • C1 => C2 Hacker Alice Bob
  7. 7. Public Certificate • Electronic ID Card • Validate Electronic Signature • Need 3-party Certification Authority(CA)
  8. 8. Public Certificate PKCS#12 Format File(.p12) Certificate + Private Key Using when Import / Export Public Certificate (.der / .pem) DER / PEM DER : Binary formed cert. PEM : Base64 encoded cert. Private Key Keep it Secret!!
  9. 9. Certificate Contents (X. 509) • Key-Usage • Public Key • Thumbprint Algorithm • Thumbprint • Serial Number • Subject • Signature Algorithm • Signature • Issuer • Valid-From • Valid-To
  10. 10. Certificate Authorities ROOT CA ROOT CA SUB CA - Korea(For e-commerce)
  11. 11. Certificate Authorities SSL Certificate Market Share (August 2014) (http://www.whichssl.com/comparisons/market-share.html) - World
  12. 12. Improved Signing Procedure Hash data ⬇ Encrypt hashed data (Signature) ⬇ Attach Certificate with Signature & Data ⬇ Send via network (D-Signed data) ”Digital Signature diagram" by Acdx
  13. 13. Improved Signing Procedure ”Digital Signature diagram" by Acdx Receive D-Signed data ⬇ Detach Data & Signature ⬇ Check Certificate via CA ⬇ Compare Hashed Data and Decrypted Data ⬇ Verify
  14. 14. Non-repudiation
  15. 15. Reference • 네이버 애플리케이션의 전자 서명 원리(http://helloworld.naver.com/ helloworld/textyle/744920) • SSL Certificate Market Share (http://www.whichssl.com/comparisons/ market-share.html) • Solo, David, Russell Housley, and Warwick Ford. "Internet X. 509 public key infrastructure certificate and certificate revocation list (CRL) profile." (2002). • Public Certificate Sample (Hana Bank Corp.) • Digital Signature Diagram by Acdx (Wikipedia)
  16. 16. Electronic Signature Q & A

×