Professional Documents
Culture Documents
1 / 23
2 / 23
3 / 23
Characteristics of X.509
ITU-T (International Telecommunication UnionTelecommunication Standardization Sector) recommendation X.509 is part of the X.500 series of recommendations that dene a directory service. The directory is a server or a distributed set of servers that maintains a database of information about users. X.509 is an important standard because the certicate structure and authentication protocols dened in X.509 are used in a variety contexts, such as X.509 certicate format is used in
S/MIME (Secure Multipurpose Internet Mail Extension) for providing E-mail security. IPSec (IP security) for providing the Network Layer security. SSL/TLS (Secure Socket Layer/ Transport Layer Security) for providing security at the Transport Layer. SET (Secure Electronic Transaction) for providing Application Layer Security (for examples, Credit card/Debit card transactions).
Dr. Ashok Kumar Das (IIIT-H) System & Network Security 4 / 23
X.509 is based on the use of public-key cryptography and digital signatures. The heart of X.509 scheme is the public-key certicate associated with each user. Each certicate contains the public-key of a user and is signed with the private key of a trusted certication authority (CA). The user certicates are assumed to be created by some trusted certication authority (CA) and placed in the directory by the CA or by the user.
5 / 23
Version (1/2/3) (V) Certicate serial number (SN) Signature algorithm identier (AI) Issuer name (CA) Period of validity (TA ) Subject (user) name (A) Subjects public-key info (Ap ) Issuer unique identier (V2 and V3 only) Subject (user) unique identier (V2 and V3 only) Extensions (V3 only) Signature on the above elds (all versions)
6 / 23
The standard uses the following notation to dene a certicate (for V1): CA << A >>= CA{V , SN , AI , CA, TA , A, Ap } CA << A >> = the certicate of user A issued by the certication authority CA. sgnData = signature of the information I = {V , SN , AI , CA, TA , A, Ap }. sgnData = EKRca [H (V ||SN ||AI ||CA||TA ||A||Ap )]. KRca : private key of CA; KUca : public key of CA. Thus, CA << A >>= {V , SN , AI , CA, TA , A, Ap , sgnData} = {V , SN , AI , CA, TA , A, Ap , EKRca [H (V ||SN ||AI ||CA||TA ||A||Ap )]}.
9 / 23
Certicate Revocation
Sometimes it may be desirable to revoke a certicate before it expires due to the following reasons:
The users private key (KR) is assumed to be compromised. The user is no longer certied by this CA. The CAs certicate is assumed to be compromised.
10 / 23
Signature Algorithm Identier (AI) Issuer Name (CA) This update date Next update date User certicate Serial # Revocation date . . . User certicate Serial # Revocation date Signature on the above elds
11 / 23
Certicate Authentication
U
U<<V>>
V Certificates of X generated by by other CAs Useful for traversing down a hierarchy of CAs
V<<X>>
12 / 23
Y<<Z>>
X<<Y>>
Y Certificates generated by X are certificates of other CAs Useful for traversing up a hierarchy of CAs
Problem: Suppose that user A has a digital certicate from certication authority X1 and user B has obtained a certicate from CA X2 . We would like to present a hypothetical scenario where user A veries the certicate of user B .
Case I: If A does not know securely the public-key of X2 , the B s certicate issued by X2 is useless to A, because the certicate needs to be decrypted using KUX2 , the public-key of X2 . A can read the certicate, but can not verify the signature.
14 / 23
Note: Here, A has used a chain of certicates to obtain B s public key. In the notation of X.509, this chain is expressed as: X1 << X2 >> X2 << B >>. In a similar fashion, B can also obtain As public-key with the reverse chain: X2 << X1 >> X1 << A >>.
Dr. Ashok Kumar Das (IIIT-H) System & Network Security 15 / 23
16 / 23
U<<V>> V<<U>>
V<<W>> W<<V>>
V<<Y>> Y<<V>>
Z X
X<<C>>
X<<A>>
Z<<B>>
Authentication Procedures
One-way Authentication
It involves a single transfer of information from one user (A) to another (B ), and establishes the following. 1. The identity of A and that the message was generated by A. 2. That message was intended for B . 3. The integrity and originality (it has not been sent multiple times) of the message. A B : tA , rA , IDB , sgnData, EKUb (Kab ) tA : timestamp prevents delayed delivery of messages, rA : random nonce used to detect replay attacks. B stores the nonce until it expires and reject any new messages with the same nonce, IDB : identity of B , sgnData = EKRa [tA ||rA ||IDB ], signature on data containing tA , rA , and IDB . Kab : secret symmetric session key between A and B .
Dr. Ashok Kumar Das (IIIT-H) System & Network Security 18 / 23
Compare
E {t , r , ID } A A B KR a
, ID } { t , r A A B
(K ab ) KU b
KU a
D KR
Store K
ab
Two-way Authentication
It involves transfer of two messages between one user (A) to another (B ), and establishes the following:
1. The identity of A and that the message was generated by A. 2. That message was intended for B . 3. The integrity and originality (it has not been sent multiple times) of the message. 4. The identity of B and that the reply message was generated by B. 5. That the message was intended for A. 6. The integrity and originality of the replay.
20 / 23
21 / 23
Thank You
23 / 23