Electronic Signature
•
0 j'aime•807 vues
Electronic Signature Security / Information Security / 전자서명 / 공인인증 / Public Certificate
Recommandé
Contenu connexe
Tendances
Tendances (20)
En vedette
En vedette (17)
Similaire à Electronic Signature
Similaire à Electronic Signature (20)
Plus de Joon Young Park
Plus de Joon Young Park (18)
Dernier
Dernier (20)
Electronic Signature
- 1. Electronic Signature 석사 29기 박준영
- 2. Contents • Definition • PKI-Electronic Signature + MITM Attack • Public Certificate • Certificate Formats (Components) • Certificate Authorities • Improved Signing Procedure • Non-repudiation Function • Q & A
- 3. • Signature electronically • Certificate one’s identity • Equivalent to handwritten signatures Definition
- 4. PKI E-Signature • Hash(D1) => H1 • Encrypt(KeyE, H1) => S; • C1 = {D1, S, KeyD} • C1 => D1, S, KeyD; • Decrypt(KeyD, S) => H1; • Hash(D1) => H1; • H1 == H1; Alice Bob
- 5. PKI E-Signature (MITM) • Hash(D1) => H1 • Encrypt(KeyE, H1) => S; • C1 = {D1, S, KeyD} • C2 => D2, S, KeyD; • Decrypt(KeyD, S) => H1; • Hash(D2) => H2; • H1 != H2; • C1 => D1, S, KeyD • D1 => D2; • C2 = {D2, S, KeyD} • C1 => C2 Alice Bob Hacker
- 6. • C2 => D2, S2, FKeyD; • Decrypt(FKeyD, S2) => H2; • Hash(D2) => H2; • H2 == H2; PKI E-Signature (MITM) • Hash(D1) => H1 • Encrypt(KeyE, H1) => S; • C1 = {D1, S, KeyD} • C1 => D1, S, KeyD • D1 => D2; • Hash(D2) => H2; • Encrypt(FKeyE, H2) => S2; • C2 = {D2, S2, FKeyD} • C1 => C2 Hacker Alice Bob
- 7. Public Certificate • Electronic ID Card • Validate Electronic Signature • Need 3-party Certification Authority(CA)
- 8. Public Certificate PKCS#12 Format File(.p12) Certificate + Private Key Using when Import / Export Public Certificate (.der / .pem) DER / PEM DER : Binary formed cert. PEM : Base64 encoded cert. Private Key Keep it Secret!!
- 9. Certificate Contents (X. 509) • Key-Usage • Public Key • Thumbprint Algorithm • Thumbprint • Serial Number • Subject • Signature Algorithm • Signature • Issuer • Valid-From • Valid-To
- 14. Certificate Authorities ROOT CA ROOT CA SUB CA - Korea(For e-commerce)
- 15. Certificate Authorities SSL Certificate Market Share (August 2014) (http://www.whichssl.com/comparisons/market-share.html) - World
- 16. Improved Signing Procedure Hash data ⬇ Encrypt hashed data (Signature) ⬇ Attach Certificate with Signature & Data ⬇ Send via network (D-Signed data) ”Digital Signature diagram" by Acdx
- 17. Improved Signing Procedure ”Digital Signature diagram" by Acdx Receive D-Signed data ⬇ Detach Data & Signature ⬇ Check Certificate via CA ⬇ Compare Hashed Data and Decrypted Data ⬇ Verify
- 18. Non-repudiation
- 19. Reference • 네이버 애플리케이션의 전자 서명 원리(http://helloworld.naver.com/ helloworld/textyle/744920) • SSL Certificate Market Share (http://www.whichssl.com/comparisons/ market-share.html) • Solo, David, Russell Housley, and Warwick Ford. "Internet X. 509 public key infrastructure certificate and certificate revocation list (CRL) profile." (2002). • Public Certificate Sample (Hana Bank Corp.) • Digital Signature Diagram by Acdx (Wikipedia)
- 20. Electronic Signature Q & A