Professional Documents
Culture Documents
α.π.σ. - Ταυτοποίηση Και Αυθεντικοποίηση (Pki)
α.π.σ. - Ταυτοποίηση Και Αυθεντικοποίηση (Pki)
gaggelinos@ssl-unipi.gr
.
,
.
(1/2)
()
(2/2)
( )
,
,
(one-way
functions)
,
.
6
:
DES, Triple-DES
Blowfish, SAFER, CAST
RC2, RC4 (ARCFOUR), RC5, RC6
7
RSA
Diffie-Hellman Key Exchange
ElGamal, Digital Signature Standard (DSS)
8
(1/2)
,
10
(2/2)
(Key
Distribution Center)
,
,
(digital envelope)
11
(1/2)
,
.
.
12
(2/2)
13
;
;
,
;
,
;
14
15
(1/2)
,
,
- (Trusted
Third Party TTP & Certification Services
Provider CSP)
16
(2/2)
, ,
17
(1/2)
:
:
, , ,
:
: ,
,
:
18
(2/2)
: ,
,
:
,
.
19
X.509 v3
Certificate:
Data:
Version: 3 (0x0)
Serial Number: 2003532 (0x0)
Signature Algorithm:
md5withRSAEncryption
Issuer: C=GR, L=Athens,
O=University of the Aegean,
OU=Certification Authority,
CN=ca.aegean.gr,
Email=ca@aegean.gr
Validity
Not Before: Nov 14 17:15:25 2003
GMT
Not After : Dec 14 17:15:25 2003
GMT
Subject: C=GR, L=Hermoupolis, O=
University of the Aegean, OU=Syros,
CN=www.aegean.gr,
Email=webmaster@aegean.gr
20
(1/2)
(Personal or Identity certificate):
(Server or
Device certificate): .. Web
server
(Role-based certificate):
(Organisational
certificate): .. Microsoft Corp
21
(2/2)
(Attribute
certificate): .
(Group certificate):
(Proxy certificate):
,
, .. single-sign-on
22
:
:
:
. -
:
,
23
(Qualified
Certificates QC)
(Signature
Verification Data)
Directive 1999/93/EC
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31999L0093:en:HTML
24
CSP
(1/2)
,
25
CSP
(2/2)
(signature creation data)
CSP
(audit log)
,
26
/ Risk Analysis
ISO 9000
27
CSP
(Certificate Status Information
CSI)
(CRL Certificate
Revocation List)
Online Certification Status Protocol OCSP (RFC-2560)
delta-CRL:
delta-CRL
28
http://
community.websense.com/blogs/securitylabs/archive/2013/07/11/digging-into-certificate-revocation-lists.aspx
29
X.509 (ITU)
SPKI SDSI - PKIX
(IETF)
PGP
PKCS#6 (RSA)
PKCS#10 (RSA)
RFC-2511 (IETF)
PKCS#7 &
PKCS#12 (RSA)
RFC-2560: OCSP
(IETF)
TR 102-030 (ETSI)
30
31
PKIX (.509)
,
, -,
,
(.500
)
SPKI
,
,
(Certification Practices Statement)
PGP
(Web of
Trust),
,
,
, N to N trust relationships
:
e-mail
(
Domain Name System)
32
33
(tokens)
tokens
tokens
(
)
(
)
34
tokens
One-time password generators (clock-based,
counter-based)
USB PCMCIA tokens
Token-password
Token-biometrics
35
:
,
.
:
.
,
( )
:
.
.
.
36
.
.
:
,
.
37
SYSTEM
PAY TV
SECURITY
Bull CP8
Health
GSM
Identification/Loyalty
Electronic purse
BANKING
Access
EFT / POS
38
:
(ISO/IEC 7816)
39
: (1/2)
: ISO/IEC 7816-2
: ,
, ,
( ),
reset Reserved for Future Use.
: ,
,
.
40
: (2/2)
(ISO 1443)
/
, .
.
.
.
interface
41
R
e
s
e
t
C
l0oV
ck
5
V
>I1/O
0V
A
D
D
R
E
S
S
E
S
C
P
U
o
rR
A
M
R
O
M
E
E
P
R
O
M
C
P
U
+
A
TA
C
o
P
ro D
C
P
8C
H
IP
A
R
C
H
IT
E
C
T
U
R
E
I
N
T
E
R
F
A
C
E
42
(Access Area)
(Public Area)
(Work Area)
43
EEPROM
1
SECRET AREA
ACCESS AREA
WORK AREA 2
WORK AREA
PUBLIC AREA
:
2Kb - 64 Kb
:
DES/3DES
Single Service
Provider Multiple
Applications
MANUFACTURING AREA
44
EEPROM
Secret Zone
Access Tracking Zone
Working Zone 1
Working Zone 2
Manufacturing Zone
45
EEPROM
2
Available
Master File
Elementary Files
Dedicated File
Dedicated File
Elementary Files
Dedicated File
Elementary Files
Dedicated File
Elementary Files
Elementary Files
Memory Sizes: 8
- 64 Kb EEPROM
Cryptographic
Algorithm: DES RSA
Multi-Application
- Multi Service
Provider
46
:
:
:
:
47
(PIN).
.
.
48
DIV
(64 bits)
(64 bits)
DES
(64 bits)
R2
+
R1
R (64 bits)
R1
(64 bits)
(48 bits)
R2
R' (64 bits)
DES
/
(64 bits)
49
50
51