Digital Signature and Digital Identity
Digital Signature and Digital Identity
Emanuele CIsbani
[email protected]
2
Beginning
3
Symmetric Cryptography
Un uomo che non si interessa allo Stato xq2YkJdEv5VjHIAEdnrRO09ldohxnj8DjNjFX73rHKMtxqX6cA
noi non lo consideriamo innocuo, ma Pericle I71TTPMILmCvRrh8yAwfLildPiy5XqXgdjQMg8VVer8k6oggiy
inutile; e benchè in pochi siano in grado QeKLI3vv1vwykvJwl1FIX6K+LywlaOTsKN5cEIKP95+I+I9mnr
/lZuH+R2psdDs/bu6aw++3lYQq5/+Z55tuE49JZ+ABq7b71m+
di dare vita ad una politica, beh tutti qui
F26BFn9jPYyxtFekUqOqDtLwJ4lyIFFK+qbTPpL/AEDrdQaee
ad Atene siamo in grado di giudicarla. Noi
Gp7PINvc0Ejnhht8LjHGiAGenCoWud2FfhXEsJTT8+42VBs
non consideriamo la discussione come un
m1k3kN+CQ6wu9j2e2Bqr0UbhR6WJgadVk51Z21zBpBkLo1
ostacolo sulla via della democrazia. Noi Uc+veEUP6XDCzZBN/9D3HarJp6t+kLfOKOCjBBPxdIoYPkR
crediamo che la felicità sia il frutto della qBWT9Pcm4bP0JDVBMUnmakSlpbndz+zXSaQZRVPwHuI1
libertà, ma la libertà sia solo il frutto del dWtPW4ZPWhsevjQBrITKEnPszYuNTkb/Ouxb6qMr+NyX1G
valore. Insomma, io proclamo che Atene DES-CBC
V5AQ+npMu+Lj5/QevpH99amyj8+caNrjdTUlOB0y5r/luQaF4
è la scuola dell’Ellade e che ogni ateniese Base64
8xExenOc+8jn9vUJn3v5BX26hp9IEr4lnNMimmarH8H1V5Ov
cresce sviluppando in sé una felice Wy6rSFxsr74tyZnmw4Il7TTcsTeLiLPs+7qqapTsZHejSVJB1x
versatilità, la fiducia in se stesso, la Y+5qWutvyzIYfSq2nuNHRPuwkdDC9VZPureEGwYi0pkdgfU
prontezza a fronteggiare qualsiasi DVm3RQLoWmrm8IayItFVcPxEHHHTce7pec4Y4+IktHQlJX
situazione ed è per questo che la nostra SMrfbGFugRo/iAjy/+dp3rV0wFqsj6YGwlyWjWw0n1KXYHOG
città è aperta al mondo e noi non jIyWMbXG+2CxTI4qKRGI3kayz8HO0rHkNYZ9LgxnqTvKbQ
cacciamo mai uno straniero. Nvcd3g9u/r53q/wJ7WkGYjeRdlHvHSCLwFXdbUoja2Q+AjZu
CXYI/vyASrgANh3wPNabnMhu5HpKkTkOuHfExsZPKHes7n
Qui ad Atene noi facciamo così. 6GtqasQR5QiZ/evq613Os9BpXM2/WvCQn3773LdSrV2bqY
Ac6g5SZe
https://www.tools4noobs.com/online_tools/encrypt/ 4
Symmetric Cryptography
5
6-11-1976, New Directions in Cryptography
Abstract - Two kinds of contemporary Whitfield Diffie
developments in cryptography are examined. 5-6-1944
Widening applications of teleprocessing have Prophet of Privacy
given rise to a need for new types of
cryptographic systems, which minimize the need
for secure key distribution channels and supply
the equivalent of a written signature. This
paper suggests ways to solve these currently
open problems. It also discusses how the
theories of communication and computation are
beginning to provide the tools to solve Martin Hellman
1-10-1945
cryptographic problems of long standing.
https://ee.stanford.edu/~hellman/publications/24.pdf
https://cacm.acm.org/magazines/2016/6/202666-qa-finding-new-directions-in-cryptography/fulltext
6
https://www.wired.com/1994/11/diffie/
Secure communication over an insecure channel
Ron Rivest (1947), Adi Shamir (1952), and Leonard Adleman (1945) at the
Massachusetts Institute of Technology, made several attempts over the
course of a year to create a one-way function that was hard to invert.
Rivest and Shamir, as computer scientists, proposed many potential
functions, while Adleman, as a mathematician, was responsible for finding
their weaknesses. For a time, they thought what they wanted to achieve
was impossible due to contradictory requirements. In April 1977, they
spent Passover at the house of a student and drank a good deal of
Manischewitz wine before returning to their homes at around midnight.
Rivest, unable to sleep, lay on the couch with a math textbook and started
thinking about their one-way function. He spent the rest of the night
formalizing his idea, and he had much of the paper ready by daybreak.
source: https://en.wikipedia.org/ 8
Asymmetric Cryptography
9
Digital Signature
But we can use the keys also in the opposite
sequence, ie we can use the private key to
decipher (!) a data that is "clear text" - as if it were
an enciphered data.
encipher verify
decipher sign
11
Standards
12
The critical connection between identity and key
How to guarantee the signer identity?
● Certification Authority (CA)
How to ensure that the signer has exclusive control of the private key?
● Hardware Security Module (HSM) and SmartCard
● Two Factor Authentication (2FA)
How to manage the end of the exclusive control of the key before the
expiration date?
● Revocation process
● Certificate Revocation List (CRL)
● Online Certificate Status Protocol (OCSP)
User Private Key ● Timestamp Service Authority (TSA)
13
Secure Signature Creation Device
14
Smart Card
15
RSA (1977) - Public Key Cryptography Standards
Id Name Comments
PKCS#7 Cryptographic See RFC 2315. Used to sign and/or encrypt messages under a PKI. Used also for
Message Syntax certificate dissemination (for instance as a response to a PKCS #10 message). Formed
Standard the basis for S/MIME, which is as of 2010 based on RFC 5652, an updated Cryptographic
Message Syntax Standard (CMS). Often used for single sign-on.
PKCS#10 Certification See RFC 2986. Format of messages sent to a certification authority to request
Request Standard certification of a public key. See certificate signing request.
PKCS#11 Cryptographic Also known as "Cryptoki". An API defining a generic interface to cryptographic tokens
Token Interface (see also hardware security module). Often used in single sign-on, public-key
cryptography and disk encryption[10] systems. RSA Security has turned over further
development of the PKCS #11 standard to the OASIS PKCS 11 Technical Committee.
PKCS#12 Personal See RFC 7292. Defines a file format commonly used to store private keys with
Information accompanying public key certificates, protected with a password-based symmetric key.
Exchange Syntax PFX is a predecessor to PKCS #12.
Standard This container format can contain multiple embedded objects, such as multiple
certificates. Usually protected/encrypted with a password. Usable as a format for the Java
key store and to establish client authentication certificates in Mozilla Firefox. Usable by
source: https://en.wikipedia.org/ Apache Tomcat. 16
RFC5280 - PKIX: Public Key Infrastructure (X.509)
Following is a simplified view of the architectural model assumed by the Public-Key Infrastructure using
X.509 (PKIX) specifications. The components in this model are:
● end entity: user of PKI certificates and/or end user system that is the subject of a certificate;
management functions;
● repository: a system or collection of distributed systems that stores certificates and CRLs and
17
RFC5280 - PKIX: Public Key Infrastructure (X.509)
18
RFC5652 - Cryptographic Message Syntax
This document describes the Cryptographic Message Syntax (CMS). This syntax is
used to digitally sign, digest, authenticate, or encrypt arbitrary message content.
20
RFC3161 Time-Stamp Protocol (TSP)
21
eIDAS: l’identità digitale a valore legale
22
European Telecommunications Standards Institute
ETSI plays a key role in supporting regulation and legislation with technical standards
and specifications. To do this they cooperate with other organizations including:
ETSI produces standards to support European regulation and legislation. These are
defined in Regulations, Directives and Decisions developed by the EU.
23
ETSI Advanced Electronic Signatures
24
ETSI Advanced Electronic Signatures
Advanced electronic signatures that are compliant with eIDAS may be technically
implemented through the Ades Baseline Profiles that have been developed by the European
Telecommunications Standards Institute (ETSI):
26
PAdES - PDF Advanced Electronic Signatures
27
ETSI - TS 102 778-1 - Electronic Signatures and Infrastructures (ESI)
Electronic Signatures and Infrastructures
28
source: ETSI TS 119 102-1
Qualified Electronic Signature Creation Device
QSCD is a Secure Signature Generation Device that is certified and approved for
being used to generate Qualified Electronic Signatures (QES).
29
Qualified Trust Service Provider
30
eIDAS Qualified Electronic Signature
31
Digital Identity
32
Digital Identity in EU - Today
33
Digital Identity in Italy - Today
● Qualified Electronic Signature: users > 20 Mln, signs > 3 Bln/yr (AGID 2020)
● PEC (Posta Elettronica Certificata): users > 11 Mln, msgs > 3 Bln/yr (AGID 2020)
34
Digital Identity in EU - Tomorrow
The Commission will soon propose a secure European e-identity. One that we
trust and that any citizen can use anywhere in Europe to do anything from paying
your taxes to renting a bicycle. A technology where we can control ourselves what
data and how data is used.
35
Digital Identity in EU - Challenges
● Levels of Assurance: Onboarding, AML/KYC, Legal Transactions, ...
● Governance Framework
36
Decentralization
37
1991 - Pretty Good Privacy
Zimmermann had been a long-time anti-nuclear activist, and created PGP
encryption so that similarly inclined people might securely use BBSs and securely
store messages and files. No license fee was required for its non-commercial use,
and the complete source code was included with all copies.
PGP found its way onto the Internet and rapidly acquired a considerable following
around the world. Users and supporters included dissidents in totalitarian
countries (some affecting letters to Zimmermann have been published, some of
which have been included in testimony before the US Congress), civil libertarians
in other parts of the world (see Zimmermann's published testimony in various
hearings), and the 'free communications' activists who called themselves
cypherpunks (who provided both publicity and distribution); decades later,
CryptoParty activists did much the same via Twitter.
source: https://en.wikipedia.org/ 38
1992 - The Web of Trust
The web of trust concept was first put forth by PGP creator Phil Zimmermann in
1992 in the manual for PGP version 2.0:
As time goes on, you will accumulate keys from other people that you may want
to designate as trusted introducers. Everyone else will each choose their own
trusted introducers. And everyone will gradually accumulate and distribute with
their key a collection of certifying signatures from other people, with the
expectation that anyone receiving it will trust at least one or two of the
signatures. This will cause the emergence of a decentralized fault-tolerant web
of confidence for all public keys.
source: https://en.wikipedia.org/ 39
1997 - OpenPGP
In July 1997, PGP Inc. proposed to the IETF that there be a standard called
OpenPGP. The IETF accepted the proposal and started the OpenPGP Working
Group. OpenPGP is on the Internet Standards Track and is under active
development. Many email clients provide OpenPGP-compliant email security as
described in RFC 3156. The current specification is RFC 4880 (November 2007),
the successor to RFC 2440. RFC 4880 specifies a suite of required algorithms
consisting of ElGamal encryption, DSA, Triple DES and SHA-1. In addition to these
algorithms, the standard recommends RSA as described in PKCS #1 v1.5 for
encryption and signing, as well as AES-128, CAST-128 and IDEA. Beyond these,
many other algorithms are supported. The standard was extended to support
Camellia cipher by RFC 5581 in 2009, and signing and key exchange based on
Elliptic Curve Cryptography (ECC) (i.e. ECDSA and ECDH) by RFC 6637 in 2012.
Support for ECC encryption was added by the proposed RFC 4880bis in 2014.
source: https://en.wikipedia.org/ 40
Resources
GNU Privecy Guard
https://gnupg.org/
https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work
Key Server
https://en.wikipedia.org/wiki/Key_server_(cryptographic)
https://www.qubes-os.org/security/verifying-signatures/
41
Hal Finney
Harold Thomas Finney II (May 4, 1956 –
August 28, 2014) was a developer for PGP
Corporation, and was the second
developer hired after Phil Zimmermann. In
his early career, he was credited as lead
developer on several console games.
source: https://en.wikipedia.org/ 42
Timestamping Complementarity
PKI-TSA Bitcoin-OTS
A standard with legal value that has been around for a long time Not yet a standard
A service that depends on a central trustee A service based on a permissionless, resilient and decentralized
system, without a single point of failure
Verifying a timestamp requires the involvement of the original Anyone can verify the timestamp autonomously running a Bitcoin full
issuing TSA node or connecting to any trusted block explorer
Usually a TSA undertakes to guarantee the validity of a timestamp There is no predefined limit to the validity of an OTS timestamp, the
for no more than twenty years system aims to survive perpetually
The service of qualified TSAs usually has a specific cost per single The service is free of charge for clients and the cost for the provider
attestation is very low (a negligible fee for a small Bitcoin transaction,
approximately every hour, no matter how many requests are
aggregated each time)
The timestamp issue is immediate The time attestation in the form of a promise is immediate, its
upgrade takes about an hour
Timestamps can reach fractional second precision The time attestation proves data existence only in an interval of
hours
44
Distrust the infrastructure
45
Browser
46
Acrobat
47
OpenSSL
48
Resources
Verify
https://vol.ca.notariato.it/it
https://www.agid.gov.it/it/piattaforme/firma-elettronica-qualificata/certificati
https://webgate.ec.europa.eu/tl-browser/#/
49
Grazie!
Emanuele CIsbani
[email protected]