Presentation is loading. Please wait.

Presentation is loading. Please wait.

Proposal of ISO/NP Part3 (the profiles for PAdES) from Japan (JISC)

Published byCamilla Lewis Modified over 7 years ago

Similar presentations

Presentation on theme: "Proposal of ISO/NP Part3 (the profiles for PAdES) from Japan (JISC)"— Presentation transcript:

1 Proposal of ISO/NP 14533 Part3 (the profiles for PAdES) from Japan (JISC)
Masashi Sato SECOM CO.,LTD Research Engineer, Specialist Intelligent Systems Laboratory

2 Copyright (c) 2014 Japan Network Security Association
Topics Abstract of ISO 14533 Introduction of Electronic Signature Purpose and Scope of ISO 14533 Proposal of ISO (The profiles for PAdES) purpose concept outline Copyright (c) 2014 Japan Network Security Association

3 Copyright (c) 2014 Japan Network Security Association
ISO 14533 ISO Part1 and Part2 were published in Sep 2012. ISO : Processes, data elements and documents in commerce, industry and administration -- Long term signature profiles -- Part 1: Long term signature profiles for CMS Advanced Electronic Signatures (CAdES) The part 1 are currently revising . (editor: Mr. Peter Rybar) ISO :2012 Part 2: Long term signature profiles for XML Advanced Electronic Signatures (XAdES) The purpose of these profiles is to ensure the interoperability of electronic signature implementations and to make electronic signatures verifiable for a long term. These profiles define the requirements of electronic signature formats that enable a long term archiving. Copyright (c) 2014 Japan Network Security Association

4 What is electronic signature?
Electronic signatures provide the following two functions; 1) Non-repudiation Identification who signed the contents. [documents, s, webpages ....] ・If the secret key of signer is protected and is not (have not been) leaked, its validation identifies proprietary owner. 2) Integrity checking Detection of whether the contents is modified or not. (to avoid falsification risks) ・As the hash value to be signed consists of some objects including document contents, its validation enables to derive its Integrity. Copyright (c) 2014 Japan Network Security Association

5 How electronic signature works
Certification Authority (CA) Issuing Certificate Certificate (Including signer’s public key) Signer private key Copyright (c) 2014 Japan Network Security Association

6 How electronic signature works
Certification Authority (CA) Issuing Certificate Certificate (Including signer’s public key) ・・・ Signer Document to be signed private key Copyright (c) 2014 Japan Network Security Association

7 How electronic signature works
Certification Authority (CA) Issuing Certificate Certificate (Including signer’s public key) ・・・ Signer The signer generate the signature using own private key. private key Authenticity of document Identification of signer Integrity of document Copyright (c) 2014 Japan Network Security Association

8 How electronic signature works
Certification Authority (CA) The verifier checks the signature using the signer certificate (public key) and checks that the certificate is issued by the trusted CA. Issuing Certificate Certificate (Including signer public key) ・・・ Signer The signer generate the signature using own private key. Verifier private key Authenticity of document Identification of signer Integrity of document Copyright (c) 2014 Japan Network Security Association

9 Application of Electronic Signature
Electronic Signature is effective to prove the identity of the signer and the integrity of the signed documents. There are many applications: contract, invoice, tax form, application form, notification, etc. Copyright (c) 2014 Japan Network Security Association

10 Need for a long term protection
Electronic signature can be stored for a long term. For example, documents related to long term contracts (insurance, etc.) The storage period depending on the type of documents can be regulated by law. For example, in Japan, books and documents (invoice, receipt, etc.) must be stored for 7 years. Copyright (c) 2014 Japan Network Security Association

11 Need for a long term protection
Electronic signature can be stored for a long term. For example, documents related to long term contracts (insurance, etc.) The storage period depending on the type of documents can be regulated by law. For example, in Japan, books and documents (invoice, receipt, etc.) must be stored for 7 years. However, there are limits on electronic signature. If the validity period of certificates is expired, the signature is judged to be invalid. Generally, the validity period of certificates is a few years. If the cryptography used for electronic signature weakens for a long term after signing, there is a risk that the signed document can be forged. Copyright (c) 2014 Japan Network Security Association

12 Need for a long term protection
Electronic signature can be stored for a long term. For example, documents related to long term contracts (insurance, etc.) The storage period depending on the type of documents can be regulated by law. For example, in Japan, books and documents (invoice, receipt, etc.) must be stored for 7 years. However, there are limits on electronic signature. If the validity period of certificates is expired, the signature is judged to be invalid. Generally, the validity period of certificates is a few years. If the cryptography used for electronic signature weakens for a long term after signing, there is a risk that the signed document can be forged. Therefore, a solution of keeping the validity of electronic signature for a long term is required. The solution is Advanced Electronic Signature (ISO 14533) ! Copyright (c) 2014 Japan Network Security Association

13 Simple Electronic Signature
Certification Authority (CA) Issuing Certificate Certificate (Including signer’s public key) ・・・ Signer The signer generate the signature using own private key. private key Authenticity of document Identification of signer Integrity of document Copyright (c) 2014 Japan Network Security Association

14 Advanced Electronic Signature
Certification Authority (CA) Timestamp Authority (TSA) TSA Issuing Certificate TimeStampToken (Time Information signed by TSA) TimeStampToken Certificate (Including signer’s public key) ・・・ immediately after signing ・・・ after some period of time ・・・ update as needed Signer The signer generate the signature using own private key. The TSA generate the TimeStampToken for the signed document. Protecting the signature, the TimeStampToken and the validation data (certificate, revocation list.). private key Authenticity of document Identification of signer Integrity of document Proof of existence for signed document Time of signing (Trusted time information) Protection against weakness of cryptography. Copyright (c) 2014 Japan Network Security Association

15 (signature timestamp) (Time Information signed by TSA)
ISO 14533 ES-T profile (signature timestamp) ISO 14533 ES-A profile (archive timestamp) Certification Authority (CA) Timestamp Authority (TSA) TSA Issuing Certificate TimeStampToken (Time Information signed by TSA) TimeStampToken Certificate (Including signer’s public key) ・・・ immediately after signing ・・・ after some period of time ・・・ update as needed Signer The signer generate the signature using own private key. The TSA generate the TimeStampToken for the signed document. Protecting the signature, the TimeStampToken and the validation data (certificate, revocation list.). private key Authenticity of document Identification of signer Integrity of document Proof of existence for signed document Time of signing (Trusted time information) Protection against weakness of cryptography, etc. Copyright (c) 2014 Japan Network Security Association

16 Relationship between ES-T and ES-A
The form of ES-A is the extended form of ES-T. ES-A profile In addition to the requirements of ES-T, the requirements of ES-A contains the rules of creating/verifying the signature data which stores the validation information and timestamps for long term protection. The requirements of ES-T contains the rules of creating/verifying the signature data which stores the signature value and the timestamp for the signature value (called signature timestamp). ES-T profile Copyright (c) 2014 Japan Network Security Association

17 Formats of Advanced Electronic Signature
(this proposal) ISO the profiles for PAdES ISO the profiles for CAdES ISO the profiles for XAdES CAdES: CMS Advanced Electronic Signature XAdES: XML Advanced Electronic Signature PAdES: PDF Advanced Electronic Signature Data Format : ASN.1 and BER/DER (binary encoding) Data Format : XML Data Format : PDF (and a part of CAdES) Applicable data: Any text data and binary data (Image, etc. ) However, unsuitable for PDF Applicable data: Any text data and binary data Suitable for XML documents However, unsuitable for PDF Applicable data: PDF Relevant specifications: ETSI TS EN (draft) Relevant specifications: ETSI TS EN (draft) Relevant specifications: ETSI TS EN (draft) ISO (DIS) Copyright (c) 2014 Japan Network Security Association Copyright (c) 2014 Japan Network Security Association

18 PDF (Portable Document Format)
standard: ISO :2008 Document management -- Portable document format -- Part 1: PDF 1.7 ISO (DIS) Document management -- Portable document format -- Part 2: PDF 2.0 PDF has big influence on the market of electronic document exchange. Copyright (c) 2014 Japan Network Security Association

19 Copyright (c) 2014 Japan Network Security Association
PAdES (PDF Advanced Electronic Signature) - Background (Problem of PDF) - %PDF %%EOF 20 0 obj << / Type /Sig /Filter /Adobe.PPKLite /SubFilter /adbe.pkcs7.detached /ByteRange [ 0, 840, 960, 240 ] /Contents < > >> endobj Signature Data 30820a a864886f70d010702 840 bytes 240 bytes PDF Document 840 960 1200 Byte CAdES and XAdES are unsuitable for PDF documents. A signature data can be embedded in the structure of PDF. But the size of a signature data needs to be fixed. The size of CAdES/ XAdES data becomes larger when the data is extended to the format for long term validation. The enlarged signature data overflows fixed signature area and destroys the structure of the PDF. FIXED Range Signing target. Add two blocks. Total 1080 bytes. Copyright (c) 2014 Japan Network Security Association

20 Concept of PAdES Extended data is located in update section of PDF (outside of signature). Original PDF %PDF-1.7 /Type/Sig /Contents< > /ByteRange […] %%EOF Signature binary data (PKCS#7 or CAdES) Signarure + Timestamp a8a : 00000 %PDF %%EOF ES1 SigTS Increment DSS Certificates CRLs / OCSPs VRI %%EOF Long Term Validation LTV (Validation data) LTV (DSS/VRI) Certs,CRLs,OCSPs DocTS Increment /Type/DocTimeStamp /Contents< > /ByteRange […] %%EOF 30820f a86 : DocumentTimestamp Timestamp Token Copyright (c) 2014 Japan Network Security Association

21 Need for the profiles for PAdES
The base specification of PAdES : ETSI TS (PAdES) It will be updated to EN [draft]. ISO (PDF 2.0) [DIS] It contains the same specification as ETSI TS The PAdES specification defines the basic elements and parameters: signature, timestamp (called Document Timestamp), fields of storing certificates and revocation information, etc. The specification has a lot of flexibility in order to enable the use of elements for various uses. The combination of elements and parameters are depended on applications and implementations. The specification enable the signature to extend the form of a long term validation, but it is not necessary. It is necessary to make the PAdES profiles that ensure the interoperability of electronic signature implementations and to make electronic signatures verifiable for a long term. Motivation, purpose and scope are the same as the profiles of CAdES/XAdES(ISO /2). Copyright (c) 2014 Japan Network Security Association

22 Scope of the PAdES profiles
The PAdES profiles define the requirements of elements and parameters in the PAdES format with respect to long term validation. Out of scope Cryptographic Algorithm Adding new elements or parameters which are not defined in the base specification Copyright (c) 2014 Japan Network Security Association

23 Proposal of the PAdES profiles
Copyright (c) 2014 Japan Network Security Association

24 The structure of the long term signature profiles for PAdES
ISO the profiles for CAdES ISO the profiles for XAdES Electronic Signature with Signature Timestamp PAdES-T profile CAdES-T profile XAdES-T profile Electronic Signature with Archive Timestamp PAdES-A profile CAdES-A profile XAdES-A profile Content Timestamp PAdES-CTS profile Copyright (c) 2014 Japan Network Security Association

25 PAdES-T profile PAdES-T
PAdES-T has 3 types of forms depending on the location of the timestamp. Simple signature %PDF Note: DocumentTimestamp is the name of timestamp which embedded in the field of PDF. (ISO/DIS ) Signature Data (not include timestamp) %%EOF PAdES-T Type 1: signature timestamp inside signature data Type2: document timestamp acts as signature timestamp Type3: posterior signature timestamp acts as prior signature timestamp %PDF %PDF %PDF Signature Data (not include timestamps Signature Data (not include timestamp) Signature Data signature timestamp %%EOF %%EOF DocumentTimestamp Signature Data %%EOF %%EOF signature timestamp The signature timestamp proves the existence of signature. This DocumentTimestamp proves the existence of signature. %%EOF The posterior timestamp also proves the existence of the prior signature data. Copyright (c) 2014 Japan Network Security Association

26 Copyright (c) 2014 Japan Network Security Association
PAdES-CTS profile The PAdES-CTS is the PDF data format which contains only document timestamps. PAdES-CTS %PDF Document Timestamp %%EOF The PAdES-CTS is used to prove the existence of the document. If the PAdES-T is applied to the PAdES-CTS data, the PDF data conforms to the PAdES-T. Copyright (c) 2014 Japan Network Security Association

27 Document Security Store
PAdES-A profile The PAdES-A is the long term archiving data that protects the PAdES-T data or the PAdES-CTS data. PAdES-T PAdES-CTS PAdES-A PAdES-T or PAdES-CTS DSS shall store the validation data for all signatures and timestamps. Document Security Store (DSS) DocumentTimestamp This DocumentTimestamp protects all archived data. %%EOF Copyright (c) 2014 Japan Network Security Association

28 Additional Information
Copyright (c) 2014 Japan Network Security Association

29 Basic mechanism of signatures
2018/1/28 Basic mechanism of signatures CA(Certificate Authority) Cert. Status Table A B C D Status Revoked Good Out of date repositories CRL VA services CA issues a Signer's Certificate with Keys Private key Certificate Public key (included into the certificate) Signer (LDAP, http..) (OCSP, SCVP..) Signer's Certificate Input SignatureValue generation (with using Priv. key) validation data Signature Value Output Validation #2 Verify certificate(s) ・Certificate path checking ・Revocation checking Signature Body Signed Info <DigestValues [Base64 data] > Doc 1 Doc 2 Doc N ・・・ Signed data Canonicalization and Hashing Validation #1 Check SignaureValue with using signer's certificate (reverse order calculation from generation) Validator Copyright (c) 2014 Japan Network Security Association Copyright (C) NPO日本ネットワークセキュリティ協会

30 Certificate validation
2018/1/28 Certificate validation Certificate Path Checking Validator must verify all certificates in concerning with the signature and confirm the logical reachability of EE to TA. Trust Anchor(TA) ARL: Authority Revocation List (for CA) CRL: Certificate Revocation List (for EE) Root CA VA CA ARL Generally, as the TA's cert is self signed, there is no ARL for TA. issuing signed by the root CA Check whether SubCA's certificate have been revoked or not. CA substitute CA Validator VA Check whether EE's certificate have been revoked or not. (Issuer of the EE Cert.) CRL issuing signed by the sub CA End entity(EE) user subject (signer) Signed Info Signature Value Signer's Certificate signature creation Copyright (c) 2014 Japan Network Security Association Copyright (C) NPO日本ネットワークセキュリティ協会

31 Time-stamping services
2018/1/28 Time-stamping services Time-Stamping (ISO/IEC 18014, RFC3161) ・A TTP service to provide evidence that the data existed prior to a certain point in time. Doc Requester Data to be time-stamped TSA(Time-stamping Authority) Time source (adjusted and synchronized to the UTC) Hashing header part DER encoded DigestValue Timestamp request message over HTTP(s) or TCP send DigestValue receive misc info.s (eg.TSA cert) TimeValue Signature Value Signing hashing MD TST Validation (in case of RFC3161) ・Digest value checking ・Signature value checking ・Certificates checking (includes revocation checking) Timestamp token(TST) merging send TST header part Timestamp response message over HTTP(s) or TCP receive TST Copyright (c) 2014 Japan Network Security Association Copyright (C) NPO日本ネットワークセキュリティ協会

Download ppt "Proposal of ISO/NP Part3 (the profiles for PAdES) from Japan (JISC)"

Similar presentations

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Practical Digital Signature Issues. Paving the way and new opportunities. www.oasis-open.org Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Summary of ETSI/ESI activities Andrea Caccia ETSI/ESI TB member Note: This document expresses only the views of its author.

Summary of ETSI/ESI activities Andrea Caccia ETSI/ESI TB member Note: This document expresses only the views of its author.
M.Sc. Hrvoje Brzica Boris Herceg, MBA Financial Agency – FINA Ph.D. Hrvoje Stancic, assoc. prof. Faculty of Humanities and Social Sciences Long-term Preservation.

M.Sc. Hrvoje Brzica Boris Herceg, MBA Financial Agency – FINA Ph.D. Hrvoje Stancic, assoc. prof. Faculty of Humanities and Social Sciences Long-term Preservation.
European Signatures versus Global SignaturesRome, 7 April, 2003 EESSI open specifications and interoperability The state of the art in Italy Giovanni Manca.

European Signatures versus Global SignaturesRome, 7 April, 2003 EESSI open specifications and interoperability The state of the art in Italy Giovanni Manca.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
Security Standards under Review for esMD. Transaction Timeline An esMD transaction begins with the creation of some type of electronic content (e.g. X12.

Security Standards under Review for esMD. Transaction Timeline An esMD transaction begins with the creation of some type of electronic content (e.g. X12.
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.
Chapter 31 Network Security

Chapter 31 Network Security
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.

Similar presentations

Ads by Google