Technical Presentation
AIAC 2010-2011
Group 1
1



System Rationale
System Architecture
Secure Channel Establishment
◦ Username/Password
◦ Cartão Cidadão
◦ Digital Certificate

Secure Functionalities
◦ Competence Verification
◦ Document Signature and Validation

System Security Analysis
AIAC 2010-2011
Group 1
2

Client asked for a system who was able to:
◦ Verify a title or competency of a subject;
◦ Digitally Sign a document with a given Competency
of a subject.


All the communication and processes
performed in a secure fashion
CERTCOP was developed to address these
(and more…) requisites
AIAC 2010-2011
Group 1
3
AIAC 2010-2011
Group 1
4

3 Modes Used:
◦ Username/Password
◦ Cartão Cidadão
◦ Digital Certificates
 Used with a slight modification in Web Server


All modes based on EKE (Encrypted Key
Exchange)
At the end each entity has:
◦ Public/Private Key;
◦ Symmetric Session Key;
◦ Mutual Authentication Guarantees.
AIAC 2010-2011
Group 1
5
AIAC 2010-2011
Group 1
6
AIAC 2010-2011
Group 1
7
AIAC 2010-2011
Group 1
8

One signature is generated for every message
(, , , ℎ, {ℎ )  − )
◦ Provides Integrity, Freshness and Non-Repudiation

The original message, along with the
Signature, is ciphered with the Symmetric
Session Key
◦ Providing Confidentiality and Authentication
( ,   )
AIAC 2010-2011
Group 1
9

Competence Verification

Document Signature and Validation
AIAC 2010-2011
Group 1
10
−
( ℎ ,  
)
AIAC 2010-2011
Group 1
11
−
ℎ( ℎ ,  
)
AIAC 2010-2011
Group 1
12

To each signed document is generated the
following signature:
(ℎ  , , , ,
 ? , , ,
−
{ℎ()}
)

If the Document has a higher priority it is
stored and verified by another system
◦ VERICOP

This additional service can be billed at a
higher price
AIAC 2010-2011
Group 1
13

State of the art cryptographic algorithms and
protocols used:
◦ AES (with 128 bits key and 10 encryption rounds)
◦ SHA-2 (256 bits)
◦ RSA (with 2048 bits key for certificate, 1024 for the
transient key pairs)
◦ Adapted EKE Protocol

Quite few practical attacks reported on those
algorithms
AIAC 2010-2011
Group 1
14

System Security is an important issue:
◦ Database Servers Isolation
◦ Credentials Management
◦ Firewall Configuration

Users and Administrators security awareness
is vital to the Security
◦ Neither Users nor Administrators should ever
release their passwords to anybody
AIAC 2010-2011
Group 1
15


Web Interface will be available in a future
release;
System design based on state of the art
security technologies
◦ Great overall System Security Level

Special care must be taken to the
maintenance and operation procedures of the
system
AIAC 2010-2011
Group 1
16
Download

Secure Channel Establishment