1 / 16

CERTCOP System

CERTCOP System. Technical Presentation. Departamento de Engenharia Informática (DEI). Presentation Outline. System Rationale System Architecture Secure Channel Establishment Username/Password Cartão Cidadão Digital Certificate Secure Functionalities Competence Verification

edolie
Download Presentation

CERTCOP System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CERTCOP System Technical Presentation AIAC 2010-2011 Group 1

  2. Departamento de Engenharia Informática (DEI) Presentation Outline • System Rationale • System Architecture • Secure Channel Establishment • Username/Password • Cartão Cidadão • Digital Certificate • Secure Functionalities • Competence Verification • Document Signature and Validation • System Security Analysis AIAC 2010-2011 Group 1

  3. Departamento de Engenharia Informática (DEI) System Rationale • Client asked for a system who was able to: • Verify a title or competency of a subject; • Digitally Sign a document with a given Competency of a subject. • All the communication and processes performed in a secure fashion • CERTCOP was developed to address these (and more…) requisites AIAC 2010-2011 Group 1

  4. Departamento de Engenharia Informática (DEI) System Architecture AIAC 2010-2011 Group 1

  5. Departamento de Engenharia Informática (DEI) Secure Channel Establishment • 3 Modes Used: • Username/Password • Cartão Cidadão • Digital Certificates • Used with a slight modification in Web Server • All modes based on EKE (Encrypted Key Exchange) • At the end each entity has: • Public/Private Key; • Symmetric Session Key; • Mutual Authentication Guarantees. AIAC 2010-2011 Group 1

  6. Departamento de Engenharia Informática (DEI) Secure Channel Establishment – Username/Password AIAC 2010-2011 Group 1

  7. Departamento de Engenharia Informática (DEI) Secure Channel Establishment – Cartão Cidadão AIAC 2010-2011 Group 1

  8. Departamento de Engenharia Informática (DEI) Secure Channel Establishment – Digital Certificate AIAC 2010-2011 Group 1

  9. Departamento de Engenharia Informática (DEI) Secure Channel – Message Format • One signature is generated for every message • Provides Integrity, Freshness and Non-Repudiation • The original message, along with the Signature, is ciphered with the Symmetric Session Key • Providing Confidentiality and Authentication AIAC 2010-2011 Group 1

  10. Departamento de Engenharia Informática (DEI) Secure Functionalities • Competence Verification • Document Signature and Validation AIAC 2010-2011 Group 1

  11. Departamento de Engenharia Informática (DEI) Secure Functionalities – Competence Verification AIAC 2010-2011 Group 1

  12. Departamento de Engenharia Informática (DEI) Secure Functionalities – Document Signature and Validation AIAC 2010-2011 Group 1

  13. Departamento de Engenharia Informática (DEI) Secure Functionalities – Document Signature • To each signed document is generated the following signature: • If the Document has a higher priority it is stored and verified by another system • VERICOP • This additional service can be billed at a higher price AIAC 2010-2011 Group 1

  14. Departamento de Engenharia Informática (DEI) System Security Analysis (1/2) • State of the art cryptographic algorithms and protocols used: • AES (with 128 bits key and 10 encryption rounds) • SHA-2 (256 bits) • RSA (with 2048 bits key for certificate, 1024 for the transient key pairs) • Adapted EKE Protocol • Quite few practical attacks reported on those algorithms AIAC 2010-2011 Group 1

  15. Departamento de Engenharia Informática (DEI) System Security Analysis (2/2) • System Security is an important issue: • Database Servers Isolation • Credentials Management • Firewall Configuration • Users and Administrators security awareness is vital to the Security • Neither Users nor Administrators should ever release their passwords to anybody AIAC 2010-2011 Group 1

  16. Departamento de Engenharia Informática (DEI) Conclusion • Web Interface will be available in a future release; • System design based on state of the art security technologies • Great overall System Security Level • Special care must be taken to the maintenance and operation procedures of the system AIAC 2010-2011 Group 1

More Related