Signcrypting information assets
Download as PPT, PDF0 likes347 views
The document discusses signcryption, a cryptographic primitive combining encryption and digital signature functions to ensure confidentiality, data integrity, and origin authenticity. It details three processing modes for signcrypted data: signcrypted-content, signcrypted-attributes, and signcrypted-components, highlighting their differences in handling data and attributes. References to related works and the author's contact information are also included.
Signcrypting information assets
- 1. Raleigh ISSA Information Security Conference Signcrypting Information Assets Phillip H. Griffin, CISM Associate – Cyber Technologies October 18, 2012
- 2. Signcryption Primitive Signcryption combines encryption and digital signature functions into a single, efficient cryptographic operation. — Defined in ISO/IEC 29150 Signcryption standard — Hybrid : Combines signature with encryption — Confidentiality + Data Integrity + Origin Authenticity (C-I-A) — Asymmetric cryptography makes non-repudiation possible — Alternative to signature-followed-by-encryption — NOT used to sign X.509 certificates — Signcryption is a cryptographic primitive 2
- 3. SigncryptedData Message A new SigncryptedData cryptographic message for signing and encrypting data of any type. Three SigncryptedData processing modes: signcrypted-content Content of any type or format is signcrypted signcrypted-attributes Content and attributes of any type or format are signcrypted signcrypted-components Selected elements of the content are signcrypted, and the resulting content and associated attributes are signed 3
- 4. signcrypted-content mode In signcrypted-content mode, data Content of any type or format is signcrypted. There are NO attributes present. This SigncryptedData processing mode is most similar to simple SignedData with no signed attributes present. The Unsigned Attributes ,Certificates, and CRLs components are optional. Unsigned attributes are content that have already been signed and need not be protected by the SigncryptedData message (e.g., a SAML assertion) 4
- 5. signcrypted-attributes mode In signcrypted-attributes mode the Content together with any number of attributes are signcrypted. The content and attributes may be of any type or format. At least 1 attribute should be present. The messageDigest and contentType attributes need not be present. The Unsigned Attributes ,Certificates, and CRLs components are optional. 5
- 6. signcrypted-components mode In signcrypted-components mode selected components of the Content are signcrypted, and the resulting Content and Attributes are signed. At least 3 attributes must be present. The manifest attribute contains a list of the components in the Content that have been signcrypted. For XML content, the manifest may be a list of XPath expressions, each pointing to a signcrypted element or signcrypted XML-attribute. The Unsigned Attributes ,Certificates, and CRLs components are optional. 6
- 7. References Barbosa, M., & Farshim, P. (2008). Certificateless signcryption. Asia CCS ’08 (http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.167.4423) Griffin, P. (2012a). Protecting Biometrics Using Signcryption (http://phillipgriffin.com/innovation.htm#ID360) Griffin, P. (2012b). Signcryption Information Assets. ISSA Journal, June 2012. (http://www.issa.org/resource/collection/03B356A7-5235-40A9-A8FD- 57261DFD6A4F/ISSA_Journal_June_2012.pdf) ISO/IEC 29150:2011 Information technology – Security techniques – Signcryption Li, Chung Ki, & Wong, Duncan S. (2009). Signcryption from randomness recoverable public key encryption. Zheng, Yuliang. (1998). Shortened Digital Signature, Signcryption and Compact and Unforgeable Key Agreement Schemes 7
- 8. Questions ? Phillip H. Griffin, CISM – Cyber Technologies Associate 8
- 9. Contact Phillip H. Griffin, CISM 1625 Glenwood Avenue Raleigh, NC 27608-2319 Phone: +1 (919) 291 - 0019 Email: phil@phillipgriffin.com Skype: phil.griffin Booz | Allen | Hamilton: griffin_phillip@bah.com 9
- 10. Contact Phillip H. Griffin, CISM 1625 Glenwood Avenue Raleigh, NC 27608-2319 Phone: +1 (919) 291 - 0019 Email: phil@phillipgriffin.com Skype: phil.griffin Booz | Allen | Hamilton: griffin_phillip@bah.com 9
Editor's Notes
- #3: Signcryption is a relatively new hybrid cryptographic primitive. Signcryption provides the functionality of encryption and digital signature in one operation. Familiar symmetric hybrid cryptographic techniques are found in the Secure Sockets Layer (SSL) protocol, the Secure Shell protocol (SSH) protocol, and the Encapsulating Security Payload (ESP) protocol of IPsec. These protocols all rely on symmetric encryption coupled with a Message Authentication Code (MAC). The ISO/IEC 29150 Signcryption standard was published in 2011 by the ISO/IEC JTC 1/SC 27 Security Techniques committee. Signcryption: - simultaneously signs and encrypts data in a single operation - provides origin authentication, data integrity, and confidentiality - uses asymmetric cryptography that makes non-repudiation possible - faster than traditional signature followed by encryption techniques Signcryption schemes offer better overall performance and security (Barbosa & Farshim, 2008). Signcryption schemes provide “shorter cipher text and/or lower computational cost” - Li, Chung Ki, & Wong, Duncan S. (2009). Signcryption schemes “fulfill both the functions of digital signature and public key encryption in a single step, and with a cost, both in terms of modular exponentiation and message overhead, significantly smaller than that required by” traditional sign-then-encrypt techniques - Zheng, Yuliang. (1998). The efficiencies of signcryption make it ideal for protecting information in environments constrained by bandwidth limitations (e.g., wireless mobile devices), high volumes of transactions (e.g., Internet commerce), or size or cost of storage (e.g., smart cards).
- #4: A new Cryptographic Message Syntax (CMS) type has been defined at Booz Allen. The SigncryptedData message was presented this past summer to the ID360 Global Forum on Identity at the University of Texas in Austin. Currently, no existing standardized CMS message supports signcryption. Currently, no existing CMS message supports signcryption. Though the paper targeted using this new messge to protect biometric identity information, the SigncryptedData type can be used to protect data of any type or format. “ There are three processing modes for this new CMS type: - signcrypted-content , - signcrypted-attributes , and - signcrypted-components mode. In the signcrypted-content mode data content of any type is signcrypted. In the signcrypted-attributes mode, data content and associated attributes of any type are signcrypted. In the signcrypted-components mode, components of the data content are signcrypted, and then the resulting content is signed along with a set of associated attributes.” – Griffin, P. (2012). Using Signcryption to Protect Biometric Information . Proceedings of ID360: The Global Forum on Identity, the Center for Identity, University of Texas at Austin, 2012.
- #5: In the signcrypted-content processing mode, the signcryptogram component contains the results of signcrypting the Content, a value of any type or format. The sender uses their own public-private key pair components and the public key of the recipient to signcrypt the content. Note that in the signcrypted-content processing mode there are no signed attributes present. The signcrypted-content processing mode of type SigncryptedData is an alternative to sign-then-encrypt techniques that would rely on nested Cryptographic Message Syntax types, such as type SignedData encapsulated in a value of type EncryptedData (or NamedKeyEncryptedData).
- #6: In the signcrypted-attributes processing mode, the signcryptogram component contains the results of signcrypting the Content, a value of any type or format, together with any number of attributes of any type or format. The messageDigest and contentType attributes need not be present as required when attributes are included in type SignedData or the signcrypted-components processing mode of type SigncryptedData. The signcrypted-attributes processing mode of type SigncryptedData is an alternative to sign-then-encrypt techniques that would rely on nested Cryptographic Message Syntax types, such as type SignedData encapsulated in a value of type EncryptedData (or NamedKeyEncryptedData). This processing mode provides data integrity, origin authenticity, and confidentiality for the content and the attributes. It may be useful for protecting sensitive attribute information such as the geolocation associated with a fingerprint or other biometric, or the customer identification or contact information of an individual involved in an online payment transaction.
- #7: Only one example of a manifest has been defined, an xPathManifest for use with XML instance documents: The xPathManifest object carries a value of type XPathSet , a series of values of type XPath . These XPath expressions can be used to locate any signcrypted element in any XML instance document: XPathSet ::= SEQUENCE SIZE(1..MAX) OF XPath XPath ::= UTF8String (CONSTRAINED BY { -- XML Path Language 2.0 -- }) This processing mode is ideal for use as a message wrapper that provides confidentiality protection of the biometric data component of a biometric reference template and that provides origin authenticity and data integrity for the entire template in any context.
- #8: Suggested corrections to the published schema in ISO/IEC 29150 can be found here http://phillipgriffin.com/innovation.htm#29510 )