ThedevelopmentofPKI
ThePKIconstructionprocessintheUnitedStateshasexperienceddisorderbefore1996,andthesystembuiltwithFBCAasthecorefrom1996to2002.Threephasesofstrategicmanagementandsystemconstructionafter2003.Before1996,manygovernmentagenciesbuilttheirownPKIsystems,suchastheU.S.PostalService,theDepartmentofSocialSecurity,theU.S.DepartmentofDefense,theDepartmentofEnergy,andtheU.S.TrademarkandIntellectualPropertyOffice.TheUnitedStatesproposedafederalbridgingplanin1996andformallyannounceditin2001.TheplanwilleventuallyestablishaPKIcovering80agenciesand19ministriesintheUnitedStatestoprotectthecommunicationsecurityofe-government.
TheU.S.FederalPKIsystemismainlycomposedofFederalBridgeCA(FBCA),PrincipalCA(PCA)andSubordinateCA(SCA).TherootCAisnotadoptedinthearchitectureofthefederalPKI,butthefirst-levelCAisadopted.
ThisisbecauseintheUnitedStates,thestructureoftrustdomainsisdiverse.TheU.S.FederalPKIarchitecturecansupporthierarchical(tree-like)dimensionalstructure,networkstructure,andtrustlist.ThefederalbridgeCAisthecoreorganizationinthefederalPKIsystemandisabridgebetweendifferenttrustdomains.Itismainlyresponsibleforissuingcross-certifiedcertificatesforthefirst-levelCAsofdifferenttrustdomains,establishingtheguaranteelevelofeachtrustdomainandtheguaranteeofthefederalCAThemappingrelationshipbetweenlevels,updatethecross-certificationcertificate,andissuethecross-certificationcertificatecancellationblacklist.However,thefederalbridgeCAdoesnotrequireanorganizationtofollowthemappingrelationshipdeterminedbythefederalPKIwhenithasatrustrelationshipwithanotherorganization,butcanusethemappingrelationshipitconsidersappropriatetodeterminemutualtrust.
EuropehasalsomaderemarkableachievementsinPKIinfrastructure.The93/1999ECregulationhasbeenpromulgated,emphasizingtheprinciplesoftechnologyneutrality,privacyprotection,mutualauthenticationbetweendomesticandforeigncountries,andnon-discrimination.InordertosolvetheproblemofcollaborativeworkbetweenPKIsinvariouscountries,ithasadoptedaseriesofmeasures:activelysubsidizerelevantresearchinstitutes,universitiesandenterprisestoresearchPKI-relatedtechnologies;fundPKIinteroperability-relatedtechnicalresearch,andestablishaCAnetworkanditstopCAs.InOctober2000,theEurobridgeCASteeringCommitteewasestablished,andEurobridgeCAwasestablishedonMarch23,2001.
mycountry’sPKItechnologystartedin1998,andthegovernmentandrelevantdepartmentshaveattachedgreatimportancetothedevelopmentofthePKIindustry.In2001,PKItechnologywaslistedasamajorinformationsecurityprojectofthe"TenthFive-Year"863Plan,andinOctoberofthesameyear,theNational863PlanInformationSecurityInfrastructureResearchCenterwasestablished.Thenationale-governmentprojectclearlyproposestobuildaPKIsystem.mycountryhascomprehensivelypromotedtheresearchandapplicationofPKItechnology.OnAugust28,2004,theEleventhMeetingoftheStandingCommitteeoftheTenthNationalPeople'sCongresspassedtheElectronicSignatureLawonthe28th,stipulatingthatelectronicsignatureshavethesamelegaleffectashandwrittensignaturesorseals.Thebirthofthislawhasgreatlypromotedmycountry'sPKIconstruction.
In1998,theShanghaiCACenter(SHECA),thefirstdomesticallyoperatedentity,wasestablished.Sincethen,PKItechnologyhasbeenwidelyusedinmycountry'scommercialbanks,governmentprocurement,andonlineshopping.DomesticCAinstitutionscanberoughlydividedintofourcategories:regional,industrial,commercial,andenterprise.AnumberofPKIserviceproviderssuchasDeanTechnology,ChuangyuanCentury,GuochuangTechnology,JidaZhengyuan,andGuoruiDigitalhaveemerged.business.
PKIsystemcomposition
AtypicalPKIsystemincludesPKIpolicy,softwareandhardwaresystem,certificateauthorityCA,registrationauthorityRA,certificateissuingsystemandPKIapplication.
PKIsecuritypolicy
Establishesanddefinesanorganization'sinformationsecurityguidelines,andalsodefinestheprocessingmethodsandprinciplesusedbythecryptographicsystem.Itincludeshowanorganizationhandleskeysandvaluableinformation,anddefinesthelevelofsecuritycontrolbasedonthelevelofrisk.
CertificateAuthorityCA
CertificateAuthorityCAisthetrustbasisofPKI.Itmanagestheentirelifecycleofpublickeys.Itsfunctionsinclude:issuingcertificates,stipulatingthevalidityperiodofcertificates,andissuingcertificatesTherevocationlist(CRL)ensuresthatthecertificatecanberevokedwhennecessary.
RegistrationagencyRA
RegistrationagencyRAprovidesaninterfacebetweenusersandCA.Itobtainsandauthenticatestheuser'sidentityandmakesacertificaterequesttotheCA.Itmainlycompletesthefunctionsofcollectinguserinformationandconfirminguseridentity.Theuserreferredtoherereferstoaclientwhowillapplyforadigitalcertificatefromacertificationcenter(ie,CA),whichcanbeanindividual,agroupororganization,agovernmentagency,etc.Registrationmanagementisgenerallyundertakenbyanindependentregistrationagency(ieRA).Itacceptstheuser'sregistrationapplication,reviewstheuser'sapplicationqualifications,anddecideswhethertoapprovetheCAtoissueadigitalcertificatetoit.Theregistrationagencydoesnotissuecertificatestousers,butonlyconductsqualificationchecksonusers.Therefore,RAcanbesetupinbusinessdepartmentsthatdirectlyfacecustomers,suchasthebank'sbusinessdepartment,institutionalrecognitiondepartment,etc.Ofcourse,forasmall-scalePKIapplicationsystem,theregistrationmanagementfunctioncanbecompletedbythecertificationcenterCAinsteadofsettingupanindependentRA.ButthisisnottocanceltheregistrationfunctionofPKI,buttouseitasafunctionofCA.ThePKIinternationalstandardrecommendsthatanindependentRAcompletethetaskofregistrationmanagement,whichcanenhancethesecurityoftheapplicationsystem.
CertificateIssuingSystem
CertificateIssuingSystemisresponsiblefortheissuanceofcertificates,suchasbyusersthemselvesorthroughdirectoryservers.Thedirectoryservercanbeanexistingoneinanorganization,oritcanbeprovidedinaPKIsolution.
PKIapplications
PKIapplicationsareveryextensive,includingcommunicationbetweenwebserversandbrowsers,e-mail,electronicdatainterchange(EDI),andInternetCreditcardtransactionsandvirtualprivatenetworks(VPN),etc.
Generallyspeaking,CAistheissuingauthorityofcertificates,anditisthecoreofPKI.Asweallknow,thecorecontentofconstructingacryptographicservicesystemishowtorealizekeymanagement.Thepublickeysysteminvolvesapairofkeys(thatis,aprivatekeyandapublickey).Theprivatekeyisonlycontrolledbytheuserindependentlyanddoesnotneedtobetransmittedonline.Thepublickeyispublicandneedstobetransmittedonline.Therefore,thekeyofthepublickeysystemManagementismainlyaimedatthemanagementofpublickeys,andabettersolutionisthedigitalcertificatemechanism.
Relatedstandards
PKIstandardscanbedividedintotwoparts:oneisusedtodefinePKI,andtheotherisusedforPKIapplications.ThefollowingmainlyintroducesthestandardsthatdefinePKI.
ASN.1Standardizationofbasiccodingrules-X.209(1988).ASN.1isastandardmethodfordescribingtheformatofinformationtransmittedonthenetwork.Ithastwoparts:thefirstpart(ISO8824/ITUX.208)describesthedata,datatypeandsequenceformatintheinformation-thatis,thesyntaxofthedata;thesecondpart(ISO8825/ITUX.209)describeshowtocombinethevariouspartsDataconstitutesamessage.Thatis,thebasicencodingrulesofdata.InadditiontobeingusedinthePKIsystem,thesetwoprotocolsarealsowidelyusedinotherfieldsofcommunicationsandcomputers.
Directoryservicesystemstandard-X.500(1993).X.500isasetofdirectoryservicesystemstandardsthathasbeenacceptedbytheInternationalOrganizationforStandardization(ISO).Itdefineshowanorganizationcanshareitsnameandrelatedobjectsonaglobalscale.X.500ishierarchical.Themanagementdomains(institutions,branches,departments,andworkinggroups)canprovideuserandresourceinformationinthesedomains.InthePKIsystem,X.500isusedtouniquelyidentifyanentity.Theentitycanbeaninstitution,organization,individual,oraserver.X.500isconsideredtobethebestwaytoimplementdirectoryservices,buttheimplementationofX.500requiresalargerinvestmentandisslowerthanothermethods;butitsadvantageisthatithasaninformationmodel,versatilityandopenness.
IDAPLightweightDirectoryAccessProtocol-IDAPV3.TheLDAPspecification(RFCl487)simplifiesthecumbersomeX.500directoryaccessprotocol,andthedepartmentmadecorrespondingchangesinfunctionality,datarepresentation,encodingandtransmission,1997.LDAPversion3becametheInternetstandard.IDAPV3hasbeenwidelyusedincertificateinformationissuanceandCRIinthePKIsystem.Informationrelease,CApolicyandallaspectsrelatedtoinformationrelease.
DigitalCertificateStandardX.509(1993).X.5(19)isadigitalcertificatestandardformulatedbytheSouthInternationalTelecommunicationUnion(ITU-T).OnthebasisofX.500ensuringtheuniquenessofusernames.X.509providesacommunicationentityauthenticationmechanismforX.500usernamesandstipulatesThecertificategrammaranddatainterfacewidelyapplicableintheprocessofentityauthentication.TheinitialversionofX.509waspublishedin1988.Itiscomposedofuserpublickeyanduseridentifier.Inaddition,italsoincludesversionnumber,certificateserialnumber,CAidentifier,Signaturealgorithmidentification,issuername,certificatevalidityperiodandotherinformation.ThelatestversionofthisstandardisX.509V3.Thisversionofthedigitalcertificateprovidesanextendedinformationfield.Itisusedtoprovidemoreflexibilityandspecificapplicationenvironments.Therequiredinformationtransmission.
OCSPonlinecertificatetwopullstatusprotocol.OCSP(OnIineCertificateStatusProtocol)isastandardpromulgatedbytheIETFtocheckwhetheradigitalcertificateisstillvalidatacertaintransactiontime.ThisstandardprovidesGivePKIusersaconvenientandquickchannelforqueryingthestatusofdigitalcertificates.ThePKIsystemcanbeusedmoreeffectivelyandsecurelyinvariousfields.
PKCSseriesstandards.PKCSisaSouthAmericanRSAdatasecuritycompanyandAsetofpublickeycryptographystandardsformulatedbyitspartners,includingaseriesofrelatedagreementsoncertificateapplication,certificaterenewal,certificaterevocationformrelease,extendedcertificatecontent,digitalsignature,anddigitalenvelopeformat.
Trustmodel
Intheactualnetworkenvironment,itisimpossibletohaveonlyoneCA.ThetrustrelationshipbetweenmultiplecertificationagenciesmustensurethattheoriginalPKIusersdonotneedtorelyonandtrustadedicatedCA,otherwiseitwillnotbepossibletoproceed.Extension,managementandinclusion.Thepurposeoftrustmodelestablishmentistoensurethatthecertificateissuedbyonecertificationauthoritycanbetrustedbyusersofanothercertificationauthority.Commontrustmodelsincludethefollowingfourtypes:
StricthierarchicaltrustModel
ThestricthierarchicaltrustmodelisahierarchicalPKlstructurebasedonamaster-slaveCArelationship.√Barcanbedescribedasaninvertedtree.Onthistree,therootrepresentsaEachentityhasaCAwithaspecialmeaning:therootCA,underneaththerootCAaremultiplesub-CAs.Theleavescorrespondingtonon-CAPKIentitiesareusuallycalledendusers.
InthestricthierarchyoftrustInthemodel,theupper-levelCAissuescertificatesforthelower-level,andallentitiestrusttherootCA,andtherootCAisthetrustpoint.Thetrustrelationshipisone-way.Theupper-levelCAcanandmustauthenticatethelower-levelCA,butthelower-levelCAcannotauthenticatetheupper-levelCA.CAsusuallydonotdirectlyissuecertificatesforendusersbutonlyissuecertificatesforsub-CAs.Whentwodifferentendusersinteract,bothpartiesprovidetheirowncertificatesanddigitalsignatures,andtherootCAisusedtoverifythevalidityandauthenticityofthecertificatesCertification.AslongasyoufindacertificationpathfromtherootCAtoacertificate,youcanverifythecertificate.
Distributedtrustmodel
IncontrasttothestricthierarchicaltrustmodelwhereallentitiestrustauniqueCA,thedistributedtrustmodeldistributestrustamongtwoormoreCAs.Inthemodel,thereiscross-certificationbetweenCAs.Becausetherearemultipletrustpoints,theweakeningofthesecurityofasingleCAwillnotaffecttheentirePKI.Therefore,thetrustmodelhasbetterflexibilitybutitspathdiscoveryismoredifficult,becausethepathfromtheendusertothetrustpointtoestablishacertificateisuncertain.
User-centeredtrustmodel
Intheuser-centeredtrustmodel,eachuserdecideswhichcertificatestotrustandwhichcertificatestoreject.ThereisnotrustedthirdpartyAsaCA,usersaretheirownrootCAs.Generally,users'trustobjectsaregenerallycloselyrelatedusers.
Theuser-centeredtrustmodelhastheadvantagesofhighsecurityandstrongusercontrollability.Butitmakesitsscopesmaller,becauseitdependsontheuser'sownbehavioranddecision-makingability,whichisfeasibleingroupswithhighertechnicallevels,butunrealisticingeneralgroups.
Cross-certificationmodel
Cross-certificationisamechanismthatconnectspreviouslyunrelatedCAs.Itcanmakethesecurecommunicationbetweentheirrespectiveenduserspossible.Therearetwotypesofcross-certification:intra-domaincross-certificationandinter-domaincross-certification.
SecurityService
PKIiswidelyused.Itprovidescompletesecurityservicesfordataexchangeinonlinefinance,onlinebanking,onlinesecurities,e-commerce,e-governmentandothernetworksFunction.Asasecurityinfrastructure,PKIcanprovidesixsecurityservicesofidentityauthentication,dataintegrity,dataconfidentiality,datafairness,non-repudiationandtimestamping.
Identityauthentication
DuetotheopennessandanonymityoftheInternet,thethresholdforillegaluserstofakeothers’identitiestocommitonlinefraudthroughsometechnicalmeansisgettinglowerandlower,therebymakinglegitimateusersAndthesystemcausedgreatharm.Theessenceofidentityauthenticationistheprocessofverifyingtheauthenticityandvalidityoftheauthenticatedobject,whichisconsideredtobethebasisoftoday'sonlinetransactions.InthePKIsystem,theCertificationAuthority(CA)providesanonlineidentitycertificationforeachlegaluserinthesystem,thatis,anIDcard.
Dataintegrity
Dataintegrityistopreventillegaltamperingofinformation,suchasmodification,copying,insertion,deletion,etc.Duringthetransaction,itisnecessarytoensurethatthedatareceivedbybothpartiestothetransactioniscompletelyconsistentwiththeoriginaldata,otherwisethetransactionwillhavesecurityissues.Itisunrealisticinmostcasestorelyonobservationtodeterminewhetherthedatahaschanged.Innetworksecurity,ahashfunction(Hashfunction,alsoknownasacryptographichashfunction)isgenerallyusedtoensuretheintegrityofdataduringcommunication.ThroughtheHashalgorithm,wetransformdataofanylengthintoafixed-lengthdigitaldigest(messageauthenticationcode,MAC),andanychangeintheoriginaldatawillproduceacompletelydifferentdigitaldigestunderthesamecomputingconditions.
Thisfeaturemakesiteasyforpeopletojudgewhethertheoriginaldatahasbeenillegallytamperedwith,therebyensuringtheintegrityandaccuracyofthedata.ThemainhashalgorithmsusedinthePKIsystemareSHA-1andMD-5.
Dataconfidentiality
Dataconfidentialityistoencryptthedatathatneedstobeprotected,soastoensurethattheinformationisnotobtainedbyunauthorizedpersonsduringtransmissionandstorage.InthePKlsystem,allconfidentialityisachievedthroughcryptographictechnology.Therearetwotypesofkeypairs,oneiscalledencryptionkeypair,usedforencryptionanddecryption;theotheriscalledsignaturekeypair,usedforsignature.Ingeneral,thekeypairusedforencryptionanddecryptiondoesnotencryptanddecryptalargeamountofdata,butisonlyusedtonegotiateasessionkey,andwhatisreallyusedforencryptionanddecryptionofalargeamountofdataisthesessionkey.
Inactualdatacommunication,thesenderfirstgeneratesasymmetricalgorithmkeyforactualdataencryption.Thiskeyiscalledthesessionkey.Usethiskeytopairthedatatobeprocessed.Encrypted.Then,thesenderusesthepublickeycorrespondingtothereceiver'sencryptionkeytoencryptthesessionkey,andtransmitsittothereceivertogetherwiththeencrypteddata.Afterreceivingtheinformation,thereceiverfirstusestheprivatekeyinitsownencryptionkeypairtodecryptthesessionkey,andthenusesthesessionkeytodecrypttheactualdata.
Dataimpartiality
TheimpartialitysupportedinPKIreferstodataauthentication.Inotherwords,whatthenotarypublichastoproveisthecorrectnessofthedata.Thisfairnessdependsonthemethodofdataverification,whichisdifferentfromfairservicesandservicesprovidedbygeneralsocialnotaries.InPKI,thedatatobeverifiedisbasedonthedigitalsignatureofthedigitaldigestafterhashingtheoriginaldata,themathematicalcorrectnessofthepublickey,andthelegalityoftheprivatekey.
Non-repudiation
Non-repudiationguaranteesthatbothpartiescannotdenywhattheyhavedone.InthePKIsystem,non-repudiationcomesfromdigitalsignatures.Astheuserperformsdigitalsignature.Thesignatureprivatekeycanonlybecontrolledbythesigner,andotherentitiesinthesystemcannotmakesuchasignature.Therefore,undertheassumptionofthesecurityoftheprivatekey,thesignercannotdenythesignaturemadebyhimself.Protectingthesecurityofthesignatureprivatekeyisthebasisofthenon-repudiationproblem.
Timestampservice
Timestampisalsocalledsecuritytimestamp.Itisatrustedtimeauthorityandisrepresentedbyapieceofdatathatcanbeauthenticated.
ThetimeprovidedbytheauthoritativetimesourceinPK1doesnotneedtobecorrect.Itonlyneedstheuserasareference"time"inordertocompletePKI-basedtransactionprocessing,suchastimeAoccursbeforetimeB,etc.IngeneralPKIsystems,aclockissettounifythePKItime.Ofcourse,thetimeprovidedbythetimeofficialeventsourcecanalsobeused.Theimplementationmethodistoobtainthesafetimefromthisclockpositioninthenetwork,andtheentityisrequiredtorequesttheseauthoritiestostampthedatawithatimestampwhenneeded.Thetimestamponadocumentinvolvesthesignatureofthetimeandthehashvalueofthedocumentcontent,andtheauthoritativesignatureprovidestheauthenticityandintegrityofthedata.WhetheratimestampserviceneedstobeimplementedinaPKIsystemiscompletelydeterminedaccordingtotheneedsoftheapplication.
Digitalsignature
Becauseasingle,uniqueprivatekeycreatesasignature,aconnectioncanbeestablishedbetweenthesigneddataandtheentitycorrespondingtotheprivatekey.ThisconnectionThisisachievedbyusingtheentity'spublickeytoverifythesignature.Ifthesignatureverificationiscorrect,andtheentitycorrespondingtothepublickeyusedtoverifythesignatureisknownfromthepublickeycertificatesignedbythetrustedentity,thenthedigitalsignaturecanbeusedtoprovethatthedigitallysigneddataisindeedfromtheentityidentifiedinthecertificate.
Therefore,PK'sdigitalsignatureserviceisdividedintotwoparts:signaturegenerationserviceandsignatureverificationservice.Thesignaturegenerationservicerequiresaccesstothesigner'sprivatekey.Sincetheprivatekeyrepresentsthesigner,itissensitiveinformationandmustbeprotected.Ifitisstolen,someoneelsecanimpersonatethesignerandusethekeytosign.Therefore,thesignatureserviceisusuallythepartofthesecureapplicationthatcansafelyaccessthesignatureprivatekey.Onthecontrary,thesignatureverificationserviceshouldbeopen.Oncethepublickeyissignedbyatrustedsigner,itisusuallyconsideredaspublicinformation.Theverificationservicereceivesthesigneddata,signature,publickeyorpublickeycertificate,andthencheckswhetherthesignatureisvalidfortheprovideddata.Itreturnsanidentificationofwhethertheverificationissuccessfulornot.