Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Certificates and Certificate Authority Hierarchy in VSC
Transcript of Certificates and Certificate Authority Hierarchy in VSC
The functional architecture of IEEE 1609.2 security service subsystem in the context of wave device is shown as.
CA Hierarchy Illustrated as
The security services defined in IEEE 1609.2 rely on
Elliptic Curve Cryptography
Public key certificates
Public key infrastructure
Each entity, must have IEEE 1609.2
Certificate Managment Entity
the certificates and CRL's from CA and managing security-related information.
CERTIFICATES AND CERTIFICATE AUTHORITY HIERARCHY
The IEEE 1609.2 standard defines the foll. Types of CA entities.
WAVE Service Advertisements(WSA) CA's
Security Services - IEEE 1609.2
In addition to the CME functions, security services subsystem also provides services like
creating digital signatures
encrypting and decrypting messages.
A security consumer, must obtain a certificate before it can send signed or encrypted messages.
The IEEE 1609.2 standard classifies messages into two basic categories:
Certificate Management Messages
Each end entity uses separate sets of certificates to process CMM's and AM's
The certificates used to process CMM's are called Security Management Certificates and
The certificates used to process AM's are called Commucation Certificates.
Communication b/w CA and End Entity
This communication requires mutual authentication, and is achieved using two types of security management certificates:
a Certificate Signing Request (CSR) certificate
a CA certificate
A certificate contains implicitly or explicitly, at least one public key for a public key cryptosystem and list of permissions associated with that key.
The permissions specify what private-public key pair associated with this certificate can be used for.
PUBLIC KEY FORMATS
The IEEE 1609.2 standard uses ECDSA for digital signatures and ECIES for public key encryption.
Using ECDSA and ECIES public key is a point on the elliptic curve represented as x and y-cordinates .
The public key format is shown as:
Algorithm: Indicates which public key algorithm this public key should be used with.
The current 1609.2 supports the foll. algoritms:
For ECDSA, an ECDSA public key structure follows the algorithm field.
For ECIES, a Symmetric-key-Algorithm flag and an ECC public key structure will follow the Algorithm field.
supported symmetric key algorithm is AES: Advanced Encryption Standard
ECDSA over two elliptic curves defned by NIST over prime fields:
the P244 curve for 112-bit security strength and
P256 curve for 128-bit security strength.
ECIES over the P256 elliptic curve defined by NIST.
*NIST - National Institute of Standards and Technology
*ECDSA: Elliptic Curve Digital Signature Algorithm
ECIES: Elliptic Curve Integrated Encryption Scheme
ECC Public Key Illustrated:
Digital Signature Format
ECDSA Signature Format Illustrated
The IEEE 1609.2 standard supports both explicit and implicit certificates.
An explicit certificates include public key and digital signature of the certificate issuer.
An implicit certificate does not explicitly include the public key certified by the certificate, also it doesn't include signature of the certificate issuer. (Advantage: less size)
Certificate mainly consists of three parts:
Unsigned Certificate: To-Be-Signed-Certificate format,
Signature/Reconstructuion Value/signature material
Certificate Format Illustrated:
CRL Format Illustrated
Message Formats And Processing For Generating Encrypted Messages
The message sender encrypts each message using a symmetric key algorithm with a freshly generated symmetric key.
The Symmetric Key is then encrypted for each recipient using the recipients public key.
The current 1609.2 supports ECIES algorithm with NIST P256 curve as Public key encryption algorithm.
*Symmetric Key Algorithm used: AES-CCM
Advanced Encryption Standard (AES) using a 128-bit key in Counter with cipher block chaining message authentication code (CCM)
The encrypted message formated Illustrated as:
The To-Be-Encrypted message format:
Message Types to be encrypted:
Signed external payload
Anonymous certificate response
Certificate request error
certificate response acknowledgment and
Process for generating an encrypted message
anonymous certificate request
certificate request response
certificate request error
signed partial payload
signed external payload
certificate response acknowledgement
1609Dot2 Message Format