Message-recovery schemes provide the most bandwidth-efficient signatures possible. With digital postal marks signature size is very important, because the size of the signature—which is attached to the message to ensure the authentication of the source—affects the size of the mark. ECPVS is ideal for use with DPMs. As documented in volume 1, issue 3 of Code and Cipher, ECPVS adds as little as 20 bytes to the original message length, six times less than RSA—making ECPVS signatures more efficient.
ECNR provides the foundation for ECPVS. ECPVS improves on the efficiency of the ECNR scheme by providing partial message recovery. In this case, all or part of the message is embedded in—and recovered from—the signature. With ECNR, the message itself can be calculated from its signature and the signing public key.
ECPVS and ECNR signatures are ideal in systems where all or part of the message needs to remain confidential as well as being small and secure.
The new Personal Identity Verification (PIV) program defines a standard smart-card ID for all US government employees. It was put forward by NIST as FIPS 201 and includes several supporting Special Publications: SP 800-73 (PIV specification), SP 800-76 (biometrics) and SP 800-78 (cryptography). This card will carry a private key and will be able to provide the corresponding public key embedded in a digital certificate. The certificate can be signed with ECDSA or RSA for use with current systems. It is clear, however, that ECDSA will be the agencies’ choice in future due to recommendations from NIST and the NSA.
This key pair will be used for physical access to government facilities; admittance will require a signed response to a challenge, and in some cases a biometric validation. Biometric data will be stored in a field in the ID information portion of the certificate and validated as part of the certificate.
The PIV will also be used for logical access to computing facilities: login to PCs, workstations, and network access. The certificate will enable single sign-on capabilities: once the certificate is validated, network resources will make use of the validation to provide access to resources such as web-services databases, secure e-mail and online forms.
The Trusted Computing Group (TCG) initiative was established to develop a common secure computing framework. Certificates play a key role in that framework, providing the root of trust for a device. This root is used for attestation: As the hardware boots, a cryptographic hash of the system state is made, matched against known values, and then digitally signed to attest to the trusted state. From this boot process upwards, the device uses hashes to validate the hardware environment and any modifiable software or firmware, including boot code and configuration files; each is signed using the root private key.
Using these stored signed values, one system can prove to another that it has successfully passed its internal checks. The signed hashes can be sent over a network, along with the system’s digital certificate, as proof that the state has been validated by a trusted secure module.
Currently under consideration within the specification, elliptic curve cryptography could be used to provide better performance to the sign and verify operations and appends less overhead to the certificate.
The technical merits of ECC-based digital certificates make them an excellent choice for applications, now and in the future. The strength and small size provides numerous performance and security benefits. Additionally, the longevity of the security is assured. In addition to the applications listed above, they also have a wide range of possible uses in other markets such as consumer and healthcare—for applications such as 2D bar codes, digital imaging and digital rights management. As the full effect of the U.S. Government’s strategy for Crypto Modernization spreads throughout the government and into other industries, ECC-based digital certificate use will become more widespread.
* The performance was measured on Windows XP with an Intel 3.00 GHz Pentium 4 processor, and 512KB of memory, using Security Builder by Certicom toolkits.
**ANSI (American National Standards Institute) X9.37-2003 Specifications for an Electronic Exchange of Check & Image Data standard provides the guidance for conformance for Check 21 images.
This issue of Code and Cipher examines different types of certificates, their uses and benefits.