Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Migration of Signing Algorithms: An investigation in migration of signing algorithms used in certificate authorities.
KTH, School of Engineering Sciences in Chemistry, Biotechnology and Health (CBH), Biomedical Engineering and Health Systems, Health Informatics and Logistics.
2019 (English)Independent thesis Basic level (university diploma), 10 credits / 15 HE creditsStudent thesisAlternative title
Migration av signeringsalgoritmer : Undersökning av migration av signeringsalgoritmer som används av certifkatauktoriteter. (Swedish)
Abstract [en]

The migration of signing algorithms is a process which can be used to move from signing algorithms which are regarded as less safe to algorithms which are regarded as safer. The safety of cryptographic algorithms has been compromised before, algorithms such as SHA-1 has been proven to be broken. The goal of this study was to find criteria that could define a successful migration as well as evaluating a method to perform a migration.

The criteria were found by evaluating related works found in an RFC document as well as in a Springer conference paper. The criteria that was found was the following: backwards compatibility, no downtime, no need for mass revocation, no need for strict scheduling and no extra overhead. The evaluated method utilized a construct called a multiple key certificate; it was chosen because it conformed to most of the found criteria. The multiple key certificate utilized two different key pairs, one generated from a conventional algorithm and the other using an alternative algorithm, it also conformed to the x.509 standard. The alternative algorithm could be chosen to be a post quantum algorithm. The prototype was tested for time overhead, memory overhead and backward compatibility.

The results of testing to sign and verify 10 000 certificates as well as examining the file size of the certificate showed that the choice of alternative algorithm heavily affects the time overhead of the prototype certificate. The multiple key certificate also proved to be backwards compatible with widely used applications. This solution has proven itself to act in accordance to all the newly established criterion except for the criterion regarding overhead however, alternative algorithms could be strategically chosen to minimize overhead. The multiple key certificate seems to be a successful way to migrate signing algorithms.

Abstract [sv]

Migration av signeringsalgoritmer som används i certifikat är en process som kan behövas när en signeringsalgoritm som är mindre säker ska ersättas med en som är mer säker. Säkerheten som återfinns hos kryptografiska algoritmer har brutits förut, algoritmer såsom SHA-1 har bevisats vara osäkra. Målet med denna studie var att ta fram kriterier som kan definiera en lyckad migration samt evaluera en metod som kan användas för att utföra en migration.

Kriterierna togs fram genom att studera tidigare arbeten inom migration av signeringsalgoritmer, dessa arbeten återfinns hos RFC dokument samt konferensrapporter från Springer. Kriterierna som togs fram var följande: kompatibilitet med äldre system, ingen nertid, inget behov av massrevokering, inget behov av strikta tidsscheman samt ingen extra omkostnad. Metoden som utvärderades kallas för flernyckels certifikat. Den valdes för att den följde flest av de nyfunna kriterierna. Lösningen utnyttjar två olika nyckelpar, nämligen ett nyckelpar som har genererats med en konventionell algoritm samt ett nyckelpar som har genererats med en alternativ algoritm. Lösningen följer även x.509 standarden. Den alternativa algoritmen kan väljas så att den är postkvantum. Prototypen testades för omkostnad i tid samt minne genom att signera och verifiera 10 000 certifikat samt att titta på certifikatens filstorlek. Prototypen testades även för kompatibilitet med kända applikationer.

Resultaten visade att valet av alternativa algoritmer hade stor påverkan på omkostnaderna. Tester visade att prototypen var kompatibel med applikationer som används i stor utsträckning. Lösningen verkade följa alla nyfunna kriterier förutom kriteriet angående omkostnad men den alternativa algoritmen kan strategiskt väljas för att minimera omkostnaden. Prototypen verkar vara ett lyckat sätt att migrera signeringsalgoritmer.

Place, publisher, year, edition, pages
2019. , p. 35
Series
TRITA-CBH-GRU ; 2019:034
Keywords [en]
signing, algorithm, migration, post-quantum, certificate, x.509, backwards, compatibility
Keywords [sv]
signeringsalgoritm, signeringsalgoritmer, migration, postkvantum, certifikat, x.509, kompatibilitet
National Category
Software Engineering
Identifiers
URN: urn:nbn:se:kth:diva-252762OAI: oai:DiVA.org:kth-252762DiVA, id: diva2:1321637
External cooperation
PrimeKey Solutions AB
Subject / course
Computer Systems
Educational program
Bachelor of Science in Engineering - Computer Engineering
Supervisors
Examiners
Available from: 2019-06-10 Created: 2019-06-09 Last updated: 2019-06-10Bibliographically approved

Open Access in DiVA

yusufHassanExjobb(633 kB)28 downloads
File information
File name FULLTEXT01.pdfFile size 633 kBChecksum SHA-512
2e569e039f636187a40718dc1aa6d784fdc57700ce7a41d0a094bd129865eff2809684536fbc1bb9e9493f041453df176e8086e5bbe1492158c2f20881871bde
Type fulltextMimetype application/pdf

By organisation
Health Informatics and Logistics
Software Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 28 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 264 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf