Adding Multimedia Extensions to X 509 Certificates Nicholis
![servreq [ req ] prompt = no distinguished_name = server_distinguished_name [ server_distinguished_name ] common.](https://slidetodoc.com/presentation_image_h2/0faa0a4c1ac90329d82410bc41d54be0/image-12.jpg "servreq [ req ] prompt = no distinguished_name = server_distinguished_name [ server_distinguished_name ] common.")
![clientreq oid_section = new_oids [ new_oids ] video_file = 1. 2. 3. 4 [](https://slidetodoc.com/presentation_image_h2/0faa0a4c1ac90329d82410bc41d54be0/image-13.jpg "clientreq oid_section = new_oids [ new_oids ] video_file = 1. 2. 3. 4 [")
![careq oid_section = new_oids [ new_oids ] video_file = 1. 2. 3. 4 [](https://slidetodoc.com/presentation_image_h2/0faa0a4c1ac90329d82410bc41d54be0/image-14.jpg "careq oid_section = new_oids [ new_oids ] video_file = 1. 2. 3. 4 [")
- Slides: 17
Adding Multimedia Extensions to X. 509 Certificates Nicholis Bufmack CS 525 – Spring 2008
The Problem Diverse media types have various configuration parameters for different platforms. Additionally, digital rights management issues require consumers to only be able to access media that they have the proper license for. Given the personalized nature of the X. 509 certificate, adding multimedia extensions may be a viable solution.
Project Goal Modify the X. 509 certificate to include multimedia and DRM information.
Background X. 509 Certificates use fields to contain information about the certificate holder, the certifying organization, etc. New fields can be added as extensions. Extensions (and fields) are identified using Object Identifiers (OIDs). Creating a new extension for multimedia entails defining and inserting new OIDs.
Object Identifiers (OID) Consist of a sequence of integers defining a data type and object. An example is the RSA encryption algorithm OID: 1. 2. 840. 113549. 1. 1. 1 They must be registered and unique to be widely accepted within browsers and PKI enabled applications. A repository is kept by IANA for private enterprise arc OID; the federal government has another repository. Big problem: no real mechanism for dissemination of new OIDs to applications.
X. 509 Extensions may be added to an X. 509 certificate. The extensions may be thought of as attaching a “sub certificate” to the original certificate. Problem with this approach: practically no documentation on how to do this. What documentation exists is unclear and often contradicts other sources of information. Decided instead to create a new field within a single certificate.
Environment Apple Mac OS X client Ubuntu Linux server running Apache 2 Ubuntu server running as a virtual machine inside of Virtual. Box on the same machine as the client Creation of the certificates and installation on client and server used the same software: openssl.
Open. SSL Openssl is an open source toolkit used to create, manage, and install X. 509 certificates. Used across multiple platforms. Well documented on using it for common tasks; not so well documented when it comes to doing something new or unusual (like adding a new field).
The Process Create fields to contain multimedia information and add to the configuration files on the server and the client. Use the openssl command with the correct switches and parameters to create the certificate. Install the certificate on both the server and the client. Test the new multimedia extension.
Multimedia Field The new field will be called video_file. The new OID will be 1. 2. 3. 4 The content within the field is a link to a video file. The idea is the have the client application automatically grab the video file when presented with a valid certificate after having been authenticated by the server. However, this last step never worked because it would entail modifying the browser and time did not permit this.
Open. SSL Configuration Files The open. SSl configuration file is used to specify default values and to specify new fields and extensions. Various sections correspond to the different steps undertaken during the creation of the certification. Created a different file for each step of the process.
servreq [ req ] prompt = no distinguished_name = server_distinguished_name [ server_distinguished_name ] common. Name = Multimedia. Server state. Or. Province. Name = CO country. Name = US email. Address = webmaster@multimediaserver. com organization. Name = Web Server organizational. Unit. Name = Multimedia
clientreq oid_section = new_oids [ new_oids ] video_file = 1. 2. 3. 4 [ policy_match ] video_file = optional [ client_distinguished_name ] video_file = The video file location video_file_default = The default video location
careq oid_section = new_oids [ new_oids ] video_file = 1. 2. 3. 4 [ policy_match ] video_file = optional [ req_distinguished_name ] video_file = The video file location video_file_default = The default video location
Outcome Succeeded in creating a successful certificate and installing it on the server and the client. Unable to get the client to work properly when connecting to the secure site; the problem turned out to be related to the way open. SSL was implemented on the Mac. Not able to implement server or client code for automatic redirection to a multimedia file.
Future Work Create an entire new multimedia extension to the certificate instead of adding new fields. Create modifications to the server and the client to handle processing of the new fields and/or extension. Develop an algorithm for distribution of the certificates. Determine what information should be included within the multimedia extension.
References Apple Developer Connection, http: //developer. apple. com Open. SSL. org, http: //openssl. org Ubuntu Help Forum, http: //help. ubuntu. com Housley, Russ, 2001, Planning for PKI, New York: Wiley Computer Publishing Kaufman, Charlie, 2002, Network Security, New Jersey: Prentis Hall Press