Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.

Slides:



Advertisements
Similar presentations
Chapter 14 – Authentication Applications
Advertisements

NETWORK SECURITY.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
COEN 350 Public Key Infrastructure. PKI Task: Securely distribute public keys. Certificates. Repository for retrieving certificates. Method for revoking.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Public Key Management and X.509 Certificates
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Computer Security Key Management. Introduction We distinguish between a session key and a interchange key ( long term key ). The session key is associated.
CMSC 414 Computer (and Network) Security Lecture 17 Jonathan Katz.
Computer Security Key Management
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Cryptography in e-Business Guest Lecture, November 13, 2006, Olin College Steven R. Gordon Prof. of Info Tech Management Babson College.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Chapter 9: Key Management
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Security Management.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Computer Science Public Key Management Lecture 5.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.
Configuring Directory Certificate Services Lesson 13.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
1 Chapter 9: Key Management All algorithms we have introduced are based on one assumption: keys have been distributed. But how to do that? Key generation,
10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.
INFSO-RI Enabling Grids for E-sciencE Sofia, 22 March 2007 Security, Authentication and Authorisation Mike Mineter Training, Outreach.
King Mongkut’s University of Technology Faculty of Information Technology Network Security Prof. Reuven Aviv 6. Public Key Infrastructure Prof. R. Aviv,
Module 4 Network & Application Security: Kerberos – X509 Authentication service – IP security Architecture – Secure socket layer – Electronic mail security.
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
Computer and Network Security - Message Digests, Kerberos, PKI –
Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.
Digital Signatures and Digital Certificates Monil Adhikari.
Key Management Network Systems Security Mort Anvari.
Fall 2006CS 395: Computer Security1 Key Management.
Pertemuan #8 Key Management Kuliah Pengaman Jaringan.
2013Prof. Reuven Aviv, Mail Security1 Pretty Good Privacy (PGP) Prof. Reuven Aviv Dept. of Computer Science Tel Hai Academic College.
INFSO-RI Enabling Grids for E-sciencE Sofia, 17 March 2009 Security, Authentication and Authorisation Mike Mineter Training, Outreach.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Key management issues in PGP
IT443 – Network Security Administration Instructor: Bo Sheng
Cryptography and Network Security
Authentication Applications
Public Key Infrastructure
Presentation transcript:

Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure

Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI2 OUTLINE 1. Secure Distribution of public keys: Certificates 2. Authenticated Data Exchange 3. Public Key Infrastructure Literature: W. Stallings, Network Security Essentials, 4 th Ed, Ch

Secure Distribution of Public Keys: Certificates Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI3

Prof. Reuven Aviv, Nov Fast creation + distribution of session key, K s 1. A  B: (public key KUa, IDa) – B generates a random Session key K s 2. B encrypts by KUa, transmits to A –A decrypts K s with its private key KRa M.I.M can impersonate the parties What is the problem?

X.509 Certificate: Who owns a public key Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI5 Certificate: Who owns a public key

X.509 Certificate Certificate: A link between a named subject (person, process, organization) and a public key Assuring that the Subject knows the private key Cannot be tampered 6

Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI7 Certificate: Issuer and Subject (certmgr.msc)

Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI8 Pre-installed Certificate in Windows 7s

Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI9 Issuing a certificate Certificates are text files, not encrypted Before issuing a certificate, the CA checks: –that the owner (‘subject”) ID is correct –Subject knows the corresponding private key –E.g. by encrypting a “challenge”, that the subject should decrypt Certificates include user ID, Public key, time stamp, signing algorithm, …

Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI10 Creating a certificate At the authority

Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI11 Simple Validation of a certificate by a receiver B receives A’s certificate, say by B decrypts the signature by CA’s public key, revealing the original hash. Then calculate the hash of the certificate, compares If match, the certificate is authentic, so a subject named A knows the private key listed in the Cert Note: To authenticate the sender (prove that the sender is A), the sender needs to provide a proof that he knows the private key. How?

List of certificates installed in Windows 7 Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI12

Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI13 Revocation of Certificates Reasons for revocation: –secret key is assumed to be compromised. –The user is no longer certified by this CA. –CA’s certificate is assumed compromised. CA issues a Certificate Revocation List (CRL) –cert identified by its issuer and the serial num User that gets a certificate should consult that list –User maintains cache of certificates and CRLs how the integrity of list is kept?

Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI14 Certificate Revocation List

Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI15 Revocation List

Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI16 Authenticated Data Exchange

Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI17 1. Receiving certificates and exchanging them

Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI18 2. Authenticated Data Exchange authenticating data and users during data communication assume that parties previously obtained X.509 certificates of each other 2 procedures –Three way (3 messages) authentication –One-time session key usage scenario

Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI19 3 way message exchange with authentication Message: Data, time-stamp, nonce, receiver id Option: session key (K ab ) encrypted by public keys of receiver Messages signed by sender’s private key: A  B: A{t A, r A, B id, Data, E KUB [K ab ]} B  A: B{t B, r B, A id, r A, Data, E KUB [K ba ]} A  B: A{r B } –B: Verifying sender’s signature proves that sender knows the private key of A –Echoing signed nonces (r A, r B ): no replay

Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI20 X.509 Three-way authentication Establishing –Integrity and originality of both messages –Identities of senders are indeed A, B –Messages intended to be received by B, A –No replay of any of the messages

Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI21 A one-time session key usage scenario A encrypts message (AES) with a new session key, encrypts session key by B public key, appends this to message, adds her signature A send to B the 3 parts message –By verifying A’s signature, B knows that A sent this to him B, and Only B, can decrypt correctly the session key, because it is encrypted by his public key –A knows that only B will be able to decrypt the session key and decrypt the message

Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI22 Public Key Infrastructure Original Slides Henric Johnson

Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI23 The Monopoly Trust Model All use one, trusted CA, know its public key –How do they know it? User can send certificates directly to others User B can verify authenticity of A’s certificate by decrypting the signature of the CA What are the problems? There is no single trusted organization all OS must include with CA’s KU – hard to change –The CA can charge anything it wants

Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI24 Registration Authority How a CA can validate a far away user identity? –Registration Authorities (RAs) in charge of mapping names to KU Alternative: several CA’s What is the problem? Assume A Communicates with B, and: A obtained certificate issued by X1 B obtained certificate issued signed by X2 X1, X2 obtained certificates issued by each other

Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI25 Chains of certificates X1, X2 are CAs. They also have certificates X1 > X2 > X1 > X2 > A got the X2 > certificate (from B) A must get the X1 > certificate (from X2) –A extracts from X1 > the X2 public key –A extracts from X2 > the public key of B Summarizing: A must get the chain of certificates X1 > X2 > More generally, a receiver must get a chain of certs: X 1 > X 2 > …X N > How A (and B) find the chains?

Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI26 Certificate Path A wants to get B public key. He gets the following certificates (right to left) X > W > V > Y > Z Is this structure Fixed?

Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI27 Monopoly with delegated CAs Trust Model One root CA issues certificates to other CAs –Certificates must authorize holders to issue certificates to other CAs –A tree of CAs –Each user cert is the end of a chain of certs –Root CA also called trust anchor –Who issues the certificate of the trust anchor? Problems?

Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI28 Oligarchy Trust model OS preconfigured with a list of trusted root CAs –Their self issued certificates added to the OS OS also include list of certs of intermediaries –All certificates form a forest User can add or delete entries from lists Very common in practice –Browser rely on these lists

Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI29 Pre-configured Certificate Paths in Windows

Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI30 Trusted Root Certificates in my computer Tool: certmgr.msc

Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI31 oligarchy more secure than monopoly? Monopoly: corruption  risks world security Oligarchy: Corruption in one root CA  same –More likely to happen in oligarchy! Oligarchy: CAs chosen by vendor, so what? Easy to trick users to add new “trusted” CAs Malicious users can change lists in a public host –Hardly noticeable in long lists

Prof. Reuven Aviv, Nov 2006 Public Key Cryptography and PKI32 Anarchy Trust Model users responsible for configuring root CAs –People he/she trusts – then anyone can issue certificates Volunteers keep certificates in a database To find a cert: search for a chain in the DB –Can we really trust a chain of certificates? –Not scalable idea: several chains lead to cert  trusted cert Used in Pretty Good Privacy (PGP) software

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.