Public Key Distribution and X.509 Wade Trappe

Distribution of Public Keys There are several techniques proposed for the distribution of public keys: –Public announcement –Publicly available directory –Public key authority –Public key certificates

Public Announcement Idea: Each person can announce or broadcast their public key to the world. Example: People attach their PGP or RSA keys at the end of their s. Weakness: –No authenticity: Anyone can forge such an announcement –User B could pretend to be User A, but really announce User B’s public key.

Public Directory Service Idea: Have a public directory or “phone book” of public keys. This directory is under the control/maintenance of a trusted third party (e.g. the government). Involves: –Authority maintains a directory of {name, PK} –Each user registers public key. Registration should involve authentication. –A user may replace or update keys. –Authority periodically publishes directory or updates to directory. –Participants can access directory through secure channel. Weaknesses: –If private key of directory service is compromised, then opponent can pretend to be directory service. –Directory is a single point of failure.

Public Key Authority Idea: More security is achieved if the authority has tighter control over who gets the keys. Assumptions: –Central authority maintains a dynamic directory of public keys of all users. –Central authority only gives keys out based on requests. –Each user knows the public key of the authority. Weaknesses: –Public Key Authority is a single point of failure. –User has to contact PK Authority, thus the PK Authority can be a bottleneck for service.

Public Key Authority, protocol PK Auth A B Step 1 Step 2 1. A Sends: {Request || Time1} 2. PK Auth: E dAuth [ e B || {Request || Time1}] Step 3 Step 6 3. A Sends B: E eB (ID A ||N 1 ) Step 7 4 and 5. B does steps 1 and B Sends: E eA (N 1 ||N 2 ) Step 4 Step 5 7. A Sends: E eB (N 2 )

Public Key Certificates Idea: Use certificates! Participants exchange keys without contacting a PK Authority in a way that is reliable. Certificates contain: –A public key (created/verified by a certificate authority). –Other information. Certificates are given to a participant using the authority’s private key. A participant conveys its key information to another by transmitting its certificate. Other parties can verify that the certificate was created/verified by the authority. Weakness: –Requires secure time synchronization.

Public Key Certificates, overview Cert Auth A B Give e A securely to CA CertA = E dAuth {Time1||ID A ||e A } CertA Cert B Securely give e B to CA CertB = E dAuth {Time2||ID B ||e B } Requirements: Any participant can read a certificate to determine the name and public key of the certificate’s owner. Any participant can verify that the certificate originated from the certificate authority and is not counterfeit. Only the certificate authority can create and update certificates. Any participant can verify the currency of the certificate.

X.509 PK Certificates X.509 is a very commonly used public key certificate framework. The certificate structure and authentication protocols are used in: –IP SEC –SSL –SET X.509 Certificate Format: –Version 1/2/3 –Serial is unique within the CA –First and last time of validity Version Cert Serial # Algorithm & Parms Issuer Name Validity Time: Not before/after Subject Name PK Info: Algorithm, Parms, Key... Signature (w/ hash)

X.509 Certificate Chaining Its not feasible to have one CA for a large group of users. Suppose A knows CA X 1, B knows CA X 2. If A does not know X 2 ’s PK then Cert X2 (B) is useless to A. If X1 and X2 have certified each other then A can get B’s PK by: –A obtains CertX1(X2) –A obtains CertX2(B) –Because B has a trusted copy of X2’s PK, A can verify B’s certificate and get B’s PK. Certificate Chain: –{CertX1(X2)|| CertX2(B)} Procedure can be generalized to more levels. AB X1X1 X2X2 {Cert X1 (X2)|| Cert X2 (B)} Cert X1 (X2) Cert X2 (X1)