Homework #8 Solutions Brian A. LaMacchia Portions © 2002-2006, Brian A. LaMacchia. This material is provided without.

Slides:



Advertisements
Similar presentations
A less formal view of the Kerberos protocol J.-F. Pâris.
Advertisements

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
MyProxy: A Multi-Purpose Grid Authentication Service
Public Key Infrastructure (PKI)
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture 2: Security Rachana Ananthakrishnan Argonne National Lab.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Public Key Management and X.509 Certificates
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.
Grid Security. Typical Grid Scenario Users Resources.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
COMP3123 Internet Security Richard Henson University of Worcester October 2010.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
Homework #4 Solutions Brian A. LaMacchia Portions © , Brian A. LaMacchia. This material is provided without.
Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.
Key Management/Distribution. Administrivia Snafu on books Probably best to buy it elsewhere Paper assignment and first homework Next week (9/24)
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
Homework #5 Solutions Brian A. LaMacchia Portions © , Brian A. LaMacchia. This material is provided without.
Security Management.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
1 Authentication Protocols Celia Li Computer Science and Engineering York University.
Computer Science Public Key Management Lecture 5.
Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
Configuring Directory Certificate Services Lesson 13.
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.
CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.
Module 9: Fundamentals of Securing Network Communication.
King Mongkut’s University of Technology Faculty of Information Technology Network Security Prof. Reuven Aviv 6. Public Key Infrastructure Prof. R. Aviv,
Harshavardhan Achrekar - Grad Student Umass Lowell presents 1 Scenarios Authentication Patterns Direct Authentication v/s Brokered Authentication Kerberos.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.
COMP3123 Internet Security Richard Henson University of Worcester October 2011.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Authorisation, Authentication and Security Guy Warner NeSC Training Team Induction to Grid Computing and the EGEE Project, Vilnius,
1 Grid School Module 4: Grid Security. 2 Typical Grid Scenario Users Resources.
1 Certification Issue : how do we confidently know the public key of a given user? Authentication : a process for confirming or refuting a claim of identity.
2013Prof. Reuven Aviv, Mail Security1 Pretty Good Privacy (PGP) Prof. Reuven Aviv Dept. of Computer Science Tel Hai Academic College.
1 Example security systems n Kerberos n Secure shell.
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.
1 Authentication Celia Li Computer Science and Engineering York University.
Digital Certificates Presented by: Matt Weaver. What is a digital certificate? Trusted ID cards in electronic format that bind to a public key; ex. Drivers.
Public Key Infrastructure (PKI)
Grid Security.
Cryptography and Network Security
Assignment #5 – Solutions
Authentication Applications
Using SSL – Secure Socket Layer
Pooja programmer,cse department
Homework #5 Solutions Brian A. LaMacchia
CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9
Homework #4 Solutions Brian A. LaMacchia
CDK: Chapter 7 TvS: Chapter 9
Presentation transcript:

Homework #8 Solutions Brian A. LaMacchia Portions © , Brian A. LaMacchia. This material is provided without warranty of any kind including, without limitation, warranty of non-infringement or suitability for any purpose. This material is not guaranteed to be error free and is intended for instructional use only.

February 7, 2006Practical Aspects of Modern Cryptography2 Question 1 – Fun w/ Revocation  VeriSign’s RSASecureServer.crl. As of 3am Wed., Feb. 22: Valid from 2/22/06 to 3/8/06 Valid from 2/22/06 to 3/8/06 515,243 bytes in size 515,243 bytes in size 14,714 entries 14,714 entries  Assume that all of the certs listed on the CRL were issued within the past 12 months.  VeriSign claims to have about 500,000 sites with “Secure Server IDs”, so assume that’s the universe from which 14,714 certs have been revoked.

February 7, 2006Practical Aspects of Modern Cryptography3 Question 1a  Assume 200,000,000 users who will negotiate an SSL/TLS session with at least one of the 500,000 sites over the next two weeks.  On average, how much bandwidth is VeriSign going to use per day distributing the RSASecureServer CRL? You may assume user requests for CRLs are evenly distributed throughout the CRL’s two-week validity period. You may assume user requests for CRLs are evenly distributed throughout the CRL’s two-week validity period.

February 7, 2006Practical Aspects of Modern Cryptography4 Question 1a  200M users, CRLs last 14 days, so on average 1/14 th of the users will have to download the CRL each day.  200M/14 = M downloads/day  515,243 bytes/download   ~7.360x10 12 bytes of bandwidth per day

February 7, 2006Practical Aspects of Modern Cryptography5 Question 1b  Assume there also exists an OCSP responder for the same data  If the average size of an OCSP request/response message pair is 3KB, how many OCSP responses would the average user have to request from the VeriSign OCSP responder per day in order to generate the same about of bandwidth usage as the CRL downloading you calculated in Question 1(a)?

February 7, 2006Practical Aspects of Modern Cryptography6 Question 1b  ~7.360x10 12 bytes of bandwidth per day  / 3KB/OCSP request/response pair   2.453x10 9 OCSP round-trips  / 200,000,000 users   ~ OCSP requests/user/day

February 7, 2006Practical Aspects of Modern Cryptography7 Question 1c  USG wants to issue a cert to each of 60 million passport holders.  VeriSign is experiencing about a 3% revocation rate; assume that the same rate would apply for these certs.  Approximately how big would the CRL be for the personal certs issued by the US Government? You may assume that each CRL entry requires 35 bytes of storage when ASN.1 encoded. You may assume that each CRL entry requires 35 bytes of storage when ASN.1 encoded.

February 7, 2006Practical Aspects of Modern Cryptography8 Question 1c  60 million passport holders * 3% revocation rate  1.8 million revoked certs at any one time.  1.8 million * 35 bytes/entry  63x10 6 bytes in the CRL

February 7, 2006Practical Aspects of Modern Cryptography9 Question 2  Design a certificate enrollment protocol for enrolling each user for two certificates Leverage the user’s Kerberos credentials to authenticate the certificate requests to the CA. Leverage the user’s Kerberos credentials to authenticate the certificate requests to the CA. You can choose whether users enroll for both signing and encryption certificates simultaneously (in one execution of the protocol) or sequentially (in two executions of the protocol). You can choose whether users enroll for both signing and encryption certificates simultaneously (in one execution of the protocol) or sequentially (in two executions of the protocol).

February 7, 2006Practical Aspects of Modern Cryptography10 Question 2  Assume client generates all keys Signature key pair: K Spub, K Spriv Signature key pair: K Spub, K Spriv Encryption key pair: K Epub, K Epriv Encryption key pair: K Epub, K Epriv  The enrollment protocol has to provide: Authentication of the client Authentication of the client Proof-of-possession of the corresponding private keys Proof-of-possession of the corresponding private keys

February 7, 2006Practical Aspects of Modern Cryptography11 Question 2 – Solution 1  Client uses Kerberos to obtain a ticket for the CA. Assume the ticket contains shared secret K C,CA.  For each key, client forms a self-signed “certificate request” message (e.g. PKCS#10) that contains the public key and identifying information CertReqS = {K Spub, Username}K SPriv CertReqS = {K Spub, Username}K SPriv CertReqE = {K Epub, Username}K Epriv CertReqE = {K Epub, Username}K Epriv  Only works if K Epriv can also sign!

February 7, 2006Practical Aspects of Modern Cryptography12 Question 2 – Solution 1  Client sends the cert requests to the CA encrypted with the Kerberos shared secret  C  CA: {CertReqS, CertReqE}K C,CA  CA decrypts the message (which authenticates that it came from C)  CA verifies the signatures on CertReqS and CertReqE, yielding proof-of- possession of the corresponding private keys

February 7, 2006Practical Aspects of Modern Cryptography13 Question 2 – Solution 1  CA compares the username inside the requests with the identity associated with the Kerberos key K C,CA  CA issues certs CertS and CertE binding the keys to the username (or whatever identity information he wants to be in the certs). CertS = {K SPub, username}K CApriv CertS = {K SPub, username}K CApriv CertE = {K EPub, username}K CApriv CertE = {K EPub, username}K CApriv  CA sends the certs back to the client (unencrypted).

February 7, 2006Practical Aspects of Modern Cryptography14 Question 1 – Solution 2  What if you can’t sign with the encryption key? If C can only encrypt, how do you do proof-of-possession? If C can only encrypt, how do you do proof-of-possession? Method 1: add a challenge response round (but that adds round-trips) Method 1: add a challenge response round (but that adds round-trips) Method 2: encrypt the cert in the reply Method 2: encrypt the cert in the reply

February 7, 2006Practical Aspects of Modern Cryptography15 Question 2 – Solution 2  Client uses Kerberos to obtain a ticket for the CA. Assume the ticket contains shared secret K C,CA.  For each key, client forms a “certificate request” message (e.g. PKCS#10) that contains the public key and identifying information. Only CertReqS is signed. CertReqS = {K Spub, Username}K SPriv CertReqS = {K Spub, Username}K SPriv CertReqE = {K Epub, Username} unsigned CertReqE = {K Epub, Username} unsigned Could also sign with K SPriv Could also sign with K SPriv

February 7, 2006Practical Aspects of Modern Cryptography16 Question 2 – Solution 2  Client sends the cert requests to the CA encrypted with the Kerberos shared secret  C  CA: {CertReqS, CertReqE}K C,CA  CA decrypts the message (which authenticates that it came from C)  CA verifies the signatures on CertReqS, yielding proof-of-possession for the signature key

February 7, 2006Practical Aspects of Modern Cryptography17 Question 2 – Solution 2  CA verifies identity info  CA issues certs CertS and CertE CertS = {K SPub, username}K CApriv CertS = {K SPub, username}K CApriv CertE = {K EPub, username}K CApriv CertE = {K EPub, username}K CApriv  CA sends the certs back to the client; CertS can go unencrypted but at least CertE is encrypted to K EPub CA  C: CertS, {CertE}K EPub CA  C: CertS, {CertE}K EPub  Client has to decrypt with K EPriv to obtain CertE, thus proving possession in order to use the cert.

February 7, 2006Practical Aspects of Modern Cryptography18 Question 3  Modify the protocol you design in Question 2 to include a key escrow feature for the encryption key pair.

February 7, 2006Practical Aspects of Modern Cryptography19 Question 3  With client-side key gen, just need to send the encryption private key along with the encryption cert request  C  CA: {CertReqS, K EPriv, CertReqE}K C,CA  CA verifies that K EPriv and K EPub (in CertReqE) match Only issues CertE if they verify Only issues CertE if they verify No additional POP required, since the server sees the private key No additional POP required, since the server sees the private key

February 7, 2006Practical Aspects of Modern Cryptography20 Question 4 – Cert Rollover

February 7, 2006Practical Aspects of Modern Cryptography21 Question 4a  Assume that t1 < t2 < t3 < t4. Make the end-entity certificates validate at times t3 < t < t4 without re-issuing.

February 7, 2006Practical Aspects of Modern Cryptography22 Question 4a

February 7, 2006Practical Aspects of Modern Cryptography23 Question 4b  Assume that t1 < t3 < t2 < t4. For the period of time t3 < t < t2 end entity certificate should be able to chain- validate under both the old and new intermediate certificates.

February 7, 2006Practical Aspects of Modern Cryptography24 Question 4b

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.