1 Digital Certificates (X.509, OpenPGP), Security Protocols James Joshi, Associate Professor University of Pittsburgh.

Slides:



Advertisements
Similar presentations
Internet Protocol Security (IP Sec)
Advertisements

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Internet Security CSCE 813 IPsec
Cryptography and Network Security
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Certificates.
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Associate Professor, SIS Lecture 8 Nov 2, 2010 Key Management Network Security.
Chapter 5 Network Security Protocols in Practice Part I
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
Lecture 22 Internet Security Protocols and Standards
Cryptography and Network Security Chapter 17
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
1 Key Management CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 1, 2004.
1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Slide #9-1 Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures.
Chapter 8 Web Security.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
IP Security: Security Across the Protocol Stack
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
SSL and IPSec CS461/ECE422 Spring Reading Chapter 22 of text Look at relevant IETF standards.
1 IS 2150 / TEL 2810 Information Security & Privacy James Joshi Associate Professor, SIS Lecture 2 Sept 4, 2013 Key Management Network Security.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
1 Chapter 9: Key Management All algorithms we have introduced are based on one assumption: keys have been distributed. But how to do that? Key generation,
Web Security : Secure Socket Layer Secure Electronic Transaction.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 21 – Internet Security.
Karlstad University IP security Ge Zhang
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
Chapter 32 Internet Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.
Internet Security CSCE 813 IPsec. CSCE813 - Farkas2 TCP/IP Protocol Stack Application Layer Transport Layer Network Layer Data Link Layer.
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
Network Layer Security Network Systems Security Mort Anvari.
K. Salah1 Security Protocols in the Internet IPSec.
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Assistant Professor, SIS Lecture 11 Nov 15, 2007 Network Security, Authentication, Identity.
CSEN 1001 Computer and Network Security Amr El Mougy Mouaz ElAbsawi.
1IS 2150/TEL 2810: Introduction of Computer Security November 8, 2005 Network Security Authentication & Identity Lecture 9.
Cryptography CSS 329 Lecture 13:SSL.
8-1Network Security Virtual Private Networks (VPNs) motivation:  institutions often want private networks for security.  costly: separate routers, links,
Chapter 5 Network Security Protocols in Practice Part I
IPSecurity.
CSE 4905 IPsec.
Cryptography and Network Security
Cryptography and Network Security
UNIT.4 IP Security.
Cryptography and Network Security
IS 2150 / TEL 2810 Introduction to Security
Public Key Infrastructure (PKI)
Virtual Private Networks (VPNs)
Cryptography and Network Security
Presentation transcript:

1 Digital Certificates (X.509, OpenPGP), Security Protocols James Joshi, Associate Professor University of Pittsburgh

Objectives Understanding of Digital certificate standards X.509 and OpenPGP Privacy Enhance Mail Secure Socket Layer IPSec 2

3 Cryptographic Key Infrastructure Goal: bind identity to key Classical Crypto: Not possible as all keys are shared Public key Cryptography: Bind identity to public key Erroneous binding means no secrecy between principals Assume principal identified by an acceptable name

4 Certificates Create token (message) containing Identity of principal (here, Alice) Corresponding public key Timestamp (when issued) Other information (identity of signer) signed by trusted authority (here, Cathy) C A = { e A || Alice || T } d C C A is A’s certificate

5 Use Bob gets Alice’s certificate If he knows Cathy’s public key, he can decipher the certificate Now Bob has Alice’s public key Problem: Bob needs Cathy’s public key to validate certificate Two approaches: Merkle’s tree, Signature chains

6 Certificate Signature Chains Create certificate Generate hash of certificate Encipher hash with issuer’s private key Validate Obtain issuer’s public key Decipher enciphered hash Re-compute hash from certificate and compare Problem: Validating the certificate of the issuer and getting issuer’s public key

X.509 Service ITU-T recommendation X.509 Defines a framework for the provision of authentication services by X.509 directory to users X.509 – an important standard Used in a variety of context The X.509 Certificate format is used in S/MIME, IP Security and SSL/TLS Initially issued in 1988, another version in 1993 and X.509v3 in

X.509 Standard Based on public-key cryptograph and digital signatures Standard Does not dictate the use of specific algorithm – but recommends RSA Digital signature requires a hash function 8

9 X.509 Chains – key pieces of information Key certificate fields in X.509v3: Version Serial number(unique) Signature algorithm identifier Issuer’s name; uniquely identifies issuer Interval of validity Subject’s name; uniquely identifies subject Subject’s public key info … Signature: Identifies algorithm used to sign the certificate Signature (enciphered hash)

X.509 Certificate Certification Authority (CA): entity that issues certificates A user’s certificate Is created for a principal by a CA Placed in a directory server (DS) The CA sign the certificate with its private key Y > represents X’s certificate issued (and hence signed) by CA Y Any user that has Y’s public key can verify Y > Only Y can update Y > 10

X.509 Detailed Formats 11 [Source: William Stallings, Cryptography and Network Security]

12 X.509 Certificate Validation Obtain issuer’s public key The one for the particular signature algorithm Decipher signature Gives hash of certificate Re-compute hash from certificate and compare If they differ, there’s a problem Check interval of validity This confirms that certificate is current

13 Issuers Certification Authority (CA): entity that issues certificates Multiple issuers pose validation problem Alice’s CA is Cathy; Bob’s CA is Dan; how can Alice validate Bob’s certificate? Have Cathy and Don cross-certify Each issues certificate for the other

14 Validation and Cross-Certifying Cathy > Cathy > represents the certificate that Cathy has generated for Alice Assume now that the following certificates exist Dan ; Cathy >; Dan > Dan ; Cathy >; Dan > Alice validates Bob’s certificate Cathy > Alice obtains Cathy > Cathy > ? Can Alice validate Cathy > ? YES – as Alice has Cathy’s public key Cathy > Dan > Can Alice use Cathy > to validate Dan > ? (how?) Cathy > Validates Cathy > to obtain Dan’s correct public key Dan > Using Dan’s public key she can now validate Dan > !! Cathy > Dan > Signature chain : Cathy > Dan >

Certificate Revocation Each certificate includes a validity period A new certificate is issued by CA just before it expires Also needs to revoke a certificate before it expires, If the user’s private key is compromised, The user is no longer certified by the CA The CA’s certificate is compromised Certificate Revocation List (CRL) Each CA maintains a CRL of all revoked but no expired certificates Each CRL in the DS is signed by the issuer and includes the issuer’s name, creation date, date of the next CRL to be issued, an entry for each revoked certificate (serial numbers) 15

16 PGP Chains Pretty Good Privacy: Widely used to provide privacy for electronic mail and signing files digitally Uses Certificate based key management infrastructure for user’s public keys OpenPGP certificates structured into packets One public key packet Zero or more signature packets For more information: RFC 4880

PGP Certificate Signature Chains Pretty Good Privacy: Widely used to provide privacy for electronic mail and signing files digitally Uses Certificate based key management infrastructure for user’s public keys OpenPGP OpenPGP certificates structured into packets One public key packet Zero or more signature packets 17

OpenPGP Key Packet Version (3 or 4; 3 compatible with all versions of PGP, 4 not compatible with older versions of PGP) Time of Creation Validity period (Version 3 only) Indicates number of days it is valid; 0 means it does not expire Public key algorithm and parameters Version 3 packets contain modulus for RSA Version 4 packets contain parameters for the cryptosystem used Public key Version 3: the exponent of the RSA key Version 4: the public key of the crypto system used 18

19 OpenPGP Signature Packet Version 3 signature packet Version (3) Signature type Indicates purpose and level of trust Creation time when next fields hashed Signer’s key identifier identifies key to encipher hash Public key algorithm used to encipher hash (for signature) Hash algorithm Part of signed hash used for quick check Signature (enciphered hash using signer’s private key)

20 Validating Certificates Alice needs to validate Bob’s OpenPGP cert Does not know Fred, Giselle, or Ellen Alice gets Gaby’s cert Knows Henry slightly, but his signature is at “casual” level of trust Alice gets Ellen’s cert Knows Jack, so uses his cert to validate Ellen’s, then hers to validate Bob’s Bob Fred Gaby Ellen Irene Henry Jack Arrows show signatures Self signatures not shown

X.509 vs PGP Certificates Unlike X.509, PGP allows multiple signers for the same certificate a notion of trust is included in PGP by using the Signature Type Self-signing is allowed in PGP All public keys in Version 4 21

22 ISO/OSI Model Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer Network Layer Data Link Layer Physical Layer Peer-to-peer Flow of bits

Network Protocols End-to-end protocol Example: telnet End-to-end encryption Example: telnet with messages encrypted/decrypted at the client and server Attackers on the intermediate hosts cannot read the message Link protocol Protocol between every directly connected systems Example: IP – guides messages from a host to one of its immediate host Link encryption Encipher messages between intermediate host Each host share a cryptographic key with its neighbor Attackers at the intermediate host will be able to read the message 23

24 Electronic Mail UA interacts with the sender UA hands it to a MTA MTA UA MTA UA MTA UA Message Transfer Agents User Agent Attacker can read on any of the computer with MTA Forgery possible

25 Security at the Application Layer: Privacy-enhanced Electronic Mail Study by Internet Research Task Force on Privacy or Privacy Research Group to develop protocols with following services Confidentiality, by making the message unreadable except to the sender and recipients Origin authentication, by identifying the sender precisely Data integrity, by ensuring that any changes In the message are easy to detect Non-repudiation of the origin (if possible)

26 Design Considerations/goals for PEM Not to redesign existing mail system protocols To be compatible with a range of MTAs, UAs and other computers To make privacy enhancements available separately so they are not required To enable parties to use the protocol to communicate without prearrangement

27 PEM: Basic Design Defines two keys Data Encipherment Key (DEK) to encipher the message sent Generated randomly Used only once Sent to the recipient Interchange key: to encipher DEK Must be obtained some other way than through the message

28 Protocol Confidential message (DEK: k s ) Authenticated, integrity-checked message Enciphered, authenticated, integrity checked message AliceBob {m}k s || {k s }k Bob AliceBob m || {h(m)}k Alice AliceBob {m}k s || {h(m)}k Alice || {k s }k Bob

29 ISO/OSI Model IPSec: Security at Network Layer Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer Network Layer Data Link Layer Physical Layer Peer-to-peer Flow of bits

Security at the Transport Layer: Secure Socket Layer (SSL) Developed by Netscape to provide security in WWW browsers and servers Uses X.509 certificates Transport Layer Security (TLS) protocol (compatible with SSLv3) SSL is the basis for the Internet standard protocol Key idea: Connections and Sessions A SSL session is an association between two peers An SSL connection is the set of mechanisms used to transport data in an SSL session

Secure Socket Layer (SSL) Each party keeps session information Session identifier (unique) The peer’s X.503(v3) certificate Compression method used to reduce volume of data Cipher specification (parameters for cipher and MAC) Master secret of 48 bits Connection information Random data for the server & client Server and client keys (used for encryption) Server and client MAC key Initialization vector for the cipher, if needed Server and client sequence numbers Provides a set of supported cryptographic mechanisms that are setup during negotiation (handshake protocol)

SSL Architecture Provides a basis for Secure communication Confidentiality + Message authenticity IP TCP SSL Record Protocol HTTPHTTP SSL Change Cipher Spec Protocol SSL Alert Protocol SSL Handshake Protocol

SSL Record Protocol Operation e.g., HTTP messages Message type, version, length of block

Handshake Protocol The most complex part of SSL Allows the server and client to authenticate each other Based on interchange cryptosystem (e.g., RSA) Negotiate encryption, MAC algorithm and cryptographic keys Four rounds Used before any application data are transmitted

Other protocols SSL Change Cipher Spec Protocol A single byte is exchanged After new cipher parameters have been negotiated (renegotiated) SSL Alert Protocol Signals an unusual condition Closure alert : sender will not send anymore Error alert: fatal error results in disconnect

36 ISO/OSI Model IPSec: Security at Network Layer Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer Network Layer Data Link Layer Physical Layer Peer-to-peer Flow of bits

IPSec IPSec standard created by Internet Engineering Task Force (IETF) RFC 2401: An overview of the security architecture RFC 2402: Description of a packet authentication extension to IPv4 and IPV6 RFC 2406: Description of a packet encryption extension to IPv4 and IPV6 RFC 2408: Specification of key management capabilities 37

38 IPSec Protocols Authentication header (AH) protocol Message integrity Origin authentication Anti-replay services Encapsulating security payload (ESP) protocol Confidentiality Message integrity Origin authentication Anti-replay services Internet Key Exchange (IKE) Exchanging keys between entities that need to communicate over the Internet What authentication methods to use, how long to use the keys, etc.

39 Cases where IPSec can be used Internet/ Intranet End-to-end security between two hosts Internet/ Intranet SG End-to-end security between two security gateways

40 Cases where IPSec can be used (2) Internet SG Intranet Internet SG Intranet End-to-end security between two hosts + two gateways End-to-end security between two hosts during dial-up

41 Security Association (SA) Unidirectional relationship between peers Specifies the security services provided to the traffic carried on the SA Security enhancements to a channel along a path Identified by three parameters: IP Destination Address Security Protocol Identifier Specifies whether AH or ESP is being used Security Parameters Index (SPI) Specifies the security parameters associated with the SA

42 Security Association (2) Each SA uses AH or ESP (not both) If both required two SAs are created Multiple security associations may be used to provide required security services A sequence of security associations is called SA bundle Example: We can have an AH protocol followed by ESP or vice versa

43 Security Association Databases IP needs to know the SAs that exist in order to provide security services Security Policy Database (SPD) IPSec uses SPD to handle messages For each IP packet, it decides whether an IPSec service is provided, bypassed, or if the packet is to be discarded Security Association Database (SAD) Keeps track of the sequence number AH information (keys, algorithms, lifetimes) ESP information (keys, algorithms, lifetimes, etc.) Lifetime of the SA Protocol mode MTU et.c.

44 IPSec Modes Two modes Transport mode Encapsulates IP packet data area IP Header is not protected Protection is provided for the upper layers Usually used in host-to-host communications Tunnel mode Encapsulates entire IP packet in an IPSec envelope Helps against traffic analysis The original IP packet is untouched in the Internet

45 Authentication Header (AH) Next header Identifies what protocol header follows Payload length Indicates the number of 32-bit words in the authentication header Security Parameters Index Specifies to the receiver the algorithms, type of keys, and lifetime of the keys used Sequence number Counter that increases with each IP packet sent from the same host to the same destination and SA Authentication Data SequenceNumber Security Parameters Index Payload length Next Header parameters

46 Preventing replay Using 32 bit sequence numbers helps detect replay of IP packets The sender initializes a sequence number for every SA Receiver implements a window size of W to keep track of authenticated packets Receiver checks the MAC to see if the packet is authentic

47 Transport Mode AH Internet/ Intranet Original IP Header Original IP Header TCP Header TCP Header Payload Data Without IPSec Original IP Header Original IP Header TCP Header TCP Header Payload Data Next Header Next Header Payload Length Payload Length SPI Seq. No. Seq. No. Authenticate Entire packet except for Mutable fields Auth Header Auth Header MAC

48 Tunnel Mode AH Internet SG Intranet Original IP Header Original IP Header TCP Header TCP Header Payload Data Without IPSec Original IP Header Original IP Header TCP Header TCP Header Payload Data Auth Header Auth Header New IP Header New IP Header Authenticate Entire IP Packet Auth Header Auth Header New IP Header New IP Header Next Header Next Header Payload Length Payload Length SPI Seq. No. Seq. No. MAC

49 ESP – Encapsulating Security Payload Creates a new header in addition to the IP header Creates a new trailer Encrypts the payload data Authenticates Prevents replay

50 ESP – Encapsulating Security Payload Security Parameters Index (SPI) Specifies to the receiver the algorithms, type of keys, and lifetime of the keys used Sequence number Counter that increases with each IP packet sent from the same host to the same destination and SA Payload (variable) TCP segment (transport mode) or IP packet (tunnel mode) - encryption Padding (+ Pad length, next Header) 0 to 255 bytes of data to enable encryption algorithms to operate properly Authentication Data MAC created over the packet Security Parameters Index (SPI) – 32 bits Sequence Number 32 bits Payload Data Padding/ Next Header Authentication Data

51 Transport mode ESP Original IP Header Original IP Header TCP Header TCP Header Payload Data Without IPSec Original IP Header Original IP Header TCP Header TCP Header Payload Data ESP Header ESP Header ESP Trailer ESP Trailer ESP Auth ESP Auth Encrypted Authenticated ESP Header ESP Header ESP Trailer ESP Trailer ESP Auth ESP Auth

52 Tunnel mode ESP Original IP Header Original IP Header TCP Header TCP Header Payload Data Without IPSec Encrypted Authenticated Original IP Header Original IP Header TCP Header TCP Header Payload Data ESP Header ESP Header ESP Trailer ESP Trailer ESP Auth ESP Auth New IP Header New IP Header ESP Header ESP Header ESP Trailer ESP Trailer ESP Auth ESP Auth

53 Summary Overview of X.509 and Open PGP PEM, SSL and IPSec Security services available at different levels of the OSI seven layer model

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.