Public Key Infrastructure (PKI) Chien-Chung Shen

Distribution of Public Keys The algorithms to generate a matched pair of public and private keys are publicly known, and software that does it is widely available So if Alice wanted to use a public key cipher, she could generate her own pair of public and private keys, keep the private key hidden, and publicize the public key But how can she publicize her public key—assert that the key belongs to her—in such a way that other participants can be sure the key really belongs to her?

Public Key Instrastructure (PKI) A complete scheme for certifying bindings between public keys and identities— what key belongs to who—is called a Public Key Infrastructure (PKI) A PKI starts with the ability to (1) verify identities and (2) bind identities to keys out of band By “out of band,” we mean something outside the network and the computers that comprise it, such as in the following scenarios –If Alice and Bob are individuals who know each other, then they could get together in the same room and Alice could give her public key to Bob directly, perhaps on a business card –If Bob is an organization, Alice the individual could present conventional identification, perhaps involving a photograph or fingerprints –If Alice and Bob are computers owned by the same company, then a system administrator could configure Bob with Alice’s public key

Public Key Instrastructure (PKI) Establish keys out of band does not scale, but it suffices to bootstrap a PKI Bob’s knowledge that Alice’s (public) key is k can be widely, scalably disseminated using a combination of digital signature and concept of trust –suppose you receive Bob’s public key out of band and you trust Bob on matters of keys and identities –then Bob could send you a message asserting Alice’s key is x –since you know Bob’s public key, you could authenticate this message as having come from Bob –since you trust Bob, you now know that Alice’s key is x, even you had never met her or exchange message with her –with digital signature, Bob wouldn’t even have to send you a message; he could simply create and publish a digitally signed statement that Alice’s public key is x

Bob sends digitally signed message: Alice verifies signature, integrity of digitally signed message: large message m H: Hash function H(m) digital signature (encrypt) Bob’s private key K B - + K B (H(m)) - encrypted msg digest K B (H(m)) - encrypted msg digest large message m H: Hash function H(m) digital signature (decrypt) H(m) Bob’s public key K B + equal ? Digital Signature = Signed Message Digest

Public Key Instrastructure (PKI) A digitally signed statement of a public key binding (to an identity) is called a public key certificate, or simply a certificate Bob could send Alice a copy of th certificate, or post it on website If an when someone needs to verify Alice’s public key, the could do so by getting a copy of the certificate, perhaps directly from Alice, as long as they trust Bob abd know his public key Starting from just Bob’s public key, we could build up a large set of trusted keys over time Bob plays the role of Certificate Authority (CA) VeriSign® is one well-known commercial CA

Public Key Instrastructure (PKI) X.509 is one major standard for certificate ( A certificate clearly must include –the identity of the entity being certified –the public key of the entity being certified –the identity of the signer –the digital signature –a digital signature algorithm identifier (which cryptographic hash and which cipher) Certificate creates a binding between an identity and a public key; certificate must use well-defined name space for the identities being certified, such as address or DNS domains

Certificate Authorities Trust is binary; you either trust soneone completely or not at all Together with certificates, this allows the building of chains of trust –If X certifies that a certain public key belongs to Y, and the Y goes on to certify that another pubic ket belobgs to Z, then there exists a chain of certificates from X to Z, even though X and Z may have never met –If you know X’s public key, and you trust X and Y, then you can believe the certificate that gives Z’s key –All you need is a chain of certificates, all signed by entities you trust, as long as it leads back to an entity whose key you already know.

Certificate Authorities A certification authority or certificate authority (CA) is an entity claimed (by someone) to be trustworthy for verifying identities and issuing public key certificates There are commercial CAs, governmental CAs, and even free CAs To use a CA, you must know its own key. You can learn that CA’s key, however, if you can obtain a chain of CA-signed certificates that starts with a CA whose key you already know Then you can believe any certificate signed by that new CA

View Certificates Firefox and IE come pre-equipped with certificates for a set of CAs; in effect, the brower’s producer has decided these CAs and their keys can be trustedWhen you have browsed to a website whose web address starts with https, there will be a lock icon at the beginning of the address bar. Single-click on the lock icon to get a pop-up that says who verified the certificate, then click on More Information In that window, click on Security then View Certificate