Lecture 6 Page 1 CS 236 Online Certificates An increasingly popular form of authentication Generally used with public key cryptography A signed electronic.

Slides:



Advertisements
Similar presentations
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Advertisements

Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
Public Key Management and X.509 Certificates
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Slide 1 Many slides from Vitaly Shmatikov, UT Austin Public-Key Infrastructure CNS F2006.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.
Class on Security Raghu. Current state of Security Cracks appear all the time Band Aid solutions Applications are not designed properly OS designs are.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
Computer Science Public Key Management Lecture 5.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
Lecture 5 Page 1 CS 236 Online Certificates A ubiquitous form of authentication Generally used with public key cryptography A signed electronic document.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012.
NENA Development Conference | October 2014 | Orlando, Florida Security Certificates Between i3 ESInet’s and FE’s Nate Wilcox Emergicom, LLC Brian Rosen.
Lecture 18 Page 1 CS 111 Online Access Control Security could be easy – If we didn’t want anyone to get access to anything The trick is giving access to.
Pertemuan-13 Enkripsi and Authentication. Symmetric-key Cryptography  Data encrypted and decrypted with same key  Classical examples: Caesar cipher,
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
NDSU Lunchbytes "Are They Really Who They Say They Are?" Digital or Electronic Signature Information Rick Johnson, Theresa Semmens, Lorna Olsen April 24,
Lecture 13 Page 1 Advanced Network Security Authentication and Authorization in Local Networks Advanced Network Security Peter Reiher August, 2014.
Lecture 5 Page 1 CS 136, Fall 2014 Cryptographic Keys CS 136 Computer Security Peter Reiher October 16, 2014.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
The TAOS Authentication System: Reasoning Formally About Security Brad Karp UCL Computer Science CS GZ03 / M th November, 2008.
Protocols for public-key management. Key management –two problems Distribution of public keys (for public- key cryptography) Distribution of secret keys.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 5 Page 1 CS 136, Fall 2012 Cryptographic Keys CS 136 Computer Security Peter Reiher October 11, 2012.
Public Key Infrastructure (PKI) Chien-Chung Shen
Lecture 18 Page 1 CS 111 Online OS Use of Access Control Operating systems often use both ACLs and capabilities – Sometimes for the same resource E.g.,
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Lecture 1 Page 1 CS 236 Online What Are Our Security Goals? CIA Confidentiality –If it’s supposed to be a secret, be careful who hears it Integrity –Don’t.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.
Lecture 14 Page 1 CS 111 Summer 2013 Security in Operating Systems: Basics CS 111 Operating Systems Peter Reiher.
Lecture 5 Page 1 Advanced Network Security Review of Cryptography: Cryptographic Keys Advanced Network Security Peter Reiher August, 2014.
Lecture 15 Page 1 CS 236 Online Evaluating Running Systems Evaluating system security requires knowing what’s going on Many steps are necessary for a full.
Fall 2006CS 395: Computer Security1 Key Management.
CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.
Lecture 5 Page 1 CS 136, Fall 2013 Cryptographic Keys CS 136 Computer Security Peter Reiher October 8, 2013.
Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.
Lecture 5 Page 1 CS 136, Spring 2016 Cryptographic Keys CS 136 Computer Security Peter Reiher April 12, 2016.
Secure HTTP (HTTPS) Pat Morin COMP 2405.
Key management issues in PGP
SSL Certificates for Secure Websites
Certificates An increasingly popular form of authentication
Certificates A ubiquitous form of authentication
Using SSL – Secure Socket Layer
Outline Properties of keys Certificates Key management.
Outline Properties of keys Key management Key servers Certificates.
CS 465 Certificates Last Updated: Oct 14, 2017.
Certificates An increasingly popular form of authentication
刘振 上海交通大学 计算机科学与工程系 电信群楼3-509
Outline Properties of keys Key management Key servers Kerberos
Outline Properties of keys Key management Key servers Certificates.
Key Management CS 136 Computer Security Peter Reiher April 16, 2009
Outline Properties of keys Key management Key servers Certificates.
Certificates An increasingly popular form of authentication
Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
刘振 上海交通大学 计算机科学与工程系 电信群楼3-509
Presentation transcript:

Lecture 6 Page 1 CS 236 Online Certificates An increasingly popular form of authentication Generally used with public key cryptography A signed electronic document proving you are who you claim to be Often used to help distribute other keys

Lecture 6 Page 2 CS 236 Online Public Key Certificates The most common kind of certificate Addresses the biggest challenge in widespread use of public keys –How do I know whose key it is? Essentially, a copy of your public key signed by a trusted authority Presentation of the certificate alone serves as authentication of your public key

Lecture 6 Page 3 CS 236 Online Implementation of Public Key Certificates Set up a universally trusted authority Every user presents his public key to the authority The authority returns a certificate –Containing the user’s public key signed by the authority’s private key In essence, a special type of key server

Lecture 6 Page 4 CS 236 Online Checking a Certificate Every user keeps a copy of the authority’s public key When a new user wants to talk to you, he gives you his certificate Decrypt the certificate using the authority’s public key You now have an authenticated public key for the new user Authority need not be checked on-line

Lecture 6 Page 5 CS 236 Online Scaling Issues of Certificates If there are billions of Internet users needing certificates, can one authority serve them all? Probably not So you need multiple authorities Does that mean everyone needs to store the public keys of all authorities?

Lecture 6 Page 6 CS 236 Online Certification Hierarchies Arrange certification authorities hierarchically The single authority at the top produces certificates for the next layer down And so on, recursively

Lecture 6 Page 7 CS 236 Online Using Certificates From Hierarchies I get a new certificate I don’t know the signing authority But the certificate also contains that authority’s certificate Perhaps I know the authority who signed this authority’s certificate

Lecture 6 Page 8 CS 236 Online Extracting the Authentication Using the public key of the higher level authority, –Extract the public key of the signing authority from the certificate Now I know his public key, and it’s authenticated I can now extract the user’s key and authenticate it

Lecture 6 Page 9 CS 236 Online A Example Give me a certificate saying that I’m Should Alice believe that he’s really ? Alice has never heard of But she has heard of So she uses to check How can prove who he is? Alice gets a message with a certificate Then she uses to check

Lecture 6 Page 10 CS 236 Online Certificates and Trust Ultimately, the point of a certificate is to determine if something is trusted –Do I trust the request to perform some financial transaction? So, Trustysign.com signed this certificate How much confidence should I have in the certificate?

Lecture 6 Page 11 CS 236 Online Potential Problems in the Certification Process What measures did Trustysign.com use before issuing the certificate? Is the certificate itself still valid? Is Trustysign.com’s signature/certificate still valid? Who is trustworthy enough to be at the top of the hierarchy?

Lecture 6 Page 12 CS 236 Online Trustworthiness of Certificate Authority How did Trustysign.com issue the certificate? Did it get an in-person sworn affidavit from the certificate’s owner? Did it phone up the owner to verify it was him? Did it just accept the word of the requestor that he was who he claimed to be?

Lecture 6 Page 13 CS 236 Online What Does a Certificate Really Tell Me? That the certificate authority (CA) tied a public/private key pair to identification information Generally doesn’t tell me why the CA thought the binding was proper I may have different standards than that CA

Lecture 6 Page 14 CS 236 Online Showing a Problem Using the Example Alice likes how verifies identity But is she equally happy with how verifies identity? Does she even know how verifies identity? What if uses ‘s lax policies to pretend to be ?

Lecture 6 Page 15 CS 236 Online Another Big Problem Things change One result of change is that what used to be safe or trusted isn’t any more If there is trust-related information out in the network, what will happen when things change?

Lecture 6 Page 16 CS 236 Online Revocation A general problem for keys, certificates, access control lists, etc. How does the system revoke something related to trust? In a network environment Safely, efficiently, etc.

Lecture 6 Page 17 CS 236 Online Revisiting Our Example Someone discovers that has obtained a false certificate for How does Alice make sure that she’s not accepting ‘s false certificate?

Lecture 6 Page 18 CS 236 Online Realities of Certificates Most OSes come with set of “pre-trusted” certificate authorities System automatically processes (i.e., trusts) certificates they sign Usually no hierarchy If not signed by one of these, present it to the user –Who always accepts it...

Lecture 6 Page 19 CS 236 Online An Example Firefox web browser Makes extensive use of certificates to validate entities –As do all web browsers Comes preconfigured with several certificate authorities –Hundreds of them

Lecture 6 Page 20 CS 236 Online Firefox Preconfigured Certificate Authorities Some you’d expect: –Microsoft, RSA Security, Verisign, etc. Some you’ve probably never heard of: Unizeto Sp. z.o.o., Netlock Halozatbiztonsagi Kft.,ABA.ECOM

Lecture 6 Page 21 CS 236 Online The Upshot If Netlock Halozatbiztonsagi Kft. says someone’s OK, I trust them –I’ve never heard of Netlock Halozatbiztonsagi Kft. –I have no reason to trust Netlock Halozatbiztonsagi Kft. –But my system’s security depends on them

Lecture 6 Page 22 CS 236 Online The Problem in the Real World In 2011, a Dutch authority (DigiNotar) was compromised Attackers generated lots of bogus certificates signed by DigiNotar –“Properly” signed by that authority –For popular web sites Until compromise discovered, everyone trusted them

Lecture 6 Page 23 CS 236 Online Effects of DigiNotar Compromise Attackers could transparently redirect users to fake sites –What looked like Twitter was actually attackers’ copycat site Allowed attackers to eavesdrop without any hint to users Apparently used by authorities in Iran to eavesdrop on dissidents

Lecture 6 Page 24 CS 236 Online How Did the Compromise Occur? DigiNotar had crappy security –Out-of date antivirus software –Poor software patching –Weak passwords –No auditing of logs –Poorly designed local network A company providing security services paid little attention to security

Lecture 6 Page 25 CS 236 Online Another Practicality Certificates have expiration dates –Important for security –Otherwise, long-gone entities would still be trusted But perfectly good certificates also expire –Then what?

Lecture 6 Page 26 CS 236 Online The Reality of Expired Certificates When I hear my server’s certificate has expired, what do I do? –I trust it anyway –After all, it’s my server But pretty much everyone does that –For pretty much every certificate Not so secure

Lecture 6 Page 27 CS 236 Online The Core Problem With Certificates Anyone can create some certificate Typical users generally have no good basis for determining whose certificates to trust –They don’t even really understand what they mean Therefore, they trust almost any certificate

Lecture 6 Page 28 CS 236 Online Should We Worry About Certificate Validity? Starting to be a problem –Stuxnet is one example –Compromise of DigiNotar and Adobe also –Increasing incidence of improper issuance, like Verisign handing out Microsoft certificates Not the way most attackers break in today With all their problems, still not the weakest link –But now being exploited, mostly by most sophisticated adversaries

Lecture 6 Page 29 CS 236 Online The Web of Trust Model Public keys are still passed around signed by others But your trust in others is based on your personal trust of them –Not on a formal certification hierarchy –“I work in the office next to Bob, so I trust Bob’s certifications” –Attempt to establish understandable basis for trust in certificates

Lecture 6 Page 30 CS 236 Online Certificates in the Web of Trust Any user can sign any other user’s public key When a new user presents me his public key, he gives me one or more certificates signed by others If I trust any of those others, I trust the new user’s public key

Lecture 6 Page 31 CS 236 Online Limitations on the Web of Trust The web tends to grow –“I trust Alice, who trusts Bob, who trusts Carol, who trusts Dave,..., who trusts Lisa, who trusts Mallory” –Just because Lisa trusts Mallory doesn’t mean I should Example of transitive trust problems Working system needs concept of degrees of trust

Lecture 6 Page 32 CS 236 Online Advantages and Disadvantages of Web of Trust Model +Scales very well +No central authority +Very flexible –May be hard to assign degrees of trust –Revocation may be difficult –May be hard to tell who you will and won’t trust

Lecture 6 Page 33 CS 236 Online More General Use of Web of Trust Web of trust model usable for things other than certificates –Social networking sites –Peer systems –Security alert systems Really, any distributed system where trust plays a role

Lecture 6 Page 34 CS 236 Online When Is Web of Trust Good? When it links people who know each other –Or have other reasons to trust each other When use matches level of trust –If casual trust, limited risk –If high risk, great trust required When use allows adjustment based on observable behavior –Penalize those who don’t behave well

Lecture 6 Page 35 CS 236 Online What Can Go Wrong? Generally, model doesn’t provide any built- in costs for misplaced trust –Other than downgrading it within system Only penalties for a bad recommendation are social Dangerous if new identities easy to fabricate –Bad actor can keep coming back under new identities