Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSE 4905 Public-key Infrastructure

Published byBarnaby Ross Modified over 7 years ago

Similar presentations

Presentation on theme: "CSE 4905 Public-key Infrastructure"— Presentation transcript:

1 CSE 4905 Public-key Infrastructure

2 How to distribute public key?
Public announcement? Publically available directory? Public-key authority? Public-key certificate (e.g., X.509 certificates)

3 What is a certificate? At the highest level its someone vouching for a claim (using a digital signature), this claim is usually related to someone else’s identity

4 Public-key certification: main idea
certification authority (CA): binds public key to particular entity, E. E (person, router) registers its public key with CA. E provides “proof of identity” to CA. CA creates certificate binding E to its public key. certificate containing E’s public key digitally signed by CA – CA says “this is E’s public key” digital signature (encrypt) K B + Bob’s public key K B + CA private key certificate for Bob’s public key, signed by CA - Bob’s identifying information K CA

5 Certification authorities
when Alice wants Bob’s public key: gets Bob’s certificate (Bob or elsewhere). apply CA’s public key to Bob’s certificate, get Bob’s public key K B + digital signature (decrypt) Bob’s public key K B + CA public key + K CA

6 Uses of certificates Secure communication Notarization Time-Stamping
Non-Repudiation Privilege Management Authorization & Authentication Authorization & Policy Authorities Delegation Blind vs. Auditable

7 Public-Key certification - 2

8 Certificate example

9 Certificate example (cont’d)

10 Fields in a certificate
Fingerprint Version number Serial number: unique # within the issuing CA Certificate signature algorithm Issuer Validity Subject name: the name of the user Subject’s public-key information Signature

11 Certificate misconceptions
Certificates  Signature Certificates are implemented using Signatures Certificates  Authentication Authentication can be implemented using Certificates Same for Authorization, etc. Certificates are static Change => Re-Issue Certificates identify a public key, not a user or device

12 Verifying a certificate
Integrity: signature is valid Signed by a trusted CA or certification path is rooted in a trusted CA Certificate is valid now: We are between Not Valid Before and Not Valid After time points in the certificate Not Revoked Use is consistent with the policy

13 Stages of a certificate/key
Key/Certificate Life Cycle Management Identity  Key. Focus on Key! Stages Initialization Issued (active) Cancellation

14 Initialization Registration Key pair generation
Via RA Identity verification If on-line, should be protected+authenticated (?) Key pair generation Certificate creation & delivery [Key backup] (used in some settings)

15 Key pair generation Where? (by who?) What for?
CA RA Owner (e.g. within browser) Other Trusted 3rd Party What for? Non-repudiation  owner generation Single use keys: separate key pairs for authentication, confidentiality, etc.

16 Key pair generation Performance Assurance Legal/Liabilities
Laptop, smart cards – used to be too slow Today – many smart cards can generate own keys Centralized generation Scalability: bottleneck for performance & security Assurance “Is the smart card’s random number generator good enough?” Minimal security requirements guarantees Legal/Liabilities Who to sue? Who backs up above assurances?

17 Certificate Creation+Distribution
Creation – CA only Distribution (to the owner) Certificate only Certificate + private key Deliver key securely! Direct to owner To depository Both

18 Certificate dissemination
Out-of-band Public repositories LDAP directories (and similar) Used mostly for confidentiality In-band E.g. signed usually carries certificate Issues: Privacy, scalability, etc.

19 Key backup Backup  Escrow Non-repudiation conflicts with Backup
Backup= only owner can retrieve the (lost) key Escrow= organization/government can retrieve the key even against owner’s wish Non-repudiation conflicts with Backup Where & how to backup securely???

20 Issued Phase Certificate retrieval Certificate validation Key recovery
To encrypt msg or verify signature Certificate validation Verify certificate integrity+validity Key recovery Key backup – automate as much as possible Key update When keys expire: new certificate [+new keys]

21 Cert Cancellation Certificate Expiration Certificate Revocation
Natural “peaceful” end of life Certificate Revocation Untimely death, possibly dangerous causes Key history For owner: e.g. to read old encrypted messages Key archive “For public”: audit, old sigs, disputes, etc.

22 Certificate Expiration
No action Certificate renewal Same keys, same cert, but new dates Preferably automatic but watch for attributes change! Certificate update New keys, new certificate

23 Certificate Revocation
Requested by Owner, employer, arbiter, TTP, ???, … Request sent to RA/CA Mechanisms for Revocation checks Certificate Revocation Lists (CRLs) On-line Certificate Status Protocol (OCSP) Will it live? (SCVP) Example of CRL (binary, not readable) Additional reading on CRLS

24 Certificate revocation
Certificate can be revoked before expiration time CA maintains a certificate revocation lists (CRL) CRL needs to signed by CA User needs to check whether certificate is in CRL

25 Public Key Infrastructure
More than just a single CA and users requesting public keys How to manage all of this worldwide? How do users know about a CAs? How do CAs verify users?

26 Trust Models Certificates at their core transfer trust
They cannot create trust Who to trust? Which certificates can be trusted Source of Trust How it is established? Limiting/controlling trust in a given environment

27 Common models CA Hierarchy Distributed Web User-centric Tool
Cross-certification Web User-centric Tool

28 What is Trust? What really is a CA supposed to do?
A CAs only real job is to verify identity We tend to think a CA is responsible for the actions of all their issued certificates, this is not their responsibility Who’s responsibility is it? The malicious site There’s a big gap between issuing a certificate for a common name and certifying they are not malicious

29 Hierarchy model Tree architecture Single Root CA
Number of subordinate CA’s Etc… Parent certifies children Leaves are non-CA (end-) entities Typically CA either certifies other CA’s or end-entities, but not both Everyone has Root CA PK

30 Distributed A set of independent hierarchies
May evolve as independent historically Cross-certification or PKI networking Connect the hierarchies Fully-meshed – all CAs are cross-certified

31 User centric Each user is their own Root CA
Trust decisions are made on case by case basis Good User fully responsible for trust Bad Corporate/gov/etc. like to have central control User-centric not friendly to centralized trust policies

32 Exercise What is a good setting for each type of model?
Hierarchy Distributed User centric What do you think is done on the Internet?

33 Internet trust A bunch of root CAs pre-installed in browsers
The set of root CAs can be modified by users But will it be? Root CAs are unrelated (no cross-certification) Except by “CA powers” of browser manufacturer Browser manufacturer = (implicit) Root CA Finding your CAs

34 In band certificate validation
Alice “trusts” CA1 Alice has CA1’s PK in its browser CA1’s PK = “trust anchor” “trust anchor” depends on the model CA1 certifies CA2; CA2 certifies CA3 CA3 certifies Bob => Alice “trusts” Bob Alice associates PK in Bob’s certificate with Bob

35 Certificate Path Processing
Path construction Aggregation of necessary certificates Path validation Checking the certificates and the keys Includes all steps of certificate validation

36 Path Construction “Just a [Shortest] Path graph algorithm”
Not so simple – graph is not known Edges (certificates) need to be queeried Once Path Construction is done Path Validation is straight-forward Usually up to person being verified to provide a good path

37 Exercise 2 Let’s Encrypt: free certificate issuance to all
Good idea or bad?

38 PKI Pitfalls: How it goes wrong
Security breaches Key compromises Inherent difficulties Revocation Negligence Certificates are routinely not checked or some of the attributes ignored Alarms and warnings ignored (“certificate not valid. Press OK to proceed.”) Inconsistencies & human factors (“that’s not what I meant by this policy!”)

Download ppt "CSE 4905 Public-key Infrastructure"

Similar presentations

Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Public Key Infrastructures Gene Itkis Based on “Understanding PKI” by Adams & Lloyd.

Public Key Infrastructures Gene Itkis Based on “Understanding PKI” by Adams & Lloyd.
Cryptography and Network Security Chapter 14

Cryptography and Network Security Chapter 14
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
SMUCSE 5349/7349 Public-Key Infrastructure (PKI).

SMUCSE 5349/7349 Public-Key Infrastructure (PKI).
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Computer Science Public Key Management Lecture 5.

Computer Science Public Key Management Lecture 5.
Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.
Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.

Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.
1 Lecture 11 Public Key Infrastructure (PKI) CIS 4362 - CIS 5357 Network Security.

1 Lecture 11 Public Key Infrastructure (PKI) CIS CIS 5357 Network Security.
ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012.

ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012.

Similar presentations

Ads by Google