Presentation is loading. Please wait.

Presentation is loading. Please wait.

& Bits Nuts and Bits of PKI Mark L. Silverman, CISSP Center for Information Technology National Institutes of Health CENDI Symposium on PKI and Digital.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "& Bits Nuts and Bits of PKI Mark L. Silverman, CISSP Center for Information Technology National Institutes of Health CENDI Symposium on PKI and Digital."— Presentation transcript:

1 & Bits Nuts and Bits of PKI Mark L. Silverman, CISSP Center for Information Technology National Institutes of Health CENDI Symposium on PKI and Digital Signatures June 13, 2001

2 & Bits Foundations of PKI

3 & Bits Start with Technology Cryptography Basic (single key) cryptography Public (dual) key cryptography Digital Signatures

4 & Bits Conclude with Trust Digital Certificates PKI Authorities Policies Trust beyond the enterprise Trust paths Bridge PKI Architecture

5 & Bits Cryptography Science of secret (hidden) writing kryptos – hidden graphen –to write Encrypt / encipher Convert plaintext into ciphertext Decrypt / decipher Convert ciphertext into plaintext

6 & Bits Spartan Scytale Oldest known cryptographic device Fifth century B.C.

7 & Bits Caesar Cipher Julius Caesar, 49 BC Securely communicate with friends Simple substitution cipher Shift alphabet 3 characters

8 & Bits Caesar Cipher Example Plaintext: ET TU BRUTE Shift Algorithm 3 characters Ciphertext:HW WX EUXWH

9 & Bits Symmetric Encryption Single key Shared secret Examples Data Encryption Standard (DES) Block Cipher, 56 bit key Triple DES 112 bit key Advanced Encryption Standard (AES) Rijndael Algorithm Belgian cryptographers, Joan Daemen and Vincent Rijmen. 128, 192, 256 bit keys

10 & Bits Symmetric Encryption Example Dear Bob: How about coming over to my place at 1:30? If Ted ever finds out we are meeting like this it could be disastrous. Love, Alice Dear Bob: How about coming over to my place at 1:30? If Ted ever finds out we are meeting like this it could be disastrous. Love, Alice Alice Bob decryptencrypt 011100111001001 110011100111001 001110000111111 ciphertext

11 & Bits Symmetric Encryption Issues Key (shared secret) vulnerable to discovery Need to share a unique secret key with each party that you wish to securely communicate Key management becomes unmanageable

12 & Bits Asymmetric Encryption Two mathematically related keys Unable to derive one from the other Encrypt with one – decrypt with other Public Key Cryptography One (public) key published for all to see Other (private) key kept secret Algorithms RSA - Integer Factorization (large primes) Diffie-Hellman - Discrete Logarithms ECES - Elliptic Curve Discrete Logarithm

13 & Bits Asymmetric Encryption Example Dear Carol: I think Alice is having an affair with Bob. I need to see you right always. Love, Ted Dear Carol: I think Alice is having an affair with Bob. I need to see you right always. Love, Ted Ted Carol encryptdecrypt Carol's Private Key Carol's Public Key 011100111001001 110011100111001 001110000111111 ciphertext

14 & Bits Asymmetric Advantages No shared secret key Public key is public Can be freely distributed or published Key management is much easier Private key known ONLY to owner Less vulnerable, easier to keep secret Supports Non-repudiation Sender can not deny sending message

15 & Bits Asymmetric Non-Repudiation Dear Ted: Please leave me alone or I will contact a lawyer. I do not care about your personal life. Carol Ted Carol decrypt Carol's Public Key Dear Ted: Please leave me alone or I will contact a lawyer. I do not care about your personal life. Carol Carol's Private Key encrypt 011100111001001 110011100111001 001110000111111 ciphertext

16 & Bits Non-repudiation Since only the sender knows their private key, only the sender could have sent the message. Authentication mechanism Basis for Digital Signature

17 & Bits Asymmetric Issues More computationally intensive 100x symmetric encryption Generally not used to encrypt data Encrypt symmetric key (S/MIME) SSL session key

18 & Bits SMIME Encryption Dear Carol: Please do not push me away. I love you more than I do Alice. Love, Ted encrypt Carol's Public Key encrypt 0111001110 1100111001 0011100001 A032F17634 E57BC43356 743212b9c9 8FA2917342 5633A22201 807732ECF1 3344567520 ABCE4567CD decrypt Carol's Private Key decrypt Dear Carol: Please do not push me away. I love you more than I do Alice. Love, Ted

19 & Bits Electronic Signatures Electronic Signature != Digital Signature Electronic Signatures in Global and National Commerce Act (E-Sign) defines: The term ‘‘electronic signature’’ means an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.

20 & Bits Digital Signature Type of Electronic Signature Combines one-way secure hash functions with public key cryptography Hash function generates fixed length value No two documents produce the same hash value Secure Hash Algorithm 1 (SHA-1) Characteristics Data Integrity - hash value Non-repudiation – encrypted with private key Does NOT provide confidentiality

21 & Bits Digital Signature Creation Dear Mr. Ted: We have asked the Court to issue a restraining order against you to stay away from Carol. Sincerely, Sue Yew Dewey, Cheatam & Howe, Law Firm Dear Mr. Ted: We have asked the Court to issue a restraining order against you to stay away from Carol. Sincerely, Sue Yew Dewey, Cheatam & Howe, Law Firm encrypt Sue's Private Key Hash Function Sue 0F47CEFF AE0317DB AA567C29 Hash Value 0101011110000110101 1011110101111010111 Digital Signature

22 & Bits Digital Signature Validation Dear Mr. Ted: We have asked the Court to issue a restraining order against you to stay away from Carol. Sincerely, Sue Yew Dewey, Cheatam & Howe, Law Firm 0101011110000110101 1011110101111010111 Sue's Public Key decrypt 0F47CEFF AE0317DB AA567C29 0F47CEFF AE0317DB AA567C29 Signature is valid if the two hashes match

23 & Bits Source of Public Key Keys can be published anywhere Attached as a signature to e-mail Pretty Good Privacy (PGP) -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQCVAwUBOx6SgoFNSxzKNZKFAQGK+gP6AnCVghZqbL3+rM5JMSqoC5OEYIkbvYZN 92CL+YSCj/EkdZnjxFmU9+wGsWiCwxvs/TzSX6SZxlpG1bHFKf0OPu7+JEfJ7J5z cPCSqbFXiXzmukMl5KNx0p0veIDW4DmwleDpkmhT05qnCheweoNyvTSzfA1TGeLl mpjBi6zUjiY= =Xq10 -----END PGP SIGNATURE-----

24 & Bits But How do you know for sure who is the owner of a public key?

25 & Bits Public Key Infrastructure Public Key Infrastructure (PKI) provides the means to bind public keys to their owners and helps in the distribution of reliable public keys in large heterogeneous networks. NIST The set of hardware, software, people, policies and procedures needed to create, manage, store, distribute, and revoke Public Key Certificates based on public-key cryptography. IETF PKIX working group

26 & Bits Public Key Certificates Digital Certificates Binds a public key to it's owner Issued and digitally signed by a trusted third party Like an electronic photo-id Follows X509 V3 standard – RFC 2459

27 & Bits X509 V3 Basic Fields Owner's X.500 distinguished name (DN) C=US;O=GOV;O=NIH;OU=CIT;CN=Mark Silverman Owner's public key Validity period Issuer's X.500 distinguished name

28 & Bits X509 V3 Extensions Location of certificate status information Location of Issuer's certificate Subject's Alternative Name email address, employee ID Key Usage constraints Only for digital signatures Only for encryption Policy information Level of trust

29 & Bits X509 V3 Certificate Version2 (V1=0, V2=1, V3=2) Serial Number56 Signature Algorithmsh1RSA Issuer DNC=US;S=UTAH;O=DST;OU=DSTCA;CN=RootCA Validity Period05/02/2000 08:00:00 to 05/02/2001 08:00:00 Subject DNC=US;O=GOV;O=NIH;OU=CIT;CN=Mark Silverman Subject Public KeyRSA, 3081 8902 8181 … 0001 Issuer UIDUsually omitted Subject UIDUsually omitted ExtensionsOptional Extensions Signature Algorithmsh1RSA (same as above) Signature302C 0258 AE18 7CF2 … 8D48

30 & Bits PKI Components Certification Authority (CA) Registration Authority (RA) Repository Archive Users

31 & Bits Certification Authority (CA) TRUSTED third party Issues Certificates Creates and signs them Publishes current certificates Issues Certificate Revocation Lists (CRLs) List of invalid (revoked) certificates Online Certificate Status Protocol (OCSP) Maintains archives of status information May retain copy of data encryption private key, for purposes of key recovery government requirement

32 & Bits Registration Authority (RA) Verify certificate contents for CA Identity proofing RA's public key known to CA A CA may have multiple RAs

33 & Bits Repository Directory Critical component of a PKI Lightweight Directory Access Protocol (LDAP) Stores and distributes Certificates CRLs Other PKI information and policies Does not need to be trusted Certificates & CRLs signed by CA

34 & Bits Archive Long-term storage on behalf of CA Permits verification of old signatures proof signature was valid at time of signing

35 & Bits Users Subscriber Certificate holder Person, device, application, etc. Non-repudiation requires only subscriber has access to private key Strong identity proofing Owner must protect private key Safer with hardware token / smart card Best security with biometric component Relying Party Certificate recipient

36 & Bits How a PKI Issues Certificates Subscriber RA Credentials Passcode Public Key Certificate containing Key Signed by CA Repository Passcode CA Subscriber's Credentials Passcode

37 & Bits How Certificates are used Relying Party A Relying Party B encrypts message to Subscriber 010111 102101 Subscriber signs message to A Get Subscriber's Certificate Repository Get CRL to Validate Certificate Private key Certificate

38 & Bits Trusted Third Party PKI is built upon the concept of the trusted third party (i.e., CA) But, who are you going to trust?

39 & Bits Who do you Trust? Everyone trusts their CA Trust all certificates issued by their CA CA GeorgeMartha Clark Single CA model does not scale well Difficult to manage across large or diverse user communities

40 & Bits Hierarchical PKI Traditional PKI model is hierarchical CAs have superior-subordinate relationships Higher level CAs issue certificates to subordinate CAs They issue certs to other CAs or end-entities (subscribers) Everyone trusts top-level (root) CA Forms a certification path Chain of certificates from trust point (root) to end entity (subscriber)

41 & Bits Certification Path Root CA Certificate Info Root Signature Sub CA Root Signature Subordinate CA Certificate Info Root CA's Private Key Subordinate CA's Private Key SubCA's Signature Subscriber Certificate Info Subscriber's Signature Text Document Subscriber's Private Key Self Signed

42 & Bits Building a Certification Path HHS Root CA NIH CIT Mark FDA CDRH Phyllis Certification paths are constructed from the end- entity to a trust point Mark gets cert from Phyllis 1. Phyllis's cert signed by CDRH 2. CDRH's cert signed by FDA 3. FDA's cert signed by HHS HHS is Mark's trust point, therefore Mark trust's Phyllis's cert

43 & Bits What about other CAs? Trust list: list of CA's trusted by user Commercial CAs often pre-loaded Maintained by user

44 & Bits CAs not on the Trust List? How do you know if you can trust the CA?

45 & Bits Policies Policy information contained in CA's Certificate Policy CA's Certification Practices Statement

46 & Bits Certificate Policy (CP) A high level document that describes the security policy for issuing certificates and maintaining certificate status information. Describes operation of the CA. Defines user's responsibilities for requesting, using and handling certificates and keys.

47 & Bits Certification Practice Statements (CPS) A highly detailed document that describes how a CA implements a specific CP. Specifies the mechanisms and procedures that are used to achieve the security policy. Effectively the CA's operations manual.

48 & Bits Policy Issues Users generally don't examine policies Add CAs to trust list out of expediency Don't know status of CA Any policy changes? Was it compromised?

49 & Bits Cross-Certified PKIs Peer-to-peer trust relationship Between CAs or hierarchical PKI root CAs CAs issue certificates to each other CAs review each other's policies Policy mapping Translates policy information A's class 3 certificate = B's medium certificate

50 & Bits Mesh PKI Architecture Advantages CAs are organizationally independent Have independent policies CA compromise does not effect others Disadvantages Hard to build certification path Multiple possible paths Loops and dead ends CA needs to maintain multiple relationships with other CAs Green CABlue CA Gold CA Red CA MarkPhyllis

51 & Bits Bridge PKI Architecture Bridge is trust arbitrator Only cross-certifies with other CAs Relationships still peer-to-peer Bridge is NOT a root CA Certification path construction is much easier Bridge does all policy management Less work for the CAs Maintains list of revoked CAs (CARL) Green CA Blue CA Gold CA Red CA MarkPhyllis Bridge CA

52 & Bits Conclusion Enabling technology for E-Gov Data Confidentiality Data Integrity Non-repudiation Technology is complicated But not unmanageable Difficulty is in establishing trust 20% technology – 80% policy

53 & Bits Questions Answers:http://www.pki-page.org/ http://www.rsasecurity.com/rsalabs/faq/ http://csrc.nist.gov/pki/ Planning for PKI, Russ Housley and Tim Polk, John Wiley & Sons, Inc. 2001

Download ppt "& Bits Nuts and Bits of PKI Mark L. Silverman, CISSP Center for Information Technology National Institutes of Health CENDI Symposium on PKI and Digital."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Public Key Infrastructure 101 Mark L. Silverman, CISSP DHHS PKI Program Manager December 7, 2005.

Public Key Infrastructure 101 Mark L. Silverman, CISSP DHHS PKI Program Manager December 7, 2005.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Cryptographic Technologies

Cryptographic Technologies
1 Digital Signatures CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 12, 2004.

1 Digital Signatures CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 12, 2004.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Similar presentations

Ads by Google