Presentation is loading. Please wait.

Presentation is loading. Please wait.

SEC390 A-to-Z of Public Key Infrastructure (PKI) Rafal Lukawiecki Strategic Consultant Project.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "SEC390 A-to-Z of Public Key Infrastructure (PKI) Rafal Lukawiecki Strategic Consultant Project."— Presentation transcript:

1 SEC390 A-to-Z of Public Key Infrastructure (PKI) Rafal Lukawiecki rafal@projectbotticelli.co.uk www.projectbotticelli.co.uk Strategic Consultant Project Botticelli Ltd

2 2 Objectives Explain the basics of PKI without concentrating on any particular product Introduce commonly used terminology Point out those aspects of PKI that require careful planning and implementation Outline some social issues associated with PKI

3 3 Agenda A Briefest Summary of Cryptography (upgrades you to from 220 to level 280) 8% subset of SEC290 Fundamentals of PKI (level 300 – you need to understand cryptography) Recommendations on PKI Deployment (level 300) Warning: this is another fast and furious A-to-Z type of a session. Attend at your own risk.

4 4 PKI “Public Key Infrastructure provides the components and services that enable practical deployment and operation of a system that uses certificates.” A. Nash, “PKI”, RSA Press PKI is a group of solutions for key distribution problems and other issues: Key generation Certificate generation, revocation, validation Managing trust I consider Web-of-Trust systems (e.g. PGP) as a perfectly alternative and compatible implementation of PKI

5 5 A Summary of Cryptography (6 Slides Only)

6 6 What is Really Secure? Look for systems From well-know parties With published (not secret!) algorithms That generate a lot of interest That have been hacked for a few years That have been analysed mathematically Absolutely do not “improve” algorithms yourself Employ someone to attempt a break-in

7 7 What Does Cryptography Solve? Confidentiality ◄ Your data/service provides no useful information to unauthorised people Integrity ◄ If anyone tampers with your asset it will be immediately evident Authenticity ◄ We can verify that asset is attributable to its authors or caretakers Non-repudiation ◄ The author or owner or caretaker of asset cannot deny that they are associated with it Identity ◄ We can verify who is the specific individual entity associated with your asset

8 8 Symmetric Key Cryptography Encryption “The quick brown fox jumps over the lazy dog” “AxCv;5bmEseTfid3) fGsmWe#4^,sdgfMwi r3:dkJeTsY8R\s@!q3 %” “The quick brown fox jumps over the lazy dog” Decryption Plain-text input Plain-text output Cipher-text Same key (shared secret)

9 9 Public Key Encryption Encryption “The quick brown fox jumps over the lazy dog” “Py75c%bn&*)9|fDe^ bDFaq#xzjFr@g5=&n mdFg$5knvMd’rkveg Ms” “The quick brown fox jumps over the lazy dog” Decryption Clear-text Input Clear-text Output Cipher-text Different keys Recipient’s public key Recipient’s private key private public

10 10 Hybrid Encryption (Real World) As above, repeated for other recipients or recovery agents Digital Envelope Other recipient’s or agent’s public key (in certificate) in recovery policy Launch key for nuclear missile“RedHeat”is... Symmetric key encrypted asymmetrically (e.g., RSA) Digital Envelope User’s public key (in certificate) RNG Randomly- Generated symmetric “session” key Symmetric encryption (e.g. DES) *#$fjda^ju539!3t t389E *&\@ 5e%32\^kd

11 11*#$fjda^ju539!3t t389E *&\@ 5e%32\^kd Launch key for nuclear missile“RedHeat”is... Launch key for nuclear missile“RedHeat”is... Symmetric decryption (e.g. DES) Digital Envelope Asymmetric decryption of “session” key (e.g. RSA) Symmetric “session” key Session key must be decrypted using the recipient’s private key Digital envelope contains “session” key encrypted using recipient’s public key Recipient’s private key Hybrid Decryption

12 12 Fundamentals of PKI

13 13 Is PKI relevant? Who uses all of that stuff? Web’s HTTP and other protocols (SSL) VPN (PPTP, IPSec, L2TP…) Email (S/MIME, PGP, Exchange KMS) Files (W2K EFS, PGP and many others) Web Services (WS-Security) Good ID Smartcards (Certificates and Challenge/Response) Executables (.NET Assemblies, Drivers, Authenticode) Copyright protection (DRM) …

14 14 Public Key Distribution Problem We just solved the problem of symmetric key distribution by using public/private keys But… Scott creates a keypair (private/public) and quickly tells the world that the public key he published belongs to Bill People send confidential stuff to Bill Bill does not have the private key to read them… Scott reads Bill’s messages 

15 15 Eureka! We need PKI to solve that problem And a few others…

16 16 How to Verify a Public Key? Two approaches: 1. Before you use Bill’s public key, call him or meet him and check that you have the right one Fingerprint or hash of the key can be checked on the phone 2. Get someone you already trust to certify that the key really belongs to Bill By checking for a trusted digital signature on the key But there has to be one… And you have to have friends to trust in first place…

17 17 Trust Models Web-of-Trust (PGP) Peer-to-peer model Individuals digitally sign each other keys You would implicitly trust keys signed by some of your friends Trusted Authority + Path of Trust (CAs) Everyone trusts the root Certificate Authority (Verisign, Thawte, BT etc.) CA digitally signs keys of anyone having checked their credentials by traditional methods CA may even nominate others to be CAs – and you would trust them automatically, too

18 18 Trust Models Issues and Future Web-of-trust is more, erh, trustworthy But it is time-consuming, requires lots of work and general public doesn’t understand it CAs tend to be a little bit like a big brother as we all have to trust them implicitly But it is a simpler model, easier to deploy and manage Combination strategy? Let’s trust a CA that verifies keys by traditional strong methods and peer-to-peer recommendations

19 19 Creating a Digital Signature Hash Function (SHA, MD5) Jrf843kjfgf* £$&Hdif*7o Usd*&@:<C HDFHSD(** Py75c%bn&*)9|fDe^b DFaq#xzjFr@g5=&n mdFg$5knvMd’rkveg Ms” This is a really long message about Bill’s… Asymmetric Encryption Message or File Digital Signature 128 bits Message Digest Calculate a short message digest from even a long input using a one-way message digest function (hash) Signatory’s private key private

20 20 Verifying a Digital Signature Jrf843kjf gf*£$&Hd if*7oUsd *&@:<CHD FHSD(** Py75c%bn&*) 9|fDe^bDFaq #xzjFr@g5= &nmdFg$5kn vMd’rkvegMs” Asymmetric decryption (e.g. RSA) Everyone has access to trusted public key of the signatory Signatory’s public key Digital Signature This is a really long message about Bill’s… Same hash function (e.g. MD5, SHA…) Original Message Py75c%bn&*) 9|fDe^bDFaq #xzjFr@g5= &nmdFg$5kn vMd’rkvegMs” ? == ? Are They Same?

21 21 Hash (Digest) Functions MD5 and SHA Just a hash value of between 128 bits (MD5) and 512 bits of key (SHA512) Great support in.NET Framework and in CryptoAPI of Windows Just don’t ever use any function with 64bits result

22 22 Message Authentication Codes “MACs” – Combination of a hash function and a symmetric encryption Integrity, authenticity but not non-repudiation Must share the key! HMAC Digest + shared-secret encryption for up to 160 bit results MACTripleDES Encryption using 8, 16 or 24 bytes of TripleDES key on top of a hash 64 bit result (ouch!) Both of the above implemented in.NET Fx

23 23 Certificates The simplest certificate just contains: Information about the entity that is being certified to own a public key That public key And all of this is Digitally signed by someone trusted (like your friend or a CA)

24 24 X.509 Certificate Certificate Authority Digital Signature of All Components Together: Serial Number Issuer X.500 Distinguished Name Validity Period Subject X.500 Distinguished Name Subject Public Key Information Key/Certificate Usage Extensions OU=Project Botticelli… The Key or Info About It

25 25 Authentication with Certificates 1. Melinda gets Bill’s certificate 2. She verifies its digital signature She can trust that the public key really belongs to Bill But is it Bill standing if front of her, or is that Scott? 3. Melinda challenges Bill to encrypt for her a phrase etc. she just made up (“I really need more shoes”) 4. Bill has, of course, the private key that matches the certificate, so he responds (“*&$^%£$&£fhsdf*&EHFDhd62^&£”) 5. Melinda decrypts this with the public key she has in the certificate (which she trusts) and if it matches the phrase she challenged Bill with then it must really be Bill himself! By the way, that’s the basic concept of how SSL works

26 26 What’s in the Store? Certificates are “safe” No need to protect them too much, as they are digitally signed Store anywhere, a file or a “dumb” memory-only smartcard Private keys that match the public key are extremely vulnerable (key assets) You must protect them well Store in “Protected Storage” on your OS or a “smart” smartcard that will have crypto functionality on board

27 27 Certification Hierarchy Most organisations do not use just one root key for signing certificates Dangerous, if that one key is compromised Does not scale to large organisations Difficulty in managing responsibility Certificate Hierarchies Start with CA root cert Create more keys (e.g. for BT, Microsoft etc.), sign with root key, mark as subordinate CAs Create more levels in your organisation (for departments etc.) Validating a cert possibly involves validating a path of trust

28 28 Certificate Validation Essentially, this is just checking the digital signature But You may have to “walk the path” of all subordinate authorities until you reach the root Unless you explicitly trust a subordinate CA I: PB CA S: Rafal I: Xanadu Root S: PB CA I: Xanadu Root S: Xanadu Root Check DS of OCG CA Check DS of Xanadu “In Xanadu We Trust” (installed root CA certificate)

29 29 Certificate Revocation Keys get compromised, as a fact of life You or your CA issue a certificate revocation certificate Must be signed by CA, of course And you do everything you can to let the world know that you issued it This is not easy Certificate Revocation Lists (CRL) are used They require that the process of cert validation actively checks the CRL and keep it up-to-date There are some scalability issues Many people disable this function That is why short expiration policies are important

30 30 Storing Certificates and Keys Certificates need to be stored so that interested users can obtain them Keys need to be stored for data recovery purposes This weakens the system, but is a necessity This is a function of most certificate servers such as certificate services in Windows 2003 Server Those servers are also responsible for issuing, revoking, signing etc. of certs

31 31 Certificate Interchange Two main routes: Server-based store to the user Protected local store or smartcard to the user Microsoft dedicates significant part of CryptoAPI to this function It works well and you may need to use it for custom apps PKCS #11 is an alternative interface used by Netscape Certs are normally packaged in a PKCS #11 (or #7) standard envelopes All PKCS #s are results of work by RSA Labs related to IETF as part of X.509 PKI group (PKIX)

32 32 Developers: Which API? CAPI (Crypto API, Cryptographic API) is the underlying API provided by the operating system Mature Not too easy to use Good functionality.NET Framework System.Security.Cryptography Newer, but wraps some CAPI functions Extremely easy to use Not all needed functionality is present

33 33.NET Framework API Comprehensive cryptographic library Easy, unified, stream-based architecture System.Security.Cryptography Open & extensible model (for new algorithms) Some implementations just CAPI wrappers, some completely managed by.NET Configuration classes for control Streaming model for block algorithms Supporting CBC (Cipher Block Chaining)

34 34SymmetricAlgorithm TripleDESRijndael TripleDESCryptoServiceProvider(CryptoAPI)RijndaelManaged(C#) RC2 RC2CryptoServiceProvider AbstractAlgorithmClasses Algorithm Implementation Classes (fully implemented) Abstract Base Classes (only one shown) Crypto Object Model (subsection)

35 35 Recommendations on PKI Deployment

36 36 CA Services If you decide against web-of-trust, you need to make an important decision: Use a well known CA Your certs will be universally recognised but you are dependent on the trustworthiness of the CA Establish your own CA No one except your explicitly nominated partners or clients will recognise your certs but you are in full control In addition, you may want to outsource CA services altogether

37 37 Identity Management Process Consider using Windows Server 2003 as it integrates active directory managament of users with PKI provisioning Microsoft is investing heavily in identity management across directory boundaries Between Active Directories Between heterogenous systems

38 38 Social Problem Real-life certificates are well understood What do you trust more: a passport or a driving license? Digital certificates are a long way from public understanding Is Verisign Class 1 better or worse than Class 5? What about BT Class 2 versus Thawte Class 3? Easier if you just deploy internal PKI Use real-life names, like “passport”, “company id” etc. if possible

39 39 Common Strength Recommendations (Jun 2003) MinimumRecommended Symmetric Key 96 bits (avoid DES as it can do only 56, instead use AES-Rijndael or RC5) 256 bits (Rijndael, RC5 128bits, not DES) Asymmetric Key 1024 (RSA)4096 (RSA) ECC Key 192 bits256 bits Hash: SHA/MD5 128 bits (absolutely not 64 bits) 256 bits or more Common Cert Classes Class 2Class 3 at least

40 40 Word About Smartcards Most smartcards are “dumb”, i.e. they are only a memory chip This is OK for a certificate store, but not recommended for storing a private key used in a challenge test (verifying identity) Anyway, they are still better than leaving keys on a floppy disk Cryptographically-enabled smartcards are more expensive but they give much more security Private key is secure and used as needed Additional protection (password, biometrics) is possible Hardware implements some algorithms Self-destruct is possible

41 41 Certificate Revocations It is a good idea to prepare one in advance if possible! Keep it really safe Particularly important in web-of-trust systems in case you lose access to your private key Please, please enable checking and updating of CRL (revocation list) on all of your systems Apply numerous security patches – this was a particularly “patchy” area recently

42 42 Summary Asymmetric encryption solved the extremely difficult problem of key symmetric key exchange It created a smaller, easier to solve problem of asymmetric key management… Which is solved with PKI Bringing additional benefits, such as trust and identity management

43 43 Resources and Reading Visit www.microsoft.com/securitywww.microsoft.com/security Review session slides on crypto & security For more detail, read: PKI, A. Nash et al., RSA Press, ISBN 0-07-213123-3 Applied Cryptography, B. Schneier, John Wiley & Sons, ISBN 0-471-12845-7 Foundations of Cryptography, O. Goldereich, www.eccc.uni-trier.de/eccc-local/ ECCC-Books/oded_book_readme.html www.eccc.uni-trier.de/eccc-local/ ECCC-Books/oded_book_readme.html Handbook of Applied Cryptography, A.J. Menezes, CRC Press, ISBN 0-8493-8523-7 Cryptography in C and C++, M. Welschenbach, Apress, ISBN 1-893115-95-X (includes code samples CD)

44 44 Community Resources http://www.microsoft.com/communities/default.mspx Most Valuable Professional (MVP) http://www.mvp.support.microsoft.com/ Newsgroups Converse online with Microsoft Newsgroups, including Worldwide http://www.microsoft.com/communities/newsgroups/default.mspx User Groups Meet and learn with your peers http://www.microsoft.com/communities/usergroups/default.mspx

45 45 evaluations… evaluations… Please don’t forget to complete your online Evaluation Form

46 46 © 2003 Microsoft Corporation & Project Botticelli Ltd. All rights reserved. This presentation is for informational purposes only. MICROSOFT AND PROJECT BOTTICELLI MAKE NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Download ppt "SEC390 A-to-Z of Public Key Infrastructure (PKI) Rafal Lukawiecki Strategic Consultant Project."

Similar presentations

Public Key Infrastructure – tell me in plain English AND THEN deep technical how PKI works Steve Lamb stephlam@microsoft.com http://blogs.technet.com/steve_lamb.

Public Key Infrastructure – tell me in plain English AND THEN deep technical how PKI works Steve Lamb
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
An introduction to PKI and few deployment hints

An introduction to PKI and few deployment hints
A-to-Z of Public Key Infrastructure (PKI)

A-to-Z of Public Key Infrastructure (PKI)
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.
Mostly borrowed & updated from Steve Lamb in Microsoft Land….

Mostly borrowed & updated from Steve Lamb in Microsoft Land….
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
An understanding of PKI and some deployment hints BY Charles Anakweze CIS532 PKI = Public Key Infrastructure.

An understanding of PKI and some deployment hints BY Charles Anakweze CIS532 PKI = Public Key Infrastructure.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Cryptographic Technologies

Cryptographic Technologies

Similar presentations

Ads by Google