Presentation is loading. Please wait.

Presentation is loading. Please wait.

PKI and Identity-Based Encryption Secure IT Conference 2007 Guido Appenzeller Voltage Security.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "PKI and Identity-Based Encryption Secure IT Conference 2007 Guido Appenzeller Voltage Security."— Presentation transcript:

1 PKI and Identity-Based Encryption Secure IT Conference 2007 Guido Appenzeller Voltage Security

2 Secure IT Conference 2007 2 Identity-Based Encryption (IBE) IBE is a new public key encryption algorithm  A number of widely-used encryption algorithms are already available (AES, RSA, ECC etc.)  Why on earth should we care about a new one? 1. IBE results in vastly simplified key management 2. As a result, IBE based solutions have a much lower total cost of ownership and much higher usability 3. It has gained widespread adoption in Industry and has opened up the use of encryption to new use cases

3 Identity-Based Encryption

4 Secure IT Conference 2007 4 Identity-Based Encryption Basic Idea: Public-key Encryption where Identities are Public Keys  IBE Public Key: alice@gmail.com  RSA Public Key: Public exponent=0x10001 Modulus=13506641086599522334960321627880596993888147 560566702752448514385152651060485953383394028715 057190944179820728216447155137368041970396419174 304649658927425623934102086438320211037295872576 235850964311056407350150818751067659462920556368 552947521350085287941637732853390610975054433499 9811150056977236890927563

5 Secure IT Conference 2007 5 IBE does not need certificates  Certificates bind Public Keys to Identities  e.g. bob@b.com has key 0x87F6…  Signed by a Certification Authority  In IBE, Identity and Public Key is the same  No certificate needed  No certificate revocation  No certificate servers  No pre-enrollment X

6 Secure IT Conference 2007 6 Identity-Based Encryption (IBE)  IBE is an old idea  Originally proposed by Adi Shamir, co-inventor of the RSA Algorithm, in 1984  First practical implementation  Boneh-Franklin Algorithm published at Crypto 2001  Based on well-tested building blocks for encryption (elliptic curves and pairings)  IBE is having a major impact already  Over 200 scientific publications on IBE/Pairings  Boneh-Franklin paper cited 450 times so far (Google Scholar)  Dan Boneh awarded 2005 RSA Conference Award for Mathematics for inventing IBE

7 Secure IT Conference 2007 7 How IBE works in practice Alice sends a Message to Bob bob@b.com Key Server alice@a.com bob@b.com key request + authenticate master secret public params

8 Secure IT Conference 2007 8 How IBE works in practice Second Message to Bob bob@b.com Key Server charlie@c.com bob@b.com public params Fully off-line - no connection to server required

9 Secure IT Conference 2007 9 The IBE Key Server  Master Secret is used to generate keys  Each organization has a different secret  Thus different security domains  Server does not need to keep state  No storage associated with server  Easy load balancing, disaster recovery Key Server Master Secret s = Request for Private Key for Identity bob@b.com bob@b.com 1872361923616378

10 Secure IT Conference 2007 10 User authentication Authentication needs differs by Application  More sensitive data, requires stronger authentication  Even for one organization, very different needs for different groups of users Key Server Auth. Service External authentication  Leverage existing passwords, directories, portals, etc.  One size doesn’t fit all

11 Secure IT Conference 2007 11 OMB-04-04 Level: Level 1 Level 2 Level 4 Level 3 No Authentication Email answerback (VeriSign Class 1) Email answerback w/ passwords Directory with pre-enrollment Windows domain controller or SSO RSA SecurID PKI Smart Card, USB Token Three factor auth (Bio+PKI+PIN) Pre-enrollment Self-provisioning OOB password with call center reset The Authentication Gradient

12 Secure IT Conference 2007 12 Key Revocation, Expiration and Policy  What happens if I lose my private key?  Key validity enables revocation – “key freshness”  Every week public key changes, so every week a new private key is issued  revocation can be done on weekly basis  To revoke someone, simply remove him from the authentication mechanism (e.g. corporate directory) bob@b.com e-mail address key validity || week = 252

13 Secure IT Conference 2007 13 IEEE 1363.3 – Pairing Based IBE Standard  IEEE 1363 Standards Group  Wrote standard on RSA and Elliptic Curve Cryptography  Now taking steps to standardize IBE  IEEE 1363.3  “Identity-Based Cryptographic methods using Pairings”  Main focus is on IBE, but also related methods (e.g. ID based signatures)  Strong support from Government and Industry  Meetings attended by representatives from NIST, NSA, HP, Microsoft, Gemplus, Motorola and others

14 Secure IT Conference 2007 14 IETF – IBE based Secure Email Standard  Internet Engineering Task Force  Sets standards for the Internet  TCP/IP, IPSec, HTTP, TLS, DNS etc.  Effort through the S/MIME Group  S/MIME today implemented in all major email clients  IBE as an additional key transport for S/MIME  Standard includes IBE Key Request Protocol, IBE Parameter Lookup Protocol and selected IBE Algorithms  Final RFC expected in 2007

15 Secure IT Conference 2007 15 Standard Textbooks incorporating Identity-Based Encryption Elliptic Curves by Lawrence C. Washington Handbook of Elliptic and Hyperelliptic Curve Cryptography by Henri Cohen, Gerhard Frey Elliptic Curves in Cryptography Edited by Ian Blake, Gadiel Seroussi and Nigel Smart Cryptography: Theory and Practice (3 rd Ed.) by Douglas R. Stinson

16 Secure IT Conference 2007 16 Awards for IBE Products  IAPP Privacy Innovation Technology Award - 2006  AlwaysOn Top 100 Companies - July 2005  Red Herring 100 Top Private Companies 2005  Gartner Group – Cool Security Vendor 2005  eWeek Finalist 2005 – Email Management and Security  RSA 2005 Prize for Mathematics – Dr. Dan Boneh  SC Magazine Finalist 2005 – Best Email Security Solution and Best Encryption Solution  AlwaysOn “Top new innovator company” – July 2004  InfoWorld Innovators Award - May 2004 Bank  Network World “Tops in Innovation” - February, 2004  Technology News “Top Ten Technology Companies” - August, 2003 RSA Mathematics Prize 2005

17 Key Management

18 Secure IT Conference 2007 18 Encryption today is a solved problem Example: Encrypting an email message Alice Bob Encryption Key Decryption Key How do we make sure Alice and Bob have the right keys?

19 Secure IT Conference 2007 19 What is hard about managing keys?  Enrollment  Key creation, duplicate keys  Distribution  Lookup, Storage and Access  Finding the encryption key of a recipient  Recovery of decryption keys Virus scanning, spam filtering Archiving emails for compliance  Synchronizing distributed key stores  Key life cycle  Revoking keys, expiring keys  Backup of keys, disaster recovery

20 Secure IT Conference 2007 20 Key Management for Symmetric Keys Example: Organization with 8 people Key Store 28 keys 4325671123456712345678.. 88 How many keys total for 8 people? Key Server

21 Secure IT Conference 2007 21 Key Management with Symmetric Keys  One key per pair of users  Network of 8 parties requires managing 28 keys  Network of 1000 users requires 500,000 keys  Network of N parties requires N(N+1)/2 keys  Alternative: One key per email  Network of 1000 users  Assume 50 emails per user per day  18,250,000 keys per year  Key management with symmetric keys doesn’t scale!

22 Secure IT Conference 2007 22 Public Key Infrastructure (PKI)  Public Key Encryption  Users have a Public Key and a Private Key  Only need one key per party, total of N keys for N parties  Keys are bound to users with Certificates  Examples: RSA, Elliptic Curve etc.  Managing PKI has issues of its own  How do I create certificates for everyone?  How do I revoke a certificate?  How do I find the certificate of a recipient?  How do I manage certificate distribution  What do I do if private keys are lost  …

23 Secure IT Conference 2007 23 Key Management - Public Key Infrastructure Certificate Server binds Identity to Public Key bob@b.comalice@a.com Send Public Key, Authenticate Receive Certificate CA Signing Key Certification Authority CA Public Key Certificate Server Store Certificate Look up Bob’s Certificate, Check revocation CA Public Key Bob’s Private Key Bob’s Public Key Recovery Server Store Bob’s Private Key

24 Secure IT Conference 2007 24 Key Management - IBE Binding is done by mathematics bob@b.com IBE Key Server alice@a.com Master Secret Send Identity, Authenticate Receive Private Key Public Parameters Bob’s Private Key Certificate Server Store Certificate Look up Bob’s Certificate, Check revocation X Recovery Server Store Bob’s Private Key X

25 Deploying IBE Systems Example: Email Security

26 Secure IT Conference 2007 26 Secure Email – Deployment Options Today It’s not just Alice and Bob Virus Audit Archive Internet Normal Client Gateway Client with plug-in Blackberry BES Server System Generated Email Web Mail (via ZDM) Mobile Devices Client (via ZDM) Client (via plug-in) Client with plug-in IntranetDMZInternetRecipient’s Network

27 Secure IT Conference 2007 27 Email Gateways Internal NetworkINTERNET User receives decrypted email 3 Encrypted email arrives 1 Gateway decrypts email 2 Key Server IBE Gateway

28 Secure IT Conference 2007 28 Inspecting Secured Data IBE allows content inspection for end-to-end encrypted data DMZLANINTERNET IBE Server Exchange, Domino, etc. User receives encrypted email 3 GW Virus Audit Archive Email is scanned 2 Encrypted email arrives 1 GW

29 Secure IT Conference 2007 29  IBE Key Servers are “stateless”  No certificates to store  No private keys to store  No revocation lists  Easy to load-balance  Just put two of them next to each other  Easy backup and disaster recovery  Only master secret and policy needs to be backed up  Size: < 100 kByte, fits on floppy disk  Master secret is long lived, only need to back up once  Same for 100 or 100,000 users IBE Systems are extremely Scalable

30 Secure IT Conference 2007 30  IBE Systems have a substantially lower TCO  Case Study: For email encryption, IBE costs 30% of PKI  Less infrastructure needed, less additional FTE to manage solution  Fewer components to be concerned with Disaster Recovery  Easier user experience – less training and help desk support [Source: Ferris Research Case Study on Voltage SecureMail] Total Cost of Ownership

31 Secure IT Conference 2007 31 Summary  IBE is a major breakthrough in Key Management  Much lower total cost of ownership than PKI  Better usability and deployment characteristics  Highly Scalable  Where to learn more  IEEE 1363.3, IETF S/Mime Standards  www.voltage.com

Download ppt "PKI and Identity-Based Encryption Secure IT Conference 2007 Guido Appenzeller Voltage Security."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
PAR for P1363.3 Title: Standard for Pairing based Cryptographic Techniques June 4, 2005 PAR for IEEE P1363.3.

PAR for P Title: Standard for Pairing based Cryptographic Techniques June 4, 2005 PAR for IEEE P
` Key Management The Connection Between Policy and Encryption Terence Spies CTO Voltage Security.

` Key Management The Connection Between Policy and Encryption Terence Spies CTO Voltage Security.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
CP3397 ECommerce.

CP3397 ECommerce.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?

COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
RIKE Using Revocable Identities to Support Key Escrow in PKIs Nan Zhang, Jingqiang Lin, Jiwu Jing, Neng Gao State Key Laboratory of Information Security,

RIKE Using Revocable Identities to Support Key Escrow in PKIs Nan Zhang, Jingqiang Lin, Jiwu Jing, Neng Gao State Key Laboratory of Information Security,
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

Similar presentations

Ads by Google