Presentation is loading. Please wait.

Presentation is loading. Please wait.

Slide 1 Many slides from Vitaly Shmatikov, UT Austin Public-Key Infrastructure CNS F2006.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Slide 1 Many slides from Vitaly Shmatikov, UT Austin Public-Key Infrastructure CNS F2006."— Presentation transcript:

1 slide 1 Many slides from Vitaly Shmatikov, UT Austin Public-Key Infrastructure CNS F2006

2 slide 2 Authenticity of Public Keys ? Problem: How does Alice know that the public key she received is really Bob’s public key? private key Alice Bob public key Bob’s key

3 slide 3 Distribution of Public Keys uPublic announcement or public directory Risks: forgery and tampering uPublic-key certificate Signed statement specifying the key and identity –sig Alice (“Bob”, PK B ) uCommon approach: certificate authority (CA) Single agency responsible for certifying public keys After generating a private/public key pair, user proves his identity and knowledge of the private key to obtain CA’s certificate for the public key (offline) Every computer is pre-configured with CA’s public key

4 slide 4 Obtaining a User’s Certificate uCharacteristics of certificates generated by CA: Any user with access to the public key of the CA can verify the user public key that was certified. No part other than the CA can modify the certificate without this being detected.

5 slide 5 Using Public-Key Certificates Authenticity of public keys is reduced to authenticity of one key (CA’s public key)

6 slide 6 Hierarchical Approach uSingle CA certifying every public key is impractical uInstead, use a trusted root authority For example, Verisign Everybody must know the public key for verifying root authority’s signatures uRoot authority signs certificates for lower-level authorities, lower-level authorities sign certificates for individual networks, and so on Instead of a single certificate, use a certificate chain –sig Verisign (“UT Austin”, PK UT ), sig UT (“Vitaly S.”, PK V ) What happens if root authority is ever compromised?

7 slide 7 Alternative: “Web of Trust” uUsed in PGP (Pretty Good Privacy) uInstead of a single root certificate authority, each person has a set of keys they “trust” If public-key certificate is signed by one of the “trusted” keys, the public key contained in it will be deemed valid uTrust can be transitive Can use certified keys for further certification Alice Friend of Alice Friend of friend Bob sig Alice (“Friend”, Friend’s key) sig Friend (“FoaF”, FoaF’s key) I trust Alice

8 slide 8 X.509 Authentication Service uInternet standard (1988-2000) uSpecifies certificate format X.509 certificates are used in IPSec and SSL/TLS uSpecifies certificate directory service For retrieving other users’ CA-certified public keys uSpecifies a set of authentication protocols For proving identity using public-key signatures uDoes not specify crypto algorithms Can use it with any digital signature scheme and hash function, but hashing is required before signing

9 slide 9 X.509 Certificate Added in X.509 versions 2 and 3 to address usability and security problems

10 slide 10 Certificate Revocation uRevocation is very important uMany valid reasons to revoke a certificate Private key corresponding to the certified public key has been compromised User stopped paying his certification fee to this CA and CA no longer wishes to certify him CA’s certificate has been compromised! uExpiration is a form of revocation, too Many deployed systems don’t bother with revocation Re-issuance of certificates is a big revenue source for certificate authorities

11 slide 11 Certificate Revocation Mechanisms uOnline revocation service When a certificate is presented, recipient goes to a special online service to verify whether it is still valid –Like a merchant dialing up the credit card processor uCertificate revocation list (CRL) CA periodically issues a signed list of revoked certificates –Credit card companies used to issue thick books of canceled credit card numbers Can issue a “delta CRL” containing only updates uQuestion: does revocation protect against forged certificates?

12 slide 12 X.509 Certificate Revocation List Because certificate serial numbers must be unique within each CA, this is enough to identify the certificate

13 slide 13 Online Certificate Status Protocol uRFC 2560 Saves retrieving the complete CRL OCSP responders could be chained to some degree –eg. trusted responder could query other CA’s OCSP

14 slide 14 More Litterature uWikipedia entry on X.509 Contains list of different file formats uRFC 3280 ”Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile” uIETF PKIX charter http://www.ietf.org/html.charters/pkix-charter.html uwww.openvalidation.orgwww.openvalidation.org OCSP validation resources uwww.openca.orgwww.openca.org Open Source CA and OCSP software

Download ppt "Slide 1 Many slides from Vitaly Shmatikov, UT Austin Public-Key Infrastructure CNS F2006."

Similar presentations

Cryptography and Network Security Chapter 14

Cryptography and Network Security Chapter 14
Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)
Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Certificates.

Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Certificates.
Certificates Last Updated: Aug 29, 2013. A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.

Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
1 ISA 562 Information Systems Theory and Practice 10. Digital Certificates.

1 ISA 562 Information Systems Theory and Practice 10. Digital Certificates.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.

An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.

1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Public Key Management Brent Waters. Page 2 Last Time  Saw multiple one-way function candidates for sigs. OWP (AES) Discrete Log Trapdoor Permutation.

Public Key Management Brent Waters. Page 2 Last Time  Saw multiple one-way function candidates for sigs. OWP (AES) Discrete Log Trapdoor Permutation.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.

Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

Similar presentations

Ads by Google