Presentation is loading. Please wait.

Presentation is loading. Please wait.

Public Key Management Brent Waters. Page 2 Last Time  Saw multiple one-way function candidates for sigs. OWP (AES) Discrete Log Trapdoor Permutation.

Similar presentations


Presentation on theme: "Public Key Management Brent Waters. Page 2 Last Time  Saw multiple one-way function candidates for sigs. OWP (AES) Discrete Log Trapdoor Permutation."— Presentation transcript:

1 Public Key Management Brent Waters

2 Page 2 Last Time  Saw multiple one-way function candidates for sigs. OWP (AES) Discrete Log Trapdoor Permutation (RSA)  Went over RSA-based signatures in detail

3 Page 3 DSA (Digital Signature Algorithm)  Discrete log based signature scheme Similar to El Gamal Signatures  1991 NIST proposed Became first govt. adopted signature scheme  Short signatures 2 160-bit components  Slow signing and verification Exponentiation  Awkward description Security reduces to funny assumption

4 Page 4 Why DSA standard? RSA  Patent (until 2000)  Longer sigs ~200 bytes  Encryption (Export Controls) DSA  Patent Free  Short Signatures ~40bytes  No encryption

5 Page 5 Public Key Management  How does Alice obtain Bob’s public key  Answer: Certificate Authority signs other keys master-key CA I am bob@stanford.edu bob@stanford.edu Public Key Certificate Encrypted Message

6 Page 6 Certificates  X.509 Standard cert= name, org, address | public key |expiration |... + signature of certificate by C.A. Extensions (Version 3) Sign certs only... Bob obtains certificate offline

7 Page 7 How do we validate Certificate Auth?  Alice must have public key of certificate authority  Publish in N.Y. Times Everyone see, adversary cannot forge all Make sure Jayson Blair not on staff Not realistic  Ships with Browser or Operating System Done in practice

8 Page 8 Trust in CA  C.A. is trusted  If compromised can forge a cert for Bob Attack might be detected  CA key should be strongly guarded BBN SafeKeeper: tempest attacks

9 Page 9 Public Key Generation Algorithm  1) Alice generates pub/priv. key pair sends pub to CA  2) CA verifies Alice knows private key Challenge/response Self-signed certificate  3) CA generates cert and sends to Alice  CA doesn’t know Alice’s key

10 Page 10 Trust models (Symmetric vs Public) KDC A1 SymmetricPublic Key A2A3A4 CA A1A2 Pub/cert

11 Page 11 Trust models (Symmetric vs Public) Symmetric  Online KDC  Knows my key  If compromised past+future gone (forward security helps—guesses?) Public  Offline  Knows only public key Harder to do attack  Only future messages exposed

12 Page 12 Cross Domain Certification CA1CA2 AA Many domains, can’t load them all How does Bob verify if doesn’t even have CA key?

13 Page 13 Hierarchical solution root Stanford cs Amazon Cert chain: Check cert all way to root Hierarchies are pretty flat in practice

14 Page 14 Web of Trust No authority: I trust A who trusts B.... Which model do you like better? ABC

15 Page 15 Certificate Revocation  Revoke Bob’s certificate Private key is stolen Leaves company, doesn’t own ID I. Expiration Date in Cert (1 year) II. CRL Periodically send lists to everyone Long lists, hard to manage III. OSCP (Online Certificate status protocol) Online authority to answer queries Signing key at risk if distribute authorities

16 Page 16 Certificate Revocation Secure VA VA1 VA2 A Is B revoked Proof of Y/N Order revoked certs and build hash tree Secure VA signs root Either show path of revoked or prove by neighbors

17 Page 17 A bit disappointing... , but now have an on-line party again

18 Page 18 Price of Security  How much for 1 year certificate?  $349  40 bit security on some browsers  $995 (Pro Version)

19 Page 19 Certificates in Practice

20 Page 20 Certificates in Practice

21 Page 21 Certificates in Practice

22 Page 22 How many “root” certs on your browser? I Counted 105


Download ppt "Public Key Management Brent Waters. Page 2 Last Time  Saw multiple one-way function candidates for sigs. OWP (AES) Discrete Log Trapdoor Permutation."

Similar presentations


Ads by Google