Download presentation
Presentation is loading. Please wait.
1
Public Key Management Brent Waters
2
Page 2 Last Time Saw multiple one-way function candidates for sigs. OWP (AES) Discrete Log Trapdoor Permutation (RSA) Went over RSA-based signatures in detail
3
Page 3 DSA (Digital Signature Algorithm) Discrete log based signature scheme Similar to El Gamal Signatures 1991 NIST proposed Became first govt. adopted signature scheme Short signatures 2 160-bit components Slow signing and verification Exponentiation Awkward description Security reduces to funny assumption
4
Page 4 Why DSA standard? RSA Patent (until 2000) Longer sigs ~200 bytes Encryption (Export Controls) DSA Patent Free Short Signatures ~40bytes No encryption
5
Page 5 Public Key Management How does Alice obtain Bob’s public key Answer: Certificate Authority signs other keys master-key CA I am bob@stanford.edu bob@stanford.edu Public Key Certificate Encrypted Message
6
Page 6 Certificates X.509 Standard cert= name, org, address | public key |expiration |... + signature of certificate by C.A. Extensions (Version 3) Sign certs only... Bob obtains certificate offline
7
Page 7 How do we validate Certificate Auth? Alice must have public key of certificate authority Publish in N.Y. Times Everyone see, adversary cannot forge all Make sure Jayson Blair not on staff Not realistic Ships with Browser or Operating System Done in practice
8
Page 8 Trust in CA C.A. is trusted If compromised can forge a cert for Bob Attack might be detected CA key should be strongly guarded BBN SafeKeeper: tempest attacks
9
Page 9 Public Key Generation Algorithm 1) Alice generates pub/priv. key pair sends pub to CA 2) CA verifies Alice knows private key Challenge/response Self-signed certificate 3) CA generates cert and sends to Alice CA doesn’t know Alice’s key
10
Page 10 Trust models (Symmetric vs Public) KDC A1 SymmetricPublic Key A2A3A4 CA A1A2 Pub/cert
11
Page 11 Trust models (Symmetric vs Public) Symmetric Online KDC Knows my key If compromised past+future gone (forward security helps—guesses?) Public Offline Knows only public key Harder to do attack Only future messages exposed
12
Page 12 Cross Domain Certification CA1CA2 AA Many domains, can’t load them all How does Bob verify if doesn’t even have CA key?
13
Page 13 Hierarchical solution root Stanford cs Amazon Cert chain: Check cert all way to root Hierarchies are pretty flat in practice
14
Page 14 Web of Trust No authority: I trust A who trusts B.... Which model do you like better? ABC
15
Page 15 Certificate Revocation Revoke Bob’s certificate Private key is stolen Leaves company, doesn’t own ID I. Expiration Date in Cert (1 year) II. CRL Periodically send lists to everyone Long lists, hard to manage III. OSCP (Online Certificate status protocol) Online authority to answer queries Signing key at risk if distribute authorities
16
Page 16 Certificate Revocation Secure VA VA1 VA2 A Is B revoked Proof of Y/N Order revoked certs and build hash tree Secure VA signs root Either show path of revoked or prove by neighbors
17
Page 17 A bit disappointing... , but now have an on-line party again
18
Page 18 Price of Security How much for 1 year certificate? $349 40 bit security on some browsers $995 (Pro Version)
19
Page 19 Certificates in Practice
20
Page 20 Certificates in Practice
21
Page 21 Certificates in Practice
22
Page 22 How many “root” certs on your browser? I Counted 105
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.