Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Alternative to Short Lived Certificates By Vipul Goyal Department of Computer Science & Engineering Institute of Technology Banaras Hindu University.

Published byMichael York Modified over 11 years ago

Similar presentations

Presentation on theme: "An Alternative to Short Lived Certificates By Vipul Goyal Department of Computer Science & Engineering Institute of Technology Banaras Hindu University."— Presentation transcript:

1 An Alternative to Short Lived Certificates By Vipul Goyal Department of Computer Science & Engineering Institute of Technology Banaras Hindu University

2 Certificates It is not possible for everyone to store everyones public key Thus, everyone stores the public key of a single entity called Certificate Authority (CA) CA issues certificates to everyone. A certificate is a statement signed by the CA and containing 1) Identity of the person 2) Public key of the person 3) Serial number and validity period Certificates thus can be used for verifying the digital signature of a person

3 Certificate Revocation There may be situations when a certificates should be declared invalid Reasons include – compromise of private key, Alice may leave or be fired from the company, Alice may change her identity by changing her last name etc. Especially important in e-commerce and payment systems to avoid fake digital signatures

4 Question How should a verifier know that the signers certificates has been revoked ??? Answer Certificate Revocation Techniques

5 Commonly used- CRLs, CRS, CRT, online techniques Online methods are the most timely and are the only ones offering real time revocation information. Disadvantages are high computational requirements

6 Short Lived Certificates Proposed by Rivest, recommended to be used in SPKI and SDSI issue a certificate for a small time period Simply issue and send a new certificate when the older one expires or when then the older one does not satisfy the recency policy of the acceptor Advantages: All validity evidence supplied by the sender, acceptor is able to set the recency requirements Disadvantages: Large bandwidth and computation required for renewal, requires trusted directories in case of a distributed system

7 Proposed Certificate Renewal Method Sender sends a certificate (optional, if not already cached) as well as a certificate renewal to the verifier Verifier makes sure that the time on the renewal satisfies her recency criteria. If not, it rejects the certificate and notifies the sender. If rejected, sender obtains a new certificate renewal from the CA as follows- Sender queries the certificate renewal authority (CRA) by just sending its certificate serial number CRA checks the revocation status of this serial number. If unrevoked, it creates a digitally signed renewal containing the certificate serial number and the current time stamp. Digital signature is done using the treesign technique discussed later.

8 Proposed Certificate Renewal Method Contd.. Sender sends back the certificate (optional) as well as the new certificate renewal to the verifier Verifier again makes sure that the time on the renewal satisfies her recency criteria. Verifier checks the certificate signature (if not cached) and the renewal signature and accepts the certificate

9 General Advantages of the Proposed Technique Acceptor able to set recency requirements, not possible in CRLs, CRS etc Uniform load distribution, everyone doing his own work Uniform request distribution for CRA server No latency of validation like in CRLs Bandwidth consumption is low as individual proof of validity are there

10 Comparison with Short Lived Certificates Network load is lower since- Certificate renewal is significantly smaller than the complete certificate Certificates can be cached by the verifier Computational load- No change for sender, somewhat lower for the CRA If certificate not cached, then higher for verifier, else somewhat lower Storage requirements for CRA is reduced. No need of storing certificate attributes. This is an also an advantage if data specified on the certificate is sensitive and should be not be moved outside the organization e.g. client infomation

11 Comparison with Short Lived Certificates Security of CA key is increased since it need not be placed online, i.e. the certificate creation and renewal keys may be different. Failure of one system does not imply the failure of other Clean separation between creation and renewal and hence outsourcing is possible

12 Tree Signatures Uses the concept of hash trees also called merkle trees. Can be used to reduce load on the signature servers handling a large number of requests per unit time. But increases the signature sign and introduces a signing delay. The CRA collects a set of certificate renewals to be signed The H(renewals) to be signed are placed on the leaves of a tree Inner nodes of are tree are calculated as the hash of concatenation of its two children Finally we reach the root of the tree

13 Tree Signatures Contd … CRA signs the root using regular signature schemes like RSA The signature on the renewal is now - the signature on the root, and The path regeneration nodes from the renewal leaf to the root. These nodes are the siblings of the path from the leaf to the root. This technique dramatically decreases computation as n number of messages may be signed using a single signature generation and 2n-1 hash function computations

14 Tree Signatures Contd … An idea of computation reduction- A machine which was earlier able to sign 2 renewals per second can now sign 5000 renewals per second by introducing a response time delay of 1 second A machine which was earlier able to sign 20 renewals per second can now sign 50000 renewals per second by introducing a response time delay of 0.1 second Security can be proven with the following assumptions- Hash function is collision resistance Scheme used to sign root is secure

15 you Thank you

Download ppt "An Alternative to Short Lived Certificates By Vipul Goyal Department of Computer Science & Engineering Institute of Technology Banaras Hindu University."

Similar presentations

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Certificates.

Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Certificates.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
Report on Attribute Certificates By Ganesh Godavari.

Report on Attribute Certificates By Ganesh Godavari.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.

Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Public Key Management Brent Waters. Page 2 Last Time  Saw multiple one-way function candidates for sigs. OWP (AES) Discrete Log Trapdoor Permutation.

Public Key Management Brent Waters. Page 2 Last Time  Saw multiple one-way function candidates for sigs. OWP (AES) Discrete Log Trapdoor Permutation.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
1 Digital Signatures CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 12, 2004.

1 Digital Signatures CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 12, 2004.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
1 6 th Workshop on Privacy Enhancing Technologies, June 28-30, 2006 John Solis and Gene Tsudik University of California, Irvine 6th Workshop on Privacy.

1 6 th Workshop on Privacy Enhancing Technologies, June 28-30, 2006 John Solis and Gene Tsudik University of California, Irvine 6th Workshop on Privacy.

Similar presentations

Ads by Google