Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSE 543 Computer Security: Risks of PKI - Josh Schiffman & Archana Viswanath Ten Risks of PKI: What You're not Being Told about Public Key Infrastructure.

Published byCandace Bruce Modified over 8 years ago

Similar presentations

Presentation on theme: "CSE 543 Computer Security: Risks of PKI - Josh Schiffman & Archana Viswanath Ten Risks of PKI: What You're not Being Told about Public Key Infrastructure."— Presentation transcript:

1 CSE 543 Computer Security: Risks of PKI - Josh Schiffman & Archana Viswanath Ten Risks of PKI: What You're not Being Told about Public Key Infrastructure Joshua Schiffman Archana Viswanath

2 CSE 543 Computer Security: Risks of PKI - Josh Schiffman & Archana Viswanath Computer Security ● Security is a business ○ Especially PKI ● PKI needs business to thrive ○ Buy certificates ○ PKI equipment ● Certificates are the commodity ○ How trustworthy are they?

3 CSE 543 Computer Security: Risks of PKI - Josh Schiffman & Archana Viswanath Categories of Risk ● Security is a chain ○ Only as strong as the weakest link ● We identify three main categories for risk ○ Trust in the Certification Authority (CA) ○ Trust in the encryption keys ○ Trust in the users

4 CSE 543 Computer Security: Risks of PKI - Josh Schiffman & Archana Viswanath Certification Authorities ● PKI requires distribution of public keys ○ Dangerous to send in the clear ● CAs provide certificates binding name to key ○ What makes a CA trusted? ○ What guarantee do we have the certificate is real? Alice CA KBKB Really? This is Bob's public key

5 CSE 543 Computer Security: Risks of PKI - Josh Schiffman & Archana Viswanath Content Authorities ● Certificates contain more than just a key ○ Name / ID ○ DNS for SSL ● Who is authorized to provide this content ○ CAs are not authorities ○ Contrary to many other systems ▶ Business name ▶ Licenses ● Does it always matter? ○ Offers no added encryption

6 CSE 543 Computer Security: Risks of PKI - Josh Schiffman & Archana Viswanath Registration Authority ● Registration Authorities (RA) ○ Authority on the contents ○ Establish secure communication with the CA ● What guarantees are in the RA+CA model? ○ CAs can forge certificates ○ More vectors for attack ○ Authorities physically possessing the CA helps ▶ Breaks some business models

7 CSE 543 Computer Security: Risks of PKI - Josh Schiffman & Archana Viswanath Identifying the Applicant ● Does the CA verify applications? ○ Identity checking ○ Are the credentials easy to obtain? ● Is there private key verification? ○ Possessing the public key for the certificate ▶ Does not prove possession of private key Alice CA KAKA Really? This is my public key

8 CSE 543 Computer Security: Risks of PKI - Josh Schiffman & Archana Viswanath Securing the CA ● CAs don't keep secrets ○ All verification is done with public keys ● Use “root certificates" to vouch for the certificate ○ Self-signed ○ Form a chain of trust ▶ Must end at some ultimately trusted party ● Attackers can inject their own root keys ○ Spoof public keys ● Physically protect the CA

Download ppt "CSE 543 Computer Security: Risks of PKI - Josh Schiffman & Archana Viswanath Ten Risks of PKI: What You're not Being Told about Public Key Infrastructure."

Similar presentations

What is. Digital Certificate It is an identity.

What is. Digital Certificate It is an identity.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,

Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
COEN 350 Public Key Infrastructure. PKI Task: Securely distribute public keys. Certificates. Repository for retrieving certificates. Method for revoking.

COEN 350 Public Key Infrastructure. PKI Task: Securely distribute public keys. Certificates. Repository for retrieving certificates. Method for revoking.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Lecture 2: Security Rachana Ananthakrishnan Argonne National Lab.

Lecture 2: Security Rachana Ananthakrishnan Argonne National Lab.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Trust and the Public Key Infrastructure (PKI) Sangyoon Oh Florida State University Computer Security Projects GS5891-01 Spring 2001.

Trust and the Public Key Infrastructure (PKI) Sangyoon Oh Florida State University Computer Security Projects GS Spring 2001.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.

A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Public Key Management Brent Waters. Page 2 Last Time  Saw multiple one-way function candidates for sigs. OWP (AES) Discrete Log Trapdoor Permutation.

Public Key Management Brent Waters. Page 2 Last Time  Saw multiple one-way function candidates for sigs. OWP (AES) Discrete Log Trapdoor Permutation.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

Similar presentations

Ads by Google