1 / 117

Public Key Infrastructures

Public Key Infrastructures. Andreas Hülsing. Key Exchange Problem. Internet:  2,405,518,376 users 2,892,056,568,246,079,500 keys ≈2,9* 10 18 keys. n*(n-1)/2 keys = O(n 2 ). [From: http://www.internetworldstats.com/stats.htm , June 30, 2012]. Solution 1: Key Server. Key-Server.

upchurch
Download Presentation

Public Key Infrastructures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Public Key Infrastructures Andreas Hülsing

  2. Key Exchange Problem • Internet:  2,405,518,376 users • 2,892,056,568,246,079,500 keys • ≈2,9* 1018 keys n*(n-1)/2 keys = O(n2) [From: http://www.internetworldstats.com/stats.htm , June 30, 2012]

  3. Solution 1: Key Server Key-Server The key-server knows all secret keys!

  4. Authentication Center • The authentication center (AC) in mobile communications knows all the keys. It stores them in a database. • [From “IT-Sicherheit”, page 785, 800]

  5. Solution 2: Use Public Key Crypto Public-Key-Server The server does not know any private information!

  6. Asymmetric encryption problems Public-Key-Server • Performance • Key availability • Key ownership • Key validity

  7. Hybrid encryption symmetric session key Sdkfjölakjsödasjdföljasöldjföasjölakj plaintext encrypt decrypt encrypt decrypt Bob’s public Bob’s private plaintext

  8. Digital signature problems Public-Key-Server • Key availability • Key ownership • Key validity

  9. Lifetime of Hash Functions Source: http://valerieaurora.org/hash.html

  10. RSA - published in 1978 …using 200 digits provides a margin of safety against future developments…

  11. RSA Factoring Challenge Challenge is no longeractive, originalwebpageunavailable butyou can seeresults https://en.wikipedia.org/wiki/RSA_Factoring_Challenge

  12. ECC challenges [From www.certicom.com/images/pdfs/challenge-2009.pdf]

  13. Moore’s Law

  14. Improved Cryptanalysis 2013

  15. Another Problem

  16. Post-Quantum Crypto Hash-based signatures Lattice-based cryptography Coding-based cryptography Multivariate cryptography

  17. Public Key Infrastructures … a public key infrastructure (PKI) is designed to facilitate the use of public key cryptography. Source: Housley, R. and Polk, T.: Planning for PKI; Wiley 2001

  18. Tasks of a PKI Assure that the public key is available Assure that the public key is authentic Assure that the public key is valid Enforce security and interoperability

  19. Authenticate Public Keys Bind public key to electronic identity Seal the binding Answer for the binding Public key certificates

  20. Public Key Certificate Public key certificates are data structures that bind public key values to subjects. The binding is asserted by having a trusted CA digitally sign each certificate … [From RFC 5280]

  21. Public Key Certificate

  22. Public Key Certificate Digital Signature Subject (Name) Public-key Binding eID  public key protection of authenticity

  23. Certificate Properties Protected binding of a key to the key holder Its authenticity is independent of the means of transportation It can be used online and offline It is a proof of the binding It can be used for key servers

  24. Certificate Standards • X.509 • X.509 (ITU-T) • PKIX (RFC 5280) • Pretty Good Privacy (PGP) • OpenPGP (RFC 4880) • GNU Privacy Guard (GnuPG or GPG) • WAP certificates • Like X.509 certificates but smaller • Card Verifiable Certificates (CVC) • Even smaller than WAP certificates • Simple PKI / Simple Distributed Security Infrastructure • SPKI, pronounced spoo-key • SDSI, pronounced sudsy

  25. Validity of Public Keys • Monitor binding public key  electronic identity  key owner • Establish time constraints • Provide means to revoke binding Certificate revocation

  26. Certificate Revocation • Abortive ending of the binding between • subject and key (public key certificate) OR • subject and attributes (attribute certificate) • The revocation is initiated by • the subject OR • the issuer • Typical frequency (assumption): • 10% of the issued certificates will be revoked (See: “Selecting Revocation Solutions for PKI” by Årnes, Just, Knapskog, Lloyd and Meijer)

  27. Certificate Revocation List

  28. Publish Public Key Information • Directories • (L)DAP • Active Directory • Web pages • HTTP • File transfer • FTP • Services • OCSP • SCVP

  29. LDAP

  30. Security of Key Pairs • Select suitable algorithms and key sizes • Monitor possible security threads and react adequately • Provide suitable means to generate key pairs • Provide suitable formats and media to store private keys • Provide suitable means of delivering private keys Personal security environments

  31. PSE: Smartcard

  32. Interoperability • Comply to accepted (international) standards • Certificates / revocations • X.509, PGP, SPKI/SDSI, … • Directory services • (L)DAP, Active Directory, … • Cryptographic algorithms / protocols / formats • PKCS, RFC, … • Constraints on content and processing • PKIX, ISIS-MTT, …

  33. Policy Enforcement • Certificate policy (CP) • States what to comply to • Certificate practice statement (CPS) • States how to comply • Policies are enforced by the PKI through: • Selecting standards, parameters, hardware, … • Monitor behavior of involved parties • Reacting on infringement of the policy

  34. Trust Models

  35. Trust The perhaps most important part of a PKI is to establish trust in the binding between an entity and a certificate

  36. Direct Trust User receives public key directly from owner OR User verifies public key directly with owner

  37. Most Common: Fingerprint comparison Fingerprint = hash value of the certificate (incl. Signature) (e.g. SHA1)

  38. Face-to-Face Verification

  39. Phone Verification

  40. Web Page Verification http://www.cacert.org/index.php?id=3

  41. Printed Media Verification BNetzA publishes the public key

  42. …and more e.g. public keys on software CD/DVD ~# gpg --list-public-keys /root/.gnupg/pubring.gpg ------------------------ pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de> sub 2048g/8495160C 2000-10-19 [expires: 2006-02-12]

  43. Summary: Direct Trust • Establishes • Which keys are authentic • Why they are considered authentic • Bad scalability • n * (n-1) = O(n2) verifications • Worse complexity than secret key exchange! • Basis for all other trust models • To be seen

  44. PGP (Pretty Good Privacy)

  45. Web of Trust [From PGP-Pretty Good Privacy by Simon Garfinkel]

  46. Web of Trust A web of trust is a conceptused in PGP, GnuPG, and otherOpenPGP-compatible systems to establish the authenticity of the binding between a public key and a user. Its decentralized trust modelis an alternative to the centralized trust model of a public key infrastructure (PKI), which relies exclusively on a certificate authority (or a hierarchy of such). Source: http://en.wikipedia.org/wiki/Web_of_trust

  47. Key Validity Carl Alice Bob Dorian Alice computes key validity using Bob’s signatures

  48. Chaining Key Validity Dorian Alice Bob Carl Eve Alice computes key validity using Bob’s and Carl’s signatures

  49. Public Keyring

  50. Public Keyring • Alice’s public keyring

More Related