1 / 23

SPKI analysis in strand space

This thesis explores the use of Simple Public Key Infrastructure (SPKI) and its effectiveness in securing systems. It examines the limitations of current PKI systems and proposes the use of Strand Space analysis for improved security properties. The analysis includes a case study of Transport Layer Security (TLS) and explores the concept of respect and disjoint encryption.

fnathan
Download Presentation

SPKI analysis in strand space

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. SPKI analysis in strand space Alex Vidergar, 1Lt, USAFAir Force Institute of Technology Graduate School of Computer Science & Engineering Thesis Advisor: Robert Graham, Maj, USAF

  2. Overview • SPKI • what it is and why we use it • Strand Space • How this tool was used effectively • Example Analysis • Transport Layer Security (TLS) • Conclusions about new security properties • Authorizations

  3. Simple Public Key Infrastructure • Championed by Ron Rivest (RSA) and Carl Ellison (Intel) • Simple Distributed Security Infrastructure (SDSI) and SPKI merged in the 90s • Developed to overcome shortcoming in the currently deployed PKI (X.509) • Two types of certificates Name & Authorization

  4. X.509 Shortcomings • Unrealistic Goals • Global reach of the x.500 directory • Single global standard • Unique names in one namespace • Privacy • Participation in the network may unwillingly revealing details about organization • Lack of Flexibility • Updated information impossible • Multiple keys unsupported

  5. SPKI Solutions • Egalitarian Design • Every Principal acts as Certificate Authority (CA) • Local Names • Humans tend to relate well to things they name themselves • Local name space • Allows unique names to be applied as understood by the principals that will be using them • Fully qualified names act globally • Alice’s Bob’s Charlie ≠ Allison’s Bob’s Charlie

  6. SPKI Solutions • Delegation of Authority • Delegation bit • University Example • University Enrollment • Course Enrollment • Department • School - student

  7. SPKI: Authorization Tags • Customized to applications • Once again not standardized • Flexibility • Security through obscurity? • What is access of 10 mean? • More importantly, meaningful to the issuers of access to a resource

  8. SPKI: Flexibility or Meager Design? • Constant theme of Flexibility • Very Vague Specification • Highly customizable • Requires diligence in implementation • Easily integrated into a system • Potential security issues may arise Solution: Strand space analysis

  9. Strand Space • Existing Strand Space Model • Public Key Protocol • Diffie-Hellman • Injective hash function • Signatures in addition to encryptions • Mixed Strand Space • Disparate protocols operating in the same space • Respect • Disjoint Encryption

  10. Strand Space : Merge • Mixed PKI Strand Space • Amalgamation of needed features of previous strand space models • Ideal environment for testing SPKI protocols being integrated into other systems

  11. TLS : Analysis • Ideal analysis protocol: Transport Layer Security • Arguably the most widely used Internet protocol for secure transactions • Intrinsic use of certificates • Uses x.509 • Layered protocol execution • TLS > DH > Resume

  12. TLS : modifications • TLS uses x.509 certificates • Mayweh implements SSL with SPKI • Substitute x.509 for SPKI name certs • Functionally identical • Limited Network security • Assumed operating in secure environment

  13. TLS : the sweet Onion • TLS is a layer of protocols • TLS itself is a shell • Arranges for other protocols to run • Does not provide security • Security provided by sub protocols • Diffie-Hellman • RSA

  14. TLS : Primary Protocols Server Authentication Protocol • Client unauthenticated

  15. TLS : Primary Protocols Server & Client Authentication Protocol • Both principals authenticated

  16. Mixed Strand Space : Resume Resume Protocol • Inherently uninteresting • Provides only a recount of a previously executed session • Relies on message digest for coordination and agreement

  17. Mixed Strand Space : Certificate Chain Discovery • Certificate Chain Discovery Protocol • Designed from the ground up with TLS in mind • establish authentication of CA • validation of certificate • maintain security of primary protocol

  18. Mixed Strand Space : Certificate Chain Discovery • Possible to assume disjoint set of keys • therefore disjoint encryption is trivial • Message formats designed disjointly • once again simple proof of respect if designed properly

  19. Analysis • Respect • Concept born in paper Mixed Strand Spaces • Supplemented • Method for defining respect • Characterize test components • Identify sets of messages • Applied to Diffie-Hellman • Protocol design based on Respect • SPKI Certificate Chain Discovery • Disjoint Encryption • Respect of primary protocol’s test components • Necessary to Prove for each protocol as primary?

  20. Analysis Disjoint Encryption • Protocol Independence through Disjoint Encryption • Better Refined concept of respect → Independence • Disjoint set of test components • Previous notion of Respect • covers naïve case of disjoint sets • Allows more complex secondary protocols to be designed • In the CCD Protocol Design Case • CCD design from respect is indeed Disjoint Encryption • Disjoint Outbound simple case: no shared terms • Disjoint Inbound • Visual representation of mixed strand spaces • Problematic with entwined sub-protocols

  21. Simple and Powerful • Signed statements are certifications • An authority is an authority • Certificate Authorities traditionally are simply name authorities • Does not have to be limited to names • Authorizations are thus provided by an authorization principal • Already incorporated with authorization certificates in SPKI standard • Explicit Rely-Guarantee Functionality

  22. Summary • SPKI • Vague specification makes it flexible • Requires diligence in implementation • Strand Space • Mixed-PKI strand space • TLS • Ideal testing ground for SPKI analysis • Authorization • Intrinsic to SPKI standard • CA are trusted to provide

  23. Questions

More Related