1 / 23

Chapter 10 Public Key Infrastructure

Chapter 10 Public Key Infrastructure. Overview. Using public key cryptography Certificates Certifying authorities Key recovery and key escrow Chains of trust Revocation X.509. Uses of Public Key Crypto. Without sharing secrets (p. 249) Alice can sign statements that Bob can verify

gerard
Download Presentation

Chapter 10 Public Key Infrastructure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 10 Public Key Infrastructure

  2. Overview • Using public key cryptography • Certificates • Certifying authorities • Key recovery and key escrow • Chains of trust • Revocation • X.509

  3. Uses of Public Key Crypto • Without sharing secrets (p. 249) • Alice can sign statements that Bob can verify • Bob can encrypt things for Alice • Alice and Bob can authenticate each other • Alice and Bob may never meet and may belong to different enterprises

  4. PKI • Public key infrastructure – everything that needs to be in place in order for public-key crypto to work • How to establish trust • How to establish chains of trust

  5. The Players • Principal – has a public key • Relying party – uses the public key • Trust anchor or trust root – a trusted party who provides or certifies the public key of a third party • Certifying authority – issues a certificate • See figure 10.1, p. 251

  6. Certificate • A signed statement which binds a name to a public key • Does not contain a private key • A certificate is useful only when combined with a matching private key

  7. A Basic PKI Model • Alice generates her own key pair • She submits her public key to a certifying authority • With a signed request that shows she knows her own private key • The CA verifies Alice is who she says she is • The CA verifies that Alice knows the private key that matches the public key • The CA signs the certificate (with its private key)

  8. Remaining Design Choices • Where does the certificate reside? • How do other folks discover it? • This assumes that the private key of the CA remains private and secure

  9. Hardware Security Modules • HSMs • Specialized hardware devices for storing cryptographic keys

  10. Key Recovery • Alice forgets the passphrase which unlocks her private key • Alice keeps her health information on an encrypted smart card. But she is unconscious • Alice encrypts her source code. But her boss fires her. • The police or government want to look at Alice’s data • Alice’s computer is infected and her data, including the private key, is corrupted

  11. Key Escrow • A technology that allows someone other than the key owner to access a key • Supposedly only in emergencies • Dangers of key escrow? • Government monitoring • Forged digital signatures

  12. Chains of Trust • One central CA – not performant • Multiple CA’s – how do they coordinate? • Hierarchy of CA’s – Fig 10.3, p. 260 • Bridging model – Fig 10.4, p. 261 • Path discovery is still a challenge

  13. Revocation • A certificate binds a property (usually a name) to a public key. • It may be necessary to revoke a certificate • Alice quits her job • The private key is compromised • Alice forgets her pass phrase

  14. Certificate Revocation Lists • CA maintains a certificate revocation list (CRL) • Users download the CRL • Problems • Download time for large CRL’s • Innocent people who forget their pass phrase get placed on the CRL • Race conditions – CRL not yet updated and attacker uses revoked certificate

  15. Online Certificate Status Protocol • OCSP – relying party checks the status of the certificate online • OCSP responders are connected to the CA’s certificate database

  16. Other Approaches • Certificate expiration - good for small, disconnected, mobile devices since downloads and lookups are not required frequently • Pretty Good Privacy (PGP) – there are no CA’s, only a web of trust, each party maintains a private list of certificates

  17. X.509 • The most common certificate standard in use • International Telecommunication Union (ITU-T) standard • Started as part of X.500 – a standard for naming hierarchies • X.509 is based on a strictly hierarchical view of CA’s • Defines standard formats for • public key certificates • revocation lists • attribute certificates

  18. Alternatives to X.509 • Pretty Good Privacy (PGP) • Simple Distributed Security Infrastructure and Simple PKI (SDSI/SPKI)

  19. Pretty Good Privacy (PGP) • Users are equals • Users sign statements asserting a belief that a public matches a friend • Users exchange assertions • Users draw conclusions based on their web of trust

  20. SDSI/SPKI • ‘sudsy spooky’ • Simple • Principals are their public keys • No global names • Based on assumption that security decisions and identify management should be based on local knowledge

  21. Key Storage – A Problem • Private keys are needed for desktop/laptop applications • Desktops/laptops are inherently insecure • End users move from computer to computer – keys need to be portable • Drivers for USB hardware security modules are not universally available

  22. Summary • Using public key cryptography • Certificates • Certifying authorities • Key recovery and key escrow • Chains of trust • Revocation • X.509

  23. References • Smith and Marchesini, The Craft of System Security, Addison-Wesley, 2008. • http://en.wikipedia.org/wiki/X.509 • http://world.std.com/~cme/html/spki.html

More Related