1 / 45

Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI). Jen-Chang Liu, 2005 Ref1: Ch.10, “ Cryptography and Network Security ” , Stalling, 2003. Ref2: Ch.5, “ Cryptography and Network Security ” , A. Kahate, McGraw Hill, 2003. Ref3: Ch. 6, “ RSA Security ’ s Official Guide to Cryptography ” , 2001. Outline.

Download Presentation

Public Key Infrastructure (PKI)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Public Key Infrastructure (PKI) Jen-Chang Liu, 2005 Ref1: Ch.10, “Cryptography and Network Security”, Stalling, 2003. Ref2: Ch.5, “Cryptography and Network Security”, A. Kahate, McGraw Hill, 2003. Ref3: Ch. 6, “RSA Security’s Official Guide to Cryptography”, 2001

  2. Outline • Key management in public-key cryptosystem • Public Key Certificate (PKC) • X.509 standard • Public Key Infrastructure (PKI)

  3. Key management (Ref1) • issue for public-key cryptosystem • Distribution of public keys • Distribution of public keys • Public announcement • Public available directory • Public-key authority • Public-key certificates

  4. 1. Public announcement • Drawback: the opponent can pretend to be another user Ex. post public keys to public forums, such as USENET newsgroup and Internet mailing list

  5. 2. Public available directory • Some trusted entity maintains a publicly available dynamic directory of public keys {A, KUa } {B, KUb } … Register the public key Register the public key Attack: an opponent invades the public-key directory, and counterfeit public keys

  6. 3. Public-key authority (Fig 10.3) A can confirm the message from the authority Central authority: 1. Maintain directory of public keys 2. Each participant knows the public key for the authority N1 :認證B的身份 N2 :認證A的身份

  7. Outline • Key management in public-key cryptosystem • Q: How to authenticate the association between the public key with the owner ? • Public Key Certificate (PKC) • X.509 standard • Public Key Infrastructure (PKI) 公開金鑰憑證

  8. Public key certificate (PKC 公開金鑰憑證) • A public key certificate signifies the association between my public key and me • Ex.Like a driver license or passport Q: Who can approve the association ? A: A trusted entity – Certificate Authority (CA) Q: What is the content of a digital certificate? A: X.509 standard

  9. Example: Digital certificate

  10. X.509 certificate format • 1988, ITU X.509 version 1

  11. X.509 V2 extensions: unique identifier • V2 extensions: • Issuer unique identifier • Subject unique identifier • Motivation: Deal with the possibility that the issuer (CA’s name) name and the subject name (certificate holder’s name) might be duplicated over time • RFC2459 specifies that these two names should never be reused, so V2 extensions are made optional

  12. X. 509 V3 certificate extensions Certificate policies Authority key identifier:CA may have multiple private-public key pairs. This field defines which of these key pairs is used to sign the certificate Key usage: 1. digital signature 2. Certificate signing 3. CRL signing 4. Key enciphering 5. Data enciphering 6. Diffie-Hellman key exchange Certificate Revocation List (CRL 憑證廢止列)

  13. Certificate Authority (CA 憑證簽發機構) • CA is a trusted agency that can issue digital certificate. Ex. VeriSign, Entrust, …

  14. Outline • Key management in public-key cryptosystem • Public Key Certificate (PKC) • X.509 standard • Public Key Infrastructure (PKI) • PKI components • Certification creation steps • Certificate hierarchies • Certificate revocation * Distribution of public keys is non-trivial

  15. PKI components • The interaction between PKI components • End user • Registration authority (RA) • CA • Key recovery server • X.500 directory

  16. Registration authority (RA) • RA: an intermediate entity between the end users and the CA • Share the workload of CA • Accept and verify registration info about new users • Generate keys on behalf of the end users • Accept and authorize requests for key backups and recovery • Accept and authorize requests for certificate revocation • RA does not generate certificate • CA becomes an isolated entity, which makes it less susceptible to security attacks

  17. Key recovery server • Q: End users lose their private keys? • A: CA must revoke the corresponding PKC, a new key pair must be generated, a new corresponding PKC must be created • A2: provide a key recovery server • CA backs up private keys at the time of creation

  18. Certificate directory • Q: where to store the certificates? • A1: end user stores on his local machine • A2: CAs use a certificate directory (or a central storage location) • Provide a single point for certificate administration and distribution (ex. for later certificate revocation) • Certificate directories need not to be trusted

  19. Outline • Key management in public-key cryptosystem • Public Key Certificate (PKC) • X.509 standard • Public Key Infrastructure (PKI) • PKI components • Certification creation steps (Ref2) • Certificate hierarchies • Certificate revocation

  20. Certificate creation steps Key generation Registration Verification Certificate creation

  21. 1. Subject generating his own key pair • RA knows private key! • How to transmit it to user? 2. RA generating a key pair for subject

  22. Registration (註冊、登錄) Certificate signing request (CSR) (PKCS#10, part of the Public Key Cryptography Standard)

  23. On-line registration example

  24. Verification 1. RA verify the user’s credentials 2. Check the Proof of Possession of the private key • Q: What if a user claims that she never possessed the private key, when a document signed with her private key causes legal problems? • Sol 1: RA demands user to sign her CSR • Sol 2: RA generates a random number, encrypt it with the user’s public key, then challenge the user • …

  25. Certificate creation • CA creates a digital certificate for the user • Certificates in X.509 standard format • Q: Why should we trust digital certificates? • Certificate goes to • RA (or user) • Certificate directory • Backup user private key (if necessary)

  26. Questions about certificate • Why should we trust digital certificate? • Similar to: how do we verify a passport? • How does the CA sign a digital certificate? • How can we verify a digital certificate?

  27. X.509 certificate format

  28. Question about CA’s public key • How do we get CA’s public key of some certificate ? • Get CA’s certificate – which approves the association between the public key with CA • Who signs CA’s certificate? • The organization of CAs • CA hierarchies and self-signed certificate • Cross-certification

  29. CA hierarchy • Purpose: root CA can delegate job to lower CAs Chain of trust

  30. Self-signed certificate for root CA Who signs for root CA? • Root CA is automatic considered • as trusted CA • 2. Software contains a pre-programmed, • hard coded certificated of the root CA • 3. The root CA signs its own certificate • (self-signed certificate)

  31. Example: Self-signed root certificate

  32. Cross-certification Root CAs in different countries

  33. Outline • Key management in public-key cryptosystem • Public Key Certificate (PKC) • X.509 standard • Public Key Infrastructure (PKI) • PKI components • Certification creation steps (Ref2) • Certificate hierarchies • Certificate revocation

  34. Certificate revocation 憑證廢止 • Ex. lost of credit card, driver license, … • Reasons for certification revocation: • The private key is compromised • The CA made mistakes while issuing a certificate • The certificate holder leaves a job,… • Before using a certificate, we check • Does the certificate belong to the owner? (check certificate signature) • Is the certificate valid, or is it revoked?

  35. How to revoke a certificate? Certificate has been issued, how to revoke it?

  36. Certificate revocation list (CRL) • CRL is a list of revoked certificates published regularly by CA

  37. Validating a certificate using CRL

  38. Problems with CRL 1. CRL can be a large file -> long transmission time Sol: delta CRL 2. CRL are published periodically => can not check online status Sol: online certificate status check

  39. Online Certificate Status Protocol (HTTP) CA setup this server

  40. Key management (Ref1) • Two issues for public-key cryptosystem • Distribution of public keys • The use of public-key encryption to distribute secret keys (keys for symmetric cipher) • Distribution of public keys • Public announcement • Public available directory • Public-key authority • Public-key certificates

  41. 4. Public-key certificates 憑證 (Fig 10.4) Certificate: contain public key and other information, generate from the certificate authority 1. Anyone can read, verify 2. Only CA can create Application must be in person or by secure channel Time: verify currency of certificate

  42. Simple secret key distribution E KUe[ Ks ] • Public-key scheme has slow data rate • use public key to distribute secret key • use secret key scheme for data encryption session key (secret key) intercept KUe || IDA E KUa[ Ks ] Ks

  43. Secret key distribution with confidentiality and authentication • Against active and passive attacks Authenticate B Authenticate A authentication (only A can create it) Confidentiality (only B can read)

More Related