350 likes | 507 Views
PKIs and Secure Communication. April 24, 2007. Intranet Extranet Internet. Bob. Alice. Basic Problem. Bob and Alice want to exchange data in a digital world. There are Confidence and Trust Issues …. Trusted E-Services Laboratory - HP Labs - Bristol. Intranet Extranet Internet. Alice.
E N D
PKIs and Secure Communication April 24, 2007
Intranet Extranet Internet Bob Alice Basic Problem Bob and Alice want to exchange data in a digital world. There are Confidence and Trust Issues … Trusted E-Services Laboratory - HP Labs - Bristol
Intranet Extranet Internet Alice Bob Confidence and Trust Issues • In the Identity of an Individual or Application • AUTHENTICATION • That the information will be kept Private • CONFIDENTIALITY • That information cannot be Manipulated • INTEGRITY • That information cannot be Disowned • NON-REPUDIATION Trusted E-Services Laboratory - HP Labs - Bristol
Cryptography Cryptography It is the science of making the cost of acquiring or altering data greater than the potential value gained Cryptosystem It is a system that provides techniques for mangling a message into an apparently intelligible form and than recovering it from the mangled form Plaintext Encryption Ciphertext Decryption Plaintext &$*£(“!273 Hello World Hello World Trusted E-Services Laboratory - HP Labs - Bristol
Plaintext Encryption Ciphertext Decryption Plaintext Private Key Private Key Cryptographic Algorithms based on Private Key Pros • Efficient and fast Algorithm • Simple model • Provides Integrity, Confidentiality Cons • The same secret key must be shared by all the entities involved in the data exchange • High risk • It doesn’t scale(proliferation of secrets) • No Authentication,Non-Repudiation
Plaintext Encryption Ciphertext Decryption Plaintext Intranet Extranet Internet Alice’s Private Key Alice’s Public Key Alice Bob Cryptographic Algorithms based on Public Key Pros • Private key is only known by the owner: less risk • The algorithm ensures Integrity and Confidentiality by encrypting with the Receiver’s Public key Trusted E-Services Laboratory - HP Labs - Bristol
Plaintext Encryption Ciphertext Decryption Plaintext Intranet Extranet Internet Bob’s Public Key Bob’s Private Key Alice Bob Cryptographic Algorithms based on Public Key Pros The algorithm ensures Non-Repudiation by encrypting with the Sender’s Private key Trusted E-Services Laboratory - HP Labs - Bristol
Intranet Extranet Internet Alice Bob Cryptographic Algorithms based on Public Key Cons • Algorithms are 100 – 1000 times slower than secret key ones • They are initially used in an initial phase of communication and then • secrets keys are generated to deal with encryptions • How are Public keys made available to the other people? • There is still a problem of Authentication!!! • Who ensures that the owner of a key pair is really the person whose • real life name is “Alice”? Moving towards PKI … Trusted E-Services Laboratory - HP Labs - Bristol
Digital Signature A Digital Signature is a data item that vouches the origin and the integrity of a Message • The originator of a message uses a signing key (Private Key) to sign the message and send the message and its digital signature to a recipient • The recipient uses a verification key (Public Key) to verify the origin of the message and that it has not been tampered with while in transit Intranet Extranet Internet Alice Bob
Digital Signature There is still a problem linked to the “Real Identity” of the Signer. Why should I trust what the Sender claims to be? Moving towards PKI …
Digital Certificate A Digital Certificate is a binding between an entity’s Public Key and one or more Attributes relating its Identity. • The entity can be a Person, an Hardware Component, a Service, etc. • A Digital Certificate is issued (and signed) by someone - Usually the issuer is a Trusted Third Party • A self-signed certificate usually is not very trustworthy
CERTIFICATE Digital Certificate Issuer Subject Subject Public Key Issuer Digital Signature
Public Key Infrastructure (PKI) “A PKI is a set of agreed-upon standards, Certification Authorities (CA), structure between multiple CAs, methods to discover and validate Certification Paths, Operational Protocols, Management Protocols, Interoperable Tools and supporting Legislation” “Digital Certificates” book – Jalal Feghhi, Jalil Feghhi, Peter Williams
Public Key Infrastructure (PKI) A Public Key Infrastructure is an Infrastructure to support and manage Public Key-based Digital Certificates
PKI services A public-key security system comprises three infrastructural services • The Certification Authority (CA) signs users’ public key • The directory is a public-access database of valid certificates • The Certificate Revocation List (CRL) is a public-access database of invalid certificate
* Alice Bob X509 PKI • Current ITU-T standard for PKI • Hierarchical Structure of CA Trusted Root Alice trusts the root CA Bob sends a message to Alice Alice needs Bob’s certificate, the certificate of the CA that signed Bob’s certificate, and so on up to the root CA’s self signed certificate. Alice also needs each CRL for each CA. Only then can Alice verify that Bob’s certificate is valid and trusted and so verify the Bob’s signature.
Life Cycle of user’s public key certificate • Key generation • The user creates a new key-pair • The user provides his identity to the CA (not electronically) • The CA signs a certificate that names the user as the bearer of his new public key • The user also receives Root CA’s public-key, for later use • The user chooses a secrete passphrase, and uses it to encrypt his asymmetric private key
Life Cycle of user’s public key certificate • Single-Sign-on • At login, the user types his passphrase, so as to decrypt his private key • With his private key, the user participates in public-key protocol
Life Cycle of user’s public key certificate • Authenticating Others • To communicate securely with other users and with networked services, the user refers to other parties’ public key certificates • The user exchanges certificates either directly or from Directory service • Certificates need to be checked against CRL for revocation • Validate the CA’s signature recursively.
Life Cycle of user’s public key certificate • Password Change • The user should regularly change the passphrase for private key • Key-Revocation • Certificates are timestamp to expire after a few months or year • If user’s private key is compromised, user must inform CRL to revoke corresponding public-key • User should check CRL every time a certificate is used because CRL may have updated
Problems of X509 • Complicate structures of CA • What if there are multiple root CA? • Centralized certification entity • Burden is on End-User! • Authenticating the User • Authenticating the CA • Certificate Revocation Lists • Private Key Management • Pass phrase Quality
IBM Lotus Notes & Domino Solution • Client/server infrastructure for collaborative applications • Usage of PKI • Authentication of Notes client to Domino Server • Signing and encrypting mail messages • Administrative accountability • Implementation • Note keys are created by Notes administrator and distributed to user in a “identity file” • Most of key management is hidden from user • Suitable for enterprise setting
Alternative: Web of Trust • X509 requires centralized certification entity • Certificate can be signed only by CA • Root CA have to be available to lower level • Root certificate companies may collapsed • Dot-com bubble burst • Web of Trust uses self-signed certificates and 3rd party attestations of those certificates • PGP, GnuPG, OpenPGP • Requires more individual attention • “Why Johnny Can’t Encrypt”
Alternative: Key Continuity Management • Idea: • Make key generation, management, and signing automatically • Ignore the X509 certification chain • Public key is sent CA and returns back with Digital ID • Applications are directly aware of public key certificates • User would be notified only when server’s key suddenly changes • Implemented in email clients • Outlook, Eudora
KCM: email example • Mail client creates a self-signed key when user configures new From: address • Public key is attached to outgoing email • Public key gets stored in address book • Subsequent outgoing mail is sealed • Subsequent incoming mail is unsealed and signature is verified • User is notified if when public key is changed
Johnny 2 • Study conducted on KCM • Closely followed the setting of Johnny Study • Used same scenario • Added additional attacks that is close to Phishing • New Key Attack • Participants are able to detect the impersonation • New Identity Attack • No significant Result • Unsigned Message • No significant Result
Alternative: iPKI • An iPKI is a lightweight PKI centered around standalone CA • Application specific, lightweight CA • Automated PKI and CA setup • Simple, intuitive enrollment mechanism • A simple, intuitive trust model • Secure bootstrapping • Certificates as capabilities • No need for direct user interactions with certificates
Network-in-a-Box: Problem • Secure systems are unusable • Network configuration - scanning, IP config, DNS location are all automated • Network security configuration mostly manual • Home: Users specify passwords, manage PKI (install certificates, configure security) • Enterprise: Administrators install software encoded with static security information (AP/authentication server certificate) on each mobile user device
Idea • Establishing trust requires trust • Need secure communication w/o a priori infrastructure • Bootstrap using Location-limited Channels • Example: Infra-red port, passive USB, audio channels, touching two devices simultaneously • Gesture-based Automatic Configuration • Laptop and AP exchange public keys • Use it to perform full-fledged security auto-configuration
Details: Individual Steps • Key pair generation : Client s/w generates key pair • Device Enrollment : NiaB AP & client exchange digest of their public keys over location-limited IR channel • Authentication : NiaB AP & client exchange their full public keys and prove possessions of corresponding private keys over 802.11. Public keys are checked against digests. • Issuing Certificate : Certificate authority generates and issues a certificate to client over TLS tunnel • Configuration : Client installs the certificate and configures laptop’s 802.1x security s/w to use it • 802.1x operation : Normal authentication and key exchange with individual APs
User Studies • Methodology – Different sets of users asked to connect laptop to a secure wireless network • Different skill-sets, different experimental ordering, 2 iterations: 5+ subjects in first iteration to find usability errors and refine interface • Results – Home Users Enterprise Users
Discussion • Examples of PKI • X509 - Standard • Web of trust - PGP • KCM - email • iPKI – NiaB, Casca • In what setting, each PKI will be useful? • Advantage & Disadvantage • Any new PKI?