1 / 33

IS 302: Information Security and Trust Week 6: Certificate and PKI

IS 302: Information Security and Trust Week 6: Certificate and PKI. 2012. Review. Hash MAC RSA signature. Who are you really?. Mallory: Hi, Alice! I am Bob. (n’,e’) is my key Alice: please see my msg C encrypted by (n’,e’). Hi, Alice, I’m Bob! (n’,e’) is my public key. C=M^ e’ mod n’.

terrel
Download Presentation

IS 302: Information Security and Trust Week 6: Certificate and PKI

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IS 302: Information Security and TrustWeek 6: Certificate and PKI 2012

  2. Review • Hash • MAC • RSA signature

  3. Who are you really? • Mallory: Hi, Alice! I am Bob. (n’,e’) is my key • Alice: please see my msg C encrypted by (n’,e’) Hi, Alice, I’m Bob! (n’,e’) is my public key. C=M^e’ mod n’ Bob Mallory Alice d’: Mallory’s private key n’,e’: Mallory’s public key d: Bob’s private key n,e: Bob’s public key

  4. Who is Bob? • Alice: Which key really belongs to Bob? Hi, Alice, I am Bob! (n,e) is my public key. Hi, Alice, I’m Bob! (n’,e’) is my public key. C=M^e’ mod n’ Bob Mallory Alice d’: Mallory’s private key n’,e’: Mallory’s public key d: Bob’s private key n,e: Bob’s public key

  5. Solution • Bob: Hi, Alice! I am Bob. (n,e) is my key. • Alice: How do I know you are really Bob? • Bob: CA says I am Bob and (n,e) is my key! • Alice: I trust CA. Show me CA’s proof for you and your key. • Bob: Sure. Here is CA’s certificate on my key with CA’s signature on it. • Alice verifies CA’s signature on Bob’s certificate

  6. Certification Authority (CA) • A CA guarantees/certifies the association between a public key and an entity (i.e., the owner of the key)

  7. X.509 Certificate Whose sig? how long is sig?

  8. Get a Certificate • Before Bob publishes his public key (n,e), Bob requests for a certificate from CA • CA issues to Bob a certificate {Bob, (n,e), H(Bob,n,e)^f mod m}, where f is CA’s private key, and m is CA’s public modulus Bob Alice Hi, CA. I’m Bob; (n,e) is my public key d: Bob’s private key n,e: Bob’s public key Cert: {Bob, (n,e), sig = H(Bob,n,e)^f mod m} f: CA’s private key m,g: CA’s public key CA

  9. Check the Certificate • Bob shows Alice his public key (n,e) and CA’s certificate {Bob, (n,e), sig=H(Bob,n,e)^f mod m} • Alice verifies Bob’s public key (n,e) by comparing H(Bob,n,e) = sig^g mod m ? using CA’s public key (m,g) Hi, Alice, I’m Bob! (n,e) is my public key. Here is CA’s certificate {Bob, (n,e), sig = H(Bob, n,e)^f mod m} Bob Alice d: Bob’s private key n,e: Bob’s public key f: CA’s private key m,g: CA’s public key CA

  10. Use the Certificate in Encryption • If Bob’s certificate is verified, Alice knows Bob is really Bob with key (n,e) • Alice can encrypt her message with Bob’s public key (if M is large, use envelop encryption); Bob can decrypt it with his private key d: M=C^d mod n. C=M^e mod n Bob Alice d: Bob’s private key n,e: Bob’s public key CA

  11. Use the Certificate in Signature • If Bob’s certificate is verified, Alice knows Bob is really Bob with key (n,e) • Bob can sign a message and Alice can verify the Bob’s signature with Bob’s public key: sig^e mod n = H(M) ? M, sig=H(M)^d mod n Bob Alice d: Bob’s private key n,e: Bob’s public key CA

  12. What if Bob lost his private key? • Mallory steals Bob’s private key d and thus can impersonate Bob Mallory Bob Alice d: Bob’s private key n,e: Bob’s public key CA

  13. Revoke certificate • Bob: I will no longer use my public key (n,e) – my certificate (Bob,(n,e),sig) is revoked! Oops, Bob’s cert of key (n,e) is revoked. I will not use it Mallory CRL: Bob cert, other certs…..Sig=H(CRL)^f mod m Bob Alice Alice Hi, CA. I’m Bob; please revoke my cert Alice verifies CRL with CA’s public key (m,g) d: Bob’s private key n,e: Bob’s public key Ok, Bob, your cert is put in CRL, signed by me f: CA’s private key m,g: CA’s public key CA CA

  14. Certificate Revocation List (CRL) Serial Number: 12345…14 Revocation Date: 28/12/06 Whose sig? how long is sig? Serial Number: 12345…21 ……

  15. Discussion • Can Mallory impersonate Bob? • Can Mallory impersonate CA? Oops, Bob’s cert of key (n,e) is revoked. I will not use it Mallory CRL: Bob cert, other certs……..Sig=CRL^f mod m Bob Alice Alice Hi, CA. I’m Bob; please revoke my cert Alice verifies CRL with CA’s public key (m,g) d: Bob’s private key n,e: Bob’s public key Ok, Bob, your cert is put in CRL, signed by me f: CA’s private key m,g: CA’s public key CA CA

  16. Solution to CA impersonation • Use a hierarchy of CA’s • Let high-level CA sign low-level CA’s public key so that Mallory cannot impersonate low-level CA • It is harder for Mallory to impersonate high-level CA since a high level CA is widely exposed to the public S’pore CA NTU CA NUS CA SMU CA LKCSBCA SA CA SESS CA SIS CA Bob

  17. Putting all in a standard: PKI • Public Key Infrastructure (PKI) • A set of policies, procedures, and products; used to implement public key cryptosystem in a large setting • X.509: A widely used standard for defining and managing digital certificates

  18. PKI: An Illustration Make a revocation request CA hierarchy 1.Identity authentication Registration Authority 2.Certificate request A CA 4.Certificate(s) 3.Certificate(s) 7 5. B obtains A’s certificate C B 6. Check if C has been revoked before Update and maintain CRL 7. Get CA’s public key and verify certificate C

  19. Demo: Certificate management with IE • Internet explorer Tools Internet options Content Certificates 

  20. Secure Email: Application of Digital Certificates • Secure email • Signed email • Encrypted email

  21. Signed Email • Sign the (hash of) email (including header, body, and attachment) with the sender’s private key  email signature • Send the following to the recipient • Email header, body, attachment • Email signature • Sender’s public key certificate • Optional CRLs

  22. Encrypted Email • Envelop encryption • Sender obtains and verifies the recipient’s public key certificate • Sender chooses a random message encryption key  to encrypt email message • Sender uses the recipient’s public key  to encrypt the message encryption key • Send the following to the recipient • Encrypted email message • Encrypted message encryption key

  23. Encrypted Signed Email • Sign original email  using sender’s private key • Encrypt the signed email with envelop encryption  using recipient’s public key • Send the encrypted signed email to recipient

  24. Secure Email Systems: S/MIME • RSA Data Security Inc. 1995 • Internet standard, adopted in commercial email packages • Most email clients, such as Outlook, Thunderbird and Eudora have built-in support for S/MIME • Support all sorts of email attachments • Require (hierarchically validated) certificates (as in PKI) • Certificate can be obtained from Certificate Authorities (CA), such as Thawte, VeriSign, and COMODO.

  25. Exercise: setting up S/MIME in Outlook • COMODO free email certificate • COMODO certificate guide (download the guide from course web site) • Follow the instructions in the guide to • Request for COMODO free email certificate • Install the certificate in Outlook • (for firefox user, please download another guide from course web site for exporting certificate from firefox) • Follow the instructions in the following slides to • Sign email • Encrypt email

  26. Outlook S/MIME-Signature (1) • In Outlook go to Help | Privacy options | Email security • Check “Add Digital Signature to Outgoing Messages” • Check “Send Clear Text Signed messages when sending signed messages”. • Click “OK” • Signature will be added for all messages • Send a signed email to the one next to you

  27. Outlook S/MIME-Signature (2) • The received message should have the signature symbol on the left of the email. • Click on the symbol to view the signature details.

  28. Outlook S/MIME-Encryption (1) • In order to exchange encrypted messages the sender will need to have the receiver public key. • The public key can be exchanged by first sending a Digitally Signed message to the person, thus sending him/her your Public key. • Next, the recipient will have to reply to your message, thus sending you his/her Public Key. • With each other’s Public Keys you will be able to begin sending encrypted messages to one another.

  29. Outlook S/MIME-Encryption (2) • Reply to the signed message you received previously. • Click on the encrypt message symbol • Send an encrypted message to the person next to you.

  30. Outlook S/MIME-Encryption (3) • The encrypted message needs to be explicitly opened for contents to be viewed.

  31. Outlook S/MIME-Encryption (4) • The encrypted message will have the encryption symbol on the right. • Click on the symbol to view the encryption details

  32. Review • Which of the following is NOT included in the certificate for Alice’s public key? • Alice’s public key • Alice’s signature • CA’s signature • Alice’s public key certificate is revoked, which of the following is NOT included in the related CRL? • Alice’s public key • Certificate series number • CA’s signature • Which of the following is NOT correct regarding encrypted email in S/MIME? • Envelop encryption is used • Sender needs recipient's certificate to encrypt email • Recipient needs sender’s certificate to decrypt email

  33. Mid-Term Quiz in Week 7 • MCQ + SAQ (15%; 1.5 hour) • MCQ 20*0.5=10% • SAQ 5*1 = 5%

More Related