1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007.

Slides:



Advertisements
Similar presentations
Chapter 14 – Authentication Applications
Advertisements

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Public Key Management and X.509 Certificates
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
Lecture 23 Internet Authentication Applications
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
Slide 1 Many slides from Vitaly Shmatikov, UT Austin Public-Key Infrastructure CNS F2006.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Secure Electronic Transaction (SET)
ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
NENA Development Conference | October 2014 | Orlando, Florida Security Certificates Between i3 ESInet’s and FE’s Nate Wilcox Emergicom, LLC Brian Rosen.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
Java Security Pingping Ma Nov 2 nd, Overview Platform Security Cryptography Authentication and Access Control Public Key Infrastructure (PKI)
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
Lecture 5.3: Key Distribution: Public Key Setting CS 436/636/736 Spring 2012 Nitesh Saxena.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Unit 1: Protection and Security for Grid Computing Part 2
Configuring Directory Certificate Services Lesson 13.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
06 APPLYING CRYPTOGRAPHY
Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.
Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.
Authentication 3: On The Internet. 2 Readings URL attacks
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
Matej Bel University Cascaded signatures Ladislav Huraj Department of Computer Science Faculty of Natural Sciences Matthias Bel University Banska Bystrica.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Public Key Infrastructure (PKI) Chien-Chung Shen
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Creating and Managing Digital Certificates Chapter Eleven.
Using Public Key Cryptography Key management and public key infrastructures.
Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.
1 Public Key Infrastructure Dr. Rocky K. C. Chang 25 February, 2002.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
Pertemuan #8 Key Management Kuliah Pengaman Jaringan.
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.
Key management issues in PGP
Cryptography and Network Security
Information Security message M one-way hash fingerprint f = H(M)
Information Security message M one-way hash fingerprint f = H(M)
Information Security message M one-way hash fingerprint f = H(M)
Information Security message M one-way hash fingerprint f = H(M)
Digital Certificates and X.509
CS 465 Certificates Last Updated: Oct 14, 2017.
刘振 上海交通大学 计算机科学与工程系 电信群楼3-509
刘振 上海交通大学 计算机科学与工程系 电信群楼3-509
Presentation transcript:

1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007

Rocky, K. C. Chang2 The problem  Problem: How do principals learn each other’s public keys for a number of public- key based protocols, such as IPSec, IKE, PGP, S/MIME, or SSL?  Some naïve solutions: Configure each principal with the public key of every other principal (scalability problem). Publish public keys in Web sites or newspapers (authentication and scalability problems).

Rocky, K. C. Chang3 The PKI solution  One accepted solution is through trusted intermediaries known as certification authorities (CAs).  Alice generates her public/private key pair. Keep the private key. Take the public key to the CA, say k. The CA has to verify that Alice is who she says she is. The CA then issues a digital statement stating that k belongs to Alice.

Rocky, K. C. Chang4 PKI

Rocky, K. C. Chang5 The digital certificate  CAs digitally sign data structures known as certificates that state the mapping between names and public keys.  A typical certificate contains a serial number (03) the name of the principal being certified ( the public key of the principal (PKCS#1 RSA encryption, 140 bytes) the name of the certification authority (HKPU) valid duration of the certificate (not before, not after) extensions a digital signature (PKCS#1 MD5 with RSA encryption, 128 bytes)

Rocky, K. C. Chang6 X.509 PKI (PKIX)  PKIX defines a profile to facilitate the use of X.509 certificates within Internet application (RFC 2459). It specifically profiles the X.509 v3 certificate and X.509 v2 CRL. This profile does not assume the deployment of an X.500 directory system. The v3 certificate format extends the v2 format by adding provision for additional extension fields, e.g.,  The subject alternative names extension allows additional identities to be bound to the subject of the certificate, such as an Internet electronic mail address, a DNS name, an IP address, and a URI.

Rocky, K. C. Chang7 Digitally signed documents Alice’s document without signature Hash Alice’ private key Alice’s document without signature Signature Sent to Bob From Alice Alice’s document without signature Signature Alice’ public key Hash Compare

Rocky, K. C. Chang8 Digital certificates Alice’s certificate without signature Hash CA1’s private key Alice’s certificate without signature CA1’s signature Sent to Bob From Alice Alice’s certificate without signature CA1’s signature CA1’s public key Hash Compare

Rocky, K. C. Chang9 Multilevel certificates  If Alice’s certification is issued by CA1 and Bob knows CA1’s public key, he can securely obtain Alice’s public key from Alice’s certificate.  In general, Bob may not know the public key of Alice’s CA (but he knows CA3’s public key). Therefore, it is necessary for Bob to obtain a chain of certificates (also known as certification path), e.g., [CA2’s public key is P2] signed by CA3 [CA1’s public key is P3] signed by CA2 [Alice’s public key is P4] signed by CA1

Rocky, K. C. Chang10 Expiration  No cryptographic key should be used indefinitely. A certificate should not be valid forever either.  Expiration is also important in keeping information up-to-date.  Not before and not after Participants in a PKI needs a clock.

Rocky, K. C. Chang11 Separate registration authority  A HR department verifies the employees and the IT department runs as the CA.  Adding a third party RA complicates the protocol sigificantly.  The best model for this scenario: IT acts as a CA and the HR as a sub-CA. Have IT and HR serve as separate entities and specify the HR-IT interaction.

Rocky, K. C. Chang12 Examples  Every HK resident can communicate with each other securely. Have the post office serve as the CA for HK. Every resident is issued a certificate.  A company has a VPN to allow its employees to access to the corporate network from outside. The company acts as the CA. Each employee is issued a certificate.  A bank allows its customers to perform financial transactions on the bank’s website. The bank is the CA. The customers are issued certificates.

Rocky, K. C. Chang13 Certificate revocation  The hardest problem to solve in a PKI is revocation.  For various reasons (e.g., employment termination, key compromised), a certificate may no longer be valid before the expiration date.  Requirements: speed and reliability of revocation.  Two solutions Define a Certification Revocation List (CRL), which contains serial numbers that should not be honored. Fast expiration: each certificate is given a very short expiration time.

Rocky, K. C. Chang14 Certification Revocation List  A CA periodically issues a signed CRL available in a public repository. An advantage of this approach is that CRLs may be distributed by exactly the same means as certificates.  Therefore, a certificate is valid if it has a valid CA signature and has not expired and is not listed in the CA’s most recent CRL.

Rocky, K. C. Chang15 Fast expiration  Each time Alice wants to use her certificate, she gets a new one from the CA.  The major advantage is using the already available certificate issuing mechanism.  Whether this approach is possible depends on mostly whether the application demands instantaneous revocation.

Rocky, K. C. Chang16 PKI in reality  The PKI ties Alice’s public key to her name. What name should be used in a PKI? Identical names A person with multiple names Cannot use HKID,  Authority of assigning keys to names What makes that CA authoritative with respect to these names? Who has the authority of assigning keys in a universal PKI?

Rocky, K. C. Chang17 PKI in reality (cont’d)  Trust of being the CA What/who can be trusted as a CA in a universal PKI? The trust relationships that are used by the CA are ones that already exist and are based on contractual relationships.  Authorization Who is authorized to do what? Keys  (PKI) names  (ACL) permissions Direct authorization: Keys  permissions E.g., a bank’s PKI ties Alice’s key to the credential that allow access to Alice’s account. E.g., a door lock does not recognize who holds the key.

Rocky, K. C. Chang18 A more realistic PKI  Each application/organization has its own CA. The world consists of a large number of small PKIs. Each user is a member of many different PKIs at the same time. Cross certification  The PKI’s main purpose is to tie a credential to the key. Not to tie keys to names.

Rocky, K. C. Chang19 Summary  There will never be a universal PKI.  PKI is difficult to manage and use. The 5 th Annual PKI R&D Workshop: “Making PKI Easy to Use.”  The PKI’s main purpose is to tie a credential to the key. It is not about the key management problem.  Choose between a key server approach and a PKI approach.  Nevertheless, a number of PKI initiatives is still going on, e.g., Federal PKI (FPKI) in the US.

Rocky, K. C. Chang20 Acknowledgments  The notes are prepared mostly based on N. Ferguson and B. Schneier, Practical Cryptography, Wiley, R. Housley, W. Ford, W. Polk, D. Solo, “Internet X.509 Public Key Infrastructure Certificate and CRL Profile,” RFC 2459, January 1999.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.