Presentation is loading. Please wait.

Presentation is loading. Please wait.

Interoperation Between a Conventional PKI and an ID-Based Infrastructure Geraint Price Royal Holloway University of London joint work with Chris Mitchell.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Interoperation Between a Conventional PKI and an ID-Based Infrastructure Geraint Price Royal Holloway University of London joint work with Chris Mitchell."— Presentation transcript:

1 Interoperation Between a Conventional PKI and an ID-Based Infrastructure Geraint Price Royal Holloway University of London joint work with Chris Mitchell

2 30th June 2005 EuroPKI 2005 2 Overview Introduction Technical Background A Simple Certificate-Based Solution Extending Our Analysis Lessons Learnt and Future Work Conclusions

3 30th June 2005 EuroPKI 2005 3 Introduction Our analysis focuses on the following scenario:  Domain A uses a certificate-based PKI  Domain B uses an ID-based PKI  Users in domains A & B wish to interact securely We consider issues such as:  What are the specific issues arising for interoperation in either direction?  What are the security implications of interoperation?  What lessons can we learn, and where do we go from here?

4 30th June 2005 EuroPKI 2005 4 Technical Background Certificate management in a conventional PKI adds a significant overhead In 1984 Shamir proposed Identity-based cryptography, where the public-private key pair is generated from public information Until Boneh and Franklin’s work in 2001, no efficient encryption mechanism existed Sender can encrypt a message to a recipient without having to retrieve the recipient’s public key

5 30th June 2005 EuroPKI 2005 5 Technical Background (II) Main operational differences:  Trusted Authority (analogous to the CA) generates all private keys using a domain secret  Private decryption keys only need to be generated when they are required for decryption  There is no explicit means of revocation, but there are similar associated problems Very little prior work that studies the interaction:  Chen et al [2002] and Smetters and Durfee [2003] propose a tiered approach

6 30th June 2005 EuroPKI 2005 6 A Simple Certificate-Based Solution We consider the “obvious” solution:  Cross-certification between the two domains How does cross-certification work natively?  In the certificate-based world, there is already plenty of work done in this area  In the ID-based world, no prior work uses ID-based cryptography to secure inter-domain communication It appears that ID-based cryptography is not suitable for supporting inter-domain credentials

7 30th June 2005 EuroPKI 2005 7 The Certificate-Based User How the scheme would work:  CA for domain A generates a cross-certificate for the TA in domain B  The cross-certificate could contain policy information for domain B that is of relevance to domain A  The user in domain A validates the cross- certificate and checks the policy for acceptability  There will typically be a need for a certificate status check, and possibly some additional path validation

8 30th June 2005 EuroPKI 2005 8 The Certificate-Based User (II) We now note some potential difficulties Certificate content and type:  Identity certificate or attribute certificate?  We believe that an identity certificate would be preferable in practice CP and CPS:  Cert-based PKIs rely heavily on CPs and CPSs  ID-Based environments allow the offloading of policy creation onto the user

9 30th June 2005 EuroPKI 2005 9 The Certificate-Based User (III) How does the cert-based user assure themselves that the private keys in domain B conform to the desired policy? Two possible solutions:  The TA in domain B could release a set of policy statements in an similar manner to a CP  The sender in domain A generates a new identity- based key with a reference to the appropriate policy

10 30th June 2005 EuroPKI 2005 10 The ID-Based User How the scheme would work:  The TA for domain B generates a cross-certificate for the public key of the CA in domain A  This cross-certificate could contain policy information for domain A of relevance to a user in domain B  The user in domain B validates the cross-certificate and checks the policy for acceptability  There will typically be a need for a certificate status check and possibly some additional path validation While this gives the functionality we require, it is a rather inelegant solution

11 30th June 2005 EuroPKI 2005 11 The ID-Based User (II) An alternative would be to have the TA in domain B issue an identity-based signing key to the CA within domain A This approach is unlikely to be used in practice CP and CPS – two candidate approaches:  Users in domain B would be required to parse the certificate policies of domain A  The TA within domain B could identify suitable CPs from domain A The second option provides for a cleaner approach

12 30th June 2005 EuroPKI 2005 12 The ID-Based User (III) Revocation: A “pure” identity-based implementation relies on key re-issuance Three candidate mechanisms for users in domain B to validate domain A certificates:  The CA could issue new certificates at the same rate as the TA would issue identity-based keys  The TA could act as a filter for user requests  The user could be required to interrogate the CRL and OCSP servers directly Application level considerations are likely to impact on this design decision

13 30th June 2005 EuroPKI 2005 13 Extending Our Analysis Potential Alternative Solutions:  Reversal of the burden of work onto the recipient using an identity-based key  Using a trusted intermediary to decrypt and re- encrypt the flow of messages  Less complexity in signature based solution Additional Technologies:  Certificateless Public Key Cryptography (Al- Riyami and Paterson [2003])  Certificate Chaining

14 30th June 2005 EuroPKI 2005 14 Lessons Learnt and Future Work What are the main differences that impact on interoperation?  How the policy setting and validation is performed  Where and how the policy matching takes place  The difference in what is being certified and what is the content of the identifier What additional work is needed?  An assessment of policy handling in light of actual security requirements  Potential for attribute certificates in cross-certification

15 30th June 2005 EuroPKI 2005 15 Conclusions Existing technical solutions are far from ideal for the users in an identity-based environment Candidate solutions either force identity- based clients to make use of certificates, or they require the use of trusted intermediaries Building mechanisms to limit the impact at the user level is likely to require additional intermediary services

Download ppt "Interoperation Between a Conventional PKI and an ID-Based Infrastructure Geraint Price Royal Holloway University of London joint work with Chris Mitchell."

Similar presentations

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Practical Digital Signature Issues. Paving the way and new opportunities. www.oasis-open.org Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.
An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.

An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Certificates Last Updated: Aug 29, 2013. A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.

Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
An Introduction to Identity-based Cryptography

An Introduction to Identity-based Cryptography
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
SMUCSE 5349/7349 Public-Key Infrastructure (PKI).

SMUCSE 5349/7349 Public-Key Infrastructure (PKI).
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
APNIC Trial of Certification of IP Addresses and ASes RIPE 52 Plenary George Michaelson Geoff Huston.

APNIC Trial of Certification of IP Addresses and ASes RIPE 52 Plenary George Michaelson Geoff Huston.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

Similar presentations

Ads by Google