1. PKI To The Masses IPCCC 2004 Dan Massey USC/ISI

2. 1 March 042masseyd@isi.edu PKI Is Necessary l My PKI related actions since arriving at IPCCC n Used an SSH host public key for remote login. n Used an IMAP certificate to download email. n Received a PGP signed email message. n Accessed a secure website using an SSL certificate. l Proposed Infrastructure PKI related actions: n Secure BGP would use PKI to protect Internet routes. n Secure DNS would use PKI to protect Internet names.

3. 1 March 043masseyd@isi.edu The Need for a Secure Infrastructure Internet c.gtld-servers.net BGP monitor 192.26.92.30 originates route to 192.26.92/24 l BGP and DNS Provide No Authentication n Lack of BGP authentication misdirected DNS queries. –This happens to be DNS traffic, but could be email, web, etc. n Server could have replied with false DNS data. ISPs announced new path for 20 minutes to 3 hours 1 of 13 DNS servers For com/net/org

4. 1 March 044masseyd@isi.edu The PKI Solution l Routing: sign the routing updates n Use public key cryptography to verify the origin is allowed to originate the path. n Have each node sign its next link in the route (to prove the path is valid) n S-BGP (Kent/BBN), SoBGP (White/Cisco) l DNS: sign the DNS response n DNSSEC (IETF DNSEXT Working Group)

5. 1 March 045masseyd@isi.edu Secure DNS Query and Response Caching DNS Server End-user www.darpa.mil A = 192.5.18.195 www.darpa.mil RRSIG(A) = [signature by darpa.mil private key] Attacker can not forge this answer without knowing the darpa.mil private key. Authoritative DNS Servers

6. 1 March 046masseyd@isi.edu So What’s the Problem? l Was my IPCCC use of PKI worthwhile? n SSH reported “host key has changed” –Has anyone ever rejected a key due to this message? n The IMAP email certificate I used was self-signed. –Who should have signed this certificate? n I did not verify the PGP key for the signed email. –How would I do this effectively? PGP key servers?? n Should I have checked the web SSL certificate? l No deployment of infrastructure (DNS,BGP) PKIs.

7. 1 March 047masseyd@isi.edu Limitations of PKI Deployment l The theoretical promise of PKI technology greatly exceeds the deployed use. n Fundamental key management issues remain l Effectively Deployment Requires n Mechanism for learning the public key n Mechanism for changing the public key n Limit damage of compromised key (revocation?) l Claim this can only work in strong hierarchy.

8. 1 March 048masseyd@isi.edu Steps To Real Deployment l S-BGP: create a hierarchy where none exists. n Who signs you are allowed to announce this prefix? n How do you distribute the database? l Secure DNS overlays PKI on the DNS tree. n Simple structure in theory –Root key signs the com, net, org, edu, uk, etc, keys –Com key signs the cisco.com, ibm.com, foo.com keys –Cisco.com key signs research.cisco.com, www.cisco.com n But this assumes the entire tree deploys DNSSEC.

9. 1 March 049masseyd@isi.edu DNS: The PKI Of The Future (?) l Can use a signed DNS as the missing PKI. n Store ssh host keys in the DNS along with host IP address (IETF working group for this) n Store SSL and IMAP certificates in the DNS (DNS CERT record is already defined) n Store PGP email keys in the DNS (Functionality revoked by Massey and Rose) l What is wrong with the picture? n No revocation mechanism n Will this create a PKI or break the DNS? n Is the DNS an appropriate trust model?