Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007.

Published byAshlynn Elliott Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007."— Presentation transcript:

1 1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007

2 Rocky, K. C. Chang2 The problem  Problem: How do principals learn each other’s public keys for a number of public- key based protocols, such as IPSec, IKE, PGP, S/MIME, or SSL?  Some naïve solutions: Configure each principal with the public key of every other principal (scalability problem). Publish public keys in Web sites or newspapers (authentication and scalability problems).

3 Rocky, K. C. Chang3 The PKI solution  One accepted solution is through trusted intermediaries known as certification authorities (CAs).  Alice generates her public/private key pair. Keep the private key. Take the public key to the CA, say k. The CA has to verify that Alice is who she says she is. The CA then issues a digital statement stating that k belongs to Alice.

4 Rocky, K. C. Chang4 PKI

5 Rocky, K. C. Chang5 The digital certificate  CAs digitally sign data structures known as certificates that state the mapping between names and public keys.  A typical certificate contains a serial number (03) the name of the principal being certified (www.comp.polyu.edu.hk) the public key of the principal (PKCS#1 RSA encryption, 140 bytes) the name of the certification authority (HKPU) valid duration of the certificate (not before, not after) extensions a digital signature (PKCS#1 MD5 with RSA encryption, 128 bytes)

6 Rocky, K. C. Chang6 X.509 PKI (PKIX)  PKIX defines a profile to facilitate the use of X.509 certificates within Internet application (RFC 2459). It specifically profiles the X.509 v3 certificate and X.509 v2 CRL. This profile does not assume the deployment of an X.500 directory system. The v3 certificate format extends the v2 format by adding provision for additional extension fields, e.g.,  The subject alternative names extension allows additional identities to be bound to the subject of the certificate, such as an Internet electronic mail address, a DNS name, an IP address, and a URI.

7 Rocky, K. C. Chang7 Digitally signed documents Alice’s document without signature Hash Alice’ private key Alice’s document without signature Signature Sent to Bob From Alice Alice’s document without signature Signature Alice’ public key Hash Compare

8 Rocky, K. C. Chang8 Digital certificates Alice’s certificate without signature Hash CA1’s private key Alice’s certificate without signature CA1’s signature Sent to Bob From Alice Alice’s certificate without signature CA1’s signature CA1’s public key Hash Compare

9 Rocky, K. C. Chang9 Multilevel certificates  If Alice’s certification is issued by CA1 and Bob knows CA1’s public key, he can securely obtain Alice’s public key from Alice’s certificate.  In general, Bob may not know the public key of Alice’s CA (but he knows CA3’s public key). Therefore, it is necessary for Bob to obtain a chain of certificates (also known as certification path), e.g., [CA2’s public key is P2] signed by CA3 [CA1’s public key is P3] signed by CA2 [Alice’s public key is P4] signed by CA1

10 Rocky, K. C. Chang10 Expiration  No cryptographic key should be used indefinitely. A certificate should not be valid forever either.  Expiration is also important in keeping information up-to-date.  Not before and not after Participants in a PKI needs a clock.

11 Rocky, K. C. Chang11 Separate registration authority  A HR department verifies the employees and the IT department runs as the CA.  Adding a third party RA complicates the protocol sigificantly.  The best model for this scenario: IT acts as a CA and the HR as a sub-CA. Have IT and HR serve as separate entities and specify the HR-IT interaction.

12 Rocky, K. C. Chang12 Examples  Every HK resident can communicate with each other securely. Have the post office serve as the CA for HK. Every resident is issued a certificate.  A company has a VPN to allow its employees to access to the corporate network from outside. The company acts as the CA. Each employee is issued a certificate.  A bank allows its customers to perform financial transactions on the bank’s website. The bank is the CA. The customers are issued certificates.

13 Rocky, K. C. Chang13 Certificate revocation  The hardest problem to solve in a PKI is revocation.  For various reasons (e.g., employment termination, key compromised), a certificate may no longer be valid before the expiration date.  Requirements: speed and reliability of revocation.  Two solutions Define a Certification Revocation List (CRL), which contains serial numbers that should not be honored. Fast expiration: each certificate is given a very short expiration time.

14 Rocky, K. C. Chang14 Certification Revocation List  A CA periodically issues a signed CRL available in a public repository. An advantage of this approach is that CRLs may be distributed by exactly the same means as certificates.  Therefore, a certificate is valid if it has a valid CA signature and has not expired and is not listed in the CA’s most recent CRL.

15 Rocky, K. C. Chang15 Fast expiration  Each time Alice wants to use her certificate, she gets a new one from the CA.  The major advantage is using the already available certificate issuing mechanism.  Whether this approach is possible depends on mostly whether the application demands instantaneous revocation.

16 Rocky, K. C. Chang16 PKI in reality  The PKI ties Alice’s public key to her name. What name should be used in a PKI? Identical names A person with multiple names Cannot use HKID,  Authority of assigning keys to names What makes that CA authoritative with respect to these names? Who has the authority of assigning keys in a universal PKI?

17 Rocky, K. C. Chang17 PKI in reality (cont’d)  Trust of being the CA What/who can be trusted as a CA in a universal PKI? The trust relationships that are used by the CA are ones that already exist and are based on contractual relationships.  Authorization Who is authorized to do what? Keys  (PKI) names  (ACL) permissions Direct authorization: Keys  permissions E.g., a bank’s PKI ties Alice’s key to the credential that allow access to Alice’s account. E.g., a door lock does not recognize who holds the key.

18 Rocky, K. C. Chang18 A more realistic PKI  Each application/organization has its own CA. The world consists of a large number of small PKIs. Each user is a member of many different PKIs at the same time. Cross certification  The PKI’s main purpose is to tie a credential to the key. Not to tie keys to names.

19 Rocky, K. C. Chang19 Summary  There will never be a universal PKI.  PKI is difficult to manage and use. The 5 th Annual PKI R&D Workshop: “Making PKI Easy to Use.”  The PKI’s main purpose is to tie a credential to the key. It is not about the key management problem.  Choose between a key server approach and a PKI approach.  Nevertheless, a number of PKI initiatives is still going on, e.g., Federal PKI (FPKI) in the US.

20 Rocky, K. C. Chang20 Acknowledgments  The notes are prepared mostly based on N. Ferguson and B. Schneier, Practical Cryptography, Wiley, 2003. R. Housley, W. Ford, W. Polk, D. Solo, “Internet X.509 Public Key Infrastructure Certificate and CRL Profile,” RFC 2459, January 1999.

Download ppt "1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007."

Similar presentations

Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Certificates Last Updated: Aug 29, 2013. A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.

Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct, 17 2012.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
Slide 1 Many slides from Vitaly Shmatikov, UT Austin Public-Key Infrastructure CNS F2006.

Slide 1 Many slides from Vitaly Shmatikov, UT Austin Public-Key Infrastructure CNS F2006.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.

1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.

Similar presentations

Ads by Google