carl a. gunter university of pennsylvania summer 2004
DESCRIPTION
Network Security Architectures Part 1 Fundamentals Summer School on Software Security Theory to Practice. Carl A. Gunter University of Pennsylvania Summer 2004. Public Key Infrastructure. Mutual authentication of participants in a transaction requires a system of identities - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/1.jpg)
Network Security ArchitecturesPart 1 Fundamentals
Summer School on Software Security Theory to Practice
Carl A. GunterUniversity of PennsylvaniaSummer 2004
![Page 2: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/2.jpg)
Public Key Infrastructure
Mutual authentication of participants in a transaction requires a system of identities
Principals are identified by public keys These keys can be used for authentication,
but only if “spoofing” is prevented A Public Key Infrastructure (PKI) provides a
basis for establishing trust
![Page 3: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/3.jpg)
PKI Systems
Three Philosophies Hierarchy
ITU X.509 (DAP, PKIX) DNS
Web of Trust PGP
Ad hoc SSH Most research studies
![Page 4: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/4.jpg)
X.509 Certificates
X.509 certificates bind a subject to a public key.This binding is signed by a Certificate Authority (CA).
Subject Name
Subject Public Key
CA Name
CA Signature
Subject Name
Subject Public Key
CA Name
CA Signature
![Page 5: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/5.jpg)
Chaining
Pennsylvania CA
Pennsylvania CA Key
USA CA
Philly CA
Philly CA Key
Pennsylvania CA
Joe Smith
Joe’s Key
Philly CA
Subject
Subject’s Key
Issuer
![Page 6: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/6.jpg)
Certificate Management
Distribution: How to find a certificate Certificate
accompanying signature or as part of a protocol
Directory service DAP LDAP DNS
Email Cut and paste from web
pages
Revocation: Terminate certificates before their expiration time. How does the relying
party know that the certificate has been revoked?
Many CRL distribution strategies proposed
Mitre report for NIST suggests certificate revocation will be the largest maintenance cost for PKIs
![Page 7: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/7.jpg)
Semantics of CRL’s
Three certificates.1. Q says P is the public key of Alice.2. R says P is the public key of Alice.3. Q says R is the public key of Bob.
Three kinds of revocation.1. P is not the public key of Alice. (3 not
2.)2. Q no longer vouches for whether P is
the public key of Alice. (2 and 3.)3. The key of Q has been compromised.
(2 not 3.)1998 Fox and LaMacchia
Revoke
![Page 8: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/8.jpg)
Adoption of PKI
Problems Revocation User ability to deal
with keys Registration
(challenge for all authentication techniques)
Weak business model
Areas of Progress SSL Authenticode SSH Smart cards for
government employees
Web services
![Page 9: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/9.jpg)
Challenges for Network Security
Sharing Complexity Scale Unknown perimeter Anonymity Unknown paths
![Page 10: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/10.jpg)
Internet Layers
1. Physical2. Link3. Network4. Transport5. Application
![Page 11: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/11.jpg)
Security at Layers
Physical Locked doors Spread spectrum Tempest
Link WEP GSM
Network Firewalls IPSec
Transport SSL and TLS
Application S/MIME XMLDSIG and WS
security Access control
systems for web pages, databases, and file systems
![Page 12: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/12.jpg)
Network Layer Security
HTTP FTP SMTP
TCP
IP/IPSec
![Page 13: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/13.jpg)
Transport Layer Security
HTTP FTP SMTP
TCP
IP
SSL or TLS
![Page 14: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/14.jpg)
Application Layer Security
S/MIME PGP SET
TCP
IP
SMTP HTTP
UDP
Kerberos
![Page 15: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/15.jpg)
Division of Labor in the Internet
Hosts
Routers
Networks
![Page 16: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/16.jpg)
Link
Network
Transport
Application
Link
Network
Transport
Application
Link
Network
Link
Network
TCP/IP Protocol Stack
Host HostRouter Router
Physical PhysicalPhysical Physical
![Page 17: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/17.jpg)
Communication Processing Flow
Link
Network
Transport
App2
Link
Network
Transport
Link
Network
Link
Network
App1 App2App1
Physical PhysicalPhys Phys
Link
Phys
Link
Phys
![Page 18: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/18.jpg)
Typical Patchwork
Link
Network
Transport
App2
Link
Network
Transport
Link
Network
Link
Network
App1 App2App1
Physical PhysicalPhys Phys
Link
Phys
Link
Phys
![Page 19: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/19.jpg)
Physical Layer Protection Issues
Hide signal Spread spectrum
Emission security Radio emissions (Tempest) Power emissions
![Page 20: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/20.jpg)
Encapsulation
LinkLink IP TCP Application
Link Layer Frame
Network LayerHeader
Transport LayerHeader
Application LayerPayload
![Page 21: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/21.jpg)
Link
Network
Transport
Application
Link
Network
Transport
Application
Link
Network
Link
Network
One Hop Link Layer Encryption
Host HostRouter Router
Link Link
![Page 22: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/22.jpg)
Link Layer Encryption
LinkLink IP TCP Application
Encrypted
![Page 23: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/23.jpg)
Link
Network
Transport
Application
Link
Network
Transport
Application
Link
Network
Link
Network
End-to-End Network Security
Host HostRouter Router
![Page 24: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/24.jpg)
Network Layer Transport Mode
LinkLink IP TCP Application
LinkLink IP TCP Application
Encrypted
Hdr Tlr
![Page 25: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/25.jpg)
Link
Network
Transport
Application
Link
Network
Transport
Application
Link
Network
Link
VPN Gateway
Host HostRouter Router
Network
![Page 26: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/26.jpg)
Network Layer Tunnel Mode
LinkLink IP TCP Application
LinkLink New IP TCP ApplicationHdr IP
Encrypted
Tlr
![Page 27: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/27.jpg)
Layer 3 Implementation Options
Location Host Network
Style Integrated Modular (for tunnel mode)
![Page 28: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/28.jpg)
Modular Implementation:Bump In The Stack (BITS)
Link
Security
Network
App2
Link
Network
Link
Network
Link
Net + Sec
App1 App2App1
Transport
Transport
![Page 29: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/29.jpg)
Security
Modular Implementation:Bump In The Wire (BITW)
Link
Network
Security
App2
Link
Network
Link
Network
Link
Network
App1 App2App1
Transport Transport
![Page 30: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/30.jpg)
Implementation Options:Integrated on Host
Link
Net + Sec
App2
Link
Net + Sec
Link
Network
Link
Network
App1 App2App1
Transport Transport
![Page 31: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/31.jpg)
Implementation Options:Integrated on Router
Link
Network
App2
Link
Network
Link
Net + Sec
Link
Net + Sec
App1 App2App1
Transport Transport
![Page 32: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/32.jpg)
Network Security Location Options
Link
Network
Transport
Application
Link
Network
Transport
Application
Link
Network
Link
Network
Link
Network
Transport
Application
Link
Network
Transport
Application
Link
Network
Link
Network
Link
Network
Transport
Application
Link
Network
Transport
Application
Link
Network
Link
Network
End-to-End Transport
Voluntary Tunnel
Involuntary Tunnel
![Page 33: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/33.jpg)
Link
Network
Transport
Application
Link
Network
Transport
Application
Link
Network
Link
Network
Transport Layer Security
Host HostRouter Router
![Page 34: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/34.jpg)
Transport Layer Encryption
LinkLink IP TCP Application
LinkLink IP TCP Application
Encrypted
RH
LinkLink IP TCP App
![Page 35: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/35.jpg)
Message Processing Sequence
Link
Network
Transport
App2
Link
Network
Transport
Link
Network
Link
Network
App1 App2App1
App2 Sec App2 Sec
![Page 36: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/36.jpg)
Application Layer Security
LinkLink IP TCP Application
LinkLink IP TCP ApplicationKey ID
Encrypted
![Page 37: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/37.jpg)
Link Layer Security
Advantages: Transparent to applications Hardware solution possible Can address especially vulnerable links
(viz. wireless) Disadvantages:
Hop-by-hop protection causes multiple applications of crypto operations
May not provide end to end security
![Page 38: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/38.jpg)
Network Layer Security
Advantages Transparent to applications Amenable to hardware Flexible
Disadvantages Makes routing more complex Flexibility introduces policy
management and compatibility challenges
![Page 39: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/39.jpg)
Transport Layer Security
Advantages Transparent to applications and may be
packaged with applications Exposing TCP enables compression and
QoS classification Disadvantages
Probably implemented in software Exposing TCP risks DoS
![Page 40: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/40.jpg)
Application Layer Security
Advantages Customized to application Requires no special protocol stack
(transparent to networking) Disadvantages:
Hard to share between applications (viz. standardization challenge)
![Page 41: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/41.jpg)
Protocols to Software
There are important differences between theoretical descriptions, standards and software Evolution (versions, extensibility) Interoperability (options, negotiation) Error modes
Two brief case studies Transport Layer Security (TLS) Network layer security (Ipsec)
![Page 42: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/42.jpg)
Secure Socket Layer (SSL)
Session protocol with: Server authentication Client authentication optional Integrity checksum Confidentiality
Possibly the most important security-related ecommerce protocol
Session sets up security parameters Many connections possible within a given session Current version TLS 1.0
http://www.ietf.org/rfc/rfc2246.txt
![Page 43: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/43.jpg)
X.509 Key Est. Messages
Let DA = EB(k), rA, LA, A. Let DB = rB, LB, rA, A Two messages:
1. A -> B : certA, DA, SA(DA)Check that the nonce rA has not been seen, and is not expired according to LA. Remember it for its lifetime LA.
2. B -> A : certB, DB, SB(DB)Check the rA and A. Check that rB has not been seen and is not expired according to LB.
![Page 44: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/44.jpg)
Establish Security Capabilities
Client Hello
Server Hello
Client Server
Time
![Page 45: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/45.jpg)
Server Auth & Key Exchange
Server Hello Done
Client Server
Time
Certificate Request
Server Key Exchange
Certificate
Optional
![Page 46: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/46.jpg)
Client Auth & Key Exchange
Client Server
Time
Certificate Verification
Client Key Exchange
Certificate
Optional
Optional
![Page 47: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/47.jpg)
Client Auth & Key Exchange
Client Server
Time
Change Cipher Spec
Finish
Change Cipher Spec
Finish
![Page 48: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/48.jpg)
IPsec
Modes Tunnel Transport
Protocols Authenticated
Header (AH) Encapsulated
Security Payload (ESP)
Configurations End-to-end Concatenated Nested
Principal elements Security
Associations (SAD) Internet Key
Exchange (IKE) Policy (SPD)
![Page 49: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/49.jpg)
Typical Case
Client
Server
S
SESP ESPG
S
Gateway
Internet
Corporate Network
![Page 50: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/50.jpg)
Encapsulated Security Header and Trailer
Security Parameter Index (SPI)
Sequence Number
Initialization Vector
Protected Data
PadPad Length Next Header
Authentication Data
16-23 23-310-7 8-15
![Page 51: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/51.jpg)
Security Association
An SA describes the parameters for processing a secured packet from one node to another
SAs are simplex: use one for each direction
If more than one SA is used for a packet the applicable SAs are called an “SA bundle”
![Page 52: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/52.jpg)
SA Parameters (ESP Only)
Sequence number, Sequence number overflow, Anti-replay window
Lifetime Mode Tunnel destination PMTU Encryption algorithm (IV, etc.) Authentication algorithm
![Page 53: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/53.jpg)
Policy
Policy is not standardized in IPSec but certain basic functionality is expected
A Security Policy Database (SPD) is consulted to determine what kind of security to apply to each packet
The SPD is consulted during the processing of all traffic: Inbound and outbound IPSec and non-IPSec
![Page 54: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/54.jpg)
SPD Actions
Discard Bypass IPsec Apply IPsec: SPD must specify the
security services to be provided. For inbound traffic it is inferred from:
destination address, protocol, SPI. For outbound traffic this is done with a
selector.
![Page 55: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/55.jpg)
Selectors
Selectors are predicates on packets that are used to map groups of packets to SAs or impose policy
They are similar to firewall filters Selector support
Destination and source IP addresses Name (DNS, X.509) Source and destination ports (may not
be available on inbound ESP packets; use inner header for inbound tunnel mode)
![Page 56: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/56.jpg)
IPsec Processing: Outbound
Use selectors in SPD to determine drop, bypass, or apply
If apply, determine whether an SA or SA bundle for the packet exists If yes, then apply all appropriate SAs before
dispatching If no, then create all necessary SAs. Apply
these when done before dispatching
![Page 57: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/57.jpg)
IPsec Processing: Inbound
If there are no IPsec headers check SPD selectors to determine processing discard, bypass, or apply
If apply, then drop If there are IPsec headers, apply SA
determined by SPI, destination, protocol
Use selectors on result to retrieve policy and confirm correct application
![Page 58: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/58.jpg)
Internet Key Exchange (IKE)
Motivating problem: Security settings (SAs) must be highly configurable
Solutions: Let network administrator manually
configure SA (most common) Provide mechanism to allow automatic
negotiation and configuration Can be found at:
http://ietf.org/internet-drafts/draft-ietf-ipsec-ikev2-13.txt
IKEv2 Current as of March 22, 2004
![Page 59: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/59.jpg)
Station to Station Protocol
1. A -> B : YA (Diffie-Hellman public key)
Calculate k.
2. B –> A : YB, E(k, SB(YB, YA))Calculate k, use it to decrypt the signature, check the signature using the verification function of B and known values YB, YA.
3. A -> B : E(k, SA(YA, YB))Decrypt the signature and check it using the verification function of A.
![Page 60: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/60.jpg)
High-level view
Requester: Responder:
IKE_SA_INIT --> <-- IKE_SA_INIT IKE_AUTH --> <-- IKE_AUTH
These are mandatory message exchange pairs, and must be executed in this order.
![Page 61: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/61.jpg)
High-level view
Initiator: Responder:
CREATE_CHILD_SA --> <--
CREATE_CHILD_SA INFORMATIONAL --> <--
INFORMATIONAL These messages are optional and can
be sent by either party at any time.
![Page 62: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/62.jpg)
Changes from IKEv1
4 initialization messages instead of 8 Decrease latency in common case of 1
CHILD_SA by piggybacking this onto initial message exchanges
Protocol is reliable (all messages are acknowledged and sequenced)
Cookie exchange option ensures that the responder does not have to commit state until initiator proves it can accept messages
![Page 63: Carl A. Gunter University of Pennsylvania Summer 2004](https://reader036.vdocument.in/reader036/viewer/2022062309/5681462a550346895db3380b/html5/thumbnails/63.jpg)
Summary
PKI provides potential scalable identities for the Internet but adoption has been difficult
Network protocols are designed in layers; security can be provided at multiple layers with various tradeoffs
Theoretical protocols differ in significant ways from Internet standards and software