ece454/599 computer and network security dr. jinyuan (stella) sun dept. of electrical engineering...
TRANSCRIPT
![Page 1: ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012](https://reader036.vdocument.in/reader036/viewer/2022062717/56649e355503460f94b24594/html5/thumbnails/1.jpg)
1
ECE454/599 Computer and Network Security
Dr. Jinyuan (Stella) SunDept. of Electrical Engineering and Computer ScienceUniversity of Tennessee Fall 2012
![Page 2: ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012](https://reader036.vdocument.in/reader036/viewer/2022062717/56649e355503460f94b24594/html5/thumbnails/2.jpg)
Public Key Infrastructure
• PKI Trust Models• Revocation• Directories• PKIX and X.509• Authorization
![Page 3: ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012](https://reader036.vdocument.in/reader036/viewer/2022062717/56649e355503460f94b24594/html5/thumbnails/3.jpg)
Authenticity of Public Keys
?
Problem: How does Alice know that the public key she received is really Bob’s public key?
private key
AliceBob
public key
Bob’s key
![Page 4: ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012](https://reader036.vdocument.in/reader036/viewer/2022062717/56649e355503460f94b24594/html5/thumbnails/4.jpg)
Certificate and CAPublic-key certificate
◦ Signed statement specifying the key and identity sigAlice(“Bob”, PKB)
Common approach: certificate authority (CA)◦ Single agency responsible for certifying public
keys◦ After generating a private/public key pair, user
proves his identity and knowledge of the private key to obtain CA’s certificate for the public key (offline)
◦ Every computer is pre-configured with CA’s public key
![Page 5: ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012](https://reader036.vdocument.in/reader036/viewer/2022062717/56649e355503460f94b24594/html5/thumbnails/5.jpg)
Using Public-Key Certificates
Authenticity of public keys is reduced toauthenticity of one key (CA’s public key)
![Page 6: ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012](https://reader036.vdocument.in/reader036/viewer/2022062717/56649e355503460f94b24594/html5/thumbnails/6.jpg)
Public Key InfrastructureThe task of PKI is to securely
distribute public keys.PKI consists of
◦certificates◦a repository for retrieving certificates◦a method of revoking certificates◦a method of evaluating a chain of
certificates from a trust anchor to the target name
![Page 7: ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012](https://reader036.vdocument.in/reader036/viewer/2022062717/56649e355503460f94b24594/html5/thumbnails/7.jpg)
Hierarchical ApproachSingle CA certifying every public key is
impracticalInstead, use a trusted root authority
◦ For example, Verisign◦ Everybody must know the public key for
verifying root authority’s signaturesRoot authority signs certificates for lower-
level authorities, lower-level authorities sign certificates for individual networks, and so on◦ Instead of a single certificate, use a certificate
chain sigVerisign(“UnB”, PKUT), sigUT(“Manoel”, PKV)
◦ What happens if root authority is ever compromised?
![Page 8: ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012](https://reader036.vdocument.in/reader036/viewer/2022062717/56649e355503460f94b24594/html5/thumbnails/8.jpg)
Alternative: “Web of Trust”Used in PGP (Pretty Good Privacy)Instead of a single root certificate
authority, each person has a set of keys they “trust”◦ If public-key certificate is signed by one of the
“trusted” keys, the public key contained in it will be deemed valid
Trust can be transitive◦ Can use certified keys for further certification
AliceFriend of Alice
Friend of friendBob
sigAlice(“Friend”, Friend’s key)
sigFriend(“FoaF”, FoaF’s key)
I trustAlice
![Page 9: ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012](https://reader036.vdocument.in/reader036/viewer/2022062717/56649e355503460f94b24594/html5/thumbnails/9.jpg)
Chain of TrustSmall World: Any two people in this
world can be connected via “six degrees of separation”
[Carol’s public key is 123456] Ted
[David’s public key is 789012] Carol
[Bob’s public key is 345678] David
Alice: Ted’s public key is 135790 (Trust anchor)
![Page 10: ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012](https://reader036.vdocument.in/reader036/viewer/2022062717/56649e355503460f94b24594/html5/thumbnails/10.jpg)
PKI Trust ModelAnswering the following questions.
◦ Where to get trust anchors?◦ Which chain of trust to follow?
Various models◦ Monopoly Model◦ Monopoly plus Registration Authorities◦ Delegated CAs◦ Oligarchy◦ Anarchy Model◦ Top-Down with Name Constraints◦ Bottom-UP with Name Constraints
![Page 11: ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012](https://reader036.vdocument.in/reader036/viewer/2022062717/56649e355503460f94b24594/html5/thumbnails/11.jpg)
Monopoly Model
Monopoly Model◦ There is a single CA, which is the trust
anchor of all principles.
Monopoly Plus Registration Authorities (RAs)◦ CA issues certificates, but delegates the
verification of keys to RAs.
![Page 12: ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012](https://reader036.vdocument.in/reader036/viewer/2022062717/56649e355503460f94b24594/html5/thumbnails/12.jpg)
Delegated CAsThe trust anchor CA generates
certificates for delegated CAs, which in turn generates certificates for principles.
More than one certificate is needed in the process of verification of a public key.
![Page 13: ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012](https://reader036.vdocument.in/reader036/viewer/2022062717/56649e355503460f94b24594/html5/thumbnails/13.jpg)
Oligarchy Model
Multiple trust anchor CAs are pre-configured in all principals
User has an option to modify the list of trust anchor CAs
Commonly used in browsers (SSL/TLS)
![Page 14: ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012](https://reader036.vdocument.in/reader036/viewer/2022062717/56649e355503460f94b24594/html5/thumbnails/14.jpg)
Anarchy ModelEach principal selects a set of peers as trust
anchors; Principals sign each others’ certificates.A principal may store a database of known
certificates; Some organization may offer public repository of certificates.
If a chain of trust (certificates) can be found from a trust anchor to a target name, then the public key of the target is verified.
![Page 15: ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012](https://reader036.vdocument.in/reader036/viewer/2022062717/56649e355503460f94b24594/html5/thumbnails/15.jpg)
Top-Down with Name ConstraintsName constraints: each CA only trusted
for signing a subset of users. Similar to DNS hierarchy, each domain
may have a CA server. The CA of the parent domain (utk.edu) generates certificates for the CAs responsible of the sub-domains (eecs.utk.edu).
Each principal is pre-configured with the public key of the root.
The only trust path is from the root to the target.
![Page 16: ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012](https://reader036.vdocument.in/reader036/viewer/2022062717/56649e355503460f94b24594/html5/thumbnails/16.jpg)
Bottom-Up with Name ConstraintsA parent CA and a child CA generate
certificates for each other.Two CAs without parent-child relationship
may generate a certificate, known as a cross-certificate.
The trust paths start from a trust anchor, follow up-links to an ancestor, possibly follow a cross-link, then follow down-links to the target.
![Page 17: ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012](https://reader036.vdocument.in/reader036/viewer/2022062717/56649e355503460f94b24594/html5/thumbnails/17.jpg)
Directories A directory is a distributed hierarchical
database indexed by a hierarchical name, where associated with each name is a repository of information for that name.
E.g., DNS, X.500
![Page 18: ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012](https://reader036.vdocument.in/reader036/viewer/2022062717/56649e355503460f94b24594/html5/thumbnails/18.jpg)
PKIX and X.509X.500 (Directory standard) defines a
hierarchical naming scheme.X.509 defines the format of
certificates, using X.500 names.PKIX defines the trust model, and
specifies which X.509 options should be supported: an architecture of entities (users, CAs, RAs…) and interrelationships (registration, certification, CRL publication)
![Page 19: ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012](https://reader036.vdocument.in/reader036/viewer/2022062717/56649e355503460f94b24594/html5/thumbnails/19.jpg)
X.509 Authentication ServiceInternet standard (1988-2000)Specifies certificate format
◦ X.509 certificates are used in IPSec and SSL/TLS
Specifies certificate directory service◦ For retrieving other users’ CA-certified public
keysSpecifies a set of authentication protocols
◦ For proving identity using public-key signaturesDoes not specify crypto algorithms
◦ Can use it with any digital signature scheme and hash function, but hashing is required before signing
![Page 20: ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012](https://reader036.vdocument.in/reader036/viewer/2022062717/56649e355503460f94b24594/html5/thumbnails/20.jpg)
X.509 Certificate
Added in X.509 versions 2 and 3 to address
usability and security problems
![Page 21: ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012](https://reader036.vdocument.in/reader036/viewer/2022062717/56649e355503460f94b24594/html5/thumbnails/21.jpg)
Certificate RevocationRevocation is very importantMany valid reasons to revoke a certificate
◦ Private key corresponding to the certified public key has been compromised
◦ User stopped paying his certification fee to this CA and CA no longer wishes to certify him
◦ CA’s certificate has been compromised!Expiration is a form of revocation, too
◦ Many deployed systems don’t bother with revocation
◦ Re-issuance of certificates is a big revenue source for certificate authorities
![Page 22: ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012](https://reader036.vdocument.in/reader036/viewer/2022062717/56649e355503460f94b24594/html5/thumbnails/22.jpg)
Certificate Revocation MechanismsOnline revocation service (OLRS)
◦ When a certificate is presented, recipient goes to a special online service to verify whether it is still valid Like a merchant dialing up the credit card processor
Certificate revocation list (CRL)◦ CA periodically issues a signed list of revoked
certificates Credit card companies used to issue thick books of
canceled credit card numbers
◦ Can issue a “delta CRL” containing only updates
Question: does revocation protect against forged certificates?
![Page 23: ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012](https://reader036.vdocument.in/reader036/viewer/2022062717/56649e355503460f94b24594/html5/thumbnails/23.jpg)
X.509 Certificate Revocation List
Because certificate serial numbers
must be unique within each CA, this is
enough to identify the certificate
![Page 24: ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012](https://reader036.vdocument.in/reader036/viewer/2022062717/56649e355503460f94b24594/html5/thumbnails/24.jpg)
X.509 Version 1
Encrypt, then sign for authenticated encryption◦ Goal: achieve both confidentiality and
authentication◦ E.g., encrypted, signed password for access
control
Does this work?
Alice Bob
“Alice”, sigAlice(TimeAlice, “Bob”,
encryptPublicKey(Bob)(message))
![Page 25: ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012](https://reader036.vdocument.in/reader036/viewer/2022062717/56649e355503460f94b24594/html5/thumbnails/25.jpg)
Attack on X.509 Version 1
Receiving encrypted password under signature does not mean that the sender actually knows the password!
Proper usage: sign, then encrypt
Alice Bob
“Alice”, sigAlice(TimeAlice, “Bob”,
encryptPublicKey(Bob)(password))
Attacker extracts encrypted
password and replays itunder his own signature
“Charlie”, sigCharlie(TimeCharlie, “Bob”,
encryptPublicKey(Bob)(password))
![Page 26: ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012](https://reader036.vdocument.in/reader036/viewer/2022062717/56649e355503460f94b24594/html5/thumbnails/26.jpg)
Authentication and Authorization
Authentication: verify who you are.Authorization: restrict what you
can do.
![Page 27: ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012](https://reader036.vdocument.in/reader036/viewer/2022062717/56649e355503460f94b24594/html5/thumbnails/27.jpg)
AuthorizationAccess Control List (ACL)
◦Given a resource, the ACL specifies which user can have what rights in accessing the resource.
Capability List ◦Given a user, the capability list
specifies what resources the user can access and what are the right for each resource.
![Page 28: ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012](https://reader036.vdocument.in/reader036/viewer/2022062717/56649e355503460f94b24594/html5/thumbnails/28.jpg)
Groups and RolesGroups
◦A way to remove redundancy in ACLs or capability lists.
Roles◦A different way of removing
redundancy, other than groups.◦Establish a context for a user to
perform his tasks.
![Page 29: ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012](https://reader036.vdocument.in/reader036/viewer/2022062717/56649e355503460f94b24594/html5/thumbnails/29.jpg)
SummaryTrust: PKI trust models
- how to find trust anchors (CA, peer)- how to establish chain-of-trust
Certificate: proof of trust- what is a certificate- why is it needed- format: X.509- revocation: needed whenever a credential is issued
![Page 30: ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012](https://reader036.vdocument.in/reader036/viewer/2022062717/56649e355503460f94b24594/html5/thumbnails/30.jpg)
Reading Assignment
[Kaufman] Chapter 15