pki & certification authority 1. cryptography is not all about security but there is no global...
TRANSCRIPT
Major Cryptographic Systems
• Secret key Cryptography(Symmetric)
• Public key Cryptography(Asymmetric)
Plaintext Ciphertext PlaintextDecryptionAlgorithm
EncryptionAlgorithm
K1 K2
3
Symmetric, or Secret Key, Cryptography
• Sharing secret keys is– Difficult to get started: Alice needs to go see Bob
before she can send him a secret message.– Hard to scale: If Alice wants to send a message to
Carol, she has to start over with a new secret.– An oxymoron: If Alice and Bob both have the key
is it really secret? Alice has to trust Bob completely
4
Asymmetric, or Public Key, Cryptography
• There are no shared secret keys
• There are lots and lots of public keys– Each person has their own key pair(s), with a
private (really!) key and a public key
• Alice has two burning questions– “Whose key is this anyway?”– “Is this key still valid?”
5
Symmetric vs. asymmetric cryptography
• Asymmetric cryptography has easier key management
• Why not always use asymmetric cryptography– Slower
– Needs longer keys
9
Important to Note:
1. Determining whether a large number is prime or composite is easy;
2. Multiplying 2 large numbers together is easy;
3. Factorising a large number which is the product of 2 large primes (i.e. retrieving the original prime factors) is very difficult.
11
Encryption:1.Divide the message into blocks m
where m < n.
2.Compute and send c me (mod n).
Decryption:1.Compute cd m (mod n)
12
Solving a problem
Suppose I have
• a prime number p;
• a number m between 1 and p-1, another number e also between 1 and p-1;
And I compute
• c = me mod p
If I give you c,e and p can you find m?
13
Yes you can if you take the following steps:
1. Find a number d such that e*d=1 mod p-1
2. Compute cd mod p = m
But if the modulus is not a prime number?
14
RSA Key Generation
1. Let p,q be large prime numbers, randomly chosen from the set of all large prime numbers.
2.Compute n = pq.
3.Select e randomly such that gcd(e,(n)=1
4.Compute d e-1 (mod (n)).
5.Publish n and e. Keep p, q and d secret.
15
Key Length
• Typical RSA key length: 1024 bits
• Security about 280 against best methods– comparable to 160-bit ECC, 80-bit symmetric in
terms of operations– … but RSA-breaking methods require much more
memory
16
Implementation Issues
• For key generation need efficient method to generate huge primes
• For encryption and decryption– Efficient modular arithmetic– Efficient exponentiation
17
RSA Performance
The RSA operation involves modular multiplication, which takes time proportional to (log n)2.
Public-key: 2 to 17 multiplications if e has few non-zero bits.
Private-key: 1.5 log n multiplications.Given p,q, four times faster usingthe Chinese Remainder Theorem.
Good public-key speed, fair private-key speed - but good in combination with secret key, message digest.
18
Software Implementation
Pentium III, 700 MHz- 1024-bit RSA
key generation 430 msencryption 0.35 msdecryption 16.8 ms
using CRT and e = 17.
http://www.cpktec.com/performance.html
19
Common Modulus Problem
Users should use a different modulus otherwise
- users can discover each other’s private key
- Possible to fake signatures.
21
Types of Factoring Algorithm
• Special purpose– P and q too close
– P and q too far away
• General Purpose– Does not depend on structure of p and q
– Can work in parallel
– Most powerful technique is NFS used in 1999 to factor 512 bit RSA challenge number.
22
New Attacks on RSA Algorithm
• Quantum Computer– Cryptanalysis in linear time.– Infeasible with current technology.
23
• Shamir, Trommer 2002, 2003
Improvements on NFS
Number of Bits Time Cost
512 10 mins $10K
1024 1 year $10M
24
• Timing Analysis (Paul Kocher 1995)– Encryption of known plaintext may provide leakage of
information.– 512-bit modulus attacked using 2000 plaintext
encryption.– Attack may apply in the case of use of RSA in smart
cards.
• How to avoid Timing Analysis attacks– Use fixed time for encryption process.– Multiply by random blinding factor.
25
Digital Signature vs. Handwritten :
• Features of handwritten signatures: -Is unique to the signer -The signer couldn’t deny it later -No one could generate it• Features of digital signatures: -Depends on the message -Unique to the signer -Easy to generate -Easy to verify - Not to be forged computationally -Could be copied
26
Message MessageDigest
EncryptionFunction
Digital Signature
HashFunction
HashFunction
Private Key
Message
CREATING A DIGITAL SIGNATURE
27
Message
Digest 2Result
DecryptionFunction
Digital Signature
Public Key
Valid Y/N?
VERIFYING A DIGITAL SIGNATURE
Digest 1Result
HashFunction
HashFunction
28
Digital Signature Standards
• 1-DSS
• 2-RSA
• 3-ECDSA(Elliptic Curve Digital signature Algorithm)
29
Digital Signatures in Open Systems
• How do you know that the public key belongs to the other party?
• Is this key still valid?
30
• We know that the only person who can create a valid digital signature is the one who holds the private key.
• But what if someone steals the private key?
31
A partial solution: PKI
• As a means of addressing these problems, the general idea of a Public Key Infrastructure was born.
• PKI is the infrastructure that creates and manages electronic credentials, allowing the use of digital signatures and their underlying keys and certificates across the Internet.
• PKI is essentially a way to “publish” public key values in a way that is almost (but not really) analogous to a telephone book.
33
What is a Public Key Infrastructure?
• A complex infrastructure of - Hardware - Software databases - Networks -Security procedures -Legal obligations …that will enable us to use Public Key Envelopes
and Digital Signatures to do those things we have historically done with handmade marks in ink on paper.
34
How Does PKI Work?
• PKI helps us by providing two things:– Certification: The binding of a public key to
something (person, place or thing…)– Validation: The ability to check if such a binding
is a valid one.
35
Public Key Infrastructure Components
• There are four basic infrastructure components– Certification Authority (CA) – generates certificates
and CRLs– Registration Authority (RA) – checks users identity to
ensure binding is correct– Directory – database of certificates and CRLs– Archive – keeps old certificates and CRLs for use in
distant future
36
Bob Alice
CA
1. Alice convinces CA of her identity, provides public key
3. Alice provides Bob with her digital certificate, which provides and certifies Alice’s public key
2. CA givesdigital certificateto Alice
4. Bob verifies CA signature using CA public key
0. Alice generates key pair
38
Achieving Security with PKI:An Encryption Example
• Alice creates a key pair and goes to the RA to request a certificate
• The RA checks her ID and requests the certificate from the CA
• The CA posts it in the directory• Bob gets the certificate from the directory• Bob verifies her certificate, makes sure its not on the
CRL, and uses her public key to send her a secret message
39
Achieving Security with PKI:A Digital Signature Example
• Alice creates a key pair and goes to the RA to request a certificate
• The RA checks her ID and requests the certificate from the CA
• The CA posts it in the directory• Alice uses her private key to sign a message• Bob gets the certificate from the directory• Bob verifies her certificate, makes sure its not on the
CRL, and uses the public key to verify her signature
40
• CA’s have the critical role in data security and e-commerce
• They guarantee that two parties exchanging information are really who they claim to be
41
Certification Authority
• Issue certificates• Publish certificates• Revocation of certificates• Renew certificates• Manage databases (valid/revoked certificates)• Security Policy Authority• Key pair generation for users• Key Recovery Authority
42
Registration Authority
• Registration of the users (check identity)
• interaction with certificate applicants
• checking of identity of applicants
• forwarding of certificate creation requests and
certificate revocation requests to CA
• storing of keys and certificates on smart card
of user
43
What is a certificate?
• A certificate and the corresponding private key constitute the fundamental personal identifier in a PKI.
• A certificate identifies a person to a remote computer (or vice versa) – the private key is needed to complete the authentication.
• In particular, a certificate does not contain authorisation information.
44
Digital Certificate’s contents:
-name and other information of the owner
-a serial number
-public key specifications
-the expiration date
-the signature of CA
45
Anatomy of a certificate
ABCDEFGHIJKLMNOPQRSTUV
Signature from CA’s private key
Validity Data
Public Key
A text string
Extensions
46
Digital Certificate
Standard:
-X509 is an standard for digital certificate.It is as a part of standard group ITU-OSI.
-X509 v2
-X509 v3
47
What does a certificate look like?
Issuer’s identity:
Frank the CA
Subject’s Name:
Joe
Valid Dates:
From 1.1.1965
To: 12.31.2065
Key Info:RSA Signature Key
N=55, e=17
This is Joe’s key…really!
Signed, Frank the CA
Well…that depends, but it will likely have the following fields:
48
CA examples:
-Verisign, April 1995, California -Belsign-Globalsign,1996, Belgium - OnWatch, Bell, Canada -Icetel, Telematic, EU -Keywitness,1995, Canada -Semper, EU -Thawte Consulting, South Africa
49
SoftwareCode Signing
SoftwareCode Signing
EncryptingFile SystemEncryptingFile System
Smart CardLogon
Smart CardLogon
…… IP SecurityIP Security
InternetAuthentication
InternetAuthentication
SecureE-mailSecureE-mail
Applications That Use a PKI
Certificate ServicesCertificate Services
SoftwareRestriction Policy
SoftwareRestriction Policy
DigitalSignatures
DigitalSignatures
50
PKI and e-Business
• The initial reason for implementing a PKI initiative in an organization was to secure e-Business.
• In order to communicate securely with business partners and to conduct transactions in a legal manner, the necessity of a PKI for the security industry was evident.
53
Below figure shows that majority of the respondents (55%) had more than one e-Business application PKI-
enabled
54
How to Identify Technical Requirements
For Ask
Security requirements
What is your organization’s security policy?Do you have any business partners? Do you have requirements for complying with industry or government standards?
Administration requirements
Who will manage CAs?Who will manage certificates?
Availability requirements
How many CAs does your organization require?How are certificates distributed between CAs?
56
A security policy:A security policy:
Defines for using security services
Identifies applications to secure by using certificates
Defines security services to offer by using certificates
Defines for using security services
Identifies applications to secure by using certificates
Defines security services to offer by using certificates
Security Policy
57
A certificate policy describes:A certificate policy describes:
The user identification process
Private key management requirements
The process for responding to lost or compromised private keys
Certificate enrollment and renewal requirements
The maximum value for transactions
The user identification process
Private key management requirements
The process for responding to lost or compromised private keys
Certificate enrollment and renewal requirements
The maximum value for transactions
Certificate Policy
58
A CPS can include these sections:A CPS can include these sections:
Introduction
General Provisions
Identification and Authentication
Operational Requirements
Physical, Procedural, and Personnel Security Controls
Technical Security Controls
Certificate and CRL Profile
Specification Administration
Introduction
General Provisions
Identification and Authentication
Operational Requirements
Physical, Procedural, and Personnel Security Controls
Technical Security Controls
Certificate and CRL Profile
Specification Administration
Certification Practice Statement
59