secure communications
DESCRIPTION
Secure Communications. … or, the usability of PKI. Agenda. Announcement: Security Symposium on Oct. 10. Questions? Stories to share? Project discussion & IRB overview Secure communications. Project. Initial draft: 2 weeks Final plan: 4 weeks - PowerPoint PPT PresentationTRANSCRIPT
Secure Secure CommunicationsCommunications
… … or, the usability of PKIor, the usability of PKI
AgendaAgenda
Announcement: Security Announcement: Security Symposium on Oct. 10.Symposium on Oct. 10.
Questions? Stories to share?Questions? Stories to share? Project discussion & IRB overviewProject discussion & IRB overview Secure communicationsSecure communications
ProjectProject
Initial draft: 2 weeksInitial draft: 2 weeks Final plan: 4 weeksFinal plan: 4 weeks Initial draft is NOT graded, credit for Initial draft is NOT graded, credit for
reasonable effortreasonable effort– Some introduction, motivation, related workSome introduction, motivation, related work– Draft of tasks, survey & interview questions, etc.Draft of tasks, survey & interview questions, etc.– Mockup or description if you are building somethingMockup or description if you are building something– The more complete it is, the more feedback you’ll The more complete it is, the more feedback you’ll
get!get!
We will pilot your materials during We will pilot your materials during class in 2 weeks (SO BRING YOUR class in 2 weeks (SO BRING YOUR MATERIALS TO CLASS!!!)MATERIALS TO CLASS!!!)
IRBIRB
http://www.research.uncc.edu/cohttp://www.research.uncc.edu/comp/human.cfmmp/human.cfm
Download application form and Download application form and consent form templateconsent form template
See Wiki for one sample See Wiki for one sample applicationapplication
Public Key Public Key InfrastructureInfrastructure““A PKI is a set of agreed-upon standards, A PKI is a set of agreed-upon standards, Certification Authorities (CA), structure Certification Authorities (CA), structure between multiple CAs, methods to discover and between multiple CAs, methods to discover and validate Certification Paths, Operational validate Certification Paths, Operational Protocols, Management Protocols, Interoperable Protocols, Management Protocols, Interoperable Tools and supporting Legislation”Tools and supporting Legislation”
““Digital Certificates” book – Jalal Feghhi, Jalil Feghhi, Peter WilliamsDigital Certificates” book – Jalal Feghhi, Jalil Feghhi, Peter Williams
In other words: A Public Key Infrastructure is an A Public Key Infrastructure is an Infrastructure to support and manage Public Key-Infrastructure to support and manage Public Key-based based Digital CertificatesDigital Certificates
Secure Secure CommunicationsCommunications PKI: PKI:
– What is your best technical What is your best technical explanation?explanation?
– What is your best non-tech What is your best non-tech explanation?explanation?
– How much should users be aware of How much should users be aware of keys?keys?
– What’s a CA? How to explain a CA? What’s a CA? How to explain a CA? Should users be aware of CAs?Should users be aware of CAs?
Communication under Communication under PKIPKI
Both Alice and Bob have their own individual Both Alice and Bob have their own individual private and public keys signed by a certificate private and public keys signed by a certificate authority.authority.– The CA might be an employer, Verisign, or some The CA might be an employer, Verisign, or some
other organization.other organization.
Communication under Communication under PKIPKI
The public key is used for encryption and digital The public key is used for encryption and digital signature verification.signature verification.
The private key is used for decryption and the The private key is used for decryption and the creation of digital signatures.creation of digital signatures.
100110
Bob’s public keyAlice’s public key
Digital SignatureDigital Signature
Digital CertificateDigital Certificate
A Digital Certificate is a binding between an entity’s Public Key and one or more Attributes relating its Identity.
• The entity can be a Person, an Hardware Component, a Service, etc.The entity can be a Person, an Hardware Component, a Service, etc.
• A Digital Certificate is issued (and signed) by someoneA Digital Certificate is issued (and signed) by someone
• A self-signed certificate usually is not very trustworthyA self-signed certificate usually is not very trustworthy
- - Usually the issuer is a Trusted Third PartyUsually the issuer is a Trusted Third Party
X509 PKIX509 PKI
11
Alice Bob
Trusted Trusted RootRoot
Alice trusts the root CAAlice trusts the root CA
Bob sends a message to AliceBob sends a message to Alice
Alice needs Bob’s certificate, the certificate of Alice needs Bob’s certificate, the certificate of the CA that signed Bob’s certificate, and so on the CA that signed Bob’s certificate, and so on up to the root CA’s self signed certificate.up to the root CA’s self signed certificate.
Alice also needs each CRL for each CA.Alice also needs each CRL for each CA.
Only then can Alice verify that Bob’s certificate Only then can Alice verify that Bob’s certificate is valid and trusted and so verify the Bob’s is valid and trusted and so verify the Bob’s signature.signature.
Secure Secure CommunicationsCommunications PKI: PKI:
– What is your best technical What is your best technical explanation?explanation?
– What is your best non-tech What is your best non-tech explanation?explanation?
– How much should users be aware of How much should users be aware of keys?keys?
– What’s a CA? How to explain a CA? What’s a CA? How to explain a CA? Should users be aware of CAs?Should users be aware of CAs?
Problems with PKIProblems with PKI
Public-key cryptography is counterintuitive.Public-key cryptography is counterintuitive.
PKI seems too far removed from application PKI seems too far removed from application goals.goals.– Users do not understand how their tasks require PKI.Users do not understand how their tasks require PKI.
PKI tasks are too cumbersome.PKI tasks are too cumbersome.
Large CAs run into naming collisions.Large CAs run into naming collisions.– Users shoulder the burden of ensuring that the person Users shoulder the burden of ensuring that the person
they’re looking up is indeed the person they want.they’re looking up is indeed the person they want.
IBM Lotus Notes & IBM Lotus Notes & Domino Solution Domino Solution Client/server infrastructure for collaborative applicationsClient/server infrastructure for collaborative applications Usage of PKI Usage of PKI
– Authentication of Notes client to Domino ServerAuthentication of Notes client to Domino Server– Signing and encrypting mail messagesSigning and encrypting mail messages
ImplementationImplementation– Note keys are created by Notes administrator and distributed to Note keys are created by Notes administrator and distributed to
user in a “identity file”user in a “identity file”– Most of key management is hidden from user within the Most of key management is hidden from user within the
organizationorganization– Communicating outside the enterprise requires user input to Communicating outside the enterprise requires user input to
acquire or verify certificatesacquire or verify certificates Thoughts?Thoughts?
Alternative: iPKIAlternative: iPKI
15
Lightweight PKI centered around a local, standalone CA
•Automated PKI and CA setup•Simple, intuitive enrollment mechanism•A simple, intuitive trust model•Secure bootstrapping•Certificates as capabilities•No need for direct user interactions with certificates
Example: Network-in-a-Example: Network-in-a-boxbox
Utilize location-limited channels to simplify Utilize location-limited channels to simplify configuration while maintaining securityconfiguration while maintaining security
Laptop and AP exchange public keysLaptop and AP exchange public keys Use it to perform full-fledged security auto-Use it to perform full-fledged security auto-
configurationconfiguration
iPKI discussioniPKI discussion
Easier?Easier? Secure enough?Secure enough? What is it good for?What is it good for? Limitations?Limitations?
NiaB validationNiaB validation
Users study with 12? usersUsers study with 12? users– Task: connect to a secure wireless Task: connect to a secure wireless
network, NiaB or othernetwork, NiaB or other– Results: NiaB 10x faster, fewer errors, Results: NiaB 10x faster, fewer errors,
more confidence and satisfactionmore confidence and satisfaction 22ndnd study in an enterprise study in an enterprise
– Watched 5 users with each enrollmentWatched 5 users with each enrollment– Same results as before, but even Same results as before, but even
bigger differences!bigger differences!
Alternative: Key Alternative: Key Continuity ManagementContinuity Management Goal: Make key generation & Goal: Make key generation &
management easier to accomplishmanagement easier to accomplish
Ignore the X.509 certification chainIgnore the X.509 certification chain Applications are directly aware of Applications are directly aware of
public key certificatespublic key certificates User would be notified only when User would be notified only when
server’s key suddenly changesserver’s key suddenly changes
Thoughts?Thoughts?
Johnny 2Johnny 2
Study conducted on KCMStudy conducted on KCM– Closely followed the original Johnny studyClosely followed the original Johnny study– Same scenario, recruiting, descriptions, etc.Same scenario, recruiting, descriptions, etc.– Added additional attacks to examine user Added additional attacks to examine user
understanding and trust of keysunderstanding and trust of keys– 43 subjects43 subjects– 3 conditions: 3 conditions:
no KCMno KCM ColorColor Color + briefingColor + briefing
Question: study critique?Question: study critique?
Results?Results?
KCM worked against New Key AttackKCM worked against New Key Attack KCM didn’t work against New Identity KCM didn’t work against New Identity
AttackAttack– Users noticed the change, but felt it was Users noticed the change, but felt it was
justifiedjustified KCM really didn’t work against Unsigned KCM really didn’t work against Unsigned
Message AttackMessage Attack– users instead noticed they were being asked users instead noticed they were being asked
to send to hotmail and distrusted those to send to hotmail and distrusted those instructionsinstructions
TrustTrust
The encryption itself is not the The encryption itself is not the problemproblem
Trust required to make PKI workTrust required to make PKI work– Did Alice really send this?Did Alice really send this?
Is this the right Alice or another one?Is this the right Alice or another one? Do I trust the certificate?Do I trust the certificate? Do I trust the CA?Do I trust the CA? Do I trust that no one has taken over Do I trust that no one has taken over
her computer?her computer? At what point do I decide to not trust At what point do I decide to not trust
the message?the message?