a-to-z of public key infrastructure (pki) alberto pace an adaptation from rafal lukawiecki...

Download A-to-Z of Public Key Infrastructure (PKI) Alberto Pace An adaptation from Rafal Lukawiecki presentation SEC390 at Tech’Ed 2003 rafal@projectbotticelli.co.uk

Post on 18-Dec-2015

212 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • Slide 1
  • A-to-Z of Public Key Infrastructure (PKI) Alberto Pace An adaptation from Rafal Lukawiecki presentation SEC390 at TechEd 2003 rafal@projectbotticelli.co.uk
  • Slide 2
  • 2 Objectives Explain the basics of PKI without concentrating on any particular product Introduce commonly used terminology Point out those aspects of PKI that require careful planning and implementation Outline some social issues associated with PKI
  • Slide 3
  • 3 Agenda A Briefest Summary of Cryptography Fundamentals of PKI Recommendations on PKI Deployment
  • Slide 4
  • 4 PKI Public Key Infrastructure provides the components and services that enable practical deployment and operation of a system that uses certificates. A. Nash, PKI, RSA Press PKI is a group of solutions for key distribution problems and other issues: Key generation Certificate generation, revocation, validation Managing trust I consider Web-of-Trust systems (e.g. PGP) as a perfectly alternative and compatible implementation of PKI
  • Slide 5
  • 5 A Summary of Cryptography
  • Slide 6
  • 6 Encryption Typically things sent over TCP/IP are not encrypted in any way. Anyone on the same network can listen in, grab the packets and read the contents This is a Bad Thing Would lower confidence in sending things like credit card numbers to ecommerce companies Confidential email Remote logins
  • Slide 7
  • 7 What Does Cryptography Solve? Confidentiality Your data/service provides no useful information to unauthorised people Integrity If anyone tampers with your asset it will be immediately evident Authenticity We can verify that asset is attributable to its authors or caretakers Non-repudiation The author or owner or caretaker of asset cannot deny that they are associated with it
  • Slide 8
  • 8 Symmetric Key Cryptography Encryption The quick brown fox jumps over the lazy dog AxCv;5bmEseTfid3) fGsmWe#4^,sdgfMwi r3:dkJeTsY8R\s@!q3 % The quick brown fox jumps over the lazy dog Decryption Plain-text input Plain-text output Cipher-text Same key (shared secret)
  • Slide 9
  • 9 Symmetric Encryption With a big organization you can physically distribute keys to users by some secure channel (courier, most likely) But this is vulnerable to compromise if your courier is compromised Bigger problem: how do you communicate with someone youve never met before from another organization?
  • Slide 10
  • 10 Asymmetric (Public Key) Encryption In this approach, there are two completely separate keys: one to encrypt the message, and one to decrypt it. This turns out to be very powerful, and is the basis for much of the crypto infrastructure on the net today It solves the key-distribution problem. How?
  • Slide 11
  • 11 Public Key Crypto You publish, for all the world to see, your public key. If someone wants to send you email, they look up your public key. They encrypt the message using the public key and send it to you. You decrypt the message using your private key.
  • Slide 12
  • 12
  • Slide 13
  • 13 Public Key Encryption Encryption The quick brown fox jumps over the lazy dog Py75c%bn&*)9|fDe^ bDFaq#xzjFr@g5=&n mdFg$5knvMdrkveg Ms The quick brown fox jumps over the lazy dog Decryption Clear-text Input Clear-text Output Cipher-text Different keys Recipients public key Recipients private key private public
  • Slide 14
  • 14 Public Key Crypto In practice, public key crypto systems are slow compared to symmetric key crypto systems, by an order of about 1,000. This leads to hybrid systemsa public key system is used to distribute a session key, a secret symmetric encryption key. They symmetric key is used for the bulk of communications. The public key crypto is used to solve the key distribution problem
  • Slide 15
  • 15 Hybrid Encryption (Real World) As above, repeated for other recipients or recovery agents Digital Envelope Other recipients or agents public key (in certificate) in recovery policy Launch key for nuclear missileRedHeatis... Symmetric key encrypted asymmetrically (e.g., RSA) Digital Envelope Users public key (in certificate) RNG Randomly- Generated symmetric session key Symmetric encryption (e.g. DES) *#$fjda^ju539!3t t389E *&\@ 5e%32\^kd
  • Slide 16
  • 16*#$fjda^ju539!3t t389E *&\@ 5e%32\^kd Launch key for nuclear missileRedHeatis... Launch key for nuclear missileRedHeatis... Symmetric decryption (e.g. DES) Digital Envelope Asymmetric decryption of session key (e.g. RSA) Symmetric session key Session key must be decrypted using the recipients private key Digital envelope contains session key encrypted using recipients public key Recipients private key Hybrid Decryption
  • Slide 17
  • 17 Public Key Distribution Problem We just solved the problem of symmetric key distribution by using public/private keys But Scott creates a keypair (private/public) and quickly tells the world that the public key he published belongs to Bill People send confidential stuff to Bill Bill does not have the private key to read them Scott reads Bills messages
  • Slide 18
  • 18 Digital Signature and Verification Digital signature is a mechanism by which a message is authenticated i.e. proving that a message is effectively coming from a given sender, much like a signature on a paper document. For instance, suppose that Alice wants to digitally sign a message to Bob. To do so, she uses her private-key to encrypt the message; she then sends the message along with her public-key (typically, the public key is attached to the signed message). Since Alices public-key is the only key that can decrypt that message, a successful decryption constitutes a Digital Signature Verification, meaning that there is no doubt that it is Alices private key that encrypted the message.
  • Slide 19
  • 19 Hashing For Digital signature, another technique used is called hashing. Hashing produces a message digest that is a small and unique representation (a bit like a sophisticated checksum) of the complete message. Hashing algorithms are a one-way encryption, i.e. it is impossible to derive the message from the digest. The main reasons for producing a message digest are: 1. The message integrity being sent is preserved; any message alteration will immediately be detected; 2. The digital signature will be applied to the digest, which is usually considerably smaller than the message itself; 3. Hashing algorithms are much faster than any encryption algorithm (asymmetric or symmetric).
  • Slide 20
  • 20
  • Slide 21
  • 21
  • Slide 22
  • 22 Fundamentals of PKI
  • Slide 23
  • 23 Is PKI relevant? Who uses all of that stuff? Webs HTTP and other protocols (SSL) VPN (PPTP, IPSec, L2TP) Email (S/MIME, PGP, Exchange KMS) Files (W2K EFS, PGP and many others) Web Services (WS-Security) Good ID Smartcards (Certificates and Challenge/Response) Executables (.NET Assemblies, Drivers, Authenticode)
  • Slide 24
  • 24 Eureka! We need PKI to solve that problem And a few others
  • Slide 25
  • 25. 2. What is a Certificate A certificate is a piece of information that proves the identity of a public-keys owner. Like a passport, a certificate provides recognized proof of a persons (or entity) identity. Certificates are signed and delivered securely by a trusted third party entity called a Certificate Authority (CA). As long as Bob and Alice trust this third party, the CA, they can be assured that the keys belong to the persons they claim to be.
  • Slide 26
  • 26. A certificate contains among other things: 1) The CAs identity 2) The owners identity 3) The owners public-key 4) The certificate expiry date 5) The CAs signature of that certificate 6) Other information that is beyond the scope of this article. With a certificate instead of a public-key, a recipient can now verify a few things about the issuer to make sure that the certificate is valid and belongs to the person claiming its ownership:
  • Slide 27
  • 27 Certificates The simplest certificate just contains: Information about the entity that is being certified to own a public key That public key And all of this is Digitally signed by someone trusted (like your friend or a CA)
  • Slide 28
  • 28 X.509 Certificate Certificate Authority Digital Signature of All Components Together: Serial Number Issuer X.500 Distinguished Name Validity Period Subject X.500 Distinguished Name Subject Public Key Information Key/Certificate Usage Extensions OU=Project Botticelli The Key or Info About It
  • Slide 29
  • 29
  • Slide 30
  • 30 Authentication with Certificates 1. Melinda gets Bills certificate 2. She verifies its digital signature She can trust that the public key really belongs to Bill But is it Bill standing if front of her, or is that Scott? 3. Melinda challenges Bill to encrypt for her a phrase etc. she just made up (I really need more shoes) 4. Bill has, of course, the private key that matches the certificate, so he responds (*&$^%$&fhsdf*&EHFDhd62^&) 5. Melinda decrypts this with the public key she has in the certificate (which she trusts) and if it matches the phrase she challenged Bill with then it must really be Bill himself! By the way, thats the basic concept of how SSL works
  • Slide 31

Recommended

View more >