Cryptography and Public Key
Infrastructure
1
2
Agenda
Cryptography What is it?
Public-key infrastructure (PKI) How PKI uses cryptography?
Standards and specifications What are the standards that we adhere to?
Smart cards role in PKI What are smart cards for?
Applications PKI enabled applications
ACS’s product line What role does ACS play?
3
Motivation
Almost all smart card applications use cryptography.
Cryptography is all around us!
We are using more PKI than you think!
4
Crypto and PKI are everywhere!
5
Part 1: Cryptography
What is Cryptography?
Cryptography is a tool to provide security
Cryptography has 4 purpose…
6
Four purposes of cryptography
No one else has seen it.
Confidentiality (encryption/decryption)
No one else has modified it.
Data integrity (digital signature)
You are who you say you are.
Authentication (digital signature)
If you signed it, you cannot deny signing it.
Non-repudiation (digital signature)
7
Two main types of encryption schemes1. Symmetric-key (Secret-key) encryption
- Same key for both sender and recipient 2. Asymmetric-key (Public-key) encryption
- Each user have a public encryption key euser and a private decryption key duser.
Encryption
8
Secret key encryption
Alice BobChannel
9
Secret key encryption
Standard symmetric key algorithms:
DES, 3DES, AES.
To demonstrate:
Courtesy of Pike Wong of HKUST
10
Secret key encryption
Let’s invade the earth at 17:00
today
Encrypt
Decrypt
Let’s invade the earth at 17:00
today
&(*_+#LPLD)!?”:<@!)(&^$%ras^
*()
I See … heehee
11
Secret key encryption
Problem: Key Distribution
Potential key leakage
Difficult to manageHere’s my key
Human spy
Here’s my key
OK, I got your key
Me too!
Next time I will know when they start the attack!
12
Secret key encryption
Problem: Repudiation
2 parties have the same key
The encrypted message can be viewed and modified by both parties
Decrypt
EncryptCan you buy 1000 shares of MS for
me? Ok, I will buy 1000 shares of MS for
you
Give me the money for that 1000 shares!
Hey, I’ve not asked you to buy anything!
The Next Day
But the email is encrypted with
your key!
Hey, remember that you have the
same key!
13
Pair of public/private key per user.
Base on mathematical hard problem.
Public key encryption
Alice BobChannel
Bob’s
Public Key
Bob’s
Private Key
14
Public key encryption
Advantages:
Only distribute public key to other (key distribution)
Only owner knows his private key (non-repediation)
Disadvantages:
Computational expensive
Standard asymmetric key encryption algorithms:
RSA, ECC.
15
Public key encryption
Pong’s public key encrypt
Pong’s private key decrypt
&(*_+#LPLD)!?”:<@!)(&^$%ras^
*()
Human spy
Even we got the key, we cannot know the secret!?
16
Combining two techniques for encryption
Alice BobChannel
Bob’s
Public Key
Bob’s
Private Key
Session
KeySession
Key
17
Hash functions
A one-way function H(•) that takes a message m and output a “fingerprint” of the message (digest). (e.g. SHA-1, SHA-256)
Used as a part of digital signatures.
19
Digital signatures
Supports data integrity, authentication and non-repudiation.
Use public key algorithms.
Use hash functions to create a short message for signing.
Standard signature algorithms are:
RSA, DSA, ECDSA
20
Digital signatures
Alice signing a document with her private key.
21
Signature verification
Bob verifying Alice’s signed document with her public key.
22
Difference between public key encryption and signature
Encryption:
Anyone encrypt with public key
Owner decrypt with private key
Signature:
Owner sign with private key
Anyone verify signature with public key
23
Notes on secret key algorithms
Key Strength Input Comments
DES 56 64 Standardized in1977, insecure
now
2 key 3DES 80 64 Secured up to 2010
3 key 3DES 112 64 Most peer reviewed. Secured up
to 2030
CAST5 128 64 Secure, standard in PGP
IDEA 128 64 Patent issues, efficient
AES (Rijndael) 128,192,256 128 International standard (2001)
Twofish 128,192,256 128 AES Finalist
24
Summary of public key algorithms
The most popular algorithms today are RSA and ECC.
Longer the key length, the harder it is to crack.
RSA (Rivest, Shamir, Adleman) is based on the difficulty of factoring large integers.
Given N where N=pq where p and q are prime,find p and q.
Widely used in electronic commerce.
Freely available (patent expired)
N
qp
Multiply
Easy
Factor
Hard
25
Summary of public key algorithms
Elliptic Curve Cryptography (ECC) is based on the difficulty of finding discrete log on an elliptic curve. Given P and Q where Q = mP, find m
Next generation and very efficient.
MS Vista and 7 support in CNG.
Numerous patents hampering acceptance.
Others such as Digital Signature Algorithm and Diffie-Hellman is not popular anymore.
26
Notes on public key algorithms
Use of symmetric key algorithm requires public key algorithms of equivalent strength.
Source: NIST SP800-57 Part 1.
Algorithm
security
Lifetimes
Bits of
security
Symmetric Key
Algorithm
FFC
(e.g., DSA, D-H)
IFC
(e.g., RSA)
ECC
(e.g., ECDSA)
Through 2010 80 2TDEA L = 1024
N = 160
k = 1024 f = 160-223
Through 2030 112 3TDEA L = 2048
N = 224
k = 2048 f = 224-255
Beyond 2030 128 AES-128 L = 3072
N = 256
k = 3072 f = 256-383
… 192 AES-192 L = 7680
N = 384
k = 7680 f = 384-511
… 256 AES-256 L = 15360
N = 512
k = 15360 f = 512+
Public Key Infrastructure
27
28
Why do we need a PKI?
Public key security issues:
Users can generate their own public/private key pairs and exchange them – but how do other parties trust them?
If you receive a public key from Alien Pkie, how do you know it’s Pkie’s key and not the human spy’s?
Solution: Digital Certificates
Bind the user’s public key with a digital certificate signed by a trusted third party.
The trusted third party is called the certification authority (CA).
CA will vouch for its subscribers.
29
Entities of PKI
Individual Subscribers
Certificate Authority (CA)
Corporations
Relying Parties
Trust each other
30
Components of a Certification Authority
Registration Authority (RA) – Registers subscribers into the system.
Certification Authority (CA) – Creates digital certificates by binding user identity to public key.
Certificate Repository – a directory service to store certificates for subscribers.
Certificate Revocation System – Service to invalidate any certificates that has been compromised.
Hong Kong Post Repository and CRL
31
So, what is a digital certificate?
Used to establish trust between entities. Ensures that:
The integrity of the public key is protected The public key and identity information are bounded to the claimed owner
in a trusted manner.
Digital signatures. Your identifying information and public key is signed with the
CA’s private key.
32
X.509 Certificate - Format
To Be Signed (TBS) Certificate
•Version
•Serial Number
•Certificate Signature Algorithm
•Issuer Name
•Validity
•Subject Name
•Subject Public Key Info
•Issuer Unique ID
•Subject Unique ID
•Extensions
X.509 Certificate
•Signature Algorithm Identifier
•Signature Value
The de facto standard is the X.509 v3 certificate format.
Specified in IETF RFC 3280.
33
X.509 Certificate - Example
To Be Signed (TBS) Certificate
•Version
•Serial Number
•Certificate Signature Algorithm
•Issuer Name
•Validity
•Subject Name
•Subject Public Key Info
•Issuer Unique ID
•Subject Unique ID
•Extensions
X.509 Certificate
•Signature Algorithm Identifier
•Signature Value
CN = Andrew Chan
O = Hongkong Post e-Cert (Personal)
C = HK
Algorithm = PKCS#1 RSA
Public Key = 0x30..01
Not Before: 19/3/2004 6:26:26
Not After: 19/3/2007 6:26:26
CN = Hongkong Post e-Cert CA 1
O = Hongkong Post
C = HK
Version 3
0D:0C:B0
PKCS#1 SHA-1 RSA
34
X.509 Certificate – Signing certificate
To Be Signed (TBS) Certificate
•Version
•Serial Number
•Certificate Signature Algorithm
•Issuer Name
•Validity
•Subject Name
•Subject Public Key Info
•Issuer Unique ID
•Subject Unique ID
•Extensions
X.509 Certificate
•Signature Algorithm Identifier
•Signature Value
35
Certificate Revocation List (CRL)
When a certificate has been revoked or suspended, an entry (of their serial number) is made into the CRL.
Clients can download CRL at the CA’s repository.
CA updates their CRL according to their Certificate Practice Statement (CPS).
37
The steps in subscribing to a CAProvides Proof of identity
and (optionally) generate
public/private key pair Requests Certificate
Issues Certificate and
posts in the repository
Validate subscriber’s
public key
Subscriber RA CA
RepositoryRelying
Parties
Receives certificate
38
Life Cycle of a Certificate
39
How does your PC uses certificates?
Windows has number of Root CA certificates in the Certificate Store.
Root CA certificates are certificates that your PC trust implicitly.
All intermediate CA certs and end-entity certs that are signed by or chained to those Root CA certs are implicity trusted.
Microsoft has a Root Certificate Program to determine who to trust.
Root CA cert
Intermediate CA certs
Your cert or a website’s cert
40
How trust is established on your PC
41
Certificates
42
Trusted Certificate Authority
43
Non-trusted CA
44
Smart Card Role in PKI
Secure, temper-resistant and portable way of transporting and using cryptographic keys.
Cryptographic smart cards:
Contains powerful crypto co-processors
All private key and secret key never leaves the card.
Public/private key pair can be generated inside the smart card.
All private key and secret key computations are performed in the card.
Users can have their card with them at all times.
Sometimes called “PKI Smart Card”
45
Using a crypto smart card for digital signature.
46
Using a crypto smart card for digital signature.
4747
Digital Certificate Generation
• 2 methods of generating digital certificate:
1. The CA generate a key pair in a secure environment, signed by CA and import the cert to the smart card
• Pros: The cert can import to any media supporting the cert format
• Cons: The CA has your private key because the key pair is generated
outside your smart card!
1. Key pair is
generated by CA.
2. The certificate is
signed by CA’s private
key
3. The certificate together
with private key is
imported into the secure
device
48
2. The key pair is generated inside the smart card
Pros: The private key never leaves the smart card for maximum security
Cons: It cannot export to other media
Digital Certificate Generation
49
Standards and Specifications
A multitude of standards governs PKI technologies in smart cards to ensure interoperability,
Public Key Infrastructure (X.509) (PKIX)
Public Key Cryptographic Standard (PKCS)
ISO7816 – Card level standard.
50
Public-Key Cryptographic Standard (PKCS)
Defined by RSA Data Security Inc for providing a platform independent interface to use public-key technologies.
Covers many areas including:
Algorithms (PKCS#1)
Certificates (PKCS#7)
Cryptographic Tokens Interface (PKCS#11)
Cryptographic Tokens themselves (PKCS#15)
51
Public-Key Cryptographic Standard (PKCS)
52
Card Standard - ISO7816Part: Description Year/Amd
1 Physical characteristics 1998/2003
2 Dimensions and location of the contacts 1999/2004
3 Electronic signals and transmission protocols 2006
4 Organization, security and commands for interchange 2005
5 Registration of application providers 2004
6 Interindustry data elements for interchange 2004
7 Interindustry cmds for Structured Card Query Language 1999
8 Commands for security operations 2004
9 Commands for card management 2004
10 Electronic signals and ATR for synchronous cards 1999
11 Personal verification through biometric methods 2004
12 USB electrical interface and operating procedures Draft
15 Cryptographic information application 2004
53
Accessing Crypto cards via middleware
Smart cards uses standard interfaces:
ISO7816 for contact cards.
Problem, each smart card has its own command set.
Solution: Middleware
Middleware provides a standard interface for different applications to use different cards.
Applications does not need to know the card specific commands.
54
Different ways of accessing crypto smart cards
App #1
Outlook
App #2
Smart Card Logon
App #3
Other Applications (Acrobat,
Firefox, Thunderbird, etc.)
Windows Resource Manager
App #4
Other Applications
ACS Cryptographic
Service Provider
(for 2K, XP Vista, 7 ..)
ACS PKCS#11
(for Non-MS app,
Linux)Middleware
OS Layer
Applications
ACS Smart Card reader
and Smart Card
Base Cryptographic
Service Provider
ACS Card Module
( for XP, Vista, 7)
ACS Smart Card Reader Driver
55
Cryptographic Service Provider (CSP)
• Used for Microsoft applications in Windows Platform.
• It is in the form of an MS signed DLL.
• Example applications include:
– Windows Domain Logon
– Internet Explorer
– Outlook
– Outlook Express
– Microsoft Word 2003 onwards
– Adobe Acrobat
• In XP / Vista / 7, a MS built base CSP can be used with Card Module (Minidriver)
56
• Like a CSP, it is a middleware module that provide API’s to
applications by exposing entry points using a DLL concept.
• PKCS #11 can be programmed cross platform to work under
linux using pcsclite.
• Example applications include:
– Firefox
– Thunderbird
– Lotus Notes
– All Unix and Linux software.
PKCS#11
57
Network Security
PKI ApplicationE-Commerce
File Encryption
Domain Windows Logon
Secure Email
Applications
59
Applications – HK Jockey Club
Online Betting system in HK Jockey Club to authenticate the account holder and guarantee non-repudiation
60
Applications – GovHK
Online Government service in GovHK to authenticate the Citizen and guarantee non-repudiation
•Register as Voter or Change Voters' Particulars
•Apply or Renew Vehicle License
•E-Tax
61
Applications – Online Banking
Online Banking system in Bank of China, Bank of East Asia and Dah Sing Bank to authenticate the account holder and guarantee non-repudiation
62
Applications – Online stock trading
Online Stock trading system in HKEX, KGI, Tai Fook to authenticate the account holder and guarantee non-repudiation
63
Applications – E-Commerce (電子商貿)
• Digital Signature is a proved trustable way without physically storefront that able to sign any payment and document for data-integrity and non-repudiation!
• Eliminate the need to physically route documents over long distance as long as thousands of dollars in delivery fees
• Less paper usage (and save $$)
• Example of applications– Online Investment
– Online shopping
– Online betting
– E-Contract signing
64
Applications – Files and Disks encryption
• Provide two-factor authentication to your harddisk or USB token by storing keys into the Cryptomate.
– Something you have – Cryptomate
– Something you know – PIN / Password
• No one can encrypt the file without the presence of the key inside Cryptomate!!
65
Application – Microsoft Smart Card Deployment
Windows Server 2000 / 2003 / 2008Domain Server with Active Directory
Certificate Authority
Smart Card Enrolment AgentWindows 2000 / XP Pro / Vista / 7
A Domain Computer with Enrolment Certificate
With ACOS5 Software Package installed
Client ComputersWindows 2000 / XP Pro / Vista / 7
Domain Computers with ACS ACOS5 Software Package installed
LAN
• Microsoft Windows already have built in smart card support.
• Designed to be used for corporate environment.
66
Applications – Network / Windows logon
• To enhance security of network including sensitive information.
• Example
– Windows logon
– SSL
– Corporate Intranet
– VPN
67
SSL Client cert authentication logon
SSL Server cert for server authentication
Applications – Network authentication
68
Secure Email
Outlook, Live Mail, Thunderbird, Lotus notes, etc. all supports email signature and encryption.
Signature ensures authentication, data integrity and non-repudiation
Encryption ensures confidentiality
69
ACS Smart Card Product Line
ACOS1 / ACOS2 8KB v3.8 Phased out. Replaced by ACOS3
ACOS3/3X 32/72/256 KB v1.162 / v1.160 / v1.150 ACOS2 direct replacement with many enhancements.
ACOS5 / Cryptomate 32 KB v1.2 RSA-enabled card
ACOS5 64 KB Enhanced RSA-enabled card
ACOS6 64 KB v3.07 Flexible multi-function card
ACOS6 SAM 64 KB v4.07 SAM for ACOS2/3/6 and memory cards.
ACOS7 8 KB Dual interface (contact/contactless) smart card.
ACOS10 32KB PBOC EDEP Cards.
72
ACOS5 32KB v1.2
Conforms to ISO7816 part 1,2,3,4,8,9
Enhanced ACOS6 with RSA features.
File types include Transparent, Linear Fixed, Linear Variable, Cyclic.
Symmetric key algorithms: DES, 3DES, AES128
Asymmetric key algorithm: RSA 512, 1024 and 2048 bits with Key generation
Hashing Algorithm on board: SHA-1 (can support others outside the card).
Supports SM for authenticity, integrity and confidentiality with DES/3DES.
73
Cryptomate
ACOS5 32K and ACR38 in a USB token format.
Special token driver.
74
ACOS5 64KB
Conforms to ISO7816 part 1,2,3,4,8,9
Enhanced ACOS5 with 64K EEPROM.
File types include Transparent, Linear Fixed, Linear Variable, Cyclic.
Symmetric key algorithms: DES, 3DES, 3K3DES, AES128/192/256
Asymmetric key algorithm: RSA 512 – 4096-bit (in 256-bit steps) with Key generation
Hashing Algorithm on board: SHA-1, SHA-256 (can support others outside the card).
Supports SM for authenticity, integrity and confidentiality with 3K 3DES.
75
ACOS5/Cryptomate SDK/Client Kit
Contains middleware PKCS#11 and CSP.
File systems conforms to ISO7816/PKCS Part 15
Middleware works on 98/ME/2000/XP/2003/Vista/7/Linux(v2.4)
SDK has additional development tools
Card tools, sample codes, reference manuals.
Sample applications for ACOS5 includes:
Email signature and decryption.
SSL client-side certificate.
Document signing.
Windows domain logon.
Digital rights management.
80
Thank you!
Any questions/comments?