public key infrastructure (pki) jen-chang liu, 2004 ref1: ch.10, “ cryptography and network...
TRANSCRIPT
![Page 1: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/1.jpg)
Public Key Infrastructure (PKI)
Jen-Chang Liu, 2004
Ref1: Ch.10, “Cryptography and Network Security”, Stalling, 2003.Ref2: Ch.5, “Cryptography and Network Security”, A. Kahate, McGraw Hill, 2003.Ref3: Ch. 6, “RSA Security’s Official Guide to Cryptography”, 2001
![Page 2: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/2.jpg)
Outline
Key management in public-key cryptosystem
Public Key Certificate (PKC) X.509 standard
Public Key Infrastructure (PKI)
![Page 3: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/3.jpg)
Key management (Ref1)
Two issues for public-key cryptosystem Distribution of public keys The use of public-key encryption to
distribute secret keys (keys for symmetric cipher)
Distribution of public keys Public announcement Public available directory Public-key authority Public-key certificates
![Page 4: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/4.jpg)
1. Public announcement
Drawback: the opponent can pretend to be another user
Ex. post public keys to public forums, such as USENET newsgroup and Internet mailing list
![Page 5: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/5.jpg)
![Page 6: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/6.jpg)
2. Public available directory
Some trusted entity maintains a publicly available dynamic directory of public keys
Register the public key
Register the public key
{A, KUa }{B, KUb }
…
Attack: an opponent invades the public-key directory, and counterfeit public keys
![Page 7: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/7.jpg)
3. Public-key authority (Fig 10.3)
Central authority: 1. Maintain directory of public keys2. Each participant knows the public key for the
authority
A can confirmthe message fromthe authority
N1 :認證 B的身份N2 :認證 A的身份
![Page 8: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/8.jpg)
Outline
Key management in public-key cryptosystem
Q: How to authenticate the association between the public key with the owner ?
Public Key Certificate (PKC) X.509 standard
Public Key Infrastructure (PKI)
![Page 9: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/9.jpg)
Public key certificate (PKC 公開金鑰憑證 )
A public key certificate signifies the association between my public key and me Ex. Like a driver license
or passport
Q: Who can approve the association ?
A: A trusted entity – Certificate Authority (CA)
Q: What is the content of a digital certificate?
A: X.509 standard
![Page 10: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/10.jpg)
Example: Digital certificate
![Page 11: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/11.jpg)
X.509 certificate format 1988, ITU X.509 version
1
![Page 12: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/12.jpg)
X.509 V2 extensions: unique identifier
V2 extensions: Issuer unique identifier Subject unique identifier
Motivation: Deal with the possibility that the issuer (CA’s name) name and the subject name (certificate holder’s name) might be duplicated over time
RFC2459 specifies that these two names should never be reused, so V2 extensions are made optional
![Page 13: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/13.jpg)
X. 509 V3 certificate extensions
Certificate Revocation List (CRL 憑證廢止列 )
Certificate policies
Authority key identifier: CA may havemultiple private-public key pairs. Thisfield defines which of these key pairsis used to sign the certificate
Key usage: 1. digital signature2. Certificate signing3. CRL signing4. Key enciphering5. Data enciphering6. Diffie-Hellman key exchange
![Page 14: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/14.jpg)
Certificate Authority (CA 憑證簽發機構 )
CA is a trusted agency that can issue digital certificate. Ex. VeriSign, Entrust, …
![Page 15: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/15.jpg)
Outline
Key management in public-key cryptosystem
Public Key Certificate (PKC) X.509 standard
Public Key Infrastructure (PKI) PKI components Certification creation steps Certificate hierarchies Certificate revocation
* Distribution of public keys is non-trivial
![Page 16: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/16.jpg)
PKI components The interaction
between PKI components End user Registration
authority (RA) CA Key recovery
server X.500 directory
![Page 17: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/17.jpg)
Registration authority (RA)
RA: an intermediate entity between the end users and the CA Share the workload of CA
Accept and verify registration info about new users Generate keys on behalf of the end users Accept and authorize requests for key backups
and recovery Accept and authorize requests for certificate
revocation RA does not generate certificate
CA becomes an isolated entity, which makes it less susceptible to security attacks
![Page 18: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/18.jpg)
Key recovery server
Q: End users lose their private keys? A: CA must revoke the corresponding PKC,
a new key pair must be generated, a new corresponding PKC must be
created A2: provide a key recovery server
CA backs up private keys at the time of creation
![Page 19: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/19.jpg)
Certificate directory
Q: where to store the certificates? A1: end user stores on his local machine A2: CAs use a certificate directory (or a centr
al storage location) Provide a single point for certificate administrati
on and distribution (ex. for later certificate revocation)
Certificate directories need not to be trusted
![Page 20: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/20.jpg)
Outline
Key management in public-key cryptosystem
Public Key Certificate (PKC) X.509 standard
Public Key Infrastructure (PKI) PKI components Certification creation steps (Ref2) Certificate hierarchies Certificate revocation
![Page 21: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/21.jpg)
Certificate creation steps
Key generation
Registration
Verification
Certificate creation
![Page 22: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/22.jpg)
1. Subject generating his own key pair
2. RA generating a key pair for subject
1. RA knows private key!2. How to transmit it to user?
![Page 23: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/23.jpg)
Registration ( 註冊、登錄 )
Certificate signing request (CSR)(PKCS#10, part of the Public KeyCryptography Standard)
![Page 24: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/24.jpg)
On-line registration example
![Page 25: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/25.jpg)
Verification
1. RA verify the user’s credentials2. Check the Proof of Possession of the private
key Q: What if a user claims that she never
possessed the private key, when a document signed with her private key causes legal problems?
Sol 1: RA demands user to sign her CSR Sol 2: RA generates a random number, encrypt
it with the user’s public key, then challenge the user
…
![Page 26: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/26.jpg)
Certificate creation
CA creates a digital certificate for the user Certificates in X.509 standard format Q: Why should we trust digital certificates?
Certificate goes to RA (or user) Certificate directory Backup user private key (if necessary)
![Page 27: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/27.jpg)
Questions about certificate
Why should we trust digital certificate? Similar to: how do we verify a passport? How does the CA sign a digital certificate? How can we verify a digital certificate?
![Page 28: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/28.jpg)
X.509 certificate format
![Page 29: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/29.jpg)
![Page 30: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/30.jpg)
Question about CA’s public key
How do we get CA’s public key of some certificate ? Get CA’s certificate – which approve the assoc
iation between the public key with CA Who signs CA’s certificate?
The organization of CAs CA hierarchies and self-signed certificate Cross-certification
![Page 31: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/31.jpg)
CA hierarchy
Purpose: root CA can delegate job to lower CAs
Chain of trust
![Page 32: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/32.jpg)
Self-signed certificate for root CA
Who signs for root CA?
1. Root CA is automatic consideredas trusted CA2. Software contains a pre-programmed,hard coded certificated of the root CA3. The root CA signs its own certificate (self-signed certificate)
![Page 33: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/33.jpg)
Example: Self-signed root certificate
![Page 34: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/34.jpg)
Cross-certificationRoot CAs in different countries
![Page 35: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/35.jpg)
Outline
Key management in public-key cryptosystem
Public Key Certificate (PKC) X.509 standard
Public Key Infrastructure (PKI) PKI components Certification creation steps (Ref2) Certificate hierarchies Certificate revocation
![Page 36: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/36.jpg)
Certificate revocation 憑證廢止 Ex. lost of credit card, driver license, … Reasons for certification revocation:
The private key is compromised The CA made mistakes while issuing a
certificate The certificate holder leaves a job,…
Before using a certificate, we check Does the certificate belong to the owner?
(check certificate signature) Is the certificate valid, or is it revoked?
![Page 37: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/37.jpg)
How to revoke a certificate?
Certificate has been issued, how to revoke it?
![Page 38: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/38.jpg)
Certificate revocation list (CRL)
CRL is a list of revoked certificates published regularly by CA
![Page 39: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/39.jpg)
Validating a certificate using CRL
![Page 40: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/40.jpg)
Problems with CRL
1. CRL can be a large file -> long transmission time
Sol: delta CRL
2. CRL are published Periodically => cannot check online status
Sol: online certificate status check
![Page 41: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/41.jpg)
Online Certificate Status Protocol
(HTTP)
CA setup this server
![Page 42: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/42.jpg)
Key management (Ref1)
Two issues for public-key cryptosystem Distribution of public keys The use of public-key encryption to
distribute secret keys (keys for symmetric cipher)
Distribution of public keys Public announcement Public available directory Public-key authority Public-key certificates
![Page 43: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/43.jpg)
4. Public-key certificates 憑證 (Fig 10.4)
Certificate: contain public key and other information, generate from the certificate authority
Application mustbe in person or bysecure channel
1. Anyone can read, verify2. Only CA can create
Time: verify currency of certificate
![Page 44: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/44.jpg)
Simple secret key distribution
Public-key scheme has slow data rate use public key to distribute secret key use secret key scheme for data encryption
session key(secret key)
E
KUe || IDA
intercept
KUe[ Ks ]E
KUa[ Ks ] Ks
![Page 45: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/45.jpg)
Secret key distribution with confidentiality and authentication
Against active and passive attacks
Authenticate B
Authenticate A
Confidentiality(only B can read)
authentication(only A can create it)
![Page 46: Public Key Infrastructure (PKI) Jen-Chang Liu, 2004 Ref1: Ch.10, “ Cryptography and Network Security ”, Stalling, 2003. Ref2: Ch.5, “ Cryptography and](https://reader030.vdocuments.us/reader030/viewer/2022032517/56649c935503460f9494ee90/html5/thumbnails/46.jpg)
A hybrid and hierarchical scheme
KDC
A B C
Use public-key schemeto distribute master key
MKA
MKA
MKB
MKB
Use master keys with KDC to distribute session key
Ks Ks
Advantage: 1. Use master key to distribute session keys, instead of using
public-key scheme => faster !2. Backward compatible to old KDC scheme (master +
session key)