Public Key Infrastructures. Using PKC to solve network security problems

Similar documents
Kerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos

Public Key Infrastructure

PKI Services. Text PKI Definition. PKI Definition #1. Public Key Infrastructure. What Does A PKI Do? Public Key Infrastructures

SHS Version 1.2 CA. The Swedish Agency for Public Management oct This version:

CSE 565 Computer Security Fall 2018

Cryptography and Network Security

X.509. CPSC 457/557 10/17/13 Jeffrey Zhu

Key Management and Distribution

6 Public Key Infrastructure 6.1 Certificates Structure of an X.509 certificate X.500 Distinguished Name and X.509v3 subjectalternativename

Security Protocols and Infrastructures

Security Protocols and Infrastructures. Winter Term 2015/2016

How to Set Up External CA VPN Certificates

Server-based Certificate Validation Protocol

Lecture Notes 14 : Public-Key Infrastructure

Managing Certificates

Public Key Establishment

A PKI For IDR Public Key Infrastructure and Number Resource Certification

CSC 5930/9010 Modern Cryptography: Public-Key Infrastructure

Digital Certificates Demystified

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

SSH Communications Tectia SSH

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

PKI-An Operational Perspective. NANOG 38 ARIN XVIII October 10, 2006

Network Security Essentials

Public Key Infrastructures

Lecture 15 Public Key Distribution (certification)

expires in six months October 1997 Internet Public Key Infrastructure Operational Protocols: FTP and HTTP <draft-ietf-pkix-opp-ftp-http-01.

Public Key Infrastructures

Certificates, Certification Authorities and Public-Key Infrastructures

Lecture 13. Public Key Distribution (certification) PK-based Needham-Schroeder TTP. 3. [N a, A] PKb 6. [N a, N b ] PKa. 7.

APNIC Trial of Certification of IP Addresses and ASes

Smart Grid Security. Selected Principles and Components. Tony Metke Distinguished Member of the Technical Staff

Some Lessons Learned from Designing the Resource PKI

Cryptography and Network Security Chapter 14

Public-Key Infrastructure NETS E2008

MISPC Minimum Interoperability Specification for PKI Components, Version 1

CertAgent. Certificate Authority Guide

Configuring Certificate Authorities and Digital Certificates

KEY DISTRIBUTION AND USER AUTHENTICATION

by Amy E. Smith, ShiuFun Poon, and John Wray

Send documentation comments to

Certificateless Public Key Cryptography

Understanding HTTPS CRL and OCSP

Diffie-Hellman. Part 1 Cryptography 136

What is a Digital Certificate? Basic Problem. Digital Certificates, Certification Authorities, and Public Key Infrastructure. Sections

Digital Certificates, Certification Authorities, and Public Key Infrastructure. Sections

KeyOne. Certification Authority

Bugzilla ID: Bugzilla Summary:

How to get a trustworthy DNS Privacy enabling recursive resolver

Mavenir Systems Inc. SSX-3000 Security Gateway

Authentication in Distributed Systems

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

FPKIPA CPWG Antecedent, In-Person Task Group

Background. Network Security - Certificates, Keys and Signatures - Digital Signatures. Digital Signatures. Dr. John Keeney 3BA33

Public. Atos Trustcenter. Server Certificates + Codesigning Certificates. Version 1.2

AeroMACS Public Key Infrastructure (PKI) Users Overview

Security Digital Certificate Manager

APNIC Trial of Certification of IP Addresses and ASes

Module: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

IBM. Security Digital Certificate Manager. IBM i 7.1

Public Key Infrastructures. Andreas Hülsing

Data Sheet NCP Secure Enterprise Management

Ten Risks of PKI : What You re not Being Told about Public Key Infrastructure By Carl Ellison and Bruce Schneier

Chapter 9: Key Management

Module: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile draft-ietf-pkix-rfc3280bis-04.

draft-ietf-smime-cert-06.txt December 14, 1998 Expires in six months S/MIME Version 3 Certificate Handling Status of this memo

Overview. SSL Cryptography Overview CHAPTER 1

TELIA MOBILE ID CERTIFICATE

TLS. RFC2246: The TLS Protocol. (c) A. Mariën -

SONERA MOBILE ID CERTIFICATE

Using Cryptography CMSC 414. October 16, 2017

Public-key Infrastructure Options and choices

Category: Standards Track W. Ford VeriSign D. Solo Citigroup April 2002

Public Key Enabling Oracle Weblogic Server

Version 3 X.509 Certificates

Public Key Infrastructures Chapter 11 Trust Center (Certification Authority)

Introduction to Network Security Missouri S&T University CPE 5420 Key Management and Distribution

Validation Policy r tra is g e R ANF AC MALTA, LTD

Copyright

INF3510 Information Security University of Oslo Spring Lecture 3 Key Management and PKI. Audun Jøsang

ICS 180 May 4th, Guest Lecturer: Einar Mykletun

SCION: PKI Overview. Adrian Perrig Network Security Group, ETH Zürich

DoD Common Access Card Authentication. Feature Description

SSL Certificates Certificate Policy (CP)

Introduction to SSL. Copyright 2005 by Sericon Technology Inc.

Certificate implementation The good, the bad, and the ugly

Grid Computing Fall 2005 Lecture 16: Grid Security. Gabrielle Allen

Configuring SSL CHAPTER

and Web Security

Certificates, Trust & PKI. Certificates, Trust & PKI. Brian A. LaMacchia.

Acknowledgments. CSE565: Computer Security Lectures 16 & 17 Authentication & Applications

Person determining CPS suitability for the policy CPS approval procedures 1.6. DEFINITIONS AND ACRONYMS

Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1

Request for Comments: 2459 Category: Standards Track VeriSign W. Polk NIST D. Solo Citicorp January 1999

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

X.509 Certificate and Certificate Revocation List (CRL) Extensions Profile for Personal Identity Verification Interoperable (PIV-I) Cards

Introduction to Cryptography Lecture 10

The Information Technology (Certifying Authority) Regulations, 2001

Transcription:

Public Key Infrastructures Using PKC to solve network security problems

Distributing public keys P keys allow parties to share secrets over unprotected channels Extremely useful in an open network: Parties are not under a single manager Symmetric keys cannot be shared beforehand How to distribute public keys? Not a problem of secrecy (symmetric key) A problem of legitimacy (identity binding)

Certification Public keys must be certified, i.e., an authenticated statement like Public key PA belongs to user A must be made by a trusted party. A Public Key Infrastructure defines: The set of trusted parties or a mechanism to infer trust An authentication/certification algorithm

Monopoly Model A central Certification Authority (CA) is: universally trusted its public key is known to all The central CA signs all public key certificates, or delegates its powers: to lower level CAs: Certificate chaining to registration authorities (RAs): single cert. This is a flat trust model.

Olygarchy The X.509 PKI is olygarchic. A number of root CAs is known in advance User discretion is an afterthought; multiple points of failure Certificate chaining is supported Web browsers support olygarchic PKIs.

Certificate Revocation As the trusted parties multiply, so does the possibility of having to revoke trust Private key of user compromised: Revocation of user certificate Publication of revoked certificates: Certificate revocation lists, or CRLs. Private key of trusted party compromised: Update of CA s public key Re-certification of existing certificates? Timestamping?

Anarchy model PGP: Each user is fully responsible for deciding its trust anchors (roots). Practical for individual communication Put your public key in your e-mail signature or website Call user to verify PK fingerprint Impractical for automated trust inference How to decide that a certificate chain is trustworthy?

PGP: Details PGP Identity - Name and e-mail address associated with a key. PGP Public key ring - a local file/database of keys. Should have all keys that the user plans to correspond with, and any keys that have signed the user's public key. PGP key server - a networked repository for storing, retrieving, and searching for public keys. Key servers can use a few standardized protocols, among them LDAP, HTTP, and SMTP as public interfaces. A PGP key server is basically a centralized networked PGP public key ring. Public key fingerprint - A uniquely identifying string of numbers and characters used to identify public keys. This is the primary means for checking the authenticity of a key.

Constrained Naming PKIs Assumptions: X.509 and other oligarchic PKIs cannot handle a very complex world without becoming very complex themselves Many certification needs are inherently local Local certification and local naming uniqueness can be maintained with minimal effort Global naming conventions exist (e.g.: DNS) If public keys need global certification, then rely on relationships to infer trust

Top-Down Constrained Naming Similar to olygarchic/monopoly model model, but delegation takes place with domain name constraints: /.com.edu.uk.microsoft.com.fsu.edu.co.uk.amazon.co.uk

Bottom-Up Constrained Naming Each organization creates an independent PKI and then link to others: Top-down links: Parent certifies child Bottom-up links: Child attests parent Cross-links: A node certifies another node To certify a node N: 1. Start from your trust anchor: if it is also an ancestor to N, just verify the delegation chain 2. If (1) fails, query your trust anchor for a cross-link to an ancestor of N 3. Else repeat using the parent of your trust anchor.

Example.edu.com.edu/.fsu.edu/.fsu/.cs.edu/.fsu/.math.com/.apple.com/.symantech.edu/.fsu/.cs/.diablo.edu/.fsu/.cs/.192.x.com/.symantech/.nav

Advantages of constrained naming PKIs Simple and flexible Locally deployable Compartmentalized trust Easy to replace keys at local levels Lightweight and fast revocation Non-monopolistic, open architecture PKIX/X.509 (oligarchic) has recognized the advantages of constrained naming, and support it though the NameConstraints field.

Relative names Aliases, shorthand forms or non-global names that are locally understood: Parent may refer to each child simply the part of the child s name that extends of its own name Child refers to parent simply as parent Think of how file systems work Cross links can use global names (absolute paths) or relative names SPKI certificates support relative names

Certificate revocation CRLs: Signed, time-stamped list of all revoked certificates Cost to generate and verify a CRL is proportional to the number of all revoked certificates Δ CRLs: Publish only changes from a latest full CRL OLRS (On-line Revocation Server) Affirmation of valid certificates

Other issues Directories A standardized mechanism for querying names is required for some PKIs (e.g. constrained names) E.g.: DNS directory service Should a certification record be stored with the issuer or subject of the certification? Certificate chaining: To certify Alice -- start with Alice s name and go up (forward building) or with our trust anchor and down (reverse building)?

X.509 The IETF chose to use X.500 naming standards for certificates C=US, O=Sun, OU=Java, CN=java.sun.com Browsers know websites by DNS names, not X.500 names Initial browser implementations did not check CN. Today, DNS names are included either in CN or in SubjectAltName field Rationale: DNS does not support certificate lookup

X509 + PKIX Certificates Version AlgorithmIdentifier SerialNumber Encrypted Signature Extensions Issuer Validity Subject SubjectPublicKeyInfo IssuerUniqueIdentifier AuthorityKeyIdentifier SubjectKeyIdentifier KeyUsage CertificatePolicies PolicyMappings NameConstraints SubjectUniqueIdentifier...

X.509 PKIX Working Group (established 1995) Goal: develop Internet standards needed to support an X.509- based PKI: RFC 2459, profiled X.509 version 3 certificates and version 2 CRLs for use in the Internet. Profiles for the use of Attribute Certificates (RFC XXXX [pending]) LDAP v2 for certificate and CRL storage (RFC 2587) X.509 Public Key Infrastructure Qualified Certificates Profile (RFC 3039) Internet X.509 Public Key Infrastructure Certificate Policy and certification Practices Framework (RFC 2527 - Informational)

X.509 Certificate Management Protocol (CMP: RFC 2510) Online Certificate Status Protocol (OCSP: RFC 2560) Certificate Management Request Format (CRMF: RFC 2511) Time-Stamp Protocol (RFC 3161) Certificate Management Messages over CMS (RFC 2797) Internet X.509 Public Key Infrastructure Time Stamp Protocols (RFC 3161) Use of FTP and HTTP for transport of PKI operations (RFC 2585)

Using capabilities for access control ACLs store permissions (read, write, execute, append, etc.) on the object Easy to decide who has access to an object Hard to revoke subjects Capabilities-based systems store capabilities on the subject Hard to decide who has access to an object Easy to revoke or add capabilities to a subject Role-based access control

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback