Printable Certificate of Authenticity - PowerPoint

Document Sample
Printable Certificate of Authenticity - PowerPoint Powered By Docstoc
					Certificate Systems,
Public Key Infrastructures
and E-mail Security

Encryption using Public
Key Cryptography

           Distributed Systems   2
Digital Signature using
Public Key Cryptography

           Distributed Systems   3
Public Key Distribution

Finding out correct public key of an entity
Possible attacks
  name spoofing: a person can identify himself
   using a bogus name
  denial of service: the legitimate user cannot
   decrypt messages sent to him

                   Distributed Systems         4
Public Key Distribution

Face to face public key exchange
  most primitive, but secure method
  not convenient
Public announcement
  via newsgroups, web pages, etc.
  subject to forgeries
  hard to determine the liar

                  Distributed Systems   5
Public Key Distribution

Diffie - Hellman (1976) proposed the
 “public file” concept
  public-key directory
  commonly accessible
    should be online always
  no unauthorized modification
  secure and authenticated communication
   between directory and user is a must

                   Distributed Systems      6
Public Key Distribution

Popek - Kline (1979) proposed “trusted
 Public Key Authorities”
  Public key authorities know public keys of the
   entities and distribute them on-demand basis
  on-line protocol (disadvantage)

                   Distributed Systems          7
Public Key Distribution

           Distributed Systems   8

Kohnfelder (1978) proposed “certificates”
 as yet another public-key distribution
Binding between the public-key and its
Issued (digitally signed) by the Certificate
 Authority (CA)
Off-line process
                  Distributed Systems           9

Certificates are verified by the verifiers to
 find out correct public key of the target
In order to verify a certificate, the verifier
  must know the public key of the CA
  must trust the CA
Certificate verification is the verification of
 the signature on certificate
                   Distributed Systems         10
  CA                                          Certified Entity

   Albert                                      Albert


               Distributed Systems                         11

               Distributed Systems   12
Issues Related Certificates

CA certification policies (Certificate
 Practice Statement)
  how reliable is the CA?
  certification policies describe the
   methodology of certificate issuance
  ID-control practices
     loose control: only email address
     tight control: apply in person and submit picture
      IDs and/or hard documentation
                      Distributed Systems                 13
Issues Related Certificates

  verifiers must trust CAs
  CAs need not trust the certified entities
  certified entity need not trust its CA, unless it
   is not the verifier
What is “trust” in certification systems?
  Answer to the question: “How correct is the
   certificate information?”
  related to certification policies
                    Distributed Systems            14
Issues Related Certificates
Certificate types
  ID certificates (for authentication)
     discussed here
  authorization certificates
     no identity
     binding between public key and authorization info
Certificate storage and distribution
  along with a signed message
  distributed directories
  centralized databases
                       Distributed Systems           15
Issues Related Certificates
Certificate Revocation
  certificates have lifetimes, but they may be
   revoked before the expiration time
    certificate holder key compromise/lost
    CA key compromise
    end of contract (e.g. certificates for employees)
  Certificate Revocation Lists (CRLs) hold the
   list of certificates that are not expired but
                     Distributed Systems                 16
Real World Analogies

Is a certificate an “electronic identity”?
  a certificate is a binding between an identity
   and a key, not a binding between an identity
   and a real person
  one must submit its certificate to identify
   itself, but submission is not sufficient, the key
   must be used in a protocol
  anyone can submit someone else’s certificate
                    Distributed Systems            17
Real World Analogies

Result: Certificates are not picture IDs
So, what is the real world analogy for
  Endorsed document/card that serves as a
   binding between the identity and signature
  for example, “credit-cards”

                  Distributed Systems           18
Public Key Infrastructure

PKI is a complete system and defined
 mechanisms for certificates
  certificate   issuance
  certificate   revocation
  certificate   storage
  certificate   distribution

                      Distributed Systems   19
Business Practice: Issue certificates and
 make money
  several CAs
Several CAs are also necessary due to
 political, geographical and trust reasons
3 interconnection models
  cross certificates
                   Distributed Systems       20
Hierarchical PKI Example

   Root CA

  Upper level CAs


 End users

                    Distributed Systems   21
Cross Certificate Based
PKI Example


  End users

              Cross certificates

                       Distributed Systems   22
Hybrid PKI example

          Distributed Systems   23
Certificate Paths

           Distributed Systems   24
Certificate Paths

        Verifier must know public key
         of the first CA
        Other public keys are found
         out one by one
        All CAs on the path must be
         trusted by the verifier

             Distributed Systems     25
Certificate Paths with
Reverse Certificates

       Reverse certificates

                Distributed Systems   26
Organization-wide PKI

Local PKI for organizations
  may have global connections, but the
   registration facilities remain local
  easy to operate
  less managerial difficulties

                  Distributed Systems     27
Organization-wide PKI
                                           PKI Server

                                 CP (CA)
                                                            Databases / Directories


Registration Authority             RA                            CD                   Certificate

                                               PKI Client

                         Architecture of a typical organization-wide PKI

                                        Distributed Systems                                          28
Hosted vs. Standalone PKI

Hosted PKI
  PKI vendor acts as CA
  PKI owner is the RA
Standalone PKI
  PKI owner is both RA and CA

                  Distributed Systems   29
Hosted vs. Standalone PKI

                     Advantages of hosted PKI over standalone PKI
Standalone PKI                              Hosted PKI
Organization has to have a secure server Organization does not need to run a secure
for certificate issuance and processing.    server for certificate processing.
Organization must issue cross certificates PKI provider (host) already has such
or has to have some other arrangements for arrangements. Organization does not have
universal connection of its PKI. Otherwise, to worry about worldwide visibility of its
the PKI remains local.                      PKI.
More administrative work for organization. Less administrative work for organization.

                                  Distributed Systems                               30
Hosted vs. Standalone PKI

                    Disadvantages of hosted PKI over standalone PKI
 Standalone PKI                               Hosted PKI
 No continuous dependency on the PKI Continuous dependency on the PKI vendor
 vendor. Organization does not have to pay (host). The organization must pay regular
 periodic fees.                               fees to the host based on the certificate
 Security of the PKI is in the organization’s Although the organization is responsible
 hands.                                       for the security of its PKI, they are
                                              dependent on the host’s security.
 Ultimate trust to host is indispensable.     Organization does not have to trust the PKI
                                              vendor as different than its other software
 The only user of the private key is the Private key is being used by the host for
 organization itself.                         certificate issuance.

                                  Distributed Systems                                  31
ITU standard
ISO 9495-2 is the equivalent ISO standard
Defines certificate structure, not PKI
Also defines authentication protocols
Identity certificates
Supports both hierarchical model and
 cross certificates
End users cannot be CAs
                 Distributed Systems     32
X.509 Certificate Format

           Distributed Systems   33
X.509v3 Extensions

Alternative names
Policy Identifiers
  Trust issue
Restrictions based one
  path length
  policy identifiers
No blind trust to CAs
                    Distributed Systems   34
Some X.509 based PKIs
Privacy Enhanced Mail (PEM)
  hierarchical, no cross certificates
  first but discontinued
Secure Electronic Transaction
  PKI for electronic payment
  secure but not widely deployed
  general purpose X.509 based PKI
                    Distributed Systems   35

Security extension to DNS
Not X.509 based, but hierarchical (uses
 existing DNS topology)
  authentication of domain information
  storage and distribution of certificates
Good and practical system
                    Distributed Systems       36
SSL (Secure Socket Layer)
Security layer over TCP/IP
mostly for HTTP connections
encrypted and authenticated sessions
 between web servers and web browsers
Not a perfect solution, but a convenient

                Distributed Systems         37
SSL (Secure Socket Layer)

Certificate based systems
  web servers must have certificate
  client certificate is optional
CA certificates are embedded in browsers
You trust them (by default), because
 browser company says so !
The worst, but the most practical !!!

                  Distributed Systems   38
Using SSL for HTTP

By using SSL we can
  make sure about the server’s name
   (assuming the CA of the server is trusted)
  make sure that nobody can see the traffic
   between client and server

                       Distributed Systems      39
Using SSL for HTTP

By using SSL we can NOT
  provide perfect privacy
    server sees all information that client provides
    important in e-payment: merchant sees the the
     card number and name
  provide non-repudiation
    both parties knows the session key
    in e-payment: charge-back cost for merchant’s

                    Distributed Systems                 40
PGP (Pretty Good Privacy)

Effort of Phil Zimmermann
Strong cryptography
  free of government control
Has not started as a standardization effort
Controversial international version
Most widely used security software
Unique certificate and PKI

                  Distributed Systems      41
PGP (Pretty Good Privacy)

Free personal use
Source code available
  very important for “paranoids”
Multi-platform software
Basically “file” encryption/signing software
Now it has plug-ins for some E-mail client

                  Distributed Systems       42
PGP Cryptographic Functions

H : Hash Function           KR: Private Key
EP: Public key Encryption   DP: Public key Decryption
Z: Compression using Zip    KU: Public Key

                              Distributed Systems       43
PGP Cryptographic Functions

 H : Hash Function            KR: Private Key         Ks: Session Key (Conventional key)
 EP: Public key Encryption    DP: Public key Decryption
 EC: Private key Encryption   DC: Private-key decryption
 Z: Compression using Zip     KU: Public Key

                                Distributed Systems                                    44
PGP Cryptographic Functions

 H : Hash Function            KR: Private Key         Ks: Session Key (Conventional key)
 EP: Public key Encryption    DP: Public key Decryption
 EC: Private key Encryption   DC: Private-key decryption
 Z: Compression using Zip     KU: Public Key

                                Distributed Systems                                    45
Encoding in PGP

Binary data must be encoded for e-mail
Radix-64 conversion
  binary data is grouped 6-bit by 6-bit
  each 6-bit group is converted to a printable
   ASCII character (table look-up)
  inflates the data 33%
  Radix-64 applied to after encryption/signing
                   Distributed Systems            46
General PGP Message Format

          Distributed Systems   47
Key Management in PGP

Public keys are not attached to messages
Instead Public key identifiers are put in
Recipient should know/find out sender’s
  personal exchange
  PGP public key servers
    do not trust the authenticity of the keys there

                     Distributed Systems               48
Key Management in PGP

2 local “Key Rings”
  private key ring
    to keep your private keys
  public key ring
    to keep yours and other people’s public keys

                     Distributed Systems            49
Private Key Ring

Private-key Ring is a table for the private
Private keys are stored in encrypted form
  Encryption key is derived from passphrase
The keys in private-key ring are ultimately
Question: How can we determine whether
 or not correct passphrase is entered?
                  Distributed Systems          50
Public-key Ring

Table for locally known public keys
Also contains trust information
  PGP user specifies his/her trusted CAs
    two levels of trusts to CAs
  being in public-key ring does not mean its
    a public-key signed by a key in private-key ring is
    otherwise CAs signatures are checked
       • complicated scheme
                       Distributed Systems                 51
Public-key Ring

           Distributed Systems   52

Global public-key ring
PKI from scratch
Public-keys are certificates are posted in
 public-key servers
Thousands of users
No boss, no governing body

                  Distributed Systems         53

Everybody is end user, everybody is CA

                Distributed Systems       54

A standard way for email encryption and
IETF standard
Industry support
  commercial reasons
Not a standalone software, a system that
 is to be supported by email clients

                 Distributed Systems        55
History of E-mail
RFC 822
  only ASCII messages
MIME (Multipurpose Internet Mail
  content type
    Almost any of information can appear in an email
S/MIME: Secure MIME
    new content types, like signature, encrypted data
                    Distributed Systems              56

General functionality is similar to PGP
  digital signature
     the hash of message is signed
  encrypted data (enveloped data)
     a conventional session key is used to encrypt the
     that key is encrypted by the recipient’s public key
The difference between S/MIME and PGP
 is certificate management
                      Distributed Systems               57
Certificate Management in

CA-centered system like SSL
An ordinary user is not aware of the CAs
 that he/she trusts
CA certificates come with the client
Certificates are sent along with the signed
 messages in S/MIME (unlike PGP)

                 Distributed Systems       58
Certificate Management in

One should get a certificate from a CA in
 order to send signed messages
Verisign Certificates
  Class 1
             Increased           Harder to
  Class 2   Security            issue
  Class 3

                  Distributed Systems        59
What’s Wrong?

Loose control for Class 1 certificates for
 commercial reasons
  market share
The system becomes less secure for the
 name of security

                  Distributed Systems         60
What should be done?

Class 1 certificates must be discontinued
All certificate must be issued with a
 personal presence requirement or by the
 approval of trusted registration authorities

                  Distributed Systems       61
Discussion on Personal
Certificates (SSL)

Certificates ruin your privacy
Do you really need a certificate?
  Do you want to get caught when you are at
   a specific website?
  Do you want spammers to get your email
  Do you want companies to learn your

                  Distributed Systems          62
Discussion on Personal
Certificates (S/MIME)

There is no wide use of certificates
Only few email clients are supporting
Interoperability problems among the
 email client programs

                 Distributed Systems     63

Description: Printable Certificate of Authenticity document sample