phillips rmc ca courses milis lectures by alicejenny

VIEWS: 5 PAGES: 41

									                       Public Key Cryptology and PKI
Military Information



                                  AMS I-3.1.2 Fall 2004




                                    Greg Phillips
                                greg.phillips@rmc.ca
                             Royal Military College of Canada
Systems




                           Electrical and Computer Engineering



                                            Except as otherwise noted, this presentation is
                                             released under a Creative Commons License.
                 Overview and today’s class
                  classical and modern cryptology
                  public key cryptology and public key
                   infrastructure
Military Information



                           introduction to public key cryptography
                           example: RSA
                           uses for public key cryptosystems
                           public key distribution
                              attacks
                              public key infrastructure
                      computer security (COMPUSEC)
Systems




                      network security (NETSEC)
                      assurance
                      computer security demonstration
                 The Secret Key Weakness

                       K K K            K K K
Military Information



                        Alice            Bob




                                Carol
Systems




                                K K K
  Secret Key            Public Key
Cryptosystems         Cryptosystems
   plaintext            plaintext

 DES encipher          Pu encipher     Pu
                DES
  ciphertext    key     ciphertext

 DES decipher          Pr decipher      Pr

   plaintext            plaintext
                             Public and private keys must be
                             related; however, it must be
                             computationally infeasible to
                             derive a private key, given a
                             public one.
                 Public Key Cryptosystems

                        PrAlice             PrBob
Military Information



                        Alice               Bob


                                               Public Key Directory

                                  Carol        Alice        PuAlice
                                               Bob          Pubob
Systems




                                               Carol        PuCarol
                                  PrCarol
                 A Comparison

                                     secret key public key
Military Information



                       copies/secret    many        one
                       secrets/user     many        one
                       scalability       fair      good
                       speed            good        fair


                        It is possible to combine public key and private
Systems




                         key cryptosystems in a “hybrid” approach that
                       has the benefits of both. Idea: use the public key
                       part of the system to exchange private keys; use
                        the private keys to encrypt the message traffic.
                 System Requirements

                        plaintext
Military Information



                                     Public
                       Pu encipher    key

                                               Given all the information in
                       ciphertext              the green area, computing
                                               either another plaintext or
                                     Private   the private key must be
                       Pr decipher     key     prohibitively difficult.
Systems




                                               At the same time, it must be
                        plaintext              reasonably efficient to
                                               • generate key pairs,
                                               • encipher, and
                                               • decipher.
                 Trap-door one-way functions
                  a one-way function f derives from a “hard”
                   mathematical problem whose inverse is “easy”
                        i.e., f : X Y is hard, f -1: Y X is easy
Military Information



                  like… factoring large numbers (used in RSA)
                        teeny-weeny example:
                             find the factors of 29,083 [relatively hard]
                             multiply 127 by 229 [relatively easy]
                  a trap-door one-way function t is derived from
                   a one way function f such that t(f, e) and t--1(f
                   -1, n) are both easy, but t--1(f -1) is as hard as
                   f-1 and finding n from e is also as hard as f-1
Systems




                        translation: encryption and decryption are both
                         easy if you know the public and private keys, but
                         decryption without the private key is hard, and
                         finding the private key from the public key is hard
                 RSA Key Generation
                  choose two large primes, p and q, and another number
                       E
                  calculate n = pq
Military Information



                  public key is (n, E)
                  private key is D, the multiplicative inverse of E taken
                   mod (p-1)(q-1) , that is,
                   ED mod (p-1)(q-1)=1
                  example:
                            choose p =5, q = 11, E = 3
                            calculate n = 55, public key is (55, 3)
                            D is 27 since (3)(27)mod(40)=1
Systems




                  there is an efficient algorithm for calculating D given
                   any p, q and E, but finding p and q from n is the
                   mathematically hard problem
                 RSA Encryption
                  public key is (n, E)
                  break the plaintext into binary numbers mi,
                   such that each mi < n
Military Information



                  calculate the ciphertext ci corresponding to mi

                                     ci = miE mod n

                  Example: mi = 4, public key is (55, 3)

                                 ci = 43 mod 55
Systems




                                 ci = 64 mod 55
                                      ci = 9
                 RSA Decryption
                  public key is (n, E), private key is D
                  calculate the plaintext mi corresponding to each
                       ci
Military Information




                                     mi = ciD mod n

                  example: ci = 9, public key is (55, 3), private
                   key is 27
Systems




                                    mi = 927 mod 55
                       mi = 58149737003040059690390169 mod 55
                                         mi = 4
                 Reversibility
                  most public-key cryptosystems have a
                   reversible form, that is
                        information encrypted with the public key
Military Information



                         can be decrypted with the private key, and
                            used for confidentiality
                        information encrypted with the private key
                         can be decrypted with the public key
                            used for digital signatures
                  usually the two directions require slight
Systems




                   variations of the base algorithm
                 Keys
                  really big numbers
                  work with cryptographic algorithms to
                   produce specific ciphertext
Military Information




                  the bigger the key, the more secure is
                   the ciphertext for a given algorithm
                  public key size and secret key size
                   cannot be directly compared, without
                   reference to specific algorithms
Systems




                        80 bit AES ~= 1024 bit RSA
                 Potential Services
                  security between strangers
                  encryption
                  digital signature
Military Information




                  data integrity
                  key establishment
                        exchange of secret key
Systems
                 Authentication - Digital Signature
Military Information




                       • takes variable-length
                       input and produces a
                       fixed-length output; say,
                       160-bits
                       • if the input is changed
                       even by just one bit, a
                       radically different output
Systems




                       value is produced
                 Digital Signature Verification
Military Information
Systems
                 Hybrid Systems (Digital Envelopes)
                                              •Faster
                                encrypt       •Handles distribution lists
                                 using
                               DES-style
Military Information



                   Original      crypto    Encrypted
                   Message                  Message

                                                         “Enveloped”
                                                           Message

                   DES-style               Encrypted
Systems




                     Key       encrypt
                                              Key
                                using
                                public
                                 key
                 Assumptions
                  implicit to this point is that Bob has an
                   identity that is known and understood
                   by Alice
Military Information




                  Alice must be able to associate a public
                   key unambiguously and correctly
                   with Bob
                  Alice must be capable of retrieving Bob’s
                   key from a public repository
Systems
                 Public-Key Cryptosystem

                                   Public
                                   Keys
Military Information




                Alice’s                     Bob’s
              Private Key                   Private
                                             Key
Systems
                 “Man in the middle” attack

                                     Public
                                     Keys
Military Information
Systems
                       Digital Certificates
                  a certificate is some information “signed”
                   by some authority
                          often the signed information is a public key
Military Information



                          i.e. A Public Key Certificate (PKC)
                  a certificate is a stamp of approval from
                   some other trusted individual
                  if we can trust some entity to establish
                   the relationship between an individual’s
                   identity and his/her pubic key we can
Systems




                   solve the man-in-the-middle problem
                  We need to trust at least one key
                          but, we only need to really trust one key
                       Certification Authority (CA)
                  an authority trusted with establishing the
                   link between an individual’s identification
Military Information



                   credentials and a public key
                          in accordance with some policy
                  digitally signs public-key certificate
                  ITU Standard X.509 provides a public key
                   certificate standard
Systems
                 Certificate Repository
                  Directory Server Agent (DSA)
                        this is a certificate repository
                  solves problem of making certificates
Military Information




                   available
                  on-line server, like a phone directory or
                   the internet Domain Name System (DNS)
                        e.g. ITU Standard X.500 directory service
                  we have to consider the revocation of
Systems




                   certificates that become invalid
                        Certificate Revocation Lists (CRLs)
                 Certification Authority

                                    Directory
                                   Server Agent
Military Information



                                                  Public Key
                                                  Certificate
                   Certification                  Repository
                    Authority
Systems
                 Other issues
                  revocation
                        certificates may be revoked; must have way to tell
                  key backup
                        keys can be lost; must have fallback
Military Information



                  key update
                        keys typically have finite life; must be “refreshed”
                  key history
                        important for data recovery
                             decrypt message from Alice from two years ago…
                  non-repudiation
                        prevents sender from denying responsibility
                             digital signature plus authenticated time stamping
                  trust
Systems




                        must trust certification authority
                             if dealing across organizational boundaries, may have to have
                              a network of trust established
                        Next class:
                       COMPUSEC
Military Information
Systems




                             Except as otherwise noted, this presentation is
                              released under a Creative Commons License.
                 Functional PKI may contain
                  Certification Authority
                  Certificate Repository
                  Certificate Revocation
Military Information




                  Key Backup and Recovery
                  Automatic Key Update
                  Key History
                  Cross-Certification
                  Support for Non-Repudiation
Systems




                  Time Stamping
                  Client Software
                 Certificate Revocation
                  when binding of key needs to be broken
                        identity change
                        suspected security compromise
Military Information




                  user population needs to be aware
                  unless certificates are for one time use
                   only revocation check is required
                  CRLs are held on the DSA
Systems
                 Key Backup and Recovery
                  loss of private key
                        forgotten passwords
                        destruction of medium holding key
Military Information




                  backup and recovery of private
                   decryption keys but not signing keys
Systems
                 Automatic Key Update
                  certificate has finite lifetime
                        theoretical reasons
                        practical estimations
Military Information




                  automatic seamless update of certificate
                   is preferred
                        reduces burden on user to set-up
Systems
                 Key History
                  multiple old certificates and at least one
                   current certificate exist
                  important for data recovery
Military Information




                  automatic seamless implementation is
                   preferred
Systems
                 Support for Non-Repudiation
                  users perform actions intended to be
                   irrevocably associated with their identity
                   (Digital signature)
Military Information




                  for business to run normally users cannot
                   arbitrarily break this association at any
                   time in the future
                  must not be able to deny that the
                   signature really came from owner
Systems




                  this the property known as non-
                   repudiation
                 Time Stamping
                  one of the critical elements in the support
                   of non-repudiation services is the use of
                   secure time stamping, from a trusted
Military Information




                   time source
                  the authoritative source of time for a PKI
                   could be implemented by a secure time
                   stamping server whose certificate is
                   verifiable by the community of PKI users.
Systems
                 Client Software
                  a PKI may be viewed as a collection of servers
                   that will do the following:
                        the CA will provide certification services
Military Information



                        the repository will hold certificates and revocation
                         information
                        the backup and recovery server will enable the
                         proper management of key histories
                        the time stamp server will associate authoritative
                         time information with documents
                  thus client software will need to exist to access
Systems




                   and implement these services correctly, it exists
                   outside every application
                 Cross-Certification
                  not likely that a single global PKI will exist
                  likely that some will need to be
                   interconnected
Military Information




                  need to form trust relationships between
                   formerly unrelated PKIs

                  cross-certification enables users of one
Systems




                   PKI community to validate the certificates
                   of users in another PKI community
                       Validity and Trust
                  validity is confidence that a public key
                   certificate belongs to its purported owner.
                   Validity is essential in a public key
Military Information




                   environment where you must constantly
                   establish whether or not a particular
                   certificate is authentic.
                  You validate certificates. You trust
                   people. More specifically you trust people
Systems




                   to validate certificates for you. You trust
                   the CA to establish certificate validity.
                       Trust Models

                  Direct Trust
Military Information



                  Hierarchical trust

                  Distributed trust

                  User Centric trust
Systems
Military Information
Systems
                       Direct Trust
Military Information
Systems
                       User Centric Trust
Military Information
Systems                Hierarchical Trust
Military Information
Systems
                       Distributed Trust

								
To top