phillips rmc ca courses milis lectures by alicejenny


									                       Public Key Cryptology and PKI
Military Information

                                  AMS I-3.1.2 Fall 2004

                                    Greg Phillips
                             Royal Military College of Canada

                           Electrical and Computer Engineering

                                            Except as otherwise noted, this presentation is
                                             released under a Creative Commons License.
                 Overview and today’s class
                  classical and modern cryptology
                  public key cryptology and public key
Military Information

                           introduction to public key cryptography
                           example: RSA
                           uses for public key cryptosystems
                           public key distribution
                              attacks
                              public key infrastructure
                      computer security (COMPUSEC)

                      network security (NETSEC)
                      assurance
                      computer security demonstration
                 The Secret Key Weakness

                       K K K            K K K
Military Information

                        Alice            Bob


                                K K K
  Secret Key            Public Key
Cryptosystems         Cryptosystems
   plaintext            plaintext

 DES encipher          Pu encipher     Pu
  ciphertext    key     ciphertext

 DES decipher          Pr decipher      Pr

   plaintext            plaintext
                             Public and private keys must be
                             related; however, it must be
                             computationally infeasible to
                             derive a private key, given a
                             public one.
                 Public Key Cryptosystems

                        PrAlice             PrBob
Military Information

                        Alice               Bob

                                               Public Key Directory

                                  Carol        Alice        PuAlice
                                               Bob          Pubob

                                               Carol        PuCarol
                 A Comparison

                                     secret key public key
Military Information

                       copies/secret    many        one
                       secrets/user     many        one
                       scalability       fair      good
                       speed            good        fair

                        It is possible to combine public key and private

                         key cryptosystems in a “hybrid” approach that
                       has the benefits of both. Idea: use the public key
                       part of the system to exchange private keys; use
                        the private keys to encrypt the message traffic.
                 System Requirements

Military Information

                       Pu encipher    key

                                               Given all the information in
                       ciphertext              the green area, computing
                                               either another plaintext or
                                     Private   the private key must be
                       Pr decipher     key     prohibitively difficult.

                                               At the same time, it must be
                        plaintext              reasonably efficient to
                                               • generate key pairs,
                                               • encipher, and
                                               • decipher.
                 Trap-door one-way functions
                  a one-way function f derives from a “hard”
                   mathematical problem whose inverse is “easy”
                        i.e., f : X Y is hard, f -1: Y X is easy
Military Information

                  like… factoring large numbers (used in RSA)
                        teeny-weeny example:
                             find the factors of 29,083 [relatively hard]
                             multiply 127 by 229 [relatively easy]
                  a trap-door one-way function t is derived from
                   a one way function f such that t(f, e) and t--1(f
                   -1, n) are both easy, but t--1(f -1) is as hard as
                   f-1 and finding n from e is also as hard as f-1

                        translation: encryption and decryption are both
                         easy if you know the public and private keys, but
                         decryption without the private key is hard, and
                         finding the private key from the public key is hard
                 RSA Key Generation
                  choose two large primes, p and q, and another number
                  calculate n = pq
Military Information

                  public key is (n, E)
                  private key is D, the multiplicative inverse of E taken
                   mod (p-1)(q-1) , that is,
                   ED mod (p-1)(q-1)=1
                  example:
                            choose p =5, q = 11, E = 3
                            calculate n = 55, public key is (55, 3)
                            D is 27 since (3)(27)mod(40)=1

                  there is an efficient algorithm for calculating D given
                   any p, q and E, but finding p and q from n is the
                   mathematically hard problem
                 RSA Encryption
                  public key is (n, E)
                  break the plaintext into binary numbers mi,
                   such that each mi < n
Military Information

                  calculate the ciphertext ci corresponding to mi

                                     ci = miE mod n

                  Example: mi = 4, public key is (55, 3)

                                 ci = 43 mod 55

                                 ci = 64 mod 55
                                      ci = 9
                 RSA Decryption
                  public key is (n, E), private key is D
                  calculate the plaintext mi corresponding to each
Military Information

                                     mi = ciD mod n

                  example: ci = 9, public key is (55, 3), private
                   key is 27

                                    mi = 927 mod 55
                       mi = 58149737003040059690390169 mod 55
                                         mi = 4
                  most public-key cryptosystems have a
                   reversible form, that is
                        information encrypted with the public key
Military Information

                         can be decrypted with the private key, and
                            used for confidentiality
                        information encrypted with the private key
                         can be decrypted with the public key
                            used for digital signatures
                  usually the two directions require slight

                   variations of the base algorithm
                  really big numbers
                  work with cryptographic algorithms to
                   produce specific ciphertext
Military Information

                  the bigger the key, the more secure is
                   the ciphertext for a given algorithm
                  public key size and secret key size
                   cannot be directly compared, without
                   reference to specific algorithms

                        80 bit AES ~= 1024 bit RSA
                 Potential Services
                  security between strangers
                  encryption
                  digital signature
Military Information

                  data integrity
                  key establishment
                        exchange of secret key
                 Authentication - Digital Signature
Military Information

                       • takes variable-length
                       input and produces a
                       fixed-length output; say,
                       • if the input is changed
                       even by just one bit, a
                       radically different output

                       value is produced
                 Digital Signature Verification
Military Information
                 Hybrid Systems (Digital Envelopes)
                                encrypt       •Handles distribution lists
Military Information

                   Original      crypto    Encrypted
                   Message                  Message


                   DES-style               Encrypted

                     Key       encrypt
                  implicit to this point is that Bob has an
                   identity that is known and understood
                   by Alice
Military Information

                  Alice must be able to associate a public
                   key unambiguously and correctly
                   with Bob
                  Alice must be capable of retrieving Bob’s
                   key from a public repository
                 Public-Key Cryptosystem

Military Information

                Alice’s                     Bob’s
              Private Key                   Private
                 “Man in the middle” attack

Military Information
                       Digital Certificates
                  a certificate is some information “signed”
                   by some authority
                          often the signed information is a public key
Military Information

                          i.e. A Public Key Certificate (PKC)
                  a certificate is a stamp of approval from
                   some other trusted individual
                  if we can trust some entity to establish
                   the relationship between an individual’s
                   identity and his/her pubic key we can

                   solve the man-in-the-middle problem
                  We need to trust at least one key
                          but, we only need to really trust one key
                       Certification Authority (CA)
                  an authority trusted with establishing the
                   link between an individual’s identification
Military Information

                   credentials and a public key
                          in accordance with some policy
                  digitally signs public-key certificate
                  ITU Standard X.509 provides a public key
                   certificate standard
                 Certificate Repository
                  Directory Server Agent (DSA)
                        this is a certificate repository
                  solves problem of making certificates
Military Information

                  on-line server, like a phone directory or
                   the internet Domain Name System (DNS)
                        e.g. ITU Standard X.500 directory service
                  we have to consider the revocation of

                   certificates that become invalid
                        Certificate Revocation Lists (CRLs)
                 Certification Authority

                                   Server Agent
Military Information

                                                  Public Key
                   Certification                  Repository
                 Other issues
                  revocation
                        certificates may be revoked; must have way to tell
                  key backup
                        keys can be lost; must have fallback
Military Information

                  key update
                        keys typically have finite life; must be “refreshed”
                  key history
                        important for data recovery
                             decrypt message from Alice from two years ago…
                  non-repudiation
                        prevents sender from denying responsibility
                             digital signature plus authenticated time stamping
                  trust

                        must trust certification authority
                             if dealing across organizational boundaries, may have to have
                              a network of trust established
                        Next class:
Military Information

                             Except as otherwise noted, this presentation is
                              released under a Creative Commons License.
                 Functional PKI may contain
                  Certification Authority
                  Certificate Repository
                  Certificate Revocation
Military Information

                  Key Backup and Recovery
                  Automatic Key Update
                  Key History
                  Cross-Certification
                  Support for Non-Repudiation

                  Time Stamping
                  Client Software
                 Certificate Revocation
                  when binding of key needs to be broken
                        identity change
                        suspected security compromise
Military Information

                  user population needs to be aware
                  unless certificates are for one time use
                   only revocation check is required
                  CRLs are held on the DSA
                 Key Backup and Recovery
                  loss of private key
                        forgotten passwords
                        destruction of medium holding key
Military Information

                  backup and recovery of private
                   decryption keys but not signing keys
                 Automatic Key Update
                  certificate has finite lifetime
                        theoretical reasons
                        practical estimations
Military Information

                  automatic seamless update of certificate
                   is preferred
                        reduces burden on user to set-up
                 Key History
                  multiple old certificates and at least one
                   current certificate exist
                  important for data recovery
Military Information

                  automatic seamless implementation is
                 Support for Non-Repudiation
                  users perform actions intended to be
                   irrevocably associated with their identity
                   (Digital signature)
Military Information

                  for business to run normally users cannot
                   arbitrarily break this association at any
                   time in the future
                  must not be able to deny that the
                   signature really came from owner

                  this the property known as non-
                 Time Stamping
                  one of the critical elements in the support
                   of non-repudiation services is the use of
                   secure time stamping, from a trusted
Military Information

                   time source
                  the authoritative source of time for a PKI
                   could be implemented by a secure time
                   stamping server whose certificate is
                   verifiable by the community of PKI users.
                 Client Software
                  a PKI may be viewed as a collection of servers
                   that will do the following:
                        the CA will provide certification services
Military Information

                        the repository will hold certificates and revocation
                        the backup and recovery server will enable the
                         proper management of key histories
                        the time stamp server will associate authoritative
                         time information with documents
                  thus client software will need to exist to access

                   and implement these services correctly, it exists
                   outside every application
                  not likely that a single global PKI will exist
                  likely that some will need to be
Military Information

                  need to form trust relationships between
                   formerly unrelated PKIs

                  cross-certification enables users of one

                   PKI community to validate the certificates
                   of users in another PKI community
                       Validity and Trust
                  validity is confidence that a public key
                   certificate belongs to its purported owner.
                   Validity is essential in a public key
Military Information

                   environment where you must constantly
                   establish whether or not a particular
                   certificate is authentic.
                  You validate certificates. You trust
                   people. More specifically you trust people

                   to validate certificates for you. You trust
                   the CA to establish certificate validity.
                       Trust Models

                  Direct Trust
Military Information

                  Hierarchical trust

                  Distributed trust

                  User Centric trust
Military Information
                       Direct Trust
Military Information
                       User Centric Trust
Military Information
Systems                Hierarchical Trust
Military Information
                       Distributed Trust

To top