PKI & Certification Authority 1. Cryptography is not all about security but there is NO global security without it. 2.

PKI & Certification Authority

1

Major Cryptographic Systems

• Secret key Cryptography(Symmetric)

• Public key Cryptography(Asymmetric)

Plaintext Ciphertext PlaintextDecryptionAlgorithm

EncryptionAlgorithm

K1 K2

3

Symmetric, or Secret Key, Cryptography

• Sharing secret keys is– Difficult to get started: Alice needs to go see Bob

before she can send him a secret message.– Hard to scale: If Alice wants to send a message to

Carol, she has to start over with a new secret.– An oxymoron: If Alice and Bob both have the key

is it really secret? Alice has to trust Bob completely

4

Asymmetric, or Public Key, Cryptography

• There are no shared secret keys

• There are lots and lots of public keys– Each person has their own key pair(s), with a

private (really!) key and a public key

• Alice has two burning questions– “Whose key is this anyway?”– “Is this key still valid?”

5

Public key Cryptography:Secrecy

6

Public key Cryptography:Authentication

7

Public key Cryptography:Secrecy& Authentication

8

Symmetric vs. asymmetric cryptography

• Asymmetric cryptography has easier key management

• Why not always use asymmetric cryptography– Slower

– Needs longer keys

9

RSA ALGORITHM

10

Important to Note:

1. Determining whether a large number is prime or composite is easy;

2. Multiplying 2 large numbers together is easy;

3. Factorising a large number which is the product of 2 large primes (i.e. retrieving the original prime factors) is very difficult.

11

Encryption:1.Divide the message into blocks m

where m < n.

2.Compute and send c me (mod n).

Decryption:1.Compute cd m (mod n)

12

Solving a problem

Suppose I have

• a prime number p;

• a number m between 1 and p-1, another number e also between 1 and p-1;

And I compute

• c = me mod p

If I give you c,e and p can you find m?

13

Yes you can if you take the following steps:

1. Find a number d such that e*d=1 mod p-1

2. Compute cd mod p = m

But if the modulus is not a prime number?

14

RSA Key Generation

1. Let p,q be large prime numbers, randomly chosen from the set of all large prime numbers.

2.Compute n = pq.

3.Select e randomly such that gcd(e,(n)=1

4.Compute d e-1 (mod (n)).

5.Publish n and e. Keep p, q and d secret.

15

Key Length

• Typical RSA key length: 1024 bits

• Security about 280 against best methods– comparable to 160-bit ECC, 80-bit symmetric in

terms of operations– … but RSA-breaking methods require much more

memory

16

Implementation Issues

• For key generation need efficient method to generate huge primes

• For encryption and decryption– Efficient modular arithmetic– Efficient exponentiation

17

RSA Performance

The RSA operation involves modular multiplication, which takes time proportional to (log n)2.

Public-key: 2 to 17 multiplications if e has few non-zero bits.

Private-key: 1.5 log n multiplications.Given p,q, four times faster usingthe Chinese Remainder Theorem.

Good public-key speed, fair private-key speed - but good in combination with secret key, message digest.

18

Software Implementation

Pentium III, 700 MHz- 1024-bit RSA

key generation 430 msencryption 0.35 msdecryption 16.8 ms

using CRT and e = 17.

http://www.cpktec.com/performance.html

19

Common Modulus Problem

Users should use a different modulus otherwise

- users can discover each other’s private key

- Possible to fake signatures.

21

Types of Factoring Algorithm

• Special purpose– P and q too close

– P and q too far away

• General Purpose– Does not depend on structure of p and q

– Can work in parallel

– Most powerful technique is NFS used in 1999 to factor 512 bit RSA challenge number.

22

New Attacks on RSA Algorithm

• Quantum Computer– Cryptanalysis in linear time.– Infeasible with current technology.

23

• Shamir, Trommer 2002, 2003

Improvements on NFS

Number of Bits Time Cost

512 10 mins $10K

1024 1 year $10M

24

• Timing Analysis (Paul Kocher 1995)– Encryption of known plaintext may provide leakage of

information.– 512-bit modulus attacked using 2000 plaintext

encryption.– Attack may apply in the case of use of RSA in smart

cards.

• How to avoid Timing Analysis attacks– Use fixed time for encryption process.– Multiply by random blinding factor.

25

Digital Signature vs. Handwritten :

• Features of handwritten signatures: -Is unique to the signer -The signer couldn’t deny it later -No one could generate it• Features of digital signatures: -Depends on the message -Unique to the signer -Easy to generate -Easy to verify - Not to be forged computationally -Could be copied

26

Message MessageDigest

EncryptionFunction

Digital Signature

HashFunction

HashFunction

Private Key

Message

CREATING A DIGITAL SIGNATURE

27

Message

Digest 2Result

DecryptionFunction

Digital Signature

Public Key

Valid Y/N?

VERIFYING A DIGITAL SIGNATURE

Digest 1Result

HashFunction

HashFunction

28

Digital Signature Standards

• 1-DSS

• 2-RSA

• 3-ECDSA(Elliptic Curve Digital signature Algorithm)

29

Digital Signatures in Open Systems

• How do you know that the public key belongs to the other party?

• Is this key still valid?

30

• We know that the only person who can create a valid digital signature is the one who holds the private key.

• But what if someone steals the private key?

31

A partial solution: PKI

• As a means of addressing these problems, the general idea of a Public Key Infrastructure was born.

• PKI is the infrastructure that creates and manages electronic credentials, allowing the use of digital signatures and their underlying keys and certificates across the Internet.

• PKI is essentially a way to “publish” public key values in a way that is almost (but not really) analogous to a telephone book.

33

What is a Public Key Infrastructure?

• A complex infrastructure of - Hardware - Software databases - Networks -Security procedures -Legal obligations …that will enable us to use Public Key Envelopes

and Digital Signatures to do those things we have historically done with handmade marks in ink on paper.

34

How Does PKI Work?

• PKI helps us by providing two things:– Certification: The binding of a public key to

something (person, place or thing…)– Validation: The ability to check if such a binding

is a valid one.

35

Public Key Infrastructure Components

• There are four basic infrastructure components– Certification Authority (CA) – generates certificates

and CRLs– Registration Authority (RA) – checks users identity to

ensure binding is correct– Directory – database of certificates and CRLs– Archive – keeps old certificates and CRLs for use in

distant future

36

Trusted Third Party

CA

RA RA RA

37

Bob Alice

CA

1. Alice convinces CA of her identity, provides public key

3. Alice provides Bob with her digital certificate, which provides and certifies Alice’s public key

2. CA givesdigital certificateto Alice

4. Bob verifies CA signature using CA public key

0. Alice generates key pair

38

Achieving Security with PKI:An Encryption Example

• Alice creates a key pair and goes to the RA to request a certificate

• The RA checks her ID and requests the certificate from the CA

• The CA posts it in the directory• Bob gets the certificate from the directory• Bob verifies her certificate, makes sure its not on the

CRL, and uses her public key to send her a secret message

39

Achieving Security with PKI:A Digital Signature Example

• Alice creates a key pair and goes to the RA to request a certificate

• The RA checks her ID and requests the certificate from the CA

• The CA posts it in the directory• Alice uses her private key to sign a message• Bob gets the certificate from the directory• Bob verifies her certificate, makes sure its not on the

CRL, and uses the public key to verify her signature

40

• CA’s have the critical role in data security and e-commerce

• They guarantee that two parties exchanging information are really who they claim to be

41

Certification Authority

• Issue certificates• Publish certificates• Revocation of certificates• Renew certificates• Manage databases (valid/revoked certificates)• Security Policy Authority• Key pair generation for users• Key Recovery Authority

42

Registration Authority

• Registration of the users (check identity)

• interaction with certificate applicants

• checking of identity of applicants

• forwarding of certificate creation requests and

certificate revocation requests to CA

• storing of keys and certificates on smart card

of user

43

What is a certificate?

• A certificate and the corresponding private key constitute the fundamental personal identifier in a PKI.

• A certificate identifies a person to a remote computer (or vice versa) – the private key is needed to complete the authentication.

• In particular, a certificate does not contain authorisation information.

44

Digital Certificate’s contents:

-name and other information of the owner

-a serial number

-public key specifications

-the expiration date

-the signature of CA

45

Anatomy of a certificate

ABCDEFGHIJKLMNOPQRSTUV

Signature from CA’s private key

Validity Data

Public Key

A text string

Extensions

46

Digital Certificate

Standard:

-X509 is an standard for digital certificate.It is as a part of standard group ITU-OSI.

-X509 v2

-X509 v3

47

What does a certificate look like?

Issuer’s identity:

Frank the CA

Subject’s Name:

Joe

Valid Dates:

From 1.1.1965

To: 12.31.2065

Key Info:RSA Signature Key

N=55, e=17

This is Joe’s key…really!

Signed, Frank the CA

Well…that depends, but it will likely have the following fields:

48

CA examples:

-Verisign, April 1995, California -Belsign-Globalsign,1996, Belgium - OnWatch, Bell, Canada -Icetel, Telematic, EU -Keywitness,1995, Canada -Semper, EU -Thawte Consulting, South Africa

49

SoftwareCode Signing

SoftwareCode Signing

EncryptingFile SystemEncryptingFile System

Smart CardLogon

Smart CardLogon

…… IP SecurityIP Security

InternetAuthentication

InternetAuthentication

SecureE-mailSecureE-mail

Applications That Use a PKI

Certificate ServicesCertificate Services

SoftwareRestriction Policy

SoftwareRestriction Policy

DigitalSignatures

DigitalSignatures

50

PKI Market Trends

51

PKI and e-Business

• The initial reason for implementing a PKI initiative in an organization was to secure e-Business.

• In order to communicate securely with business partners and to conduct transactions in a legal manner, the necessity of a PKI for the security industry was evident.

53

Below figure shows that majority of the respondents (55%) had more than one e-Business application PKI-

enabled

54

55

How to Identify Technical Requirements

For Ask

Security requirements

What is your organization’s security policy?Do you have any business partners? Do you have requirements for complying with industry or government standards?

Administration requirements

Who will manage CAs?Who will manage certificates?

Availability requirements

How many CAs does your organization require?How are certificates distributed between CAs?

56

A security policy:A security policy:

Defines for using security services

Identifies applications to secure by using certificates

Defines security services to offer by using certificates

Defines for using security services

Identifies applications to secure by using certificates

Defines security services to offer by using certificates

Security Policy

57

A certificate policy describes:A certificate policy describes:

The user identification process

Private key management requirements

The process for responding to lost or compromised private keys

Certificate enrollment and renewal requirements

The maximum value for transactions

The user identification process

Private key management requirements

The process for responding to lost or compromised private keys

Certificate enrollment and renewal requirements

The maximum value for transactions

Certificate Policy

58

A CPS can include these sections:A CPS can include these sections:

Introduction

General Provisions

Identification and Authentication

Operational Requirements

Physical, Procedural, and Personnel Security Controls

Technical Security Controls

Certificate and CRL Profile

Specification Administration

Introduction

General Provisions

Identification and Authentication

Operational Requirements

Physical, Procedural, and Personnel Security Controls

Technical Security Controls

Certificate and CRL Profile

Specification Administration

Certification Practice Statement

59