Public Key Infrastructures Public Key Infrastructures Chapter 6 Private Keys Private Keys Cryptography and Computeralgebra Prof Dr Johannes Buchmann Prof. Dr . Johannes Buchmann Dr. Alexander Wiesmaier Personal Security Environment (PSE) H t t i t k ? How to store private keys? 2 Realisation of PSEs : Tokens Secure storing of private keys Secure storing of private keys in Software in Hardware PKCS#12 Application specific (e.g. Netscape) Java KeyStore Smartcard USB-Token Hardware Security Mdl Module (HSM) 3 Token properties Compatibility Portability Portability Availability Access protection 4
26
Embed
Public Key Infrastructures › ...Public Key Infrastructures Chapter 6 Private KeysPrivate Keys Cryptography and Computeralgebra Prof Dr Johannes BuchmannProf. Dr. Johannes Buchmann
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Public Key InfrastructuresPublic Key Infrastructures
Chapter 6Private KeysPrivate Keys
Cryptography and ComputeralgebraProf Dr Johannes BuchmannProf. Dr. Johannes BuchmannDr. Alexander Wiesmaier
Personal Security Environment (PSE)
H t t i t k ?How to store private keys?
2
Realisation of PSEs : Tokens
Secure storing of private keysSecure storing of private keys
in Software in Hardware
PKCS#12Application specific
(e.g. Netscape)Java KeyStore SmartcardUSB-Token
HardwareSecurityM d leyS o e Module(HSM)
3
Token properties
Compatibility
PortabilityPortability
Availability
Access protection
4
PKCS#12
Software based PSESoftware based PSE
F t f t t d t iFormat for secure transport and storing
Most typical format for software PSEs
Available at:http://www rsa com/rsalabs/node asp?id 2138http://www.rsa.com/rsalabs/node.asp?id=2138
5
PKCS#12: Modes
Public Key Privacy Mode:Encryption with a symmetric key. This symmetric key is encrypted with the public key of the receiver.
P d P i M dPassword Privacy Mode:Encryption with a symmetric key, which is derived from
da password.Public Key Integrity Mode:
Si d ith i t k Th i if thSigned with a private key. The receiver can verify the message.
Password Integrity Mode:Password Integrity Mode:A MAC is calculated which can be verified by the receiver
AuthenticatedSafe ::= SEQUENCE OF ContentInfo-- Data if unencryptedyp-- EncryptedData if password-encrypted-- EnvelopedData if public key-encryptedp p y yp
Through Software Security ModuleThe standard implementation is proprietaryThe format for the import is PKCS#12
12
Private key import in Firefox
13
Private key access in Firefox
14
Application specific
Windows Internet Explorer, Outlook/Express
The standard implementation is proprietaryThrough Cryptographic Service ProviderThe format for the import is PKCS#12
15
Private key import in Windows
cs_student.p12
16
Private key access in Windows
cs_student.p12
17
Hardware Security Module
Secure storage and use of keys
(Pseudo)random number generation(Pseudo)random number generation
Key pair generation
Key archiving
Encryption / decryptionEncryption / decryption
Generating / verifying signatures
18
Acceleration for cryptographic schemes (e.g. TLS)
Hardware Security Module
Protect the keys against
Mechanical attacksMechanical attacks
Temperature attacks
Manipulation of the voltage
Chemical attacksChemical attacks
The keys are destroyed in case of danger
19
Hardware Security Module
But…
Keys can be accidentally destroyedKeys can be accidentally destroyed
e.g. due to mechanical influence during transport
20
Network Attached HSM
Shared HSM
SpeedSpeed
Availability
Robustness
21
Smartcards
Secure key storing and use
Ke pair generation (not all)Key pair generation (not all)
Calculation of digital signaturesCalculation of digital signatures
Decryptionyp
22
Access over PKCS#11
Interface to the HSM
Support functions like:Change PIN, Sign, Decrypt, Write certificateg , g , yp ,
But:But:Some functions are not supported (e.g. change PUK)Different libraries are needed for supporting different cardsDifferent libraries are needed for supporting different cards and readers.
Available at:http://www.rsa.com/rsalabs/node.asp?id=2133
23
http://www.rsa.com/rsalabs/node.asp?id 2133
PKCS#15
Specifies the structure of the filesystem in the chip card
E di t i th d i li tiEvery directory in the card is an application
Pointers to cryptographic objects (ODF)y g j ( )
Private Key
Public Key
Certificate
There is a newer specification based on it: ISO 7816-15
Available at:
24
http://www.rsa.com/rsalabs/node.asp?id=2141
Structure PKCS#15
MasterFile(MF)
(Root directory)(MF)
DescriptorDF(PKCS#15)
FurtherDFs/EFs
UserdataEF (DIR)
(Meta data)
TokenInfoADFCDFPrKDFODF
Object Directory File: Pointers to directories:PrivateKey Data, Certificate Data, Authentication Data (PIN) and
25
y , , ( )Token Information (Serial number)
E4 NetKey (TeleSec)
E4 evaluated (according to ITSEC)
Global files (serial number, etc.)
SigG applicationS gG app cat o
Pre-keyd with one key-pair according to SigG
(Signature Act)
NetKey applicationy pp
3 key pairs (pre-keyed)
Null-PIN scheme (patented)
26
Java Cards
No filesystem but applets
JCRE (J C d R ti E i t)JCRE (Java Card Runtime Environment)
manages:g
the resources of the card
the communication with the outside world
the execution of the appletspp
controls:
the compliance with the security limitations
27
Java Cards
Like normal Java code, but without:
Long do ble floatLong, double, float
Characters and strings
Multidimensional arrays
ThreadsThreads
Object serialization und cloning
Dynamic loading of classes (like drivers)
Security ManagerSecurity Manager
Garbage Collector not always present
28
Life cycle of private keys
Generation
Backup
Generation
Storing Recovery
Transport
Usestart state
state
Destruction
state
end state
29
Destruction
Life cycle of private keys
GenerationGenerationBackup
GenerationGeneration
Storing Recovery
Transport
appropriate parameters
Use
appropriate parameters
secure random number generator
Destruction
generator
shielding against eavesdropping
30
Destruction•…
Life cycle of private keys
Generation
Backup
Generation
StoringStoring Recovery
Transport
persistent storing
Use
persistent storing
deletion from the generator
Destruction
appropriate access protection
…
31
Destruction
Life cycle of private keys
Generation
Backup
Generation
Storing Recovery
TransportTransportcorrect receiver
Use
correct receiver
guaranteed delivery
Destruction
appropriate transport security mechanisms…
32
Destruction
Life cycle of private keys
Generation
Backup
Generation
Storing Recovery
Transport
easy for the authorised users
UseUse
easy for the authorised users
impossible for the unauthorised users
Destruction
users
protection of the private key
33
Destruction…
Life cycle of private keys
Generation
Backup
Generation
Storing Recovery
Transport
unrecoverable
Use
unrecoverable
easy for authorised users
DestructionDestruction
impossible for unauthorised users
34
DestructionDestruction•…
Life cycle of private keys
Generation
BackupBackupGeneration
Storing Recovery
Transport
persistent storing
Use
persistent storing
only for certain keys
Destruction
appropriate access protection
…
35
Destruction
Life cycle of private keys
Generation
Backup
Generation
Storing RecoveryRecovery
Transport
correct reestablishment
Use
correct reestablishment
easy for authorised users
Destruction
impossible for unauthorised users
36
Destruction…
Life cycle of private keys
Example 1: User generates keys
Here: PGP
37
Generation
3838
Generation
3939
Generation
4040
Generation
4141
Generation
4242
Generation
4343
Generation
4444
Generation
4545
Storing
46
Transport
47
Transport
48
Transport
File contentsFile contents
/C tifi t /T t U t../Certificates/Test User.cxt
49
Use
5050
Use
51
Destruction
5252
Destruction
53
Destruction
54
Backup
55
Backup
56
Backup
57
Backup
58
Recovery
59
Recovery
60
Recovery
61
Life cycle of private keys
Example 2: TC generates keys
H TUD C dHere: TUD Card
62
Generation
The manufacturer creates the keys
input
63
output
Storing
C t i th i t kContains the private key
A file exists that holds the private key.
Security condition:
PSO (Perform Security Operation) after
64
PSO (Perform Security Operation) after PIN has been correctly given.
Th k i l d t th li t idThe key is already at the client side.
74
Use
In order to use the private key, the public key is certified by a CA.
Thawte example
75 76
77 78
79 80
81
Hi! Please use your browser to go to the following URL: https://www.thawte.com/cgi/enroll/personal/step8.exe Once you h t d f ll t th b dd thave connected successfully to the above address, you must copy and paste the "probe" and "ping" values below into the appropriate text boxes:appropriate text boxes:Probe: value Ping: valueYou should save this message until you have completed the enrollment process, just in case. But you MUST go to the above URL within 24 hours or we will delete your request informationURL within 24 hours, or we will delete your request information and you'll have to start over! If you have problems completing the above please contact our support team by going to thethe above please contact our support team by going to the following URL: https://www.thawte.com/cgi/support/contents.exeRegards,