Cryptography and Public Key Infrastructure
1 Agenda
Cryptography . What is it? Public-key infrastructure (PKI) . How PKI uses cryptography? Standards and specifications . What are the standards that we adhere to? Smart cards role in PKI . What are smart cards for? Applications . PKI enabled applications ACS’s product line 2 . What role does ACS play? Motivation
Almost all smart card applications use cryptography.
Cryptography is all around us!
We are using more PKI than you think!
3 Crypto and PKI are everywhere!
4 Part 1: Cryptography
What is Cryptography? . Cryptography is a tool to provide security
. Cryptography has 4 purpose…
5 Four purposes of cryptography
No one else has seen it. . Confidentiality (encryption/decryption) No one else has modified it. . Data integrity (digital signature) You are who you say you are. . Authentication (digital signature) If you signed it, you cannot deny signing it. . Non-repudiation (digital signature)
6 Encryption
Two main types of encryption schemes 1. Symmetric-key (Secret-key) encryption - Same key for both sender and recipient 2. Asymmetric-key (Public-key) encryption 7 - Each user have a public encryption key euser and a private decryption key duser. Secret key encryption
Alice Channel Bob
8 Secret key encryption
Standard symmetric key algorithms: . DES, 3DES, AES. To demonstrate:
9 Courtesy of Pike Wong of HKUST Secret key encryption
&(*_+#LPLD)!?”: <@!)(&^$%ras^ Encrypt *() Let’s invade the earth at 17:00 today I See … heehee Let’s invade the earth at 17:00 Decrypttoday
10 Secret key encryption
Problem: KeyNext Distribution time I will . Potential keyknow leakage whenHere’s they my key start the attack!Me too! . Difficult to manage Here’s my key
OK, I got your key
Human spy 11 Secret key encryption
Problem: Repudiation . 2 parties have the same key . EncryptThe encrypted message can be viewed and modified by both Hey,CanHey,parties I’ve you remember notbuy asked 1000 thatsharesyou you to ofhave buy MS thefor sameanything!me? key! Ok, I will buy 1000 ButGive the me email the is shares of MS for moneyencrypted for withthat you Decrypt1000your shares! key!
The Next Day 12 Public key encryption
Pair of public/private key per user. Base on mathematical hard problem. Bob’s Bob’s Public Key Private Key
Alice Channel Bob
13 Public key encryption
Advantages: . Only distribute public key to other (key distribution) . Only owner knows his private key (non-repediation) Disadvantages: . Computational expensive Standard asymmetric key encryption algorithms: . RSA, ECC.
14 Public key encryption
Even&(*_+#LPLD)!?”: we got the key, we cannot<@!)(&^$%ras^ know the secret!? Pong’s public *() key encrypt
Pong’s private key decrypt
Human spy 15 Combining two techniques for encryption
Bob’s Bob’s Public Key Private Key
Session Session Key Key
Alice Channel Bob
16 Hash functions
A one-way function H(•) that takes a message m and output a “fingerprint” of the message (digest). (e.g. SHA- 1, SHA-256) Used as a part of digital signatures.
17 Digital signatures
Supports data integrity, authentication and non- repudiation. Use public key algorithms. Use hash functions to create a short message for signing. Standard signature algorithms are: . RSA, DSA, ECDSA
19 Digital signatures
Alice signing a document with her private key.
20 Signature verification
Bob verifying Alice’s signed document with her public key.
21 Difference between public key encryption and signature
Encryption: . Anyone encrypt with public key . Owner decrypt with private key
Signature: . Owner sign with private key . Anyone verify signature with public key
22 Notes on secret key algorithms
Key Strength Input Comments
DES 56 64 Standardized in1977, insecure now 2 key 3DES 80 64 Secured up to 2010
3 key 3DES 112 64 Most peer reviewed. Secured up to 2030 CAST5 128 64 Secure, standard in PGP
IDEA 128 64 Patent issues, efficient
AES (Rijndael) 128,192,256 128 International standard (2001)
Twofish 128,192,256 128 AES Finalist 23 Summary of public key algorithms
The most popular algorithms today are RSA and ECC.
Longer the key length, the harder it is to crack.
RSA (Rivest, Shamir, Adleman) is based on the difficulty of factoring large integers. N
. Given N where N=pq where p and q are prime, Multiply Factor find p and q. Easy Hard
. Widely used in electronic commerce. p q . Freely available (patent expired) 24 Summary of public key algorithms
Elliptic Curve Cryptography (ECC) is based on the difficulty of finding discrete log on an elliptic curve. . Given P and Q where Q = mP, find m . Next generation and very efficient. . MS Vista and 7 support in CNG. . Numerous patents hampering acceptance.
Others such as Digital Signature Algorithm and Diffie- 25 Hellman is not popular anymore. Notes on public key algorithms
Use of symmetric key algorithm requires public key algorithms of equivalent strength. Algorithm Bits of Symmetric Key FFC IFC ECC security security Algorithm (e.g., DSA, D-H) (e.g., RSA) (e.g., ECDSA) Lifetimes Through 2010 80 2TDEA L = 1024 k = 1024 f = 160-223 N = 160 Through 2030 112 3TDEA L = 2048 k = 2048 f = 224-255 N = 224 Beyond 2030 128 AES-128 L = 3072 k = 3072 f = 256-383 N = 256 … 192 AES-192 L = 7680 k = 7680 f = 384-511 N = 384 … 256 AES-256 L = 15360 k = 15360 f = 512+ N = 512
26 Source: NIST SP800-57 Part 1. Public Key Infrastructure
27 Why do we need a PKI?
Public key security issues: . Users can generate their own public/private key pairs and exchange them – but how do other parties trust them? . If you receive a public key from Alien Pkie, how do you know it’s Pkie’s key and not the human spy’s?
Solution: Digital Certificates . Bind the user’s public key with a digital certificate signed by a trusted third party. . The trusted third party is called the certification authority (CA). . CA will vouch for its subscribers. 28 Entities of PKI
Certificate Authority (CA)
Corporations
Trust each other
29 Relying Parties Individual Subscribers Components of a Certification Authority Registration Authority (RA) – Registers subscribers into the system. Certification Authority (CA) – Creates digital certificates by binding user identity to public key. Certificate Repository – a directory service to store certificates for subscribers. Certificate Revocation System – Service to invalidate any certificates that has been compromised.
30
Hong Kong Post Repository and CRL So, what is a digital certificate?
Used to establish trust between entities. Ensures that: . The integrity of the public key is protected . The public key and identity information are bounded to the claimed owner in a trusted manner.
Digital signatures. . Your identifying information and public key is signed with the CA’s private key.
31 X.509 Certificate - Format
X.509 Certificate The de facto standard is •Signature Algorithm Identifier •Signature Value the X.509 v3 certificate format. To Be Signed (TBS) Certificate •Version Specified in IETF RFC •Serial Number •Certificate Signature Algorithm 3280. •Issuer Name •Validity •Subject Name •Subject Public Key Info •Issuer Unique ID •Subject Unique ID •Extensions
32 X.509 Certificate - Example
X.509 Certificate Version 3 •Signature Algorithm Identifier •Signature Value 0D:0C:B0
PKCS#1 SHA-1 RSA To Be Signed (TBS) Certificate •Version CN = Hongkong Post e-Cert CA 1 •Serial Number O = Hongkong Post •Certificate Signature Algorithm C = HK •Issuer Name •Validity Not Before: 19/3/2004 6:26:26 •Subject Name Not After: 19/3/2007 6:26:26 •Subject Public Key Info CN = Andrew Chan •Issuer Unique ID E = [email protected] •Subject Unique ID O = Hongkong Post e-Cert (Personal) •Extensions C = HK Algorithm = PKCS#1 RSA Public Key = 0x30..01 33 X.509 Certificate – Signing certificate
X.509 Certificate •Signature Algorithm Identifier •Signature Value
To Be Signed (TBS) Certificate •Version •Serial Number •Certificate Signature Algorithm •Issuer Name •Validity •Subject Name •Subject Public Key Info •Issuer Unique ID •Subject Unique ID •Extensions
34 Certificate Revocation List (CRL)
When a certificate has been revoked or suspended, an entry (of their serial number) is made into the CRL. Clients can download CRL at the CA’s repository. CA updates their CRL according to their Certificate Practice Statement (CPS).
35 The steps in subscribing to a CA
Provides Proof of identity and (optionally) generate public/private key pair Requests Certificate Subscriber RA CA
Receives certificate Issues Certificate and posts in the repository
Validate subscriber’s public key Relying Parties Repository
37 Life Cycle of a Certificate
38 How does your PC uses certificates?
Windows has number of Root CA certificates in the Certificate Store. Root CA certificates are certificates that your PC trust implicitly. All intermediate CA certs and end-entity certs that are signed by or chained to those Root CA certs are implicity trusted. Microsoft has a Root Certificate Program to determine who to trust.
Root CA cert
Intermediate CA certs
39 Your cert or a website’s cert How trust is established on your PC
40 Certificates
41 Trusted Certificate Authority
42 Non-trusted CA
43 Smart Card Role in PKI
Secure, temper-resistant and portable way of transporting and using cryptographic keys. Cryptographic smart cards: . Contains powerful crypto co-processors . All private key and secret key never leaves the card. . Public/private key pair can be generated inside the smart card. . All private key and secret key computations are performed in the card. . Users can have their card with them at all times.
. Sometimes called “PKI Smart Card” 44 Using a crypto smart card for digital signature.
45 Using a crypto smart card for digital signature.
46 Digital Certificate Generation
• 2 methods of generating digital certificate: 1. The CA generate a key pair in a secure environment, signed by CA and import the cert to the smart card
1. Key pair is 2. The certificate is 3. The certificate together generated by CA. signed by CA’s private with private key is key imported into the secure device
• Pros: The cert can import to any media supporting the cert format • 47 Cons: The CA has your private key because the key pair is generated outside your smart card! 47 Digital Certificate Generation
2. The key pair is generated inside the smart card
48 Pros: The private key never leaves the smart card for maximum security Cons: It cannot export to other media Standards and Specifications
A multitude of standards governs PKI technologies in smart cards to ensure interoperability, . Public Key Infrastructure (X.509) (PKIX) . Public Key Cryptographic Standard (PKCS) . ISO7816 – Card level standard.
49 Public-Key Cryptographic Standard (PKCS)
Defined by RSA Data Security Inc for providing a platform independent interface to use public-key technologies. Covers many areas including: . Algorithms (PKCS#1) . Certificates (PKCS#7) . Cryptographic Tokens Interface (PKCS#11) . Cryptographic Tokens themselves (PKCS#15)
50 Public-Key Cryptographic Standard (PKCS)
51 Card Standard - ISO7816
Part: Description Year/Amd 1 Physical characteristics 1998/2003 2 Dimensions and location of the contacts 1999/2004 3 Electronic signals and transmission protocols 2006 4 Organization, security and commands for interchange 2005 5 Registration of application providers 2004 6 Interindustry data elements for interchange 2004 7 Interindustry cmds for Structured Card Query Language 1999 8 Commands for security operations 2004 9 Commands for card management 2004 10 Electronic signals and ATR for synchronous cards 1999 11 Personal verification through biometric methods 2004 12 USB electrical interface and operating procedures Draft 52 15 Cryptographic information application 2004 Accessing Crypto cards via middleware
Smart cards uses standard interfaces: . ISO7816 for contact cards.
Problem, each smart card has its own command set. Solution: Middleware . Middleware provides a standard interface for different applications to use different cards.
Applications does not need to know the card specific commands. 53 Different ways of accessing crypto smart cards
App #1 App #2 App #3 App #4 Applications Outlook Smart Card Logon Other Applications (Acrobat, Other Applications Firefox, Thunderbird, etc.)
Base Cryptographic ACS Cryptographic ACS PKCS#11 Service Provider Service Provider (for Non-MS app, Middleware (for 2K, XP Vista, 7 ..) Linux) ACS Card Module ( for XP, Vista, 7)
Windows Resource Manager OS Layer ACS Smart Card Reader Driver
ACS Smart Card reader and Smart Card 54 Cryptographic Service Provider (CSP)
• Used for Microsoft applications in Windows Platform. • It is in the form of an MS signed DLL. • Example applications include: – Windows Domain Logon – Internet Explorer – Outlook – Outlook Express – Microsoft Word 2003 onwards – Adobe Acrobat • In XP / Vista / 7, a MS built base CSP can be used with Card Module (Minidriver)
55 PKCS#11
• Like a CSP, it is a middleware module that provide API’s to applications by exposing entry points using a DLL concept. • PKCS #11 can be programmed cross platform to work under linux using pcsclite. • Example applications include: – Firefox – Thunderbird – Lotus Notes – All Unix and Linux software.
56 Applications
PKI Application E-Commerce
Network Security File Encryption
Secure Email Domain Windows Logon 57 Applications – HK Jockey Club
Online Betting system in HK Jockey Club to authenticate the account holder and guarantee non-repudiation
59 Applications – GovHK
Online Government service in GovHK to authenticate the Citizen and guarantee non-repudiation •Register as Voter or Change Voters' Particulars •Apply or Renew Vehicle License •E-Tax
60 Applications – Online Banking
Online Banking system in Bank of China, Bank of East Asia and Dah Sing Bank to authenticate the account holder and guarantee non-repudiation
61 Applications – Online stock trading
Online Stock trading system in HKEX, KGI, Tai Fook to authenticate the account holder and guarantee non-repudiation
62 Applications – E-Commerce (電子商貿)
• Digital Signature is a proved trustable way without physically storefront that able to sign any payment and document for data-integrity and non-repudiation! • Eliminate the need to physically route documents over long distance as long as thousands of dollars in delivery fees • Less paper usage (and save $$) • Example of applications – Online Investment – Online shopping – Online betting
63 – E-Contract signing Applications – Files and Disks encryption
• Provide two-factor authentication to your harddisk or USB token by storing keys into the Cryptomate. – Something you have – Cryptomate – Something you know – PIN / Password • No one can encrypt the file without the presence of the key inside Cryptomate!!
64 Application – Microsoft Smart Card Deployment
• Microsoft Windows already have built in smart card support. • Designed to be used for corporate environment.
Windows Server 2000 / 2003 / 2008 Domain Server with Active Directory Certificate Authority
Smart Card Enrolment Agent Windows 2000 / XP Pro / Vista / 7 A Domain Computer with Enrolment Certificate With ACOS5 Software Package installed
LAN
Client Computers 65 Windows 2000 / XP Pro / Vista / 7 Domain Computers with ACS ACOS5 Software Package installed Applications – Network / Windows logon
• To enhance security of network including sensitive information. • Example – Windows logon – SSL – Corporate Intranet – VPN
66 Applications – Network authentication
SSL Client cert authentication logon SSL Server cert for server authentication
67 Secure Email
Outlook, Live Mail, Thunderbird, Lotus notes, etc. all supports email signature and encryption.
Signature ensures authentication, data integrity and non-repudiation Encryption ensures confidentiality
68 ACS Smart Card Product Line
ACOS1 / ACOS2 8KB v3.8 . Phased out. Replaced by ACOS3 ACOS3/3X 32/72/256 KB v1.162 / v1.160 / v1.150 . ACOS2 direct replacement with many enhancements. ACOS5 / Cryptomate 32 KB v1.2 . RSA-enabled card ACOS5 64 KB . Enhanced RSA-enabled card ACOS6 64 KB v3.07 . Flexible multi-function card ACOS6 SAM 64 KB v4.07 . SAM for ACOS2/3/6 and memory cards. ACOS7 8 KB 69 . Dual interface (contact/contactless) smart card. ACOS10 32KB . PBOC EDEP Cards. ACOS5 32KB v1.2
Conforms to ISO7816 part 1,2,3,4,8,9 Enhanced ACOS6 with RSA features. File types include Transparent, Linear Fixed, Linear Variable, Cyclic. Symmetric key algorithms: DES, 3DES, AES128 Asymmetric key algorithm: RSA 512, 1024 and 2048 bits with Key generation Hashing Algorithm on board: SHA-1 (can support others outside the card). Supports SM for authenticity, integrity and confidentiality with DES/3DES.
72 Cryptomate
ACOS5 32K and ACR38 in a USB token format. Special token driver.
73 ACOS5 64KB
Conforms to ISO7816 part 1,2,3,4,8,9 Enhanced ACOS5 with 64K EEPROM. File types include Transparent, Linear Fixed, Linear Variable, Cyclic. Symmetric key algorithms: DES, 3DES, 3K3DES, AES128/192/256 Asymmetric key algorithm: RSA 512 – 4096-bit (in 256-bit steps) with Key generation Hashing Algorithm on board: SHA-1, SHA-256 (can support others outside the card). 74 Supports SM for authenticity, integrity and confidentiality with 3K 3DES. ACOS5/Cryptomate SDK/Client Kit
Contains middleware PKCS#11 and CSP. File systems conforms to ISO7816/PKCS Part 15 Middleware works on 98/ME/2000/XP/2003/Vista/7/Linux(v2.4) SDK has additional development tools . Card tools, sample codes, reference manuals. Sample applications for ACOS5 includes: . Email signature and decryption. . SSL client-side certificate. . Document signing. . Windows domain logon. . Digital rights management. 75 Thank you! Any questions/comments?
80