Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)

Public Key Infrastructure Public Key Infrastructure (PKI) Neil F. Johnson [email protected] http://ise.gmu.edu/~csis Assumptions • Understanding of – Fundamentals of Public Key Cryptosystems – Hash codes for message digests and integrity check – Digital Signatures Copyright 1999, Neil F. Johnson 1 Public Key Infrastructure Overview • Public Key Cryptosystems – Quick review – Cryptography – Digital Signatures – Key Management Issues • Certificates – Certificates Information – Certificate Authority – Track Issuing a Certificate • Putting it all together – PKI applications – Pretty Good Privacy (PGP) – Privacy Enhanced Mail (PEM) Public Key Cryptosystems – Quick Review • Key distribution problem of secret key systems – You must share the secret key with another party before you can initiate communication – If you want to communicate with n parties, you require n different keys • Public Key cryptosystems solve the key distribution problem in secret key systems (provided a reliable channel for communication of public keys can be implemented) • Security is based on the unfeasibility of computing B’s private key given the knowledge of – B’s public key, – chosen plaintext, and – maybe chosen ciphertext Copyright 1999, Neil F. Johnson 2 Public Key Infrastructure Key Distribution (n)(n-1) 2 Bob Bob Alice 1 Alice 2 Chris Chris 7 5 8 9 Ellie 3 Ellie 6 David 4 David Secret Key Distribution Directory of Public Keys (certificates) Public Key Cryptosystem INSECURE CHANNEL Plaintext Ciphertext Plaintext Encryption Decryption Algorithm Algorithm Bob’s PUBLIC Key Bob’s PRIVATE Key Reliable Channel Directory of Public Keys (certificates) Copyright 1999, Neil F. Johnson 3 Public Key Infrastructure Digital Signature INSECURE CHANNEL Plaintext Signed Plaintext Plaintext Sign Verify Algorithm Algorithm Alice’s PRIVATE Key Alice’s PUBLIC Key Reliable Channel Directory of Public Keys (certificate) How a Digital Signature Works SENDER RECIEVER • Calculate the hash of the message • Separate the signed hash and the • Sign the hash with Alice’s private plaintext message key • Calculate a newhash of the • Combine the plaintext message message with the signed hash • Verify the signed hash with Alice’s • Send the combined message to the public key receiver (Bob) • Compare the original hash with the new hash (they should match) Copyright 1999, Neil F. Johnson 4 Public Key Infrastructure Digital Signature and Encryption (sender) Plaintext (M) Plaintext (M) H = Hash(M) Alice’s PRIVATE S = Sign(H) Key SM = Combine S + M Reliable (Signed Plaintext) Channel Secret Key (K) C = Encrypt(SM, K) CE = C+E Public Keys Directory Encrypted Signed Plaintext Bob’s E = Encrypt K PUBLIC Key to Bob Digital Signature and Encryption (receiver) Encrypted Signed Split CE Plaintext (CE) from Alice E = Encrypted(K) C = Encrypted(SM,K) K = Decrypt(E) SM = Decrypt(C,K) Reliable Channel Bob’s PRIVATE Split SM Key S = Signed(H) M = Plaintext Public Keys Directory H = Verify Compute Signature on S H1 = Hash(M) Alice’s PUBLIC Compare H = H1 Key Copyright 1999, Neil F. Johnson 5 Public Key Infrastructure Signature and Encryption (in a nutshell) A B Encrypted Signed Signed Signed Plain- Plaintext Plaintext Plaintext Plain- text text S E D V A’s Private B’s Public B’s Private A’s Public Key Key Key Key Signature and Encryption • We could do the encryption first followed by the signature. Signature first has the advantage that the signature can be verified by parties other than B. • We could use DES, IDEA for encryption Copyright 1999, Neil F. Johnson 6 Public Key Infrastructure Non-repudiation • In general, non-repudiation requires a notarized signature, involving a third party in addition to A and B. • In large systems this can involved hierarchies of notarization (possibly certificate authority) Key Management Issues • Issues: – generating keys – keeping backup keys – dealing with compromised keys – changing keys – destroying expired keys • Problems – establishing and maintaining third-party trust – implementing consistent security policies among users – making cryptography accessible to appropriate parties Copyright 1999, Neil F. Johnson 7 Public Key Infrastructure Pretty Good Privacy (PGP) An Example of a Public Key Application Neil F. Johnson [email protected] http://isse.gmu.edu/~csis/ PGP - Pretty Good Privacy • Phil Zimmerman • Shaky start – RSA patent – US export laws • Worldwide popularity • More than just e-mail Copyright 1999, Neil F. Johnson 8 Public Key Infrastructure PGP’s Success • Freely available worldwide on a variety of platforms. • Based on algorithms that re considered secure and have been under extensive public review (RSA, IDEA, MD5). • Wide range of applications. • PGP is not controlled by any government or standards organization. PGP - What it Uses • Public/Private Key (RSA) • Secret Key (IDEA) • Message Digest/Hash (MD5) • Zip • radix 64 ASCII format Copyright 1999, Neil F. Johnson 9 Public Key Infrastructure PGP – How it Works • Confidentiality • Authentication • Compression • Compatibility measures Confidentially & Authentication • Message Encryption – IDEA - Encrypt message with one-time session key generated by sender – RSA - Session key is encrypted with receiver’s public key, and included with the message • Digital Signature – MD5 - Creates a 128-bit hash code of the message (message digest) – RSA - The message digest is encrypted with the sender’s private key, and included with the message Copyright 1999, Neil F. Johnson 10 Public Key Infrastructure Compression & Compatibility • Compression – ZIP • Messages or files may be compressed for storage or transmission • Compression occurs after signature but before encryption • E-mail Compatibility – Radix-64 • Converts binary encrypted data to ASCII through table lookup • A-Z, a-z, 0-9,+, /, = (padding) Notation Ks = Session key M = Message (plaintext) S = Sender C = Ciphertext R = Receiver Ei = Encryption with IDEA Sk = Sender’s Private Key Di = Decryption with IDEA Sp = Sender’s Public Key Er = Encryption with RSA Rk = Receiver’s Private Key Dr = Decryption with RSA Rp = Receiver’s Public Key H = Hash function (MD5) Z = ZIP compression (optional after authentication) R64 = Radix 64 conversion to ASCII Copyright 1999, Neil F. Johnson 11 Public Key Infrastructure PGP - Authentication • SM = M + Er[H{M},Sk] • Receiver: – ‘Splits’ SM • Er{Dr[H{M},Sk], Sp} = H{M} • creates a ‘new’ H{M} from M – Compares decrypted H{M} with “new” H{M} PGP - Authentication (cont) • Sender – Sender creates a message (M) – MD5 is used to creates a 128-bit message digest of the message (H{M}) – Hash code is encrypted with RSA using the sender’s private key (Dr[H{M}, Sk]) Alice’s PRIVATE Key (Sk) Plaintext (M) H = MD5(M) S = RSA(H,Sk) Combine S and M and send to Bob Copyright 1999, Neil F. Johnson 12 Public Key Infrastructure PGP - Authentication (cont) • Receiver – The receiver uses RSA with the sender’s public key to decrypt and recover the hash code (Dr{Er[H{M}, Sk], Sp} => H{M}). – Receiver generates a new hash code for the message (H{M}). – The decrypted hash code is compared with the generated hash code. SM from Alice Split SM S = RSA(H,Sk) M = Plaintext Reliable H = Verify Compute Channel Alice’s Signature RSA(S,Sp) PUBLIC H1 = MD5(M) Key (Sp) Compare H = H1 Public Keys Directory PGP - Compression • Authentication before compression – preferable to sign an uncompressed message. – Trade-off between speed and compression differs upon the message type. • Encryption after compression – Strengthens cryptographic security by reducing redundancy in the original plaintext. Sign - Compress - Encrypt Copyright 1999, Neil F. Johnson 13 Public Key Infrastructure PGP - Confidentiality • IDEA – uses 128-bit key – 64-bit cipher feedback mode with a random initialization vector (IV). Earlier version of PGP used a null (zero stream) IV. PGP - Confidentiality (cont) • Sender – Sender generates a message and a 128-bit number to be used as a session key for this message only (Ks) – Message is compressed, then encrypted using IDEA with the session key (C = Ei[Z{M}, Ks]) – Session key is encrypted with RSA using receiver’s public key (E = Er{Ks, Rp}) Plaintext (M) Z = Zip(M) Session Key (Ks) C = IDEA(Z, Ks) Bob’s PUBLIC E = RSA(Ks, Rp) Combine C and E and send to Key (Rp) Bob Public Keys Directory Copyright 1999, Neil F. Johnson 14 Public Key Infrastructure PGP - Confidentiality (cont) • Receiver – Receiver’s private key is used with RSA to decrypt and recover the session key (Ks = Dr[RpEr{Ks}, Rk]). – Session key is used to decrypt the message (Z = Di{Ei[Z{M}, Ks], Ks}). – Decompression (M = unZip{Z(M)}) Ciphertext (CE) Split CE from Alice E = RSA(K,Rp) C = IDEA(Z,K) Bob’s K = RSA(E,Rk) Z =IDEA(C,K) PRIVATE Key M = unZip(Z) PGP - Confidentiality (cont.) • May combine authentication and encryption • Multiple RSA key length options are available (from 768 to 4096). Copyright 1999, Neil F. Johnson 15 Public Key Infrastructure PGP - Putting it Together (sender) Plaintext (M) Plaintext (M) H = MD5(M) Alice’s PRIVATE S = RSA(H,Sk) Key SM = Combine S + M (Signed Plaintext) Reliable Z = Zip(SM) Channel Secret Key (K) C = IDEA(Z, K) CE = C+E Public Keys Directory Bob’s Encrypted Signed PUBLIC Key E = RSA(K,Rp) Plaintext to Bob PGP - Putting it Together (receiver) Encrypted Signed Split CE Plaintext (CE) from Alice E = RSA(K,Rp) C = IDEA(Z,K) K = RSA(E,Rk) Z =IDEA(C,K) Bob’s SM = unZip(Z) PRIVATE Key Split SM Reliable Channel S = RSA(H,Sk) M = Plaintext Public Keys Directory H = Verify Compute Signature RSA(S,Sp) H1 = MD5(M) Alice’s PUBLIC Compare H = H1 Key Copyright 1999, Neil F. Johnson 16 Public Key Infrastructure PGP - Key Distribution • Public Key • User-based certification • Key Ring • Session Key – a new, random, 128-bit secret key is generated with each message. This key is encrypted with the receiver’s public key. PGP - Key Rings • Private Key – Timestamp, KeyID, Public Key, E{Private Key}, User ID • Public Key – Timestamp, KeyID, Public Key, Trust_flag, User ID, Key Legitimacy flag, Signature(s), Signature Trust(s) Copyright 1999, Neil F.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    34 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us