Cryptography and Public Key Infrastructure 1 Agenda Cryptography . What is it? Public-key infrastructure (PKI) . How PKI uses cryptography? Standards and specifications . What are the standards that we adhere to? Smart cards role in PKI . What are smart cards for? Applications . PKI enabled applications ACS’s product line 2 . What role does ACS play? Motivation Almost all smart card applications use cryptography. Cryptography is all around us! We are using more PKI than you think! 3 Crypto and PKI are everywhere! 4 Part 1: Cryptography What is Cryptography? . Cryptography is a tool to provide security . Cryptography has 4 purpose… 5 Four purposes of cryptography No one else has seen it. Confidentiality (encryption/decryption) No one else has modified it. Data integrity (digital signature) You are who you say you are. Authentication (digital signature) If you signed it, you cannot deny signing it. Non-repudiation (digital signature) 6 Encryption Two main types of encryption schemes 1. Symmetric-key (Secret-key) encryption - Same key for both sender and recipient 2. Asymmetric-key (Public-key) encryption 7 - Each user have a public encryption key euser and a private decryption key duser. Secret key encryption Alice Channel Bob 8 Secret key encryption Standard symmetric key algorithms: . DES, 3DES, AES. To demonstrate: 9 Courtesy of Pike Wong of HKUST Secret key encryption &(*_+#LPLD)!?”: <@!)(&^$%ras^ Encrypt *() Let’s invade the earth at 17:00 today I See … heehee Let’s invade the earth at 17:00 Decrypttoday 10 Secret key encryption Problem: KeyNext Distribution time I will . Potential keyknow leakage whenHere’s they my key start the attack!Me too! . Difficult to manage Here’s my key OK, I got your key Human spy 11 Secret key encryption Problem: Repudiation . 2 parties have the same key . EncryptThe encrypted message can be viewed and modified by both Hey,CanHey,parties I’ve you remember notbuy asked 1000 thatsharesyou you to ofhave buy MS thefor sameanything!me? key! Ok, I will buy 1000 ButGive the me email the is shares of MS for moneyencrypted for withthat you Decrypt1000your shares! key! The Next Day 12 Public key encryption Pair of public/private key per user. Base on mathematical hard problem. Bob’s Bob’s Public Key Private Key Alice Channel Bob 13 Public key encryption Advantages: . Only distribute public key to other (key distribution) . Only owner knows his private key (non-repediation) Disadvantages: . Computational expensive Standard asymmetric key encryption algorithms: . RSA, ECC. 14 Public key encryption Even&(*_+#LPLD)!?”: we got the key, we cannot<@!)(&^$%ras^ know the secret!? Pong’s public *() key encrypt Pong’s private key decrypt Human spy 15 Combining two techniques for encryption Bob’s Bob’s Public Key Private Key Session Session Key Key Alice Channel Bob 16 Hash functions A one-way function H(•) that takes a message m and output a “fingerprint” of the message (digest). (e.g. SHA- 1, SHA-256) Used as a part of digital signatures. 17 Digital signatures Supports data integrity, authentication and non- repudiation. Use public key algorithms. Use hash functions to create a short message for signing. Standard signature algorithms are: . RSA, DSA, ECDSA 19 Digital signatures Alice signing a document with her private key. 20 Signature verification Bob verifying Alice’s signed document with her public key. 21 Difference between public key encryption and signature Encryption: . Anyone encrypt with public key . Owner decrypt with private key Signature: . Owner sign with private key . Anyone verify signature with public key 22 Notes on secret key algorithms Key Strength Input Comments DES 56 64 Standardized in1977, insecure now 2 key 3DES 80 64 Secured up to 2010 3 key 3DES 112 64 Most peer reviewed. Secured up to 2030 CAST5 128 64 Secure, standard in PGP IDEA 128 64 Patent issues, efficient AES (Rijndael) 128,192,256 128 International standard (2001) Twofish 128,192,256 128 AES Finalist 23 Summary of public key algorithms The most popular algorithms today are RSA and ECC. Longer the key length, the harder it is to crack. RSA (Rivest, Shamir, Adleman) is based on the difficulty of factoring large integers. N . Given N where N=pq where p and q are prime, Multiply Factor find p and q. Easy Hard . Widely used in electronic commerce. p q . Freely available (patent expired) 24 Summary of public key algorithms Elliptic Curve Cryptography (ECC) is based on the difficulty of finding discrete log on an elliptic curve. Given P and Q where Q = mP, find m . Next generation and very efficient. MS Vista and 7 support in CNG. Numerous patents hampering acceptance. Others such as Digital Signature Algorithm and Diffie- 25 Hellman is not popular anymore. Notes on public key algorithms Use of symmetric key algorithm requires public key algorithms of equivalent strength. Algorithm Bits of Symmetric Key FFC IFC ECC security security Algorithm (e.g., DSA, D-H) (e.g., RSA) (e.g., ECDSA) Lifetimes Through 2010 80 2TDEA L = 1024 k = 1024 f = 160-223 N = 160 Through 2030 112 3TDEA L = 2048 k = 2048 f = 224-255 N = 224 Beyond 2030 128 AES-128 L = 3072 k = 3072 f = 256-383 N = 256 … 192 AES-192 L = 7680 k = 7680 f = 384-511 N = 384 … 256 AES-256 L = 15360 k = 15360 f = 512+ N = 512 26 Source: NIST SP800-57 Part 1. Public Key Infrastructure 27 Why do we need a PKI? Public key security issues: . Users can generate their own public/private key pairs and exchange them – but how do other parties trust them? . If you receive a public key from Alien Pkie, how do you know it’s Pkie’s key and not the human spy’s? Solution: Digital Certificates . Bind the user’s public key with a digital certificate signed by a trusted third party. The trusted third party is called the certification authority (CA). CA will vouch for its subscribers. 28 Entities of PKI Certificate Authority (CA) Corporations Trust each other 29 Relying Parties Individual Subscribers Components of a Certification Authority Registration Authority (RA) – Registers subscribers into the system. Certification Authority (CA) – Creates digital certificates by binding user identity to public key. Certificate Repository – a directory service to store certificates for subscribers. Certificate Revocation System – Service to invalidate any certificates that has been compromised. 30 Hong Kong Post Repository and CRL So, what is a digital certificate? Used to establish trust between entities. Ensures that: . The integrity of the public key is protected . The public key and identity information are bounded to the claimed owner in a trusted manner. Digital signatures. Your identifying information and public key is signed with the CA’s private key. 31 X.509 Certificate - Format X.509 Certificate The de facto standard is •Signature Algorithm Identifier •Signature Value the X.509 v3 certificate format. To Be Signed (TBS) Certificate •Version Specified in IETF RFC •Serial Number •Certificate Signature Algorithm 3280. •Issuer Name •Validity •Subject Name •Subject Public Key Info •Issuer Unique ID •Subject Unique ID •Extensions 32 X.509 Certificate - Example X.509 Certificate Version 3 •Signature Algorithm Identifier •Signature Value 0D:0C:B0 PKCS#1 SHA-1 RSA To Be Signed (TBS) Certificate •Version CN = Hongkong Post e-Cert CA 1 •Serial Number O = Hongkong Post •Certificate Signature Algorithm C = HK •Issuer Name •Validity Not Before: 19/3/2004 6:26:26 •Subject Name Not After: 19/3/2007 6:26:26 •Subject Public Key Info CN = Andrew Chan •Issuer Unique ID E = [email protected] •Subject Unique ID O = Hongkong Post e-Cert (Personal) •Extensions C = HK Algorithm = PKCS#1 RSA Public Key = 0x30..01 33 X.509 Certificate – Signing certificate X.509 Certificate •Signature Algorithm Identifier •Signature Value To Be Signed (TBS) Certificate •Version •Serial Number •Certificate Signature Algorithm •Issuer Name •Validity •Subject Name •Subject Public Key Info •Issuer Unique ID •Subject Unique ID •Extensions 34 Certificate Revocation List (CRL) When a certificate has been revoked or suspended, an entry (of their serial number) is made into the CRL. Clients can download CRL at the CA’s repository. CA updates their CRL according to their Certificate Practice Statement (CPS). 35 The steps in subscribing to a CA Provides Proof of identity and (optionally) generate public/private key pair Requests Certificate Subscriber RA CA Receives certificate Issues Certificate and posts in the repository Validate subscriber’s public key Relying Parties Repository 37 Life Cycle of a Certificate 38 How does your PC uses certificates? Windows has number of Root CA certificates in the Certificate Store. Root CA certificates are certificates that your PC trust implicitly. All intermediate CA certs and end-entity certs that are signed by or chained to those Root CA certs are implicity trusted. Microsoft has a Root Certificate Program to determine who to trust. Root CA cert Intermediate CA certs 39 Your cert or a website’s cert How trust is established on your PC 40 Certificates 41 Trusted Certificate Authority 42 Non-trusted CA 43 Smart Card Role in PKI Secure, temper-resistant and portable way of transporting and using cryptographic keys. Cryptographic smart cards: . Contains powerful crypto co-processors . All private key and secret key never leaves the card. Public/private key pair can be generated inside the smart card. All private key and secret key computations are performed in the card. Users can have their card with them at all times. Sometimes called “PKI Smart Card” 44 Using a crypto smart card for digital signature. 45 Using a crypto smart card for digital signature. 46 Digital Certificate Generation • 2 methods of generating digital certificate: 1. The CA generate a key pair in a secure environment, signed by CA and import the cert to the smart card 1.