PKI To The Masses IPCCC 2004 - PowerPoint PPT Presentation

About This Presentation
Title:

PKI To The Masses IPCCC 2004

Description:

Used an IMAP certificate to download email. Received a PGP signed email message. ... Store SSL and IMAP certificates in the DNS (DNS CERT record is already defined) ... – PowerPoint PPT presentation

Number of Views:33
Avg rating:3.0/5.0
Slides: 10
Provided by: daniel526
Category:
Tags: ipccc | pki | imap | masses | originates

less

Transcript and Presenter's Notes

Title: PKI To The Masses IPCCC 2004


1
PKI To The MassesIPCCC 2004
  • Dan Massey
  • USC/ISI

2
PKI Is Necessary
  • My PKI related actions since arriving at IPCCC
  • Used an SSH host public key for remote login.
  • Used an IMAP certificate to download email.
  • Received a PGP signed email message.
  • Accessed a secure website using an SSL
    certificate.
  • Proposed Infrastructure PKI related actions
  • Secure BGP would use PKI to protect Internet
    routes.
  • Secure DNS would use PKI to protect Internet
    names.

3
The Need for a Secure Infrastructure
  • BGP and DNS Provide No Authentication
  • Lack of BGP authentication misdirected DNS
    queries.
  • This happens to be DNS traffic, but could be
    email, web, etc.
  • Server could have replied with false DNS data.

originates route to 192.26.92/24
ISPs announced new path for 20 minutes to 3 hours
1 of 13 DNS servers For com/net/org
Internet
c.gtld-servers.net
192.26.92.30
BGP monitor
4
The PKI Solution
  • Routing sign the routing updates
  • Use public key cryptography to verify the origin
    is allowed to originate the path.
  • Have each node sign its next link in the route
    (to prove the path is valid)
  • S-BGP (Kent/BBN), SoBGP (White/Cisco)
  • DNS sign the DNS response
  • DNSSEC (IETF DNSEXT Working Group)

5
Secure DNS Query and Response
Caching DNS Server
www.darpa.mil
Authoritative DNS Servers
www.darpa.mil A
192.5.18.195 www.darpa.mil RRSIG(A) signature
by darpa.mil private key
End-user
Attacker can not forge this answer without
knowing the darpa.mil private key.
6
So Whats the Problem?
  • Was my IPCCC use of PKI worthwhile?
  • SSH reported host key has changed
  • Has anyone ever rejected a key due to this
    message?
  • The IMAP email certificate I used was
    self-signed.
  • Who should have signed this certificate?
  • I did not verify the PGP key for the signed
    email.
  • How would I do this effectively? PGP key
    servers??
  • Should I have checked the web SSL certificate?
  • No deployment of infrastructure (DNS,BGP) PKIs.

7
Limitations of PKI Deployment
  • The theoretical promise of PKI technology greatly
    exceeds the deployed use.
  • Fundamental key management issues remain
  • Effectively Deployment Requires
  • Mechanism for learning the public key
  • Mechanism for changing the public key
  • Limit damage of compromised key (revocation?)
  • Claim this can only work in strong hierarchy.

8
Steps To Real Deployment
  • S-BGP create a hierarchy where none exists.
  • Who signs you are allowed to announce this
    prefix?
  • How do you distribute the database?
  • Secure DNS overlays PKI on the DNS tree.
  • Simple structure in theory
  • Root key signs the com, net, org, edu, uk, etc,
    keys
  • Com key signs the cisco.com, ibm.com, foo.com
    keys
  • Cisco.com key signs research.cisco.com,
    www.cisco.com
  • But this assumes the entire tree deploys DNSSEC.

9
DNS The PKI Of The Future (?)
  • Can use a signed DNS as the missing PKI.
  • Store ssh host keys in the DNS along with host IP
    address (IETF working group for this)
  • Store SSL and IMAP certificates in the DNS (DNS
    CERT record is already defined)
  • Store PGP email keys in the DNS (Functionality
    revoked by Massey and Rose)
  • What is wrong with the picture?
  • No revocation mechanism
  • Will this create a PKI or break the DNS?
  • Is the DNS an appropriate trust model?
Write a Comment
User Comments (0)
About PowerShow.com