Public Key Cryptology and PKI AMS I3'1'2 Fall 2005

1
Public Key Cryptology and PKI AMS I-3.1.2 Fall
2005

• Greg Phillips
• greg.phillips_at_rmc.ca
• Royal Military College of Canada
• Electrical and Computer Engineering

2
Overview and todays class

• classical and modern cryptology
• public key cryptology and public key
  infrastructure
• introduction to public key cryptography
• example RSA
• uses for public key cryptosystems
• public key distribution
• attacks
• public key infrastructure
• computer security (COMPUSEC)
• network security (NETSEC)
• assurance
• computer security demonstration

3
The Secret Key Weakness
Alice
Bob
4
Public Key Cryptosystems
Secret Key Cryptosystems
plaintext
plaintext
Pu
Pu encipher
DES encipher
DES key
ciphertext
ciphertext
Pr
DES decipher
Pr decipher
plaintext
plaintext
Public and private keys must be related however,
it must be computationally infeasible to derive a
private key, given a public one.
5
Public Key Cryptosystems
PrAlice
PrBob
Alice
Bob
Public Key Directory Alice PuAlice Bob
Pubob Carol PuCarol
Carol
PrCarol
6
A Comparison
It is possible to combine public key and private
key cryptosystems in a hybrid approach that has
the benefits of both. Idea use the public key
part of the system to exchange private keys use
the private keys to encrypt the message traffic.
7
System Requirements
plaintext
Public key
Pu encipher

• Given all the information in the green area,
  computing either another plaintext or the private
  key must be prohibitively difficult.
• At the same time, it must be reasonably efficient
  to
• generate key pairs,
• encipher, and
• decipher.

ciphertext
Private key
Pr decipher
plaintext
8
Trap-door one-way functions

• a one-way function f derives from a hard
  mathematical problem whose inverse is easy
• i.e., f X Y is hard, f -1 Y X is easy
• like factoring large numbers (used in RSA)
• teeny-weeny example
• find the factors of 29,083 relatively hard
• multiply 127 by 229 relatively easy
• a trap-door one-way function t is derived from a
  one way function f such that t(f, e) and t--1(f
  -1, n) are both easy, but t--1(f -1) is as
  hard as f-1 and finding n from e is also as hard
  as f-1
• translation encryption and decryption are both
  easy if you know the public and private keys, but
  decryption without the private key is hard, and
  finding the private key from the public key is
  hard

9
RSA Key Generation

• choose two large primes, p and q, and another
  number E
• calculate n pq
• public key is (n, E)
• private key is D, the multiplicative inverse of E
  taken mod (p-1)(q-1) , that is,
• ED mod (p-1)(q-1)1
• example
• choose p 5, q 11, E 3
• calculate n 55, public key is (55, 3)
• D is 27 since (3)(27)mod(40)1
• there is an efficient algorithm for calculating D
  given any p, q and E, but finding p and q from n
  is the mathematically hard problem

10
RSA Encryption

• public key is (n, E)
• break the plaintext into binary numbers mi, such
  that each mi lt n
• calculate the ciphertext ci corresponding to mi
• ci miE mod n
• Example mi 4, public key is (55, 3)
• ci 43 mod 55
• ci 64 mod 55
• ci 9

11
RSA Decryption

• public key is (n, E), private key is D
• calculate the plaintext mi corresponding to each
  ci
• mi ciD mod n
• example ci 9, public key is (55, 3), private
  key is 27
• mi 927 mod 55
• mi 58149737003040059690390169 mod 55
• mi 4

12
Reversibility

• most public-key cryptosystems have a reversible
  form, that is
• information encrypted with the public key can be
  decrypted with the private key, and
• used for confidentiality
• information encrypted with the private key can be
  decrypted with the public key
• used for digital signatures
• usually the two directions require slight
  variations of the base algorithm

13
Keys

• really big numbers
• work with cryptographic algorithms to produce
  specific ciphertext
• the bigger the key, the more secure is the
  ciphertext for a given algorithm
• public key size and secret key size cannot be
  directly compared, without reference to specific
  algorithms
• 80 bit AES 1024 bit RSA

14
Potential Services

• security between strangers
• encryption
• digital signature
• data integrity
• key establishment
• exchange of secret key

15
Authentication - Digital Signature

• takes variable-length input and produces a
  fixed-length output say, 160-bits
• if the input is changed even by just one bit, a
  radically different output value is produced

16
Digital Signature Verification
17
Hybrid Systems (Digital Envelopes)

• Faster
• Handles distribution lists

encrypt using DES-style crypto
18
Assumptions

• implicit to this point is that Bob has an
  identity that is known and understood by Alice
• Alice must be able to associate a public key
  unambiguously and correctly with Bob
• Alice must be capable of retrieving Bobs key
  from a public repository

19
Public-Key Cryptosystem
20
Man in the middle attack
21
Digital Certificates

• a certificate is some information signed by
  some authority
• often the signed information is a public key
• i.e. A Public Key Certificate (PKC)
• a certificate is a stamp of approval from some
  other trusted individual
• if we can trust some entity to establish the
  relationship between an individuals identity and
  his/her pubic key we can solve the
  man-in-the-middle problem
• We need to trust at least one key
• but, we only need to really trust one key

22
Certification Authority (CA)

• an authority trusted with establishing the link
  between an individuals identification
  credentials and a public key
• in accordance with some policy
• digitally signs public-key certificate
• ITU Standard X.509 provides a public key
  certificate standard

23
Certificate Repository

• Directory Server Agent (DSA)
• this is a certificate repository
• solves problem of making certificates available
• on-line server, like a phone directory or the
  internet Domain Name System (DNS)
• e.g. ITU Standard X.500 directory service
• we have to consider the revocation of
  certificates that become invalid
• Certificate Revocation Lists (CRLs)

24
Certification Authority
Directory Server Agent
Certification Authority
25
Other issues

• revocation
• certificates may be revoked must have way to
  tell
• key backup
• keys can be lost must have fallback
• key update
• keys typically have finite life must be
  refreshed
• key history
• important for data recovery
• decrypt message from Alice from two years ago
• non-repudiation
• prevents sender from denying responsibility
• digital signature plus authenticated time
  stamping
• trust
• must trust certification authority
• if dealing across organizational boundaries, may
  have to have a network of trust established

26
Next classCOMPUSECextra slides (for interest
only) follow this slide
27
Functional PKI may contain

• Certification Authority
• Certificate Repository
• Certificate Revocation
• Key Backup and Recovery
• Automatic Key Update
• Key History
• Cross-Certification
• Support for Non-Repudiation
• Time Stamping
• Client Software

28
Certificate Revocation

• when binding of key needs to be broken
• identity change
• suspected security compromise
• user population needs to be aware
• unless certificates are for one time use only
  revocation check is required
• CRLs are held on the DSA

29
Key Backup and Recovery

• loss of private key
• forgotten passwords
• destruction of medium holding key
• backup and recovery of private decryption keys
  but not signing keys

30
Automatic Key Update

• certificate has finite lifetime
• theoretical reasons
• practical estimations
• automatic seamless update of certificate is
  preferred
• reduces burden on user to set-up

31
Key History

• multiple old certificates and at least one
  current certificate exist
• important for data recovery
• automatic seamless implementation is preferred

32
Support for Non-Repudiation

• users perform actions intended to be irrevocably
  associated with their identity (Digital
  signature)
• for business to run normally users cannot
  arbitrarily break this association at any time in
  the future
• must not be able to deny that the signature
  really came from owner
• this the property known as non-repudiation

33
Time Stamping

• one of the critical elements in the support of
  non-repudiation services is the use of secure
  time stamping, from a trusted time source
• the authoritative source of time for a PKI could
  be implemented by a secure time stamping server
  whose certificate is verifiable by the community
  of PKI users.

34
Client Software

• a PKI may be viewed as a collection of servers
  that will do the following
• the CA will provide certification services
• the repository will hold certificates and
  revocation information
• the backup and recovery server will enable the
  proper management of key histories
• the time stamp server will associate
  authoritative time information with documents
• thus client software will need to exist to access
  and implement these services correctly, it exists
  outside every application

35
Cross-Certification

• not likely that a single global PKI will exist
• likely that some will need to be interconnected
• need to form trust relationships between formerly
  unrelated PKIs
• cross-certification enables users of one PKI
  community to validate the certificates of users
  in another PKI community

36
Validity and Trust

• validity is confidence that a public key
  certificate belongs to its purported owner.
  Validity is essential in a public key environment
  where you must constantly establish whether or
  not a particular certificate is authentic.
• You validate certificates. You trust people. More
  specifically you trust people to validate
  certificates for you. You trust the CA to
  establish certificate validity.

37
Trust Models

• Direct Trust
• Hierarchical trust
• Distributed trust
• User Centric trust

38
Direct Trust
39
User Centric Trust
40
Hierarchical Trust
41
Distributed Trust