Secure Communications

1
Secure Communications

• or, the usability of PKI

2
Agenda

• Announcement Security Symposium on Oct. 10.
• Questions? Stories to share?
• Project discussion IRB overview
• Secure communications

3
Project

• Initial draft 2 weeks
• Final plan 4 weeks
• Initial draft is NOT graded, credit for
  reasonable effort
• Some introduction, motivation, related work
• Draft of tasks, survey interview questions,
  etc.
• Mockup or description if you are building
  something
• The more complete it is, the more feedback youll
  get!
• We will pilot your materials during class in 2
  weeks (SO BRING YOUR MATERIALS TO CLASS!!!)

4
IRB

• http//www.research.uncc.edu/comp/human.cfm
• Download application form and consent form
  template
• See Wiki for one sample application

5
Public Key Infrastructure

• A PKI is a set of agreed-upon standards,
  Certification Authorities (CA), structure between
  multiple CAs, methods to discover and validate
  Certification Paths, Operational Protocols,
  Management Protocols, Interoperable Tools and
  supporting Legislation

Digital Certificates book Jalal Feghhi, Jalil
Feghhi, Peter Williams
In other words A Public Key Infrastructure is an
Infrastructure to support and manage Public
Key-based Digital Certificates
6
Secure Communications

• PKI
• What is your best technical explanation?
• What is your best non-tech explanation?
• How much should users be aware of keys?
• Whats a CA? How to explain a CA? Should users be
  aware of CAs?

7
Communication under PKI

• Both Alice and Bob have their own individual
  private and public keys signed by a certificate
  authority.
• The CA might be an employer, Verisign, or some
  other organization.

8
Communication under PKI
Bobs public key
Alices public key
100110

• The public key is used for encryption and digital
  signature verification.
• The private key is used for decryption and the
  creation of digital signatures.

9
Digital Signature
10
Digital Certificate
A Digital Certificate is a binding between an
entitys Public Key and one or more Attributes
relating its Identity.

• The entity can be a Person, an Hardware
  Component, a Service, etc.

• A Digital Certificate is issued (and signed) by
  someone

- Usually the issuer is a Trusted Third Party

• A self-signed certificate usually is not very
  trustworthy

11
X509 PKI
Alice trusts the root CA Bob sends a message to
Alice Alice needs Bobs certificate, the
certificate of the CA that signed Bobs
certificate, and so on up to the root CAs self
signed certificate. Alice also needs each CRL
for each CA. Only then can Alice verify that
Bobs certificate is valid and trusted and so
verify the Bobs signature.
11
12
Secure Communications

• PKI
• What is your best technical explanation?
• What is your best non-tech explanation?
• How much should users be aware of keys?
• Whats a CA? How to explain a CA? Should users be
  aware of CAs?

13
Problems with PKI

• Public-key cryptography is counterintuitive.
• PKI seems too far removed from application goals.
• Users do not understand how their tasks require
  PKI.
• PKI tasks are too cumbersome.
• Large CAs run into naming collisions.
• Users shoulder the burden of ensuring that the
  person theyre looking up is indeed the person
  they want.

14
IBM Lotus Notes Domino Solution

• Client/server infrastructure for collaborative
  applications
• Usage of PKI
• Authentication of Notes client to Domino Server
• Signing and encrypting mail messages
• Implementation
• Note keys are created by Notes administrator and
  distributed to user in a identity file
• Most of key management is hidden from user within
  the organization
• Communicating outside the enterprise requires
  user input to acquire or verify certificates
• Thoughts?

15
Alternative iPKI

• Lightweight PKI centered around a local,
  standalone CA
• Automated PKI and CA setup
• Simple, intuitive enrollment mechanism
• A simple, intuitive trust model
• Secure bootstrapping
• Certificates as capabilities
• No need for direct user interactions with
  certificates

15
16
Example Network-in-a-box

• Utilize location-limited channels to simplify
  configuration while maintaining security
• Laptop and AP exchange public keys
• Use it to perform full-fledged security
  auto-configuration

17
iPKI discussion

• Easier?
• Secure enough?
• What is it good for?
• Limitations?

18
NiaB validation

• Users study with 12? users
• Task connect to a secure wireless network, NiaB
  or other
• Results NiaB 10x faster, fewer errors, more
  confidence and satisfaction
• 2nd study in an enterprise
• Watched 5 users with each enrollment
• Same results as before, but even bigger
  differences!

19
Alternative Key Continuity Management

• Goal Make key generation management easier to
  accomplish
• Ignore the X.509 certification chain
• Applications are directly aware of public key
  certificates
• User would be notified only when servers key
  suddenly changes
• Thoughts?

20
Johnny 2

• Study conducted on KCM
• Closely followed the original Johnny study
• Same scenario, recruiting, descriptions, etc.
• Added additional attacks to examine user
  understanding and trust of keys
• 43 subjects
• 3 conditions
• no KCM
• Color
• Color briefing
• Question study critique?

21
Results?

• KCM worked against New Key Attack
• KCM didnt work against New Identity Attack
• Users noticed the change, but felt it was
  justified
• KCM really didnt work against Unsigned Message
  Attack
• users instead noticed they were being asked to
  send to hotmail and distrusted those instructions

22
Trust

• The encryption itself is not the problem
• Trust required to make PKI work
• Did Alice really send this?
• Is this the right Alice or another one?
• Do I trust the certificate?
• Do I trust the CA?
• Do I trust that no one has taken over her
  computer?
• At what point do I decide to not trust the
  message?