Embed Size (px)
DESCRIPTION
Public Key Infrastructure. By Sarah Wahl. What is PKI?. An arrangement that provides for trusted third party vetting of, and vouching for, user identities - PowerPoint PPT Presentation
Citation preview
November 1, 2006 Sarah Wahl / Graduate Student UCCS
1
Public Key Infrastructure
BySarah Wahl
November 1, 2006 Sarah Wahl / Graduate Student UCCS
2
What is PKI?
• An arrangement that provides for trusted third party vetting of, and vouching for, user identities
• PKI consists of client software, server software such as a certificate authority, hardware (e.g., smart cards) and operational procedures
November 1, 2006 Sarah Wahl / Graduate Student UCCS
3
Public Key…
• Public key encryption — keeping a message secret from anyone that does not possess a specific private key.
• Public key digital signature — allowing anyone to verify that a message was created with a specific private key.
• Key agreement — generally, allowing two parties that may not initially share a secret key to agree on one.
November 1, 2006 Sarah Wahl / Graduate Student UCCS
4
Public Key Encryption
• On a high level, a user signs his message with his private key, and when the message gets to the other side the end user decrypts the message using the public key, which is published by the Certificate Authority.
November 1, 2006 Sarah Wahl / Graduate Student UCCS
5
Keys
November 1, 2006 Sarah Wahl / Graduate Student UCCS
6
Keys Continued
• Like a mail slot. Anyone can put a message in the slot, but only owner can access the messages.
• Public Key• The published key. (Where the mail slot is
located)• Private Key
• The secret key (The owner’s key that can unlock the mail slot)
November 1, 2006 Sarah Wahl / Graduate Student UCCS
7
Identity Certificates
• A certificate which uses a digital signature to bind together a public key with an identity
• Identity being information on the user- name, organization etc.
November 1, 2006 Sarah Wahl / Graduate Student UCCS
8
Certificate Authorities
• Verify an applicant's credentials, so that users (relying parties) can trust the information in the CA's certificates
• This is essential to the PKI scheme, if the CA is compromised then their signed certificates can’t be trusted.
November 1, 2006 Sarah Wahl / Graduate Student UCCS
9
Certificate Authorities Cont.
• It is not always possible to reach back to the original Certificate Authority.
• Key Chain, or Certificate Authority Chain.• Allows a user to get a certificate from
another source.• Certificate Authority delegates authority to
others.
November 1, 2006 Sarah Wahl / Graduate Student UCCS
10
Certificates
• Self-Signed• Certificate signed by certificate’s author
• Root Certificate• an unsigned public key certificate
• Authorization Certificates• (also known as an attribute certificate) digitally
written permission from the issuer to use a service or a resource that the issuer controls or has access to use
November 1, 2006 Sarah Wahl / Graduate Student UCCS
11
Classes of Certificates
• Class 1 for individuals, intended for email
• Class 2 for organizations, for which proof of identity is required
• Class 3 for servers and software signing, for which independent verification and checking of identity and authority is done by the issuing certificate authority (CA).
November 1, 2006 Sarah Wahl / Graduate Student UCCS
12
Digital Signatures
• Can be used as a broad term encompassing message authentication codes, file integrity hashes and digital pen pad devices.
• For this discussion a digital signatures is a term to mean cryptographically based signature assurance scheme
• Used like a notary endorsement
November 1, 2006 Sarah Wahl / Graduate Student UCCS
13
Is it a Valid Certificate?
• Check the certificate revocation list (CRL)
• This is a list of certificates that are no longer valid.
• This list is published by 3rd parties (CA).
November 1, 2006 Sarah Wahl / Graduate Student UCCS
14
OCSP
• Online Certificate Status Protocol• An Internet protocol used for
obtaining the revocation status of an X.509 digital certificate.
• It is described in RFC 2560 and is on the Internet standards track. It was created as an alternative to CRLs
November 1, 2006 Sarah Wahl / Graduate Student UCCS
15
X.509 Certificate
• A certificate typically includes:• The public key being signed.• A name, which can refer to a person,
a computer or an organization.• A validity period.• The location (URL) of a revocation
center.• The digital signature of the certificate,
produced by the CA's private key.
November 1, 2006 Sarah Wahl / Graduate Student UCCS
16
The Future of PKI: ECC
• First, the fact that the security and practicality of a given asymmetric cryptosystems relies upon the difference in difficulty between doing a given operation and its inverse.
November 1, 2006 Sarah Wahl / Graduate Student UCCS
17
Elliptical Curve Cryptography
• Second, the fact that the difference in difficulty between the forward and the inverse operation in a given system is a function of the key length in use, due to the fact that the difficulty of the forward and the inverse operations increase as very different functions of the key length; the inverse operations get harder faster.
November 1, 2006 Sarah Wahl / Graduate Student UCCS
18
ECC Continued
• Third, the fact that as you are forced to use longer key lengths to adjust to the greater processing power now available to attack the cryptosystem, even the 'legitimate' forward operations get harder, and require greater resources (chip space and/or processor time), though by a lesser degree than do the inverse operations.
November 1, 2006 Sarah Wahl / Graduate Student UCCS
19
Comparison of Algorithms
• The difficulty of the forward and inverse operations is at the centre of asymmetric schemes.
• RSA, it's integer multiplication (forward) and factorization (inverse)
• Diffie Hellman it's discrete exponentiation (forward) and log (inverse).
• ECC it's point multiplication (forward) and the elliptic curve discrete logarithm problem (inverse).
November 1, 2006 Sarah Wahl / Graduate Student UCCS
20
Key Sizes
November 1, 2006 Sarah Wahl / Graduate Student UCCS
21
ECDSA vs. RSA (ms)
November 1, 2006 Sarah Wahl / Graduate Student UCCS
22
How ECC Works
• The way that the elliptic curve operations are defined is what gives ECC its higher security at smaller key sizes.
• An elliptic curve is defined in a standard, two dimensional x,y Cartesian coordinate system by an equation of the form:
• y2 = x3 + ax + b
November 1, 2006 Sarah Wahl / Graduate Student UCCS
23
Elliptical Curve Example
November 1, 2006 Sarah Wahl / Graduate Student UCCS
24
How ECC Works Continued
• Point multiplication is simply calculating kP, where k is an integer and P is a point on the elliptic curve defined in the prime field.
• This is the operation which is the key to the use of elliptic curves for asymmetric cryptography — the critical operation which is itself fairly simple, but whose inverse is very difficult.
November 1, 2006 Sarah Wahl / Graduate Student UCCS
25
The dominant operation in ECC cryptographic schemes is point multiplication.
November 1, 2006 Sarah Wahl / Graduate Student UCCS
26
Why Use ECC?
• It’s More Secure!• It’s Much Faster!!
November 1, 2006 Sarah Wahl / Graduate Student UCCS
27
Conclusion
• PKI is an ever changing infrastructure. • There are new software algorithms
being developed.• Different methods for interacting with
the Certificate Authority.
November 1, 2006 Sarah Wahl / Graduate Student UCCS
28
Questions
• Any Questions or Comments?
November 1, 2006 Sarah Wahl / Graduate Student UCCS
29
Resources
http://en.wikipedia.org/wiki/Public_key_infrastructure
http://www.deviceforge.com/articles/AT4234154468.html
http://csrc.nist.gov/pki
http://homes.esat.kuleuven.be/~fvercaut/talks/HECC.pdf
