demystifying pki: introduction to the cryptography behind public key infrastructure
TRANSCRIPT
Demystifying PKI:
Introduction to
The Cryptography BehindPublic Key Infrastructure
Security Services
• Data Integrity– Verification that the data has not been modified
• Authentication– e.g., your personal signature
• Non-Repudiation– e.g., Sender/Receiver in a financial transaction
• Confidentiality– i.e., scrambled text
Data Integrity
• The Assurance That the Data Has Arrived Intact, With No Tampering or Corruption of the Bits.
• Data Integrity Is Achieved Electronically Through the Use of Cryptographic Checksums (One-way Hashes) Over the Data.
Data Integrity Hash Functions
• Hash Functions are Complex Mathematical Functions Which Generate a Unique “Fingerprint” of the Data. Each String of Data is Mathematically Reduced to a Fixed-Size Output Block, Regardless of the Amount of Input Data
• The Same Output is Always Produced From The Same Input
“$” “1” “0” “9”
36 49 48 57User Data
3725
HashFunction
The Result Produced By a Hashing Function is Called a Message Digest
Two Examples:Secure Hash Algorithm (SHA)Message Digest #5 [RSA] (MD-5)
Authentication
• The Binding of the Sender’s (or Issuer’s) Credentials to the Data. This Process Can Be Likened to Your Personal Signature– It Is Unique to You and Can Be Recognized (Verified)
Later by All Parties Involved
Non-Repudiation
• The Fact That a Third Party Can Verify Your Authentication (e.g., Your Signature) on a Transaction Means That You Cannot Deny Participation in the Transaction
Confidentiality/Privacy
• Encryption (scrambling) of the data to prevent unauthorized disclosure.
Mechanics of Security
• Cryptographic algorithms (mathematical processes) used to implement security
• Symmetric vs. Asymmetric• Key Generation• Digital Signatures• Encryption• Public Key Infrastructure
Symmetric Cryptography
Encryption Algorithms
• Encryption Has Historically Been Used in Military Applications to Secure Tactical or Intelligence Related Information During Wartime.
For This Reason, Encryption Is Classified As a Munition or Instrument of War by Most Countries. The Improper Use of Encryption Is Often Considered a Terrorist Act.
Many Countries Place Restrictions on the Import and Export of Encryption, as Well as the Use of Encryption Within the Country.
“The problem of good cipher design is essentially one of
finding difficult problems..... we may construct our
cipher in such a way that breaking it is equivalent to...
the solution of some problem known to be laborious.”
- Claude Shannon (1949)
Encryption Algorithms
Conventional Algorithms
Encryption Decryption
Key=010011..1 Key=010011..1
• Also Called Secret-Key Algorithms– Symmetric - Use The Same Key For Encryption and Decryption– Security Depends on Keeping the Session Key Secret
Symmetric Encryption/Decryption
• Secret Key used to encrypt data• Sender and receiver must have same key• Key distribution and compromise recovery are difficult
KeyGeneration
DESThis is plain text. It can be a document, image, or any other data file
12A7BC544109FD00A6293FECC7293B9BCAA12020384AC6F4D93B8
DESThis is plain text. It can be a document, image, or any other data file
SecretKey
SecretKey
SENDER RECEIVER
Same Key
Conventional Algorithms
• Stream Ciphers
– Perform a Mathematical Transformation Using One Bit From the Key String and One Bit From the Data Stream.
The Classic Stream Cipher Is Called a Vernam Cipher
It is Based on the Exclusive OR Function
Repeating Key
Stream
+
Stream Ciphers Vernam Cipher
= 101001011101001011 101001011 101001011 ...
= 101101011101101011101101011 ...
MessageDebit $500
.XOR.
CryptoTextE%f2$Uz7@W
Block Ciphers• Perform a Mathematical Transformation On Data In Fixed-Size Blocks, One
At a Time.• The Cipher Mode Determines How The Algorithm Is Applied To Data Streams,
Block-By-Block• Block Ciphers are Fairly Similar From a Functional Point-of-View• We’ll Now Look at an Example of One Well-Known Block Cipher in Detail...
DES Algorithm
Message EncryptedMessage
DES Key
Encrypt
Anatomy of DES
Original Message Stream is Broken Into 64-Bit Blocks (8 Ascii Characters)
64-Bit Block of Original Text
Each Block is Separately Fed Into The DES Algorithm
(Hence the Term Block Cipher)
56-Bit Key
The Reduced 56-Bit Key Becomes The Working DES Session Key
The Keysize is Reduced to 56 Bits During The Initial Permutation
Bits 8,16,24,32,40,48,56,64
The Original DES Key is 64 Bits
Anatomy of DES64-Bit Block of Original Text
Initial Permutation
64-Bit Block of Original Text 56-Bit Key
Anatomy of DES
Original Right Half is
Copied to New Left Half
The 32-Bit Right Half of The Input Block is Copied Into the Left Half of The Output Block
32-Bit Right Half
48-Bit ExpandedRight Half
Expansion
Blocking
The 32-Bit Right Half of The Input Block is Then Expanded to 48-Bits
Old Right Half
Old Right Half
64-Bit Block of Original Text 56-Bit Key
32-Bit Right Half
48-Bit ExpandedRight Half
48-Bit SubKey
Expansion
Blocking
Permutation
Original Right Half is
Copied to New Left Half
Anatomy of DES
Old Right Half
The 56-Bit Session Key is Further Reduced to a 48-Bit SubKey
Anatomy of DES
S5 S6 S7 S8S1 S2 S3 S4
Inside Each Register, 2-bits are Used as Control Bits, and 4-bits as Data
A Substitution Table is Used Inside Each Register to Calculate Its Output
The Input is Shifted Into the S-Registers in 6-bit groups.
The S-Registers Perform Substitution and Compaction, Converting the 48-Bit Block to 32-Bits
Anatomy of DES
S-Register 1 2 3 4
Control Left (CL)
Control Right (CR)
For Each of the Four Choices of the Two “Control Bits” , the S-register Performs a Different Substitution on the Half-byte Values of the Four “Input Bits”
CL CR 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
0 0 14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7
0 1 0 15 7 4 14 2 13 1 10 6 12 11 4 5 3 8
1 0 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0
1 1 15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13
Example: S(1, 0, 1, 1, 1, 0) {
7
11 00 11 11 11 00
= (1, 0, 1, 1){
11
1111 00 11
New Right Half
64-Bit Block of Original Text 56-Bit Key
32-Bit Right Half
48-Bit ExpandedRight Half
48-Bit SubKey
S5 S6 S7 S8S1 S2 S3 S4
Permutation
Expansion
Blocking
Permutation
Original Right Half is
Copied to New Left Half
Substitution and Compaction
Anatomy of DESOld Left Half
Old Right Half New Right Half
64-Bit Block of Original Text 56-Bit Key
32-Bit Right Half
48-Bit ExpandedRight Half
48-Bit SubKey
New 64-Bit Block (To Next Round)
S5 S6 S7 S8S1 S2 S3 S4
Permutation
Expansion
Blocking
Permutation
Original Right Half is
Copied to New Left Half
New Right Half
Substitution and Compaction
Anatomy of DESNew 64-Bit Block
Triple Des Algorithm (TDES)
DESDecrypt
EncryptedData
%4Jb3xy
• Implements 3 Successive Iterations of DES
DESEncrypt
DESEncrypt
CryptoTextE%f2$Uz7@W
MessageDebit $500
Key #1
Key #2
EncryptedData
vG$uvbpA
Key #1 or #3
• Uses Two or Three 56-Bit Keys (112-bit or 168-bit)
Encryption Algorithms
• Strengthening Encryption Algorithms– Strength of an Algorithm Measures How Long It Would Take an
Adversary to Deduce the Key
The More Difficult the Mathematics, the Stronger the Algorithm
The Longer the Key, the Stronger the Algorithm
The More Often the Key Is Changed, the Stronger the Security
The Stronger the Algorithm, the Slower it Usually is Due to the Mathematical Overhead Required
Asymmetric Cryptography
Most commonly known as Public Key Cryptography
1. Key Generation
• Key pair is use in public key cryptography– Key generation provides the basis for trust– Private key protected and never shared– Public key bound in certificate and shared
Key PairGeneration
PrivateKey
PublicKey
CertificationAuthorityUser Name
OrganizationLocation Digital
Certificate
End UserToken
X.509Directory
A Digital Signature Is a Special Block That is Appended
to an Electronic Message.
Signature Block
Stock PurchaseOrder
2. Digital Signature
Allows for Verification of the AUTHENTICATION of
the Sender and of the INTEGRITY of the content of an Electronic Message.
Only Public-key Techniques Can Provide This.
2. Digital Signature
How Alice Creates A How Alice Creates A Digital SignatureDigital Signature
AA AliceAlice
Alice’s Private KeyAlice’s Private Key
SSecureecureHHashashAAlgorithmlgorithm
Dear Sir,Dear Sir,
Please Send Please Send
Me The Me The
Widget. Widget.
Please Please
Charge VISA Charge VISA
Card 4123...Card 4123...
2. Digital Signature
How Alice Creates A How Alice Creates A Digital SignatureDigital Signature
AA AliceAlice
Alice’s Private KeyAlice’s Private Key
Message Digest (160 bits)
Dear Sir,Dear Sir,
Please Send Please Send
Me The Me The
Widget. Widget.
Please Please
Charge VISA Charge VISA
Card 4123...Card 4123...
SSecureecureHHashashAAlgorithmlgorithmSignatureSignature
Encrypt
Digital Signature
VERIFIED
2. Digital Signature
• Sender uses private key to sign• Receiver uses sender’s public key to verify• Result is Pass or Fail
Sign
Sender’sPrivate
Key
SENDER
DigitallySigned
RECEIVER
Verify
Sender’sPublicKey
Sender’sCertificateSender’s
Token
VERIFIED
This is plain
text. It can
be a document,
image, or any
other data file
This is plain
text. It can
be a document,
image, or any
other data file
Algorithms for Digital Signature
• Digital Signature Algorithm (DSA)– Federal Standard (FIPS 186)
• Secure Hash Algorithm (SHA-1)• Rivest Shamir Adleman (RSA)
• Message Digest #5 (MD5)• Elliptic Curve Digital Signature Algorithm (ECDSA)
r=(gk mod p) mod qs=(k-1(H(m)+xr)) mod q
c=me mod nm=cd mod n
Digitized vs. Digital SignatureDigitized vs. Digital Signature
A A DigitizedDigitized signature is a scanned image that can be pasted signature is a scanned image that can be pasted on any documenton any document
A A DigitalDigital Signature is a numeric value that is created by Signature is a numeric value that is created by performing a cryptographic transformation of the data using performing a cryptographic transformation of the data using the “signer’s” private key the “signer’s” private key
1A56B29FF6310CD3926109F200D5EF719A274C66821B09AC3857FD62301AA2700AB3758B6FE93DD
Digitized Signature Digital Signature
Digital Certificates
• Analogous to a Driver’s License or Employee Badge– Issued By Some Authority That Members Have in
Common– Issued Under Some Set of Rules (Policies)– Document Issued Contains Public Information
• Not Sensitive• Not Compromising
– Provides Trust to Peers, Identification to Others
1. Message Encryption
• Use token to generate a random message key• Encrypt message with symmetric algorithm (DES)
Sender’s Token
DES
This is plain text. It can be a document, image, or any other data file
12A7BC544109FD00A6293FECC7293B9BCAA12020384AC6F4D93B8
MessageKey
SENDER
Use RNG toGENERATE
2. Key Transport (Wrap)
• Encrypt message key with sender’s private key and recipient’s public key and a public key algorithm (RSA)
RSA
Sender’sPrivate
Key
SENDER
Sender’s Token
MessageKey
Recipient’sPublicKey
Recipient’sCertificate
(From previous step)
WrappedMessage Key
3. Compose Message
• Send wrapped message key, encrypted message, and (optionally) sender’s certificate to recipient
WrappedMessage Key
12A7BC544109FD00A6293FECC7293B9BCAA12020384AC6F4D93B8
EncryptedMessage
SENDER
Sender’sCertificate
S/MIME, MSPS/MIME, MSP
4. Key Transport (Unwrap)
• Use the sender’s public key and the recipient’s private key to unwrap the message key with public key algorithm (RSA)
RSA
MessageKey
WrappedMessage Key
Recipient’sPrivate
Key
Recipient’s Token
Sender’sPublicKey
Sender’sCertificate
RECIPIENT
• Diffie-Hellman Works Because of a One-Way Function – The Function Is “Easy” to Compute but the Inverse Is “Hard” to Compute.
• Specifically D-H Uses Discrete Exponents and Discrete Logs.
Bob Alicegb
gagb mod p ga mod p
logg (x)
(easy)(easy) (hard)(hard)
Alternative Key Exchange MethodThe Diffie-Hellman Public Key System
Bob Alice
80
110
Secret = 8 Secret = 11
Igor knows 1010, 80 & 110Division Required!
Public = 8 x 10 10 = 80 Public = 11 x 10 10 = 110
Diffie-Hellman• Return to the 3rd Grade...
– Multiplication Is “Easy” and Division Is “Hard”• Diffie-Hellman Is Based on “X” and “/”• Bob and Alice Share a Generator (a) Value “10”
= 11 x 80 = 880= 8 x 110 = 880 MessageKey
5. Message Decryption
• Use unwrapped (RSA) or computed shared (D-H) message key to decrypt the data using a symmetric algorithm (e.g., DES)
12A7BC544109FD00A6293FECC7293B9BCAA12020384AC6F4D93B8
DESThis is plain text. It can be a document, image, or any other data file
MessageKey
RECIPIENT
This is a critical noteon our 1999revenue ...
$):”<(%$%&(@?<:”^%:)(*&%@#%(*^$+#@
KRFKEY
RECOVERYAGENT
KEYRECOVERY
AGENT
Basic Key Recovery
Encrypted DataEncrypted Data
KRF Key Recovery FieldKey Recovery FieldMessage KeyMessage Key
Private KeyPrivate Key
Public KeyPublic Key
Using Security Services
Using Security Services
• Client Authentication on a Web Server– Netscape, Microsoft– Compared to Access Control List on Server
• Server Authentication on a Web Client– Netscape, Microsoft– Stops Man-in-the-middle Attack
• Message Authentication– S/MIME E-mail Message– Netscape, MS Outlook Express 98
• Audit– Authentication of User Provides Non-repudiation of Client Access – May Provide Legal Proof for Later Arbitration
Digital Signatures
Using Security Services
• Confidentiality– Link Encryption
• IPSec (Layers 2/3)– Secure tunnel between VPN boxes
• SSL (Layers 4/5)– Secure “tunnel” to web server– Netscape, Microsoft
• FTP (Layers 6/7)– Secure file transfer
PKIPublic Key
Infrastructure
Digital Certificates
X.509User Info +
Public Key
Certification Authority
• Certification Authority acts as a trusted third party:– Binds user information to public key.– Issues an unforgeable certificate.
• Digital certificate can be published in a public directory/repository.• Digital certificate can be used to provide the required security services: integrity,
confidentiality, authentication, authorization, and non-repudiation.• ITU Recommendation X.509 is the accepted standard for digital certificates in
Government and industry.
Digital Certificate
X.509 Certificates (cont.)
• X.509 Version 3 certificates:– Defined extensions that can be added to the base
certificate:• public key information• policy information• additional subject attribute information• constraint information• CRL information
– Widely accepted in Gov’t and industry.– Commercial and Gov’t implementations.
Public Key Infrastructure
Public KeyCertificates
CertificationAuthorities
PKIServices
Public Key Infrastructure
InformationDist. & Mgmt
RegistrationManagement
Public KeyManagement
CertificateManagement
X.509
TokenManagement
Risk Reduction and PKI
BusinessRequirements
Legal Requirements
Technology Requirements
X.509
Cryptographic Security Solutions:
Provide Security Assurances: Privacy/Confidentiality Data Integrity Source and Destination (Client/Server/User) Authentication Access Control Non-Repudiation
Support The Emerging PKI Marketplace
PKI Security Solutions: Enable Enterprise E-Commerce
Issue, Manage, Revoke Certificates Apply Enterprise Certificate Policies and Procedures
Summary