4-2.1

Public Key Infrastructure (PKI)

Slides for Grid Computing: Techniques and Applications by Barry Wilkinson, Chapman & Hall/CRC press, © 2009.Chapter 4, pp. 128-144. For educational use only. All rights reserved. Aug 28, 2009

Public Key Infrastructure (PKI)

• A structure that binds users to their public keys

• Lead to a powerful structure for all the major issues of a secure connection:

• Data confidentiality• Data integrity• Authentication, and indeed • Authorization.

4-2.2

4-2.3

Data Confidentiality and Data Integrity

• Data Confidentiality - information exchange protected against eavesdroppers.

• Data Integrity - assurance that message was not modified in transit (intentionally or by accident).

4-2.4

Achieving Data Integrity

• Attach a binary pattern with message computed from message, which changes if message has been altered.

• Then when message received, can check whether binary pattern same by re-computing it from received message.

4-2.5

Computing small binary patterns from larger binary patterns used:

•To check integrity of files. Cyclic redundancy check (CRC) words attached to files to use to detect errors in storage or after transmission.

•To select a location in a table where there are less entries than there are different binary selection patterns – “hash”

Cryptographic hash function• Two primary purposes:

–Making it not possible to find original message from hash value of message, and

–Making it highly unlikely one can find two message that have same hash value.

• Has to be very carefully designed.

• Hash value relatively large for security considerations, typically at least 128 bits.

• Cryptographic hash functions include:

–MD5 (Message-Digest algorithm 5) introduced by Rivest in 1991, and

–SHA (Secure Hash Algorithm) introduced by National Security Agency (SHA-1, SGA-2)

–Both have potential security flaws!

4-2.8

Digital Signatures• A way of achieving authentication and data

integrity.

• Uses a cryptographic hash function to create a message digest, a “footprint” of the message

• Message digest encrypted with sender’s private key to create a digital signature.

• Digital signature attached to message.

4-2.9

Digital Signature

Attach digital signature to message (data)

Fig 4.5

4-2.10

Checking digital signature

Fig 4-6

Data confidentiality• Message not shown encrypted.

• All we are attempting to establish is authentication and data integrity, and not data confidentiality.

• Often sufficient in a Grid environment

• If data confidentiality desired, data itself encrypted in usual fashion with receiver’s public key to ensure that only receiver can decrypt it with receiver’s private key.

4-2.12

• Digital signature alone not sufficient to ensure data is from the sender.

• Possible that public key is a fake. Still could get matching digital signatures.

4-2.13

Certificates

• A digital document belonging to the “End-Entity” giving:

–Their name, their public key, and other information.

• Certificate comparable to a Driver’s license or passport.

4-2.14

Certificate

Fig4-7

4-2.15

Certificate Authority (CA)

• A trusted third party certifies that public key does in fact belong to the end-entity named on certificate.

• Certificate signed by CA using their private key (which can be verified using their public key)

• Certificate Authority comparable to a DMV for Driver’s licenses or passport agency (US Dept of State) for passports.

4-2.16

Certificate Authority

• Certificate Authority has to have it’s own certificate to identify itself (keeping its private key protected).

• In event of a single “root” certificate authority (that is, without a certificate authority hierarchy), certificate authority signs its own certificate, i.e. creates a self-signed certificate.

4-2.17

CA’s own certificateCA needs it own certificate identify itself• First it generates key pair.• It protect its private key. (This is vitally

important!)• It then creates a

certificate and signsit with its private key:

CA’s public key

Certificate

CA’s digital signature

CA’s name

4-2.18

Types of Certificates

• X.509 most widely used.

• Defined by International Telecommunications Union (ITU)

• Version 1 defined in 1988

• Version 2 , Version 3 (1996) adds fields, see next slide.

4-2.19

X.509 Format (version 3)

Fig4-8

4-2.20

Need to a policy to establish subject’s identity (name)

Must to constructed for uniqueness – could be two Barry Wilkinson’s (There are.)

Should be unambiguous.

Subject’s identity

4-2.21

Subject’s identity

X 500 namespace

• Entry identified by a distinguished name (DN)

• Hierarchical with concatenation of attributes

• Forms a tree creating a path to entity

4-2.22

X 500 namespace• Entries organized in a tree hierarchy, which

could reflect organizational structure:– Organization: O=Grid– Organization: O=UNCC– Organizational unit: OU= Dept of Computer

Science– Common name: CN=Barry Wilkinson

Example in grid course/O=Grid/OU=UNCC/OU=Dept of Computer

Science/CN=Barry Wilkinson

Sample user certificate

Fig4-9

4-2.25

Actions to send a message between sender and receiver who both trust CA

Fig 4.10

4-2.26

Accepting Certificates

If• you trust the Certificate Authority

and

• you are confident that the key that you have is really the public key of the Certificate Authority

then

• you can decrypt sender’s certificate with confidence to obtain sender’s public key.

4-2.27

• Generally Public Key and Secret Key Cryptography used together.

• Public key Cryptography with Certificates and a Certificate Authority (CA) used to establish secure authenticated connection between parties.

• Then:–Secret key passed between parties.–Secret key cryptography used to

encrypt/decrypt data, which is much faster than public key cryptography.

4-2.28

• Several network protocols and programs have embedded public key and secret key cryptographic algorithms.

• SSL (Secure Socket Layer) Protocol, which can be added on top of other protocols (e.g. HTTPS, FTPS).

• SSH (Secure shell) clients.

• SFTP (Secure File transfer protocol) –relies on underlying secure connection. Used with SSH.

4-2.29

Others include:

• S/MIME (Secure Multipurpose Internet Mail Extensions) -- for secure email, developed by RSA Data Security Inc, see:

http://www.rsa.com/smime

• SET (Secure Electronic Transaction) -- for

secure e-commerce, developed jointly by Visa, Mastercard, IBM, and other companies, for secure credit card transactions over the Internet, see:

http://www.setco.org

4-2.30

Certificate Authorities

• Commercial Certificate Authorities exist, such as:

– VeriSign Inc.– Entrust Technologies Inc.,

• Web browsers have built-in recognition such trusted CAs, allowing SSL and other secure connections.

Sample trusted certificate authority list in Internet Explorer

Path:tools internet options content certificates

Fig 4-11

4-2.32

General Public Key

Infrastructure

Fig 4.12

4-2.33

Certificate Repository

• Used to store:– Issued certificates– Revoked certificates (CRLs - Certificate

Revocation List)– Might be accessed through LDAP (Lightweight

Directory Access Protocol)

4-2.34

Registration Authority

• Acts for CA for some management functions.

• Not strictly necessary as CA could do all functions.

Public key infrastructure

with a certificate

repository and registration

authority

Fig 4-13 4-2.35

Two levels of certificate authorities, with Alice sending a message to Bob

Fig 4-14 4-2.36

Cross-certified certificate authorities

4-2.37Fig. 4-15

Mutual authentication

4-2.38Fig. 4-16

One-way digital signature authentication with user password authentication

4-2.39Fig. 4.17

SSH Tunneling

4-2.40Fig. 4.18

Phases of SSL (Secure Sockets Layer)

4-2.41

4-2.42

More Information

Books

• “Cryptography and Network Security 3rd edition,” by William Stalling.

Questions

4-2.43

In security, what is meant by the term authentication?

(a) The process of deciding whether a particular identity can access a particular resource (b) The process of giving authority to another identity (c) The process of deciding whether a particular identity is who he says he is(d) None of the other answers

4-2.44SAQ 4.1

In security, what is meant by the term non-repudiation?

(a) Means that one cannot recognize errors in a message(b) Means that one can deny that they sent or received a message (c) Means that one can deny they provided the data for service (d) Means that one cannot deny that they sent a message (e) None of the other answers

4-2.45SAQ 4.2

Which of the following is an advantage of secret key cryptography? (Select all that apply.)

(a) Parties do not need to establish previously a secure channel to exchange keys (b) It is faster than public key cryptography(c) It allows for non-repudiation (d) It allows for the creation of a digital signature

4-2.46SAQ 4.3

What statements are true about digital signatures? (Select all that apply.)

(a) Each user has an unchanging digital signature(b) Each message has the same digital signature(c) Ideally, each message has a different digital signature(d) Digital signatures cannot be decoded except by the intended recipient(e) Only the sender of the message can create the digital signature for the message

4-2.47SAQ 4.8

In public key cryptography, which key does one use to create a digital signature?

(a) The sender’s private key(b) The destination’s pubic key(c) The destination’s private key(d) The sender’s public key

SAQ 4.12 4-2.48

In public key cryptography using single encryption, which key or keys could one use to encrypt information to be sent a destination such that the destination could decrypt the message? There may be more than one key. Select all suitable keys.

(a) The destination’s private key(b) The destination’s public key(c) The sender’s public key(d) The sender’s private key

SAQ 4.13 4-2.49