Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
INF3
510
Info
rmat
ion
Sec
urity
U
nive
rsity
of O
slo
Spr
ing
2014
Lect
ure
6 K
ey M
anag
emen
t and
PK
I
Aud
un J
øsan
g
Key
Man
agem
ent
•Th
e se
curit
y of
cry
ptog
raph
ical
ly p
rote
cted
info
rmat
ion
depe
nds
on:
–Th
e si
ze o
f the
key
s –
The
robu
stne
ss o
f cry
ptog
raph
ic a
lgor
ithm
s/pr
otoc
ols
–Th
e pr
otec
tion
and
man
agem
ent a
fford
ed to
the
keys
•
Key
man
agem
ent p
rovi
des
the
foun
datio
n fo
r the
sec
ure
gene
ratio
n, s
tora
ge, d
istri
butio
n, a
nd d
estru
ctio
n of
key
s.
•P
rope
r key
man
agem
ent i
s es
sent
ial t
o th
e ro
bust
use
of
cryp
togr
aphy
for s
ecur
ity.
•P
oor k
ey m
anag
emen
t may
eas
ily le
ad to
com
prom
ise
syst
ems
prot
ecte
d w
ith s
trong
alg
orith
ms.
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
2
Key
Usa
ge
•A
sin
gle
key
shou
ld b
e us
ed fo
r onl
y on
e pu
rpos
e –
e.g.
, enc
rypt
ion,
aut
hent
icat
ion,
key
wra
ppin
g, ra
ndom
nu
mbe
r gen
erat
ion,
or d
igita
l sig
natu
res
•U
sing
the
sam
e ke
y fo
r tw
o di
ffere
nt p
urpo
ses
may
wea
ken
the
secu
rity
of o
ne o
r bot
h pu
rpos
es.
•Li
miti
ng th
e us
e of
a k
ey li
mits
the
dam
age
that
co
uld
be d
one
if th
e ke
y is
com
prom
ised
. •
Som
e us
es o
f key
s in
terfe
re w
ith e
ach
othe
r –
e.g.
an
asym
met
ric k
ey p
air s
houl
d on
ly b
e us
ed fo
r ei
ther
enc
rypt
ion
or d
igita
l sig
natu
res,
not
bot
h.
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
3
Type
s of
Cry
ptog
raph
ic K
eys
•H
ow m
any
type
s of
key
s ar
e th
ere?
•
Cry
pto
keys
are
cla
ssifi
ed a
ccor
ding
to:
–W
heth
er th
ey’re
pub
lic, p
rivat
e or
sym
met
ric
–Th
eir i
nten
ded
use
–Fo
r asy
mm
etric
key
s, a
lso
whe
ther
they
’re s
tatic
(lon
g lif
e) o
r eph
emer
al (s
hort
life)
•
NIS
T S
peci
al P
ublic
atio
n 80
0-57
, R
ecom
men
datio
n fo
r Key
Man
agem
ent –
Par
t 1:
Gen
eral
, Aug
ust 2
005,
def
ines
19
type
s of
cr
ypto
grap
hic
keys
.
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
4
Cry
pto
Per
iod
•Th
e cr
ypto
per
iod
is th
e tim
e sp
an d
urin
g w
hich
a
spec
ific
key
is a
utho
rized
for u
se
•Th
e cr
ypto
per
iod
is im
porta
nt b
ecau
se it
: –
Lim
its th
e am
ount
of i
nfor
mat
ion,
pro
tect
ed b
y a
give
n ke
y, th
at is
ava
ilabl
e fo
r cry
ptan
alys
is.
–Li
mits
the
amou
nt o
f exp
osur
e an
d da
mag
e, s
houl
d a
sing
le k
ey b
e co
mpr
omis
ed.
–Li
mits
the
use
of a
par
ticul
ar a
lgor
ithm
to it
s es
timat
ed
effe
ctiv
e lif
etim
e.
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
5
Fact
ors
Affe
ctin
g C
rypt
o-P
erio
ds
•In
gen
eral
, as
the
sens
itivi
ty o
f the
info
rmat
ion
or
the
criti
calit
y of
the
proc
esse
s in
crea
ses,
the
cryp
to-p
erio
d sh
ould
dec
reas
e in
ord
er to
lim
it th
e da
mag
e re
sulti
ng fr
om c
ompr
omis
e.
•S
hort
cryp
to-p
erio
ds m
ay b
e co
unte
r-pr
oduc
tive,
pa
rticu
larly
whe
re d
enia
l of s
ervi
ce is
the
para
mou
nt c
once
rn, a
nd th
ere
is a
sig
nific
ant
over
head
and
pot
entia
l for
err
or in
the
re-k
eyin
g,
key
upda
te o
r key
der
ivat
ion
proc
ess.
•
The
cryp
to-p
erio
d is
ther
efor
e a
trad
e-of
f
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
6
Key
Usa
ge P
erio
ds
•A
key
is u
sed
for b
oth
prot
ectin
g an
d pr
oces
sing
. –
Pro
tect
ion:
Key
is u
sed
to e
ncry
pt o
r to
gene
rate
MA
C a
nd D
igS
ig
–P
roce
ssin
g: K
ey is
use
d to
dec
rypt
or t
o va
lidat
e M
AC
and
Dig
Sig
•
A c
rypt
ogra
phic
key
sha
ll no
t be
used
to p
rovi
de
prot
ectio
n af
ter t
he e
nd o
f the
pro
tect
ion
perio
d.
•Th
e pr
oces
sing
per
iod
norm
ally
ext
ends
bey
ond
the
prot
ectio
n pe
riod .
•
The
cryp
to-p
erio
d la
sts
from
the
begi
nnin
g of
the
prot
ectio
n pe
riod
to th
e en
d of
the
proc
essi
ng p
erio
d.
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
7
Pro
tect
ion
perio
d P
roce
ssin
g pe
riod
Cry
pto-
perio
d
Rec
omm
ende
d C
rypt
o P
erio
ds
Ref
: NIS
T S
P 8
00-5
7
Aud
un J
øsan
g 8
Key
Typ
e C
rypt
oper
iod
Pro
tect
ion
Per
iod
Usa
ge P
erio
d
1. P
rivat
e S
igna
ture
Ke
y 1-
3 ye
ars
2. P
ublic
Sig
natu
re
Key
Sev
eral
yea
rs (d
epen
ds o
n ke
y si
ze)
3. S
ymm
etric
A
uthe
ntic
atio
n K
ey
<= 2
yea
rs
<= O
UP
+ 3
year
s
4. P
rivat
e A
uthe
ntic
atio
n K
ey
1-2
year
s
5. P
ublic
A
uthe
ntic
atio
n K
ey
1-2
year
s
6. S
ymm
etric
Dat
a E
ncry
ptio
n K
eys
<= 2
yea
rs
<= O
UP
+ 3
year
s
7. S
ymm
etric
Key
W
rapp
ing
Key
<=
2 y
ears
<=
OU
P +
3 ye
ars
L03
- IN
F351
0 In
form
atio
n S
ecur
ity
8 L0
6 - I
NF3
510,
UiO
Spr
ing
2014
Rec
omm
ende
d C
rypt
o P
erio
ds (c
ont.)
R
ef: N
IST
SP
800
-57
Key
Typ
e C
rypt
oper
iod
Pro
tect
ion
Per
iod
U
sage
Per
iod
8. S
ymm
etric
and
as
ymm
etric
RN
G K
eys
Upo
n re
seed
ing
9. S
ymm
etric
Mas
ter
Key
Abo
ut 1
yea
r
10. P
rivat
e K
ey
Tran
spor
t Key
<=
2 y
ears
11. P
ublic
Key
Tr
ansp
ort K
ey
1-2
year
s
12. S
ymm
etric
Key
A
gree
men
t Key
1-
2 ye
ars
13. P
rivat
e S
tatic
Key
A
gree
men
t Key
1-
2 ye
ars
UiO
Spr
ing
2010
L0
3 - I
NF3
510
Info
rmat
ion
Sec
urity
9
Rec
omm
ende
d C
rypt
o P
erio
ds (c
ont.)
R
ef: N
IST
SP
800
-57
Key
Typ
e C
rypt
oper
iod
Pro
tect
ion
Per
iod
U
sage
Per
iod
14. P
ublic
Sta
tic K
ey
Agr
eem
ent K
ey
1-2
year
s
15. P
rivat
e E
phem
eral
K
ey A
gree
men
t Key
O
ne k
ey a
gree
men
t tra
nsac
tion
16. P
ublic
Eph
emer
al K
ey
Agr
eem
ent K
ey
One
key
agr
eem
ent t
rans
actio
n
17. S
ymm
etric
A
utho
rizat
ion
(Acc
ess
App
rova
l) K
ey
<= 2
yea
rs
18. P
rivat
e A
utho
rizat
ion
(Acc
ess
App
rova
l) K
ey
<= 2
yea
rs
19
. Pub
lic A
utho
rizat
ion
(Acc
ess
App
rova
l) K
ey
<= 2
yea
rs
UiO
Spr
ing
2010
L0
3 - I
NF3
510
Info
rmat
ion
Sec
urity
10
Key
Gen
erat
ion
•M
ost s
ensi
tive
of a
ll cr
ypto
grap
hic
func
tions
. •
Nee
d to
pre
vent
una
utho
rized
dis
clos
ure,
in
serti
on, a
nd d
elet
ion
of k
eys.
•
Aut
omat
ed d
evic
es th
at g
ener
ate
keys
and
in
itial
isat
ion
vect
ors
(IVs)
sho
uld
be p
hysi
cally
pr
otec
ted
to p
reve
nt:
–di
sclo
sure
, mod
ifica
tion,
and
repl
acem
ent o
f key
s,
–m
odifi
catio
n or
repl
acem
ent o
f IV
s.
•K
eys
shou
ld b
e ra
ndom
ly c
hose
n fro
m th
e fu
ll ra
nge
of th
e ke
y sp
ace
–e.
g. 1
28 b
it ke
ys g
ive
a ke
y sp
ace
of 2
128 d
iffer
ent k
eys
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
11
Whe
n ke
ys a
re n
ot ra
ndom
•
Rev
eale
d by
Edw
ard
Sno
wde
n 20
13,
NS
A p
aid
RS
A (p
rom
inen
t sec
urity
co
mpa
ny) U
S$
10 M
illion
to
impl
emen
t in
thei
r BS
AFE
sec
urity
pr
oduc
ts a
flaw
ed m
etho
d fo
r ge
nera
ting
rand
om n
umbe
rs.
•N
SA
cou
ld p
redi
ct th
e ra
ndom
nu
mbe
rs a
nd re
gene
rate
the
sam
e se
cret
key
s as
thos
e us
ed b
y R
SA
’s
cust
omer
s.
•W
ith th
e se
cret
key
s, N
SA
cou
ld
read
all
data
enc
rypt
ed w
ith R
SA
’s
BS
AFE
sec
urity
pro
duct
.
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
12
Ran
dom
Num
ber G
ener
ator
See
ds
•R
NG
key
s ar
e us
ed to
initi
alis
e th
e ge
nera
tion
of
rand
om s
ymm
etric
and
asy
mm
etric
key
s •
Kno
win
g th
e se
ed m
ay d
eter
min
e th
e ke
y un
ique
ly
•R
equi
res
conf
iden
tialit
y an
d in
tegr
ity p
rote
ctio
n –
Per
iods
of p
rote
ctio
n fo
r see
ds, e
.g.:
a.U
sed
once
and
des
troye
d b.
Use
d fo
r mul
tiple
key
s, d
estro
yed
afte
r las
t key
gen
erat
ion
c.
Kep
t and
des
troye
d at
the
end
of th
e pr
otec
tion
perio
d
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
13
Key
Gen
erat
ion
Exa
mpl
es
•S
tream
cip
her k
eys
–Lo
ng tr
ue ra
ndom
key
stre
am (O
ne-T
ime
Pad
), or
–
Sho
rt ra
ndom
key
(e.g
. 128
bits
) inp
ut to
key
stre
am
gene
rato
r to
gene
rate
pse
udor
ando
m k
ey s
tream
•A
ES
sym
met
ric b
lock
ciph
er k
eys
–S
elec
t ade
quat
e ke
y le
ngth
, 128
, 192
or 2
56 b
its
–E
nsur
e th
at a
ny k
ey is
as
prob
able
as
any
othe
r •
RS
A a
sym
met
ric c
iphe
r –
Mak
e su
re m
odul
us n
= p
·q i
s su
ffici
ently
larg
e to
pr
even
t fac
torin
g, e
.g. |
n |=
409
6 bi
t –
Ran
dom
ness
in s
eeds
to g
ener
ate
prim
es p
and
q
mus
t by
twic
e th
e se
curit
y re
quire
d. If
e.g
. 128
bit
secu
rity
is re
quire
d th
en u
se 2
56 b
it ra
ndom
ness
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
14
Com
prom
ise
of k
eys
and
keyi
ng m
ater
ial
•K
ey c
ompr
omis
e oc
curs
whe
n th
e pr
otec
tive
mec
hani
sms
for t
he k
ey fa
il, a
nd th
e ke
y ca
n no
long
er b
e tru
sted
•
Whe
n a
key
is c
ompr
omis
ed, a
ll us
e of
the
key
to p
rote
ct
info
rmat
ion
shal
l cea
se, a
nd th
e co
mpr
omis
ed k
ey s
hall
be re
voke
d.
–H
owev
er, t
he c
ontin
ued
use
of th
e ke
y fo
r pro
cess
ing
unde
r co
ntro
lled
circ
umst
ance
s m
ay b
e w
arra
nted
, dep
endi
ng o
n th
e ris
ks, a
nd o
n th
e or
gani
zatio
n's
Key
Man
agem
ent P
olic
y.
•Th
e co
ntin
ued
use
of a
com
prom
ised
key
mus
t be
limite
d to
pro
cess
ing
prot
ecte
d in
form
atio
n.
–In
this
cas
e, th
e en
tity
that
use
s th
e in
form
atio
n m
ust b
e m
ade
fully
aw
are
of th
e ris
ks in
volv
ed.
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
15
Key
Com
prom
ise
Rec
over
y P
lan
•A
com
prom
ise
reco
very
pla
n sh
ould
con
tain
: –
The
iden
tific
atio
n of
the
parti
es to
not
ify.
–Th
e id
entif
icat
ion
of th
e pe
rson
nel t
o pe
rform
the
reco
very
act
ions
. –
The
re-k
ey m
etho
d.
–A
ny o
ther
reco
very
pro
cedu
res,
suc
h as
: •
Phy
sica
l ins
pect
ion
of e
quip
men
t. •
Iden
tific
atio
n of
all
info
rmat
ion
that
may
be
com
prom
ised
. •
Iden
tific
atio
n of
all
sign
atur
es th
at m
ay b
e in
valid
due
to th
e co
mpr
omis
e of
a s
igni
ng k
ey.
• D
istri
butio
n of
new
key
ing
mat
eria
l, if
requ
ired.
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
16
Und
etec
ted
Key
Com
prom
ise
•Th
e w
orst
form
of k
ey c
ompr
omis
e is
whe
n a
key
is
com
prom
ised
with
out d
etec
tion.
–
Nev
erth
eles
s, c
erta
in p
rote
ctiv
e m
easu
res
can
be ta
ken.
•
Key
man
agem
ent s
yste
ms
(KM
S) s
houl
d be
des
igne
d:
–to
miti
gate
the
nega
tive
effe
cts
of a
key
com
prom
ise.
–
so th
at th
e co
mpr
omis
e of
a s
ingl
e ke
y ha
s lim
ited
cons
eque
nces
, –
e.g.
, a s
ingl
e ke
y sh
ould
be
used
to p
rote
ct o
nly
a si
ngle
use
r or a
lim
ited
num
ber o
f use
rs, r
athe
r tha
n a
larg
e nu
mbe
r of u
sers
. •
Ofte
n, s
yste
ms
have
alte
rnat
ive
met
hods
for s
ecur
ity
–e.
g. to
aut
hent
icat
e sy
stem
s an
d da
ta th
roug
h ot
her m
eans
that
on
ly b
ased
on
cryp
togr
aphi
c ke
ys.
•A
void
bui
ldin
g a
syst
em w
ith c
atas
troph
ic w
eakn
esse
s.
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
17
Pre-
oper
atio
nal P
hase
Ope
ratio
nal P
hase
Post
-ope
ratio
nal P
hase
Des
troy
ed P
hase
Key
Sta
tes,
Tra
nsiti
ons
and
Pha
ses
Ref
: NIS
T S
P 8
00-5
7
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
18
Pre
-Act
ivat
ion
Act
ive
Pro
tect
/Pro
cess
Des
troye
d D
estro
yed
Com
prom
ised
1
2
4
5
6
8
9
10
3
7 D
eact
ivat
ed
Pro
cess
onl
y C
ompr
omis
ed
Pro
cess
onl
y
Key
Sta
tes
and
Tran
sitio
ns
Ref
: NIS
T S
P 8
00-5
7
1) P
re-A
ctiv
atio
n •
The
key
mat
eria
l has
bee
n ge
nera
ted
but i
s no
t yet
au
thor
ized
for u
se
4) A
ctiv
e •
The
key
may
be
used
to
cryp
togr
aphi
cally
pro
tect
in
form
atio
n or
cr
ypto
grap
hica
lly p
roce
ss
prev
ious
ly p
rote
cted
in
form
atio
n, o
r bot
h. W
hen
a ke
y is
act
ive,
it m
ay b
e de
sign
ated
to p
rote
ct o
nly,
pr
oces
s on
ly, o
r bot
h.
A
udun
Jøs
ang
L06
- IN
F351
0, U
iO S
prin
g 20
14
19
Pre
-Act
ivat
ion
Act
ive
Pro
tect
/Pro
cess
Des
troye
d D
estro
yed
Com
prom
ised
1
2
4
5
6
8
9
10
3
7 D
eact
ivat
ed
Pro
cess
onl
y C
ompr
omis
ed
Pro
cess
onl
y
Key
Sta
tes
and
Tran
sitio
ns (c
ont.)
R
ef: N
IST
SP
800
-57
6) D
eact
ivat
ed
•A
key
who
se c
rypt
oper
iod
has
expi
red
but i
s st
ill
need
ed to
per
form
cr
ypto
grap
hic
proc
essi
ng,
gets
dea
ctiv
ated
unt
il it
is
dest
roye
d.
2), 7
) Des
troy
ed
•Th
e ke
y ha
s be
en d
estro
yed.
E
ven
thou
gh th
e ke
y no
lo
nger
exi
sts
in th
is s
tate
, ce
rtain
key
attr
ibut
es (e
.g.
key
nam
e, ty
pe a
nd
cryp
tope
riod)
may
be
reta
ined
.
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
20
Pre
-Act
ivat
ion
Act
ive
Pro
tect
/Pro
cess
Des
troye
d D
estro
yed
Com
prom
ised
1
2
4
5
6
8
9
10
3
7 D
eact
ivat
ed
Pro
cess
onl
y C
ompr
omis
ed
Pro
cess
onl
y
Key
Sta
tes
and
Tran
sitio
ns (c
ont.)
R
ef: N
IST
SP
800
-57
3), 5
), 8)
Com
prom
ised
•
Gen
eral
ly, k
eys
are
com
prom
ised
whe
n th
ey a
re
rele
ased
to o
r det
erm
ined
by
an u
naut
horiz
ed e
ntity
. If t
he
inte
grity
or s
ecre
cy o
f the
key
is
sus
pect
, it i
s re
voke
d. T
he
key
is n
ot u
sed
to a
pply
pr
otec
tion
to in
form
atio
n. In
so
me
case
s, th
e ke
y m
ay b
e us
ed fo
r pro
cess
ing.
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
21
Pre
-Act
ivat
ion
Act
ive
Pro
tect
/Pro
cess
Des
troye
d D
estro
yed
Com
prom
ised
1
2
4
5
6
8
9
10
3
7 D
eact
ivat
ed
Pro
cess
onl
y C
ompr
omis
ed
Pro
cess
onl
y
Key
Sta
tes
and
Tran
sitio
ns (c
ont.)
R
ef: N
IST
SP
800
-57
9), 1
0) D
estr
oyed
Com
prom
ised
•
The
key
is d
estro
yed
afte
r a
com
prom
ise,
or t
he k
ey is
de
stro
yed
and
a co
mpr
omis
e is
la
ter d
isco
vere
d. K
ey a
ttrib
utes
m
ay b
e re
tain
ed.
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
22
Pre
-Act
ivat
ion
Act
ive
Pro
tect
/Pro
cess
Des
troye
d D
estro
yed
Com
prom
ised
1
2
4
5
6
8
9
10
3
7 D
eact
ivat
ed
Pro
cess
onl
y C
ompr
omis
ed
Pro
cess
onl
y
Key
Pro
tect
ion
• A
ctiv
e ke
ys s
houl
d be
–
acce
ssib
le fo
r aut
horis
ed u
sers
, –
prot
ecte
d fro
m u
naut
horis
ed u
sers
•
Dea
ctiv
ated
key
s m
ust b
e ke
pt a
s lo
ng a
s th
ere
is
data
pro
tect
ed b
y ke
ys
–W
here
will
they
be
kept
? –
How
will
they
be
kept
sec
urel
y?
–W
ho w
ill kn
ow h
ow to
acc
ess
them
whe
n re
quire
d?
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
23
Key
Pro
tect
ion
Exa
mpl
es
•S
ymm
etric
cip
hers
–
Nev
er s
tore
d or
tran
smitt
ed ‘i
n th
e cl
ear’
–M
ay u
se h
iera
rchy
: ses
sion
key
s en
cryp
ted
with
mas
ter
–M
aste
r key
pro
tect
ion:
•
Lock
s an
d gu
ards
•
Tam
per p
roof
dev
ices
•
Pas
swor
ds/p
assp
hras
es
•B
iom
etric
s
•A
sym
met
ric c
iphe
rs
–P
rivat
e ke
ys n
eed
conf
iden
tialit
y pr
otec
tion
–P
ublic
key
s ne
ed in
tegr
ity/a
uthe
ntic
ity p
rote
ctio
n
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
24
Key
des
truct
ion
•N
o ke
y m
ater
ial s
houl
d re
side
in v
olat
ile m
emor
y or
on
perm
anen
t sto
rage
med
ia a
fter d
estru
ctio
n •
Key
des
truct
ion
met
hods
, e.g
. –
Sim
ple
dele
te o
pera
tion
on c
ompu
ter
•m
ay le
ave
unde
lete
d ke
y e.
g. in
recy
cle
bin
or o
n di
sk s
ecto
rs
–S
peci
al d
elet
e op
erat
ion
on c
ompu
ter
•th
at le
aves
no
resi
dual
dat
a, e
.g. b
y ov
erw
ritin
g –
Mag
netic
med
ia d
egau
ssin
g –
Des
truct
ion
of p
hysi
cal d
evic
e e.
g hi
gh te
mpe
ratu
re
–M
aste
r key
des
truct
ion
whi
ch lo
gica
lly d
estru
cts
subo
rdin
ate
keys
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
25
Why
the
inte
rest
in P
KI ?
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
26
C
rypt
ogra
phy
solv
es s
ecur
ity p
robl
ems
in o
pen
netw
orks
, …
but
cre
ates
key
man
agem
ent c
ompl
exity
.
P
ublic
-key
cry
ptog
raph
y si
mpl
ifies
the
key
man
agem
ent,
… b
ut c
reat
es tr
ust m
anag
emen
t pro
blem
s.
Key
dis
tribu
tion:
The
pro
blem
•
Net
wor
k w
ith n
nod
es
•E
very
pai
r of n
odes
nee
d to
com
mun
icat
e se
cure
ly u
nder
cr
ypto
grap
hic
prot
ectio
n •
How
man
y se
cure
key
dis
trib
utio
ns n
eede
d ?
–S
ymm
etric
sec
ret k
eys:
n(n
-1)/2
dis
tribu
tions
•
Sec
recy
nee
ded,
qua
drat
ic g
row
th
•Im
prac
tical
in o
pen
netw
orks
–
Asy
mm
etric
pub
lic k
eys:
n(n
-1)/2
dis
tribu
tions
•
auth
entic
ity n
eede
d, q
uadr
atic
gro
wth
•
Impr
actic
al in
ope
n ne
twor
ks
–A
sym
met
ric p
ublic
key
s w
ith P
KI:
1 ro
ot p
ublic
key
dis
tribu
ted
to n
par
ties
•au
then
ticity
nee
ded,
line
ar g
row
th
•…
mor
e di
fficu
lt th
an y
ou m
ight
thin
k
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
27
n no
des
n(n-
1)/2
edg
es
n no
des
n ed
ges
root
Pro
blem
of e
nsur
ing
auth
entic
pub
lic k
eys
•A
ssum
e th
at p
ublic
key
s ar
e st
ored
in p
ublic
regi
ster
•
Con
sequ
ence
of a
ttack
er in
serti
ng fa
lse
key
for A
lice
in th
e pu
blic
-key
regi
ster
?
Val
id D
igS
ig fr
om A
lice
will
be re
ject
ed b
y B
ob
Con
fiden
tial m
essa
ge to
Alic
e ca
n be
read
by
atta
cker
•B
roke
n au
then
ticity
bre
aks
secu
rity
assu
mpt
ions
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
28
Publ
ic-k
ey re
gist
er
Alic
e:
K pub
(A)
K’ pu
b(A
) B
ob:
Kpu
b(B
) C
laire
: Kpu
b(C
)
Alic
e B
ob
Fals
e ke
y
{ M, S
ig(M
)=S
[h(M
), K
priv(A
)] }
Atta
cker
{ E[M
, Kse
c], E
[Kse
c, K’ pu
bl(A
)] }
Pub
lic-k
ey in
frast
ruct
ure
•D
ue to
spo
ofin
g pr
oble
m, p
ublic
key
s m
ust b
e di
gita
lly
sign
ed b
efor
e di
strib
utio
n.
•Th
e m
ain
purp
ose
of a
PK
I is
to e
nsur
e au
then
ticity
of
publ
ic k
eys.
•P
KI c
onsi
sts
of:
–Po
licie
s (to
def
ine
the
rule
s fo
r man
agin
g ce
rtific
ates
) –
Tech
nolo
gies
(to
impl
emen
t the
pol
icie
s an
d ge
nera
te,
stor
e an
d m
anag
e ce
rtific
ates
) –
Proc
edur
es (r
elat
ed to
key
man
agem
ent)
–St
ruct
ure
of p
ublic
key
cer
tific
ates
(pub
lic k
eys
with
di
gita
l sig
natu
res)
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
29
X.50
9 D
igita
l Cer
tific
ate
•Ve
rsio
n •
Ser
ial N
umbe
r •
Alg
orith
m Id
entif
ier
•C
A N
ame
•C
A U
niqu
e Id
entif
ier
•U
ser N
ame
•U
ser U
niqu
e N
ame
•U
ser P
ublic
Key
•
Valid
ity P
erio
d •
Ext
ensi
ons
CA
Dig
ital
Si
gnat
ure
Pub
lic-K
ey C
ertif
icat
es
•A
pub
lic-k
ey c
ertif
icat
e is
si
mpl
y a
publ
ic k
ey w
ith a
di
gita
l sig
natu
re
•B
inds
nam
e to
pub
lic k
ey
•C
ertif
icat
ion
Aut
horit
ies
(CA
) si
gn p
ublic
key
s.
•A
n au
then
tic c
opy
of C
A’s
pu
blic
key
is n
eede
d in
ord
er to
va
lidat
e ce
rtific
ate
•R
elyi
ng p
arty
val
idat
es th
e ce
rtific
ate
(i.e.
ver
ifies
that
us
er p
ublic
key
is a
uthe
ntic
)
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
30
Exa
mpl
e of
X.5
09 c
ertif
icat
e
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
31
How
to g
ener
ate
a di
gita
l cer
tific
ate?
1.
Ass
embl
e th
e in
form
atio
n (n
ame
and
publ
ic k
ey)
in s
ingl
e re
cord
Rec
2.
Has
h th
e re
cord
3.
Sig
n th
e ha
shed
reco
rd
4.A
ppen
d th
e di
gita
l sig
natu
re to
the
reco
rd
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
32
Rec
ord
….
….
…. H
ash
h[R
ec]
Sign
S
[h[R
ec],
Kpr
iv(C
A)]
Rec
ord
….
….
….
App
end
Dig
Sig
Self-
sign
ed ro
ot c
ertif
icat
e re
quir
ing
secu
re e
xtra
-pro
toco
l di
stri
butio
n to
rely
ing
part
ies
Inte
rmed
iate
CA
cer
tific
ate
Ow
ner c
ertif
icat
e va
lidat
able
on
line
by r
elyi
ng p
artie
s po
sses
sing
the
root
cer
tific
ate
= 4 7
Root
CA
Inte
rmed
iate
CA
Key
owne
r (s
erve
r, us
er)
3 D
irect
trus
t
1
Dire
ct
trus
t
5 D
ig.S
ig.
6 D
irect
trus
t
Lege
nd:
Pub
lic k
ey
Priv
ate
key
PK
I cer
tific
ate
gene
ratio
n
Aud
un J
øsan
g 33
L0
6 - I
NF3
510,
UiO
Spr
ing
2014
Cert
.
Cert
.
8 D
ig.S
ig.
2 D
ig.
Sig.
Cert
. R
oot c
ertif
icat
e
Sel
f-sig
ned
root
key
s: W
hy?
•M
any
peop
le th
ink
a ro
ot p
ublic
key
is a
uthe
ntic
ju
st b
ecau
se it
is s
elf-s
igne
d •
Can
be
dece
ptiv
e –
Giv
es im
pres
sion
of a
ssur
ance
–
Dis
guis
es in
secu
re p
ract
ice
–G
ives
fals
e tru
st
•S
elf-s
igni
ng p
rovi
des
abso
lute
ly n
o se
curit
y •
Use
ful p
urpo
se o
f sel
f-sig
ning
–
X.5
09 c
ertif
icat
es h
ave
a fie
ld fo
r dig
ital s
igna
ture
, so
an e
mpt
y fie
ld m
ight
cau
se a
pplic
atio
ns to
mal
func
tion.
A
sel
f-sig
natu
re is
a w
ay to
fill
the
empt
y fie
ld
–S
elf-s
igna
ture
can
be
used
to s
peci
fy a
cer
t as
a ro
ot
Aud
un J
øsan
g 34
L0
6 - I
NF3
510,
UiO
Spr
ing
2014
Cer
tific
ate
and
publ
ic k
ey v
alid
atio
n
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
35
Root
CA
sel
f-si
gned
cer
tific
ate
Inte
rmed
iate
CA
cer
tific
ate
Ow
ner c
ertif
icat
e Re
lyin
g Pa
rty
dire
ct tr
ust
1
bind
ing
bind
ing
bind
ing
valid
ate
2
indi
rect
tr
ust
4 Lege
nd:
Pub
lic k
ey
3 va
lidat
e
Ext
ract
pu
blic
ke
ys
Root
ce
rt.
Key
owne
r
Cert
. Ce
rt.
Cert
.
Inte
r. ce
rt.
Ow
ner
cert
.
Val
idat
ion
Aut
horit
ies
•A
val
idat
ion
auth
ority
can
ass
ist r
elyi
ng p
artie
s to
val
idat
e ce
rtific
ates
A
udun
Jøs
ang
L06
- IN
F351
0, U
iO S
prin
g 20
14
36
Root
CA
sel
f-si
gned
ce
rtifi
cate
s
Inte
rmed
iate
CA
ce
rtifi
cate
s
Serv
er
cert
ifica
tes
Rely
ing
part
y
Valid
atio
n A
utho
rity
Dire
ct tr
ust
2
Indi
rect
onl
ine
trus
t 3
1
Dire
ct tr
ust
PK
I Tru
st M
odel
s
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
37
Isol
ated
str
ict h
iera
rchi
es
e.g.
` Br
owse
r PK
IX ’
Cros
s-ce
rtifi
ed s
tric
t hi
erar
chie
s
Stri
ct h
iera
rchy
e.
g. `
DN
SSEC
PKI
’ Bi
-dire
ctio
nal
hier
arch
y A
d-ho
c an
arch
ic P
KI
PK
I tru
st m
odel
s
Stri
ct h
iera
rchi
cal m
odel
•A
dvan
tage
s:
–w
orks
wel
l in
high
ly-s
truct
ured
set
ting
such
as
mili
tary
and
go
vern
men
t –
uniq
ue c
ertif
icat
ion
path
bet
wee
n tw
o en
titie
s (s
o fin
ding
cer
tific
atio
n pa
ths
is tr
ivia
l) –
scal
es w
ell t
o la
rger
sys
tem
s •
Dis
adva
ntag
es:
–ne
ed a
trus
ted
third
par
ty (r
oot C
A)
–‘s
ingl
e po
int-o
f-fai
lure
’ tar
get
–If
any
node
is c
ompr
omis
ed, t
rust
impa
ct o
n al
l ent
ities
ste
mm
ing
from
that
nod
e
–D
oes
not w
ork
wel
l for
glo
bal i
mpl
emen
tatio
n (w
ho is
root
TTP
?)
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
38
Web
of t
rust
PK
I mod
el
Use
r-ce
ntric
mod
el, a
s in
PG
P
•E
ach
party
sig
ns
publ
ic k
eys
of o
ther
s w
hose
key
s ha
ve
been
ver
ified
to b
e au
then
tic.
•P
ublic
key
s si
gned
by
trus
ted
peop
le
can
be c
onsi
dere
d au
then
tic to
o.
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
39
Rely
ing
Part
y
?
?
?
?
?
Publ
ic-K
ey R
ing
PK
I tru
st m
odel
s
Use
r-ce
ntric
mod
el
•E
ach
user
is c
ompl
etel
y re
spon
sibl
e fo
r de
cidi
ng w
hich
pub
lic k
eys
to tr
ust
•E
xam
ple:
Pre
tty G
ood
Priv
acy
(PG
P)
–‘W
eb o
f Tru
st’
–E
ach
user
may
act
as
a C
A, s
igni
ng p
ublic
key
s th
at
they
will
trus
t –
Pub
lic k
eys
can
be d
istri
bute
d by
key
ser
vers
and
ve
rifie
d by
fing
erpr
ints
–
Ope
nPG
P P
ublic
Key
Ser
ver:
http
://pg
pkey
s.m
it.ed
u:11
371/
•P
GP
or G
PG
– W
hat i
s th
e di
ffere
nce?
A
udun
Jøs
ang
L06
- IN
F351
0, U
iO S
prin
g 20
14
40
PK
I tru
st m
odel
s
Use
r-ce
ntric
mod
el
•A
dvan
tage
s:
–S
impl
e an
d fre
e
–W
orks
wel
l for
a s
mal
l num
ber o
f use
rs
–D
oes
not r
equi
re e
xpen
sive
infra
stru
ctur
e to
ope
rate
–
Use
r-dr
iven
gra
ss ro
ots
oper
atio
n •
Dis
adva
ntag
es:
–M
ore
effo
rt, a
nd re
lies
on h
uman
judg
men
t •
Wor
ks w
ell w
ith te
chni
cal u
sers
who
are
aw
are
of th
e is
sues
, but
no
t the
gen
eral
pub
lic
–N
ot a
ppro
pria
te fo
r mor
e tru
st-s
ensi
tive
area
s su
ch a
s fin
ance
and
gov
ernm
ent
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
41
The
Bro
wse
r PK
IX
(PK
I bas
ed o
n th
e X
.509
cer
tific
ates
)
Root
CA
sel
f-si
gned
cer
tific
ates
Inte
rmed
iate
CA
cer
tific
ates
Serv
er a
nd s
oftw
are
cert
ifica
tes
Rely
ing
part
y
Aut
omat
ic v
alid
atio
n
1
2 Brow
ser
PKI
Pre-
stor
ed c
ertif
icat
es
The
brow
ser P
KIX
mod
el c
onsi
sts
of is
olat
ed s
trict
hi
erar
chie
s w
here
the
(roo
t) C
A ce
rtific
ates
are
inst
alle
d as
pa
rt of
the
web
bro
wse
r. N
ew ro
ots
and
trust
ed c
ertif
icat
es
can
be im
porte
d af
ter i
nsta
llatio
n
Aud
un J
øsan
g 42
L0
6 - I
NF3
510,
UiO
Spr
ing
2014
Bro
wse
r PK
IX a
nd m
alic
ious
cer
tific
ates
•Th
e br
owse
r aut
omat
ical
ly v
alid
ates
cer
tific
ates
by
che
ckin
g: c
ertif
icat
e na
me
= do
mai
n na
me
•C
rimin
als
buy
legi
timat
e ce
rtific
ates
whi
ch a
re
auto
mat
ical
ly v
alid
ated
by
brow
sers
–
Legi
timat
e ce
rtific
ates
can
be
used
for m
alic
ious
ph
ishi
ng a
ttack
s, e
.g. t
o m
asqu
erad
e as
a b
ank
–M
alic
ious
cer
tific
ates
are
legi
timat
e ce
rtifi
cate
s !!!
•
Ser
ver c
ertif
icat
e va
lidat
ion
is n
ot a
uthe
ntic
atio
n –
Use
rs w
ho d
on’t
know
the
serv
er d
omai
n na
me
cann
ot
dist
ingu
ish
betw
een
right
and
wro
ng s
erve
r cer
tific
ates
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
43
A
udun
Jøs
ang
Bro
wse
r PK
I roo
t cer
tific
ate
inst
alla
tion
•D
istri
butio
n of
root
cer
tific
ates
whi
ch s
houl
d ha
ppen
sec
urel
y ou
t-of-b
and,
is o
ften
done
th
roug
h on
line
dow
nloa
ding
of b
row
ser S
W
•U
sers
are
in fa
ct tr
ustin
g th
e br
owse
r ve
ndor
who
sup
plie
d th
e in
stal
led
certi
ficat
es, r
athe
r tha
n a
root
CA
•
Exa
mpl
e: u
sed
by M
ozill
a Fi
refo
x an
d M
icro
soft
Inte
rnet
Exp
lore
r •
Bro
wse
r ven
dors
dec
ide
whi
ch C
A c
erts
to
dist
ribut
e w
ith b
row
sers
–
This
is a
n im
porta
nt p
oliti
cal i
ssue
L0
6 - I
NF3
510,
UiO
Spr
ing
2014
44
Phi
shin
g an
d fa
ke c
ertif
icat
es
Haw
aii F
eder
al C
redi
t Uni
on
Aut
hent
ic b
ank
logi
n ht
tps:
//hcd
.use
rson
lnet
.com
/asp
/US
ER
S/C
omm
on/L
ogin
/Net
tLog
in.a
sp
Fake
ban
k lo
gin
http
s://h
awai
iusa
fcuh
b.co
m/c
gi-
bin/
mcw
00.c
gi?M
CW
STA
RT
A
udun
Jøs
ang
L06
- IN
F351
0, U
iO S
prin
g 20
14
45
Aut
hent
ic a
nd F
ake
Cer
tific
ates
Aut
hent
ic c
ertif
icat
e Fa
ke c
ertif
icat
e A
udun
Jøs
ang
L06
- IN
F351
0, U
iO S
prin
g 20
14
46
Cer
tific
ate
com
paris
on 2
Gen
uine
cer
tific
ate
Fake
cer
tific
ate
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
47
Cer
tific
ate
com
paris
on 3
Gen
uine
cer
tific
ate
Fake
cer
tific
ate
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
48
Pub
lic-k
ey c
ertif
icat
e m
eani
ng
•P
ublic
-key
cer
tific
ates
are
onl
y ab
out i
dent
ity, n
ot
abou
t hon
esty
, rel
iabi
lity
or a
nyth
ing
you
norm
ally
as
soci
ate
with
trus
t
•P
ublic
-key
cer
tific
ates
are
not
eve
n su
itabl
e to
ve
rify
iden
tity.
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
49
Stu
xnet
with
val
id s
igna
ture
•S
tuxn
et w
orm
is d
escr
ibed
as
the
mos
t adv
ance
d m
alw
are
atta
ck e
ver,
beca
use
–
It us
ed m
ultip
le z
ero-
day
expl
oits
–
It ta
rget
ed a
spe
cific
indu
stria
l con
trol s
yste
m
–It
was
sig
ned
unde
r a v
alid
sof
twar
e ce
rtific
ate
•S
tuxn
et w
orm
wou
ld b
e au
tom
atic
ally
val
idat
ed b
y ev
ery
brow
ser i
n th
e w
hole
wor
ld
•P
oint
abo
ut S
W c
ertif
icat
e is
mea
ning
less
•
Any
body
can
buy
sof
twar
e ce
rtific
ates
and
sig
n w
hate
ver t
hey
wan
t, ev
en th
e M
afia
!!!
A
udun
Jøs
ang
L06
- IN
F351
0, U
iO S
prin
g 20
14
50
Typi
cal t
erm
inol
ogy:
• t
rust
ed s
ites
• sec
ure
site
s • a
uthe
ntic
site
s
Mea
ning
less
PK
IX S
erve
r Aut
hent
icat
ion
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
51
Clie
nt
Use
r
I am
Maf
ia.c
om Th
at’s
cor
rece
t
That
’s c
orre
cet
Goo
d, I
feel
sa
fe n
ow
Ser
ver
Ser
ver
I am
DN
B.n
o
The
Maf
ia
Cer
tific
ates
are
va
lid !
Cer
tific
ate
DN
B
Maf
ia
Cer
tific
ate
DN
SS
EC
PK
I
•Th
e D
NS
(Dom
ain
Nam
e S
yste
m) i
s vu
lner
able
to e
.g. c
ache
po
ison
ing
atta
cks
resu
lting
in w
rong
IP a
ddre
sses
bei
ng re
turn
ed.
•D
NS
SE
C d
esig
ned
to p
rovi
de d
igita
l sig
natu
re o
n ev
ery
DN
S re
ply
•B
ased
on
PK
I with
a s
ingl
e ro
ot.
A
udun
Jøs
ang
L06
- IN
F351
0, U
iO S
prin
g 20
14
52
DN
SSEC
org
anis
astio
nal C
As
“.” D
NSS
EC ro
ot C
A
DN
SSEC
inte
rmed
iate
CA
s
DN
SSEC
top
leve
l CA
s co
m
org
uk
ac.u
k co
.uk
iban
k.ba
rcla
ys.c
o.uk
Ope
n PG
P si
gnat
ures
(Tru
st A
ncho
rs)
DN
S le
af n
odes
ba
rcla
ys.c
o.uk
DN
SS
EC
PK
I vs.
Bro
wse
r PK
IX
•In
B-P
KIX
, any
CA
can
issu
e ce
rts fo
r any
dom
ain �
pro
blem
atic
•
CA
s un
der t
he D
NS
SE
C P
KI c
an o
nly
issu
e ce
rtific
ates
for o
wn
dom
ain
•
The
DN
SS
EC
PK
I and
the
B-P
KI b
oth
targ
et th
e sa
me
user
/org
nod
es
•D
AN
E: D
NS
SE
C-b
ased
Aut
hent
icat
ion
of N
amed
Ent
ities
–
Alte
rnat
ive
to B
-PK
IX, s
tand
ards
exi
st, n
ot d
eplo
yed,
com
plex
A
udun
Jøs
ang
L06
- IN
F351
0, U
iO S
prin
g 20
14
53
Root
CA
Inte
rmed
iate
CA
Cert
ifica
tes
for
user
s an
d or
gani
satio
ns
“.” D
NS
root
CA
Inte
rmed
iate
DN
S CA
s
Top
Leve
l DN
S CA
s co
m
org
uk
ac.u
k co
.uk
DN
SSEC
PKI
B-PK
IX
PKI 1
PKI 2
PKI 3
CR
L: C
ertif
icat
e R
evoc
atio
n Li
sts
•C
ertif
icat
e R
evoc
atio
n –
Q: W
hen
mig
ht a
cer
tific
ate
need
to b
e re
voke
d ?
–A
: Whe
n ce
rtific
ate
beco
mes
out
date
d be
fore
it
expi
res,
due
to:
•pr
ivat
e ke
y be
ing
disc
lose
d •
subs
crib
er n
ame
chan
ge
•ch
ange
in a
utho
risat
ions
, etc
•
Rev
ocat
ion
may
be
chec
ked
onlin
e ag
ains
t a
certi
ficat
e re
voca
tion
list (
CR
L)
•C
heck
ing
the
CR
L cr
eate
s a
huge
ove
rhea
d w
hich
thre
aten
s to
mak
e P
KI i
mpr
actic
al
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
54
PK
I ser
vice
s
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
55
•S
ever
al o
rgan
isat
ions
ope
rate
PK
I ser
vice
s •
Priv
ate
sect
or
•P
ublic
sec
tor
•M
ilita
ry s
ecto
r •
Mut
ual r
ecog
nitio
n an
d cr
oss
certi
ficat
ion
betw
een
PK
Is is
diff
icul
t •
Exp
ensi
ve to
ope
rate
a ro
bust
PK
I •
The
Bro
wse
r PK
IX is
the
mos
t wid
ely
depl
oyed
PK
I tha
nks
to p
iggy
-bac
king
on
brow
sers
and
the
lax
secu
rity
requ
irem
ents
•
DN
SS
EC
PK
I mig
ht re
plac
e th
e br
owse
r PK
IX
PK
I Sum
mar
y
•P
ublic
key
cry
ptog
raph
y ne
eds
a P
KI t
o w
ork
–D
igita
l cer
tific
ates
use
d to
pro
vide
aut
hent
icity
an
d in
tegr
ity fo
r pu
blic
key
s –
Acc
epta
nce
of c
ertif
icat
es re
quire
s tru
st
–Tr
ust r
elat
ions
hips
bet
wee
n en
titie
s in
a P
KI
can
be m
odel
led
in d
iffer
ent w
ays
–E
stab
lishi
ng tr
ust h
as a
cos
t, e.
g. b
ecau
se
secu
re o
ut-o
f-ban
d ch
anne
ls a
re e
xpen
sive
Aud
un J
øsan
g L0
6 - I
NF3
510,
UiO
Spr
ing
2014
56