14
INF3510 Information Security University of Oslo Spring 2014 Lecture 6 Key Management and PKI Audun Jøsang Key Management The security of cryptographically protected information depends on: The size of the keys The robustness of cryptographic algorithms/protocols The protection and management afforded to the keys Key management provides the foundation for the secure generation, storage, distribution, and destruction of keys. Proper key management is essential to the robust use of cryptography for security. Poor key management may easily lead to compromise systems protected with strong algorithms. Audun Jøsang L06 - INF3510, UiO Spring 2014 2 Key Usage A single key should be used for only one purpose e.g., encryption, authentication, key wrapping, random number generation, or digital signatures Using the same key for two different purposes may weaken the security of one or both purposes. Limiting the use of a key limits the damage that could be done if the key is compromised. Some uses of keys interfere with each other e.g. an asymmetric key pair should only be used for either encryption or digital signatures, not both. Audun Jøsang L06 - INF3510, UiO Spring 2014 3 Types of Cryptographic Keys How many types of keys are there? Crypto keys are classified according to: Whether they’re public, private or symmetric Their intended use For asymmetric keys, also whether they’re static (long life) or ephemeral (short life) NIST Special Publication 800-57, Recommendation for Key Management Part 1: General, August 2005, defines 19 types of cryptographic keys. Audun Jøsang L06 - INF3510, UiO Spring 2014 4

19 Types of Cryptographic Keys...Proper key management is essential to the robust use of cryptography for security. • Poor key management may ea sily lead to compromise systems protected

  • Upload
    others

  • View
    1

  • Download
    0

Embed Size (px)

Citation preview

Page 1: 19 Types of Cryptographic Keys...Proper key management is essential to the robust use of cryptography for security. • Poor key management may ea sily lead to compromise systems protected

INF3

510

Info

rmat

ion

Sec

urity

U

nive

rsity

of O

slo

Spr

ing

2014

Lect

ure

6 K

ey M

anag

emen

t and

PK

I

Aud

un J

øsan

g

Key

Man

agem

ent

•Th

e se

curit

y of

cry

ptog

raph

ical

ly p

rote

cted

info

rmat

ion

depe

nds

on:

–Th

e si

ze o

f the

key

s –

The

robu

stne

ss o

f cry

ptog

raph

ic a

lgor

ithm

s/pr

otoc

ols

–Th

e pr

otec

tion

and

man

agem

ent a

fford

ed to

the

keys

Key

man

agem

ent p

rovi

des

the

foun

datio

n fo

r the

sec

ure

gene

ratio

n, s

tora

ge, d

istri

butio

n, a

nd d

estru

ctio

n of

key

s.

•P

rope

r key

man

agem

ent i

s es

sent

ial t

o th

e ro

bust

use

of

cryp

togr

aphy

for s

ecur

ity.

•P

oor k

ey m

anag

emen

t may

eas

ily le

ad to

com

prom

ise

syst

ems

prot

ecte

d w

ith s

trong

alg

orith

ms.

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

2

Key

Usa

ge

•A

sin

gle

key

shou

ld b

e us

ed fo

r onl

y on

e pu

rpos

e –

e.g.

, enc

rypt

ion,

aut

hent

icat

ion,

key

wra

ppin

g, ra

ndom

nu

mbe

r gen

erat

ion,

or d

igita

l sig

natu

res

•U

sing

the

sam

e ke

y fo

r tw

o di

ffere

nt p

urpo

ses

may

wea

ken

the

secu

rity

of o

ne o

r bot

h pu

rpos

es.

•Li

miti

ng th

e us

e of

a k

ey li

mits

the

dam

age

that

co

uld

be d

one

if th

e ke

y is

com

prom

ised

. •

Som

e us

es o

f key

s in

terfe

re w

ith e

ach

othe

r –

e.g.

an

asym

met

ric k

ey p

air s

houl

d on

ly b

e us

ed fo

r ei

ther

enc

rypt

ion

or d

igita

l sig

natu

res,

not

bot

h.

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

3

Type

s of

Cry

ptog

raph

ic K

eys

•H

ow m

any

type

s of

key

s ar

e th

ere?

Cry

pto

keys

are

cla

ssifi

ed a

ccor

ding

to:

–W

heth

er th

ey’re

pub

lic, p

rivat

e or

sym

met

ric

–Th

eir i

nten

ded

use

–Fo

r asy

mm

etric

key

s, a

lso

whe

ther

they

’re s

tatic

(lon

g lif

e) o

r eph

emer

al (s

hort

life)

NIS

T S

peci

al P

ublic

atio

n 80

0-57

, R

ecom

men

datio

n fo

r Key

Man

agem

ent –

Par

t 1:

Gen

eral

, Aug

ust 2

005,

def

ines

19

type

s of

cr

ypto

grap

hic

keys

.

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

4

Page 2: 19 Types of Cryptographic Keys...Proper key management is essential to the robust use of cryptography for security. • Poor key management may ea sily lead to compromise systems protected

Cry

pto

Per

iod

•Th

e cr

ypto

per

iod

is th

e tim

e sp

an d

urin

g w

hich

a

spec

ific

key

is a

utho

rized

for u

se

•Th

e cr

ypto

per

iod

is im

porta

nt b

ecau

se it

: –

Lim

its th

e am

ount

of i

nfor

mat

ion,

pro

tect

ed b

y a

give

n ke

y, th

at is

ava

ilabl

e fo

r cry

ptan

alys

is.

–Li

mits

the

amou

nt o

f exp

osur

e an

d da

mag

e, s

houl

d a

sing

le k

ey b

e co

mpr

omis

ed.

–Li

mits

the

use

of a

par

ticul

ar a

lgor

ithm

to it

s es

timat

ed

effe

ctiv

e lif

etim

e.

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

5

Fact

ors

Affe

ctin

g C

rypt

o-P

erio

ds

•In

gen

eral

, as

the

sens

itivi

ty o

f the

info

rmat

ion

or

the

criti

calit

y of

the

proc

esse

s in

crea

ses,

the

cryp

to-p

erio

d sh

ould

dec

reas

e in

ord

er to

lim

it th

e da

mag

e re

sulti

ng fr

om c

ompr

omis

e.

•S

hort

cryp

to-p

erio

ds m

ay b

e co

unte

r-pr

oduc

tive,

pa

rticu

larly

whe

re d

enia

l of s

ervi

ce is

the

para

mou

nt c

once

rn, a

nd th

ere

is a

sig

nific

ant

over

head

and

pot

entia

l for

err

or in

the

re-k

eyin

g,

key

upda

te o

r key

der

ivat

ion

proc

ess.

The

cryp

to-p

erio

d is

ther

efor

e a

trad

e-of

f

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

6

Key

Usa

ge P

erio

ds

•A

key

is u

sed

for b

oth

prot

ectin

g an

d pr

oces

sing

. –

Pro

tect

ion:

Key

is u

sed

to e

ncry

pt o

r to

gene

rate

MA

C a

nd D

igS

ig

–P

roce

ssin

g: K

ey is

use

d to

dec

rypt

or t

o va

lidat

e M

AC

and

Dig

Sig

A c

rypt

ogra

phic

key

sha

ll no

t be

used

to p

rovi

de

prot

ectio

n af

ter t

he e

nd o

f the

pro

tect

ion

perio

d.

•Th

e pr

oces

sing

per

iod

norm

ally

ext

ends

bey

ond

the

prot

ectio

n pe

riod .

The

cryp

to-p

erio

d la

sts

from

the

begi

nnin

g of

the

prot

ectio

n pe

riod

to th

e en

d of

the

proc

essi

ng p

erio

d.

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

7

Pro

tect

ion

perio

d P

roce

ssin

g pe

riod

Cry

pto-

perio

d

Rec

omm

ende

d C

rypt

o P

erio

ds

Ref

: NIS

T S

P 8

00-5

7

Aud

un J

øsan

g 8

Key

Typ

e C

rypt

oper

iod

Pro

tect

ion

Per

iod

Usa

ge P

erio

d

1. P

rivat

e S

igna

ture

Ke

y 1-

3 ye

ars

2. P

ublic

Sig

natu

re

Key

Sev

eral

yea

rs (d

epen

ds o

n ke

y si

ze)

3. S

ymm

etric

A

uthe

ntic

atio

n K

ey

<= 2

yea

rs

<= O

UP

+ 3

year

s

4. P

rivat

e A

uthe

ntic

atio

n K

ey

1-2

year

s

5. P

ublic

A

uthe

ntic

atio

n K

ey

1-2

year

s

6. S

ymm

etric

Dat

a E

ncry

ptio

n K

eys

<= 2

yea

rs

<= O

UP

+ 3

year

s

7. S

ymm

etric

Key

W

rapp

ing

Key

<=

2 y

ears

<=

OU

P +

3 ye

ars

L03

- IN

F351

0 In

form

atio

n S

ecur

ity

8 L0

6 - I

NF3

510,

UiO

Spr

ing

2014

Page 3: 19 Types of Cryptographic Keys...Proper key management is essential to the robust use of cryptography for security. • Poor key management may ea sily lead to compromise systems protected

Rec

omm

ende

d C

rypt

o P

erio

ds (c

ont.)

R

ef: N

IST

SP

800

-57

Key

Typ

e C

rypt

oper

iod

Pro

tect

ion

Per

iod

U

sage

Per

iod

8. S

ymm

etric

and

as

ymm

etric

RN

G K

eys

Upo

n re

seed

ing

9. S

ymm

etric

Mas

ter

Key

Abo

ut 1

yea

r

10. P

rivat

e K

ey

Tran

spor

t Key

<=

2 y

ears

11. P

ublic

Key

Tr

ansp

ort K

ey

1-2

year

s

12. S

ymm

etric

Key

A

gree

men

t Key

1-

2 ye

ars

13. P

rivat

e S

tatic

Key

A

gree

men

t Key

1-

2 ye

ars

UiO

Spr

ing

2010

L0

3 - I

NF3

510

Info

rmat

ion

Sec

urity

9

Rec

omm

ende

d C

rypt

o P

erio

ds (c

ont.)

R

ef: N

IST

SP

800

-57

Key

Typ

e C

rypt

oper

iod

Pro

tect

ion

Per

iod

U

sage

Per

iod

14. P

ublic

Sta

tic K

ey

Agr

eem

ent K

ey

1-2

year

s

15. P

rivat

e E

phem

eral

K

ey A

gree

men

t Key

O

ne k

ey a

gree

men

t tra

nsac

tion

16. P

ublic

Eph

emer

al K

ey

Agr

eem

ent K

ey

One

key

agr

eem

ent t

rans

actio

n

17. S

ymm

etric

A

utho

rizat

ion

(Acc

ess

App

rova

l) K

ey

<= 2

yea

rs

18. P

rivat

e A

utho

rizat

ion

(Acc

ess

App

rova

l) K

ey

<= 2

yea

rs

19

. Pub

lic A

utho

rizat

ion

(Acc

ess

App

rova

l) K

ey

<= 2

yea

rs

UiO

Spr

ing

2010

L0

3 - I

NF3

510

Info

rmat

ion

Sec

urity

10

Key

Gen

erat

ion

•M

ost s

ensi

tive

of a

ll cr

ypto

grap

hic

func

tions

. •

Nee

d to

pre

vent

una

utho

rized

dis

clos

ure,

in

serti

on, a

nd d

elet

ion

of k

eys.

Aut

omat

ed d

evic

es th

at g

ener

ate

keys

and

in

itial

isat

ion

vect

ors

(IVs)

sho

uld

be p

hysi

cally

pr

otec

ted

to p

reve

nt:

–di

sclo

sure

, mod

ifica

tion,

and

repl

acem

ent o

f key

s,

–m

odifi

catio

n or

repl

acem

ent o

f IV

s.

•K

eys

shou

ld b

e ra

ndom

ly c

hose

n fro

m th

e fu

ll ra

nge

of th

e ke

y sp

ace

–e.

g. 1

28 b

it ke

ys g

ive

a ke

y sp

ace

of 2

128 d

iffer

ent k

eys

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

11

Whe

n ke

ys a

re n

ot ra

ndom

Rev

eale

d by

Edw

ard

Sno

wde

n 20

13,

NS

A p

aid

RS

A (p

rom

inen

t sec

urity

co

mpa

ny) U

S$

10 M

illion

to

impl

emen

t in

thei

r BS

AFE

sec

urity

pr

oduc

ts a

flaw

ed m

etho

d fo

r ge

nera

ting

rand

om n

umbe

rs.

•N

SA

cou

ld p

redi

ct th

e ra

ndom

nu

mbe

rs a

nd re

gene

rate

the

sam

e se

cret

key

s as

thos

e us

ed b

y R

SA

’s

cust

omer

s.

•W

ith th

e se

cret

key

s, N

SA

cou

ld

read

all

data

enc

rypt

ed w

ith R

SA

’s

BS

AFE

sec

urity

pro

duct

.

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

12

Page 4: 19 Types of Cryptographic Keys...Proper key management is essential to the robust use of cryptography for security. • Poor key management may ea sily lead to compromise systems protected

Ran

dom

Num

ber G

ener

ator

See

ds

•R

NG

key

s ar

e us

ed to

initi

alis

e th

e ge

nera

tion

of

rand

om s

ymm

etric

and

asy

mm

etric

key

s •

Kno

win

g th

e se

ed m

ay d

eter

min

e th

e ke

y un

ique

ly

•R

equi

res

conf

iden

tialit

y an

d in

tegr

ity p

rote

ctio

n –

Per

iods

of p

rote

ctio

n fo

r see

ds, e

.g.:

a.U

sed

once

and

des

troye

d b.

Use

d fo

r mul

tiple

key

s, d

estro

yed

afte

r las

t key

gen

erat

ion

c.

Kep

t and

des

troye

d at

the

end

of th

e pr

otec

tion

perio

d

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

13

Key

Gen

erat

ion

Exa

mpl

es

•S

tream

cip

her k

eys

–Lo

ng tr

ue ra

ndom

key

stre

am (O

ne-T

ime

Pad

), or

Sho

rt ra

ndom

key

(e.g

. 128

bits

) inp

ut to

key

stre

am

gene

rato

r to

gene

rate

pse

udor

ando

m k

ey s

tream

•A

ES

sym

met

ric b

lock

ciph

er k

eys

–S

elec

t ade

quat

e ke

y le

ngth

, 128

, 192

or 2

56 b

its

–E

nsur

e th

at a

ny k

ey is

as

prob

able

as

any

othe

r •

RS

A a

sym

met

ric c

iphe

r –

Mak

e su

re m

odul

us n

= p

·q i

s su

ffici

ently

larg

e to

pr

even

t fac

torin

g, e

.g. |

n |=

409

6 bi

t –

Ran

dom

ness

in s

eeds

to g

ener

ate

prim

es p

and

q

mus

t by

twic

e th

e se

curit

y re

quire

d. If

e.g

. 128

bit

secu

rity

is re

quire

d th

en u

se 2

56 b

it ra

ndom

ness

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

14

Com

prom

ise

of k

eys

and

keyi

ng m

ater

ial

•K

ey c

ompr

omis

e oc

curs

whe

n th

e pr

otec

tive

mec

hani

sms

for t

he k

ey fa

il, a

nd th

e ke

y ca

n no

long

er b

e tru

sted

Whe

n a

key

is c

ompr

omis

ed, a

ll us

e of

the

key

to p

rote

ct

info

rmat

ion

shal

l cea

se, a

nd th

e co

mpr

omis

ed k

ey s

hall

be re

voke

d.

–H

owev

er, t

he c

ontin

ued

use

of th

e ke

y fo

r pro

cess

ing

unde

r co

ntro

lled

circ

umst

ance

s m

ay b

e w

arra

nted

, dep

endi

ng o

n th

e ris

ks, a

nd o

n th

e or

gani

zatio

n's

Key

Man

agem

ent P

olic

y.

•Th

e co

ntin

ued

use

of a

com

prom

ised

key

mus

t be

limite

d to

pro

cess

ing

prot

ecte

d in

form

atio

n.

–In

this

cas

e, th

e en

tity

that

use

s th

e in

form

atio

n m

ust b

e m

ade

fully

aw

are

of th

e ris

ks in

volv

ed.

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

15

Key

Com

prom

ise

Rec

over

y P

lan

•A

com

prom

ise

reco

very

pla

n sh

ould

con

tain

: –

The

iden

tific

atio

n of

the

parti

es to

not

ify.

–Th

e id

entif

icat

ion

of th

e pe

rson

nel t

o pe

rform

the

reco

very

act

ions

. –

The

re-k

ey m

etho

d.

–A

ny o

ther

reco

very

pro

cedu

res,

suc

h as

: •

Phy

sica

l ins

pect

ion

of e

quip

men

t. •

Iden

tific

atio

n of

all

info

rmat

ion

that

may

be

com

prom

ised

. •

Iden

tific

atio

n of

all

sign

atur

es th

at m

ay b

e in

valid

due

to th

e co

mpr

omis

e of

a s

igni

ng k

ey.

• D

istri

butio

n of

new

key

ing

mat

eria

l, if

requ

ired.

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

16

Page 5: 19 Types of Cryptographic Keys...Proper key management is essential to the robust use of cryptography for security. • Poor key management may ea sily lead to compromise systems protected

Und

etec

ted

Key

Com

prom

ise

•Th

e w

orst

form

of k

ey c

ompr

omis

e is

whe

n a

key

is

com

prom

ised

with

out d

etec

tion.

Nev

erth

eles

s, c

erta

in p

rote

ctiv

e m

easu

res

can

be ta

ken.

Key

man

agem

ent s

yste

ms

(KM

S) s

houl

d be

des

igne

d:

–to

miti

gate

the

nega

tive

effe

cts

of a

key

com

prom

ise.

so th

at th

e co

mpr

omis

e of

a s

ingl

e ke

y ha

s lim

ited

cons

eque

nces

, –

e.g.

, a s

ingl

e ke

y sh

ould

be

used

to p

rote

ct o

nly

a si

ngle

use

r or a

lim

ited

num

ber o

f use

rs, r

athe

r tha

n a

larg

e nu

mbe

r of u

sers

. •

Ofte

n, s

yste

ms

have

alte

rnat

ive

met

hods

for s

ecur

ity

–e.

g. to

aut

hent

icat

e sy

stem

s an

d da

ta th

roug

h ot

her m

eans

that

on

ly b

ased

on

cryp

togr

aphi

c ke

ys.

•A

void

bui

ldin

g a

syst

em w

ith c

atas

troph

ic w

eakn

esse

s.

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

17

Pre-

oper

atio

nal P

hase

Ope

ratio

nal P

hase

Post

-ope

ratio

nal P

hase

Des

troy

ed P

hase

Key

Sta

tes,

Tra

nsiti

ons

and

Pha

ses

Ref

: NIS

T S

P 8

00-5

7

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

18

Pre

-Act

ivat

ion

Act

ive

Pro

tect

/Pro

cess

Des

troye

d D

estro

yed

Com

prom

ised

1

2

4

5

6

8

9

10

3

7 D

eact

ivat

ed

Pro

cess

onl

y C

ompr

omis

ed

Pro

cess

onl

y

Key

Sta

tes

and

Tran

sitio

ns

Ref

: NIS

T S

P 8

00-5

7

1) P

re-A

ctiv

atio

n •

The

key

mat

eria

l has

bee

n ge

nera

ted

but i

s no

t yet

au

thor

ized

for u

se

4) A

ctiv

e •

The

key

may

be

used

to

cryp

togr

aphi

cally

pro

tect

in

form

atio

n or

cr

ypto

grap

hica

lly p

roce

ss

prev

ious

ly p

rote

cted

in

form

atio

n, o

r bot

h. W

hen

a ke

y is

act

ive,

it m

ay b

e de

sign

ated

to p

rote

ct o

nly,

pr

oces

s on

ly, o

r bot

h.

A

udun

Jøs

ang

L06

- IN

F351

0, U

iO S

prin

g 20

14

19

Pre

-Act

ivat

ion

Act

ive

Pro

tect

/Pro

cess

Des

troye

d D

estro

yed

Com

prom

ised

1

2

4

5

6

8

9

10

3

7 D

eact

ivat

ed

Pro

cess

onl

y C

ompr

omis

ed

Pro

cess

onl

y

Key

Sta

tes

and

Tran

sitio

ns (c

ont.)

R

ef: N

IST

SP

800

-57

6) D

eact

ivat

ed

•A

key

who

se c

rypt

oper

iod

has

expi

red

but i

s st

ill

need

ed to

per

form

cr

ypto

grap

hic

proc

essi

ng,

gets

dea

ctiv

ated

unt

il it

is

dest

roye

d.

2), 7

) Des

troy

ed

•Th

e ke

y ha

s be

en d

estro

yed.

E

ven

thou

gh th

e ke

y no

lo

nger

exi

sts

in th

is s

tate

, ce

rtain

key

attr

ibut

es (e

.g.

key

nam

e, ty

pe a

nd

cryp

tope

riod)

may

be

reta

ined

.

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

20

Pre

-Act

ivat

ion

Act

ive

Pro

tect

/Pro

cess

Des

troye

d D

estro

yed

Com

prom

ised

1

2

4

5

6

8

9

10

3

7 D

eact

ivat

ed

Pro

cess

onl

y C

ompr

omis

ed

Pro

cess

onl

y

Page 6: 19 Types of Cryptographic Keys...Proper key management is essential to the robust use of cryptography for security. • Poor key management may ea sily lead to compromise systems protected

Key

Sta

tes

and

Tran

sitio

ns (c

ont.)

R

ef: N

IST

SP

800

-57

3), 5

), 8)

Com

prom

ised

Gen

eral

ly, k

eys

are

com

prom

ised

whe

n th

ey a

re

rele

ased

to o

r det

erm

ined

by

an u

naut

horiz

ed e

ntity

. If t

he

inte

grity

or s

ecre

cy o

f the

key

is

sus

pect

, it i

s re

voke

d. T

he

key

is n

ot u

sed

to a

pply

pr

otec

tion

to in

form

atio

n. In

so

me

case

s, th

e ke

y m

ay b

e us

ed fo

r pro

cess

ing.

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

21

Pre

-Act

ivat

ion

Act

ive

Pro

tect

/Pro

cess

Des

troye

d D

estro

yed

Com

prom

ised

1

2

4

5

6

8

9

10

3

7 D

eact

ivat

ed

Pro

cess

onl

y C

ompr

omis

ed

Pro

cess

onl

y

Key

Sta

tes

and

Tran

sitio

ns (c

ont.)

R

ef: N

IST

SP

800

-57

9), 1

0) D

estr

oyed

Com

prom

ised

The

key

is d

estro

yed

afte

r a

com

prom

ise,

or t

he k

ey is

de

stro

yed

and

a co

mpr

omis

e is

la

ter d

isco

vere

d. K

ey a

ttrib

utes

m

ay b

e re

tain

ed.

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

22

Pre

-Act

ivat

ion

Act

ive

Pro

tect

/Pro

cess

Des

troye

d D

estro

yed

Com

prom

ised

1

2

4

5

6

8

9

10

3

7 D

eact

ivat

ed

Pro

cess

onl

y C

ompr

omis

ed

Pro

cess

onl

y

Key

Pro

tect

ion

• A

ctiv

e ke

ys s

houl

d be

acce

ssib

le fo

r aut

horis

ed u

sers

, –

prot

ecte

d fro

m u

naut

horis

ed u

sers

Dea

ctiv

ated

key

s m

ust b

e ke

pt a

s lo

ng a

s th

ere

is

data

pro

tect

ed b

y ke

ys

–W

here

will

they

be

kept

? –

How

will

they

be

kept

sec

urel

y?

–W

ho w

ill kn

ow h

ow to

acc

ess

them

whe

n re

quire

d?

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

23

Key

Pro

tect

ion

Exa

mpl

es

•S

ymm

etric

cip

hers

Nev

er s

tore

d or

tran

smitt

ed ‘i

n th

e cl

ear’

–M

ay u

se h

iera

rchy

: ses

sion

key

s en

cryp

ted

with

mas

ter

–M

aste

r key

pro

tect

ion:

Lock

s an

d gu

ards

Tam

per p

roof

dev

ices

Pas

swor

ds/p

assp

hras

es

•B

iom

etric

s

•A

sym

met

ric c

iphe

rs

–P

rivat

e ke

ys n

eed

conf

iden

tialit

y pr

otec

tion

–P

ublic

key

s ne

ed in

tegr

ity/a

uthe

ntic

ity p

rote

ctio

n

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

24

Page 7: 19 Types of Cryptographic Keys...Proper key management is essential to the robust use of cryptography for security. • Poor key management may ea sily lead to compromise systems protected

Key

des

truct

ion

•N

o ke

y m

ater

ial s

houl

d re

side

in v

olat

ile m

emor

y or

on

perm

anen

t sto

rage

med

ia a

fter d

estru

ctio

n •

Key

des

truct

ion

met

hods

, e.g

. –

Sim

ple

dele

te o

pera

tion

on c

ompu

ter

•m

ay le

ave

unde

lete

d ke

y e.

g. in

recy

cle

bin

or o

n di

sk s

ecto

rs

–S

peci

al d

elet

e op

erat

ion

on c

ompu

ter

•th

at le

aves

no

resi

dual

dat

a, e

.g. b

y ov

erw

ritin

g –

Mag

netic

med

ia d

egau

ssin

g –

Des

truct

ion

of p

hysi

cal d

evic

e e.

g hi

gh te

mpe

ratu

re

–M

aste

r key

des

truct

ion

whi

ch lo

gica

lly d

estru

cts

subo

rdin

ate

keys

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

25

Why

the

inte

rest

in P

KI ?

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

26

C

rypt

ogra

phy

solv

es s

ecur

ity p

robl

ems

in o

pen

netw

orks

, …

but

cre

ates

key

man

agem

ent c

ompl

exity

.

P

ublic

-key

cry

ptog

raph

y si

mpl

ifies

the

key

man

agem

ent,

… b

ut c

reat

es tr

ust m

anag

emen

t pro

blem

s.

Key

dis

tribu

tion:

The

pro

blem

Net

wor

k w

ith n

nod

es

•E

very

pai

r of n

odes

nee

d to

com

mun

icat

e se

cure

ly u

nder

cr

ypto

grap

hic

prot

ectio

n •

How

man

y se

cure

key

dis

trib

utio

ns n

eede

d ?

–S

ymm

etric

sec

ret k

eys:

n(n

-1)/2

dis

tribu

tions

Sec

recy

nee

ded,

qua

drat

ic g

row

th

•Im

prac

tical

in o

pen

netw

orks

Asy

mm

etric

pub

lic k

eys:

n(n

-1)/2

dis

tribu

tions

auth

entic

ity n

eede

d, q

uadr

atic

gro

wth

Impr

actic

al in

ope

n ne

twor

ks

–A

sym

met

ric p

ublic

key

s w

ith P

KI:

1 ro

ot p

ublic

key

dis

tribu

ted

to n

par

ties

•au

then

ticity

nee

ded,

line

ar g

row

th

•…

mor

e di

fficu

lt th

an y

ou m

ight

thin

k

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

27

n no

des

n(n-

1)/2

edg

es

n no

des

n ed

ges

root

Pro

blem

of e

nsur

ing

auth

entic

pub

lic k

eys

•A

ssum

e th

at p

ublic

key

s ar

e st

ored

in p

ublic

regi

ster

Con

sequ

ence

of a

ttack

er in

serti

ng fa

lse

key

for A

lice

in th

e pu

blic

-key

regi

ster

?

Val

id D

igS

ig fr

om A

lice

will

be re

ject

ed b

y B

ob

Con

fiden

tial m

essa

ge to

Alic

e ca

n be

read

by

atta

cker

•B

roke

n au

then

ticity

bre

aks

secu

rity

assu

mpt

ions

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

28

Publ

ic-k

ey re

gist

er

Alic

e:

K pub

(A)

K’ pu

b(A

) B

ob:

Kpu

b(B

) C

laire

: Kpu

b(C

)

Alic

e B

ob

Fals

e ke

y

{ M, S

ig(M

)=S

[h(M

), K

priv(A

)] }

Atta

cker

{ E[M

, Kse

c], E

[Kse

c, K’ pu

bl(A

)] }

Page 8: 19 Types of Cryptographic Keys...Proper key management is essential to the robust use of cryptography for security. • Poor key management may ea sily lead to compromise systems protected

Pub

lic-k

ey in

frast

ruct

ure

•D

ue to

spo

ofin

g pr

oble

m, p

ublic

key

s m

ust b

e di

gita

lly

sign

ed b

efor

e di

strib

utio

n.

•Th

e m

ain

purp

ose

of a

PK

I is

to e

nsur

e au

then

ticity

of

publ

ic k

eys.

•P

KI c

onsi

sts

of:

–Po

licie

s (to

def

ine

the

rule

s fo

r man

agin

g ce

rtific

ates

) –

Tech

nolo

gies

(to

impl

emen

t the

pol

icie

s an

d ge

nera

te,

stor

e an

d m

anag

e ce

rtific

ates

) –

Proc

edur

es (r

elat

ed to

key

man

agem

ent)

–St

ruct

ure

of p

ublic

key

cer

tific

ates

(pub

lic k

eys

with

di

gita

l sig

natu

res)

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

29

X.50

9 D

igita

l Cer

tific

ate

•Ve

rsio

n •

Ser

ial N

umbe

r •

Alg

orith

m Id

entif

ier

•C

A N

ame

•C

A U

niqu

e Id

entif

ier

•U

ser N

ame

•U

ser U

niqu

e N

ame

•U

ser P

ublic

Key

Valid

ity P

erio

d •

Ext

ensi

ons

CA

Dig

ital

Si

gnat

ure

Pub

lic-K

ey C

ertif

icat

es

•A

pub

lic-k

ey c

ertif

icat

e is

si

mpl

y a

publ

ic k

ey w

ith a

di

gita

l sig

natu

re

•B

inds

nam

e to

pub

lic k

ey

•C

ertif

icat

ion

Aut

horit

ies

(CA

) si

gn p

ublic

key

s.

•A

n au

then

tic c

opy

of C

A’s

pu

blic

key

is n

eede

d in

ord

er to

va

lidat

e ce

rtific

ate

•R

elyi

ng p

arty

val

idat

es th

e ce

rtific

ate

(i.e.

ver

ifies

that

us

er p

ublic

key

is a

uthe

ntic

)

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

30

Exa

mpl

e of

X.5

09 c

ertif

icat

e

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

31

How

to g

ener

ate

a di

gita

l cer

tific

ate?

1.

Ass

embl

e th

e in

form

atio

n (n

ame

and

publ

ic k

ey)

in s

ingl

e re

cord

Rec

2.

Has

h th

e re

cord

3.

Sig

n th

e ha

shed

reco

rd

4.A

ppen

d th

e di

gita

l sig

natu

re to

the

reco

rd

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

32

Rec

ord

….

….

…. H

ash

h[R

ec]

Sign

S

[h[R

ec],

Kpr

iv(C

A)]

Rec

ord

….

….

….

App

end

Dig

Sig

Page 9: 19 Types of Cryptographic Keys...Proper key management is essential to the robust use of cryptography for security. • Poor key management may ea sily lead to compromise systems protected

Self-

sign

ed ro

ot c

ertif

icat

e re

quir

ing

secu

re e

xtra

-pro

toco

l di

stri

butio

n to

rely

ing

part

ies

Inte

rmed

iate

CA

cer

tific

ate

Ow

ner c

ertif

icat

e va

lidat

able

on

line

by r

elyi

ng p

artie

s po

sses

sing

the

root

cer

tific

ate

= 4 7

Root

CA

Inte

rmed

iate

CA

Key

owne

r (s

erve

r, us

er)

3 D

irect

trus

t

1

Dire

ct

trus

t

5 D

ig.S

ig.

6 D

irect

trus

t

Lege

nd:

Pub

lic k

ey

Priv

ate

key

PK

I cer

tific

ate

gene

ratio

n

Aud

un J

øsan

g 33

L0

6 - I

NF3

510,

UiO

Spr

ing

2014

Cert

.

Cert

.

8 D

ig.S

ig.

2 D

ig.

Sig.

Cert

. R

oot c

ertif

icat

e

Sel

f-sig

ned

root

key

s: W

hy?

•M

any

peop

le th

ink

a ro

ot p

ublic

key

is a

uthe

ntic

ju

st b

ecau

se it

is s

elf-s

igne

d •

Can

be

dece

ptiv

e –

Giv

es im

pres

sion

of a

ssur

ance

Dis

guis

es in

secu

re p

ract

ice

–G

ives

fals

e tru

st

•S

elf-s

igni

ng p

rovi

des

abso

lute

ly n

o se

curit

y •

Use

ful p

urpo

se o

f sel

f-sig

ning

X.5

09 c

ertif

icat

es h

ave

a fie

ld fo

r dig

ital s

igna

ture

, so

an e

mpt

y fie

ld m

ight

cau

se a

pplic

atio

ns to

mal

func

tion.

A

sel

f-sig

natu

re is

a w

ay to

fill

the

empt

y fie

ld

–S

elf-s

igna

ture

can

be

used

to s

peci

fy a

cer

t as

a ro

ot

Aud

un J

øsan

g 34

L0

6 - I

NF3

510,

UiO

Spr

ing

2014

Cer

tific

ate

and

publ

ic k

ey v

alid

atio

n

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

35

Root

CA

sel

f-si

gned

cer

tific

ate

Inte

rmed

iate

CA

cer

tific

ate

Ow

ner c

ertif

icat

e Re

lyin

g Pa

rty

dire

ct tr

ust

1

bind

ing

bind

ing

bind

ing

valid

ate

2

indi

rect

tr

ust

4 Lege

nd:

Pub

lic k

ey

3 va

lidat

e

Ext

ract

pu

blic

ke

ys

Root

ce

rt.

Key

owne

r

Cert

. Ce

rt.

Cert

.

Inte

r. ce

rt.

Ow

ner

cert

.

Val

idat

ion

Aut

horit

ies

•A

val

idat

ion

auth

ority

can

ass

ist r

elyi

ng p

artie

s to

val

idat

e ce

rtific

ates

A

udun

Jøs

ang

L06

- IN

F351

0, U

iO S

prin

g 20

14

36

Root

CA

sel

f-si

gned

ce

rtifi

cate

s

Inte

rmed

iate

CA

ce

rtifi

cate

s

Serv

er

cert

ifica

tes

Rely

ing

part

y

Valid

atio

n A

utho

rity

Dire

ct tr

ust

2

Indi

rect

onl

ine

trus

t 3

1

Dire

ct tr

ust

Page 10: 19 Types of Cryptographic Keys...Proper key management is essential to the robust use of cryptography for security. • Poor key management may ea sily lead to compromise systems protected

PK

I Tru

st M

odel

s

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

37

Isol

ated

str

ict h

iera

rchi

es

e.g.

` Br

owse

r PK

IX ’

Cros

s-ce

rtifi

ed s

tric

t hi

erar

chie

s

Stri

ct h

iera

rchy

e.

g. `

DN

SSEC

PKI

’ Bi

-dire

ctio

nal

hier

arch

y A

d-ho

c an

arch

ic P

KI

PK

I tru

st m

odel

s

Stri

ct h

iera

rchi

cal m

odel

•A

dvan

tage

s:

–w

orks

wel

l in

high

ly-s

truct

ured

set

ting

such

as

mili

tary

and

go

vern

men

t –

uniq

ue c

ertif

icat

ion

path

bet

wee

n tw

o en

titie

s (s

o fin

ding

cer

tific

atio

n pa

ths

is tr

ivia

l) –

scal

es w

ell t

o la

rger

sys

tem

s •

Dis

adva

ntag

es:

–ne

ed a

trus

ted

third

par

ty (r

oot C

A)

–‘s

ingl

e po

int-o

f-fai

lure

’ tar

get

–If

any

node

is c

ompr

omis

ed, t

rust

impa

ct o

n al

l ent

ities

ste

mm

ing

from

that

nod

e

–D

oes

not w

ork

wel

l for

glo

bal i

mpl

emen

tatio

n (w

ho is

root

TTP

?)

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

38

Web

of t

rust

PK

I mod

el

Use

r-ce

ntric

mod

el, a

s in

PG

P

•E

ach

party

sig

ns

publ

ic k

eys

of o

ther

s w

hose

key

s ha

ve

been

ver

ified

to b

e au

then

tic.

•P

ublic

key

s si

gned

by

trus

ted

peop

le

can

be c

onsi

dere

d au

then

tic to

o.

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

39

Rely

ing

Part

y

?

?

?

?

?

Publ

ic-K

ey R

ing

PK

I tru

st m

odel

s

Use

r-ce

ntric

mod

el

•E

ach

user

is c

ompl

etel

y re

spon

sibl

e fo

r de

cidi

ng w

hich

pub

lic k

eys

to tr

ust

•E

xam

ple:

Pre

tty G

ood

Priv

acy

(PG

P)

–‘W

eb o

f Tru

st’

–E

ach

user

may

act

as

a C

A, s

igni

ng p

ublic

key

s th

at

they

will

trus

t –

Pub

lic k

eys

can

be d

istri

bute

d by

key

ser

vers

and

ve

rifie

d by

fing

erpr

ints

Ope

nPG

P P

ublic

Key

Ser

ver:

http

://pg

pkey

s.m

it.ed

u:11

371/

•P

GP

or G

PG

– W

hat i

s th

e di

ffere

nce?

A

udun

Jøs

ang

L06

- IN

F351

0, U

iO S

prin

g 20

14

40

Page 11: 19 Types of Cryptographic Keys...Proper key management is essential to the robust use of cryptography for security. • Poor key management may ea sily lead to compromise systems protected

PK

I tru

st m

odel

s

Use

r-ce

ntric

mod

el

•A

dvan

tage

s:

–S

impl

e an

d fre

e

–W

orks

wel

l for

a s

mal

l num

ber o

f use

rs

–D

oes

not r

equi

re e

xpen

sive

infra

stru

ctur

e to

ope

rate

Use

r-dr

iven

gra

ss ro

ots

oper

atio

n •

Dis

adva

ntag

es:

–M

ore

effo

rt, a

nd re

lies

on h

uman

judg

men

t •

Wor

ks w

ell w

ith te

chni

cal u

sers

who

are

aw

are

of th

e is

sues

, but

no

t the

gen

eral

pub

lic

–N

ot a

ppro

pria

te fo

r mor

e tru

st-s

ensi

tive

area

s su

ch a

s fin

ance

and

gov

ernm

ent

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

41

The

Bro

wse

r PK

IX

(PK

I bas

ed o

n th

e X

.509

cer

tific

ates

)

Root

CA

sel

f-si

gned

cer

tific

ates

Inte

rmed

iate

CA

cer

tific

ates

Serv

er a

nd s

oftw

are

cert

ifica

tes

Rely

ing

part

y

Aut

omat

ic v

alid

atio

n

1

2 Brow

ser

PKI

Pre-

stor

ed c

ertif

icat

es

The

brow

ser P

KIX

mod

el c

onsi

sts

of is

olat

ed s

trict

hi

erar

chie

s w

here

the

(roo

t) C

A ce

rtific

ates

are

inst

alle

d as

pa

rt of

the

web

bro

wse

r. N

ew ro

ots

and

trust

ed c

ertif

icat

es

can

be im

porte

d af

ter i

nsta

llatio

n

Aud

un J

øsan

g 42

L0

6 - I

NF3

510,

UiO

Spr

ing

2014

Bro

wse

r PK

IX a

nd m

alic

ious

cer

tific

ates

•Th

e br

owse

r aut

omat

ical

ly v

alid

ates

cer

tific

ates

by

che

ckin

g: c

ertif

icat

e na

me

= do

mai

n na

me

•C

rimin

als

buy

legi

timat

e ce

rtific

ates

whi

ch a

re

auto

mat

ical

ly v

alid

ated

by

brow

sers

Legi

timat

e ce

rtific

ates

can

be

used

for m

alic

ious

ph

ishi

ng a

ttack

s, e

.g. t

o m

asqu

erad

e as

a b

ank

–M

alic

ious

cer

tific

ates

are

legi

timat

e ce

rtifi

cate

s !!!

Ser

ver c

ertif

icat

e va

lidat

ion

is n

ot a

uthe

ntic

atio

n –

Use

rs w

ho d

on’t

know

the

serv

er d

omai

n na

me

cann

ot

dist

ingu

ish

betw

een

right

and

wro

ng s

erve

r cer

tific

ates

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

43

A

udun

Jøs

ang

Bro

wse

r PK

I roo

t cer

tific

ate

inst

alla

tion

•D

istri

butio

n of

root

cer

tific

ates

whi

ch s

houl

d ha

ppen

sec

urel

y ou

t-of-b

and,

is o

ften

done

th

roug

h on

line

dow

nloa

ding

of b

row

ser S

W

•U

sers

are

in fa

ct tr

ustin

g th

e br

owse

r ve

ndor

who

sup

plie

d th

e in

stal

led

certi

ficat

es, r

athe

r tha

n a

root

CA

Exa

mpl

e: u

sed

by M

ozill

a Fi

refo

x an

d M

icro

soft

Inte

rnet

Exp

lore

r •

Bro

wse

r ven

dors

dec

ide

whi

ch C

A c

erts

to

dist

ribut

e w

ith b

row

sers

This

is a

n im

porta

nt p

oliti

cal i

ssue

L0

6 - I

NF3

510,

UiO

Spr

ing

2014

44

Page 12: 19 Types of Cryptographic Keys...Proper key management is essential to the robust use of cryptography for security. • Poor key management may ea sily lead to compromise systems protected

Phi

shin

g an

d fa

ke c

ertif

icat

es

Haw

aii F

eder

al C

redi

t Uni

on

Aut

hent

ic b

ank

logi

n ht

tps:

//hcd

.use

rson

lnet

.com

/asp

/US

ER

S/C

omm

on/L

ogin

/Net

tLog

in.a

sp

Fake

ban

k lo

gin

http

s://h

awai

iusa

fcuh

b.co

m/c

gi-

bin/

mcw

00.c

gi?M

CW

STA

RT

A

udun

Jøs

ang

L06

- IN

F351

0, U

iO S

prin

g 20

14

45

Aut

hent

ic a

nd F

ake

Cer

tific

ates

Aut

hent

ic c

ertif

icat

e Fa

ke c

ertif

icat

e A

udun

Jøs

ang

L06

- IN

F351

0, U

iO S

prin

g 20

14

46

Cer

tific

ate

com

paris

on 2

Gen

uine

cer

tific

ate

Fake

cer

tific

ate

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

47

Cer

tific

ate

com

paris

on 3

Gen

uine

cer

tific

ate

Fake

cer

tific

ate

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

48

Page 13: 19 Types of Cryptographic Keys...Proper key management is essential to the robust use of cryptography for security. • Poor key management may ea sily lead to compromise systems protected

Pub

lic-k

ey c

ertif

icat

e m

eani

ng

•P

ublic

-key

cer

tific

ates

are

onl

y ab

out i

dent

ity, n

ot

abou

t hon

esty

, rel

iabi

lity

or a

nyth

ing

you

norm

ally

as

soci

ate

with

trus

t

•P

ublic

-key

cer

tific

ates

are

not

eve

n su

itabl

e to

ve

rify

iden

tity.

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

49

Stu

xnet

with

val

id s

igna

ture

•S

tuxn

et w

orm

is d

escr

ibed

as

the

mos

t adv

ance

d m

alw

are

atta

ck e

ver,

beca

use

It us

ed m

ultip

le z

ero-

day

expl

oits

It ta

rget

ed a

spe

cific

indu

stria

l con

trol s

yste

m

–It

was

sig

ned

unde

r a v

alid

sof

twar

e ce

rtific

ate

•S

tuxn

et w

orm

wou

ld b

e au

tom

atic

ally

val

idat

ed b

y ev

ery

brow

ser i

n th

e w

hole

wor

ld

•P

oint

abo

ut S

W c

ertif

icat

e is

mea

ning

less

Any

body

can

buy

sof

twar

e ce

rtific

ates

and

sig

n w

hate

ver t

hey

wan

t, ev

en th

e M

afia

!!!

A

udun

Jøs

ang

L06

- IN

F351

0, U

iO S

prin

g 20

14

50

Typi

cal t

erm

inol

ogy:

• t

rust

ed s

ites

• sec

ure

site

s • a

uthe

ntic

site

s

Mea

ning

less

PK

IX S

erve

r Aut

hent

icat

ion

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

51

Clie

nt

Use

r

I am

Maf

ia.c

om Th

at’s

cor

rece

t

That

’s c

orre

cet

Goo

d, I

feel

sa

fe n

ow

Ser

ver

Ser

ver

I am

DN

B.n

o

The

Maf

ia

Cer

tific

ates

are

va

lid !

Cer

tific

ate

DN

B

Maf

ia

Cer

tific

ate

DN

SS

EC

PK

I

•Th

e D

NS

(Dom

ain

Nam

e S

yste

m) i

s vu

lner

able

to e

.g. c

ache

po

ison

ing

atta

cks

resu

lting

in w

rong

IP a

ddre

sses

bei

ng re

turn

ed.

•D

NS

SE

C d

esig

ned

to p

rovi

de d

igita

l sig

natu

re o

n ev

ery

DN

S re

ply

•B

ased

on

PK

I with

a s

ingl

e ro

ot.

A

udun

Jøs

ang

L06

- IN

F351

0, U

iO S

prin

g 20

14

52

DN

SSEC

org

anis

astio

nal C

As

“.” D

NSS

EC ro

ot C

A

DN

SSEC

inte

rmed

iate

CA

s

DN

SSEC

top

leve

l CA

s co

m

org

uk

ac.u

k co

.uk

iban

k.ba

rcla

ys.c

o.uk

Ope

n PG

P si

gnat

ures

(Tru

st A

ncho

rs)

DN

S le

af n

odes

ba

rcla

ys.c

o.uk

Page 14: 19 Types of Cryptographic Keys...Proper key management is essential to the robust use of cryptography for security. • Poor key management may ea sily lead to compromise systems protected

DN

SS

EC

PK

I vs.

Bro

wse

r PK

IX

•In

B-P

KIX

, any

CA

can

issu

e ce

rts fo

r any

dom

ain �

pro

blem

atic

CA

s un

der t

he D

NS

SE

C P

KI c

an o

nly

issu

e ce

rtific

ates

for o

wn

dom

ain

The

DN

SS

EC

PK

I and

the

B-P

KI b

oth

targ

et th

e sa

me

user

/org

nod

es

•D

AN

E: D

NS

SE

C-b

ased

Aut

hent

icat

ion

of N

amed

Ent

ities

Alte

rnat

ive

to B

-PK

IX, s

tand

ards

exi

st, n

ot d

eplo

yed,

com

plex

A

udun

Jøs

ang

L06

- IN

F351

0, U

iO S

prin

g 20

14

53

Root

CA

Inte

rmed

iate

CA

Cert

ifica

tes

for

user

s an

d or

gani

satio

ns

“.” D

NS

root

CA

Inte

rmed

iate

DN

S CA

s

Top

Leve

l DN

S CA

s co

m

org

uk

ac.u

k co

.uk

DN

SSEC

PKI

B-PK

IX

PKI 1

PKI 2

PKI 3

CR

L: C

ertif

icat

e R

evoc

atio

n Li

sts

•C

ertif

icat

e R

evoc

atio

n –

Q: W

hen

mig

ht a

cer

tific

ate

need

to b

e re

voke

d ?

–A

: Whe

n ce

rtific

ate

beco

mes

out

date

d be

fore

it

expi

res,

due

to:

•pr

ivat

e ke

y be

ing

disc

lose

d •

subs

crib

er n

ame

chan

ge

•ch

ange

in a

utho

risat

ions

, etc

Rev

ocat

ion

may

be

chec

ked

onlin

e ag

ains

t a

certi

ficat

e re

voca

tion

list (

CR

L)

•C

heck

ing

the

CR

L cr

eate

s a

huge

ove

rhea

d w

hich

thre

aten

s to

mak

e P

KI i

mpr

actic

al

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

54

PK

I ser

vice

s

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

55

•S

ever

al o

rgan

isat

ions

ope

rate

PK

I ser

vice

s •

Priv

ate

sect

or

•P

ublic

sec

tor

•M

ilita

ry s

ecto

r •

Mut

ual r

ecog

nitio

n an

d cr

oss

certi

ficat

ion

betw

een

PK

Is is

diff

icul

t •

Exp

ensi

ve to

ope

rate

a ro

bust

PK

I •

The

Bro

wse

r PK

IX is

the

mos

t wid

ely

depl

oyed

PK

I tha

nks

to p

iggy

-bac

king

on

brow

sers

and

the

lax

secu

rity

requ

irem

ents

DN

SS

EC

PK

I mig

ht re

plac

e th

e br

owse

r PK

IX

PK

I Sum

mar

y

•P

ublic

key

cry

ptog

raph

y ne

eds

a P

KI t

o w

ork

–D

igita

l cer

tific

ates

use

d to

pro

vide

aut

hent

icity

an

d in

tegr

ity fo

r pu

blic

key

s –

Acc

epta

nce

of c

ertif

icat

es re

quire

s tru

st

–Tr

ust r

elat

ions

hips

bet

wee

n en

titie

s in

a P

KI

can

be m

odel

led

in d

iffer

ent w

ays

–E

stab

lishi

ng tr

ust h

as a

cos

t, e.

g. b

ecau

se

secu

re o

ut-o

f-ban

d ch

anne

ls a

re e

xpen

sive

Aud

un J

øsan

g L0

6 - I

NF3

510,

UiO

Spr

ing

2014

56