Public Key InfrastructuresPublic Key Infrastructures

Chapter 5Trust ModelsTrust Models

Cryptography and ComputeralgebraProf Dr Johannes BuchmannProf. Dr. Johannes BuchmannDr. Alexander Wiesmaier

We have seen certificates.We have seen certificates.

Wh d t ust in public k s?Why do we trust in public keys?

2

Example

33

Example

Authenticated by digital by digital signature

4

Click on icon

5

Click on view

6

In the browser

The browser is shipped with trusted authorities

7

The browser is shipped with trusted authorities

Built-in object token

8

Direct trust

A user obtains the public key directly from the owner or has the fingerprint of the the owner or has the fingerprint of the public key verified directly by the owner.

9

Fingerprint

It is the hash value of the certificateIt is the hash value of the certificate

Ex mpl :Example:

Calculate hash value (e.g. SHA1)

10

Fingerprint calculation

11

Fingerprint

The key owner transmits/publishes the The key owner transmits/publishes the fingerprint

by phoneb web page

newspaper or public documentp p pCD-ROM

12

Phone verification

1313

Web page verification

1414

Federal Gazette

BNetzA

bl h hpublishes the

public keyp y

(still RegTP in 2005) )

15

CD-ROM verification

# gpg list p blic ke s~# gpg --list-public-keys/root/.gnupg/pubring.gpg------------------------pub 2048R/3D25D3D9 1999-03-06 SuSE Security Teampub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse de><build@suse.de>sub 2048g/8495160C 2000-10-19 [expires: 2006-02-12]

16

Examples of direct trust

17

Certificate Installation Step 0

18

Certificate Installation Step 1

19

Certificate Installation Step 2

20

Certificate Installation Step 3

2121

Software Signing Step 1

Original CD-ROMEvery customer obtains original-CDs that contain the public keyEvery customer obtains original-CDs that contain the public key.The medium offers protection against manipulation. Key compromise as well as CD forgery can become knowny p g ythrough the media.

Trust in key = Trust in original-CDs

~# gpg --list-public-keys/root/.gnupg/pubring.gpg------------------------pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key b ild@ d

22

<build@suse.de>sub 2048g/8495160C 2000-10-19 [expires: 2006-02-12]

Software Signing Step 2d PSigned RPMs

RedHat Package ManagerSoftware installation in Linux Software installation in Linux Source: miscellaneous URLs Is a URL trusted?(e.g. is ftp://ftp.suse.com/.../openssl-0.9.6g-30.i586.rpmone malicious version of OpenSSL?)Solution: The Linux-Distributor signs the RPM-PacketSolution: The Linux-Distributor signs the RPM-Packetwith GPG (GNU Privacy Guard)Public Key inside the original-CD for verification

~# rpm --checksig ./openssl-0.9.6g-30.i586.rpmopenssl-0.9.6g-30.i586.rpm: md5 gpg in Ordnung~#

23

SSH Step 1

SSH: Secure ShellCryptographically secured alternative for telnet and ftpCryptographically secured alternative for telnet and ftp.User authentication based on password or public key.Computer authentication based always on public key.

Public key based user authentication:Public key based user authentication:

The user creates a key pair on the client side.Th d it th bli k th The user deposits the public key on the server.The user must remove compromised keys from the host.

24

SSH Step 2

Public Key based computer authentication:Protection against DNS- or IP-Spoofing.g p f gThe public key of the server is transmitted during the firstlogin.gThe user must verify the fingerprint by asking the server’s administrator.Warning in case of public key alteration.

~> ssh cdcnt56The authenticity of host 'cdcnt56 (130.83.23.156)' can't be established.RSA key fingerprint is 97:cd:d9:cc:f7:c1:4c:1b:13:dd:96:4a:90:2d:88:ca.Are you sure you want to continue connecting (yes/no)? yes19752 W i P tl dd d ' d t56 130 83 23 156'

25

19752: Warning: Permanently added 'cdcnt56,130.83.23.156' (RSA) to the list of known hosts.

Direct trust: summary

It i th b i f ll th t t d lIt is the basis for all other trust modelsOne knows

Whi h k th ti dWhich keys are authentic andWhy they are considered authentic

B d l b lBad scalability:in pairs, authentic key exchange of all keys

i ( b if i th fi i t)requires (e.g. by verifying the fingerprint)n * (n-1) = O(n2) verifications.

26