Upload
hadang
View
212
Download
0
Embed Size (px)
Citation preview
CSE 543 Computer Security: Risks of PKI - Josh Schiffman & Archana Viswanath
Ten Risks of PKI:What You're not Being Told about
Public Key Infrastructure
Joshua SchiffmanArchana Viswanath
CSE 543 Computer Security: Risks of PKI - Josh Schiffman & Archana Viswanath
Computer Security
● Security is a business○ Especially PKI
● PKI needs business to thrive○ Buy certificates○ PKI equipment
● Certificates are the commodity○ How trustworthy are they?
CSE 543 Computer Security: Risks of PKI - Josh Schiffman & Archana Viswanath
Categories of Risk
● Security is a chain○ Only as strong as the weakest link
● We identify three main categories for risk○ Trust in the Certification Authority (CA)○ Trust in the encryption keys○ Trust in the users
CSE 543 Computer Security: Risks of PKI - Josh Schiffman & Archana Viswanath
Certification Authorities
● PKI requires distribution of public keys○ Dangerous to send in the clear
● CAs provide certificates binding name to key○ What makes a CA trusted?○ What guarantee do we have the certificate is real?
Alice CA
KB
Really? This is Bob'spublic key
CSE 543 Computer Security: Risks of PKI - Josh Schiffman & Archana Viswanath
Content Authorities
● Certificates contain more than just a key○ Name / ID○ DNS for SSL
● Who is authorized to provide this content○ CAs are not authorities○ Contrary to many other systems
▶ Business name▶ Licenses
● Does it always matter?○ Offers no added encryption
CSE 543 Computer Security: Risks of PKI - Josh Schiffman & Archana Viswanath
Registration Authority
● Registration Authorities (RA)○ Authority on the contents○ Establish secure communication with the CA
● What guarantees are in the RA+CA model?○ CAs can forge certificates○ More vectors for attack○ Authorities physically possessing the CA helps
▶ Breaks some business models
CSE 543 Computer Security: Risks of PKI - Josh Schiffman & Archana Viswanath
Identifying the Applicant
● Does the CA verify applications?○ Identity checking○ Are the credentials easy to obtain?
● Is there private key verification?○ Possessing the public key for the certificate
▶ Does not prove possession of private key
Alice CA
KA
Really?This is mypublic key
CSE 543 Computer Security: Risks of PKI - Josh Schiffman & Archana Viswanath
Securing the CA
● CAs don't keep secrets○ All verification is done with public keys
● Use “root certificates" to vouch for the certificate○ Self-signed○ Form a chain of trust
▶ Must end at some ultimately trusted party
● Attackers can inject their own root keys○ Spoof public keys
● Physically protect the CA