Principles of Information Security

MIS 1201
(Key Distribution)

Kasun De Zoysa

Department of Communication and Media Technologies

University of Colombo School of Computing
University of Colombo
Sri Lanka

1
 Asymmetric Key / Public Key
Cryptosystem
• Uses a Key Pair (Public / Private Keys) *
• Public Key shared between users
– Strengths

• Better Scalability than Symmetric Key Cryptosystems

• Can provide confidentiality, authentication and nonrepudiation
• Key Distribution Management
• Uses one Key to encrypt, the other to decrypt

– Weaknesses

• Slower Algorithms than Symmetric Key System

– Algorithms

• RSA, Elliptic Curve Cryptosystem (ECC), Diffie-Hellman, El Gamal,

• DSS (Digital Signature Standard), PGP

• ECC has higher work factor than other asymmetric algorithms

2
 Hybrid Encryption
• Why is symmetric key encryption still used?
– Performance
– Also cryptographic reasons
In practice one uses hybrid encryption...
– A one-time random key is generated (“session key”)
– This is used to symmetrically encrypt the message
– The symmetric session key is encrypted through public
key encryption and sent to the other party together with
the (encrypted) message

3
Storage and Handling Public Keys

Keys
Server
A B

A B

A B 4
 Key Management
• Using a public key system, A wants to talk
to B
• C is the Key Distribution Center(Key
Server), has A and B’s public key
• A calls B, and the calling protocol contacts
C
• C encrypts a session key, “k”, with the
public keys and sends the encrypted “k” to
A and B
• A and B can then communicate

5
Secure Sending of secret key

A B

A
B
Key
A B
(“Digital Envelope”)
6
Recovery of Secret Key

A B

B A
Key
B

A B 7
Authenticity of Sender

A B

B
Key
A B
A (“Digital Signature”)
8
Verification of Signature

A B

B A
Key

B
A B 9
Authenticity of Sender and Receiver

A B

B
Key
A B
A
10
Full Verification

A B
(Sender’s/Receiver’s
Authenticity, Message
Protection and Integrity )
A

Key

A B
A B
11
Certificate Authority

Keys
A Certificates B
Server

CA

MAC MAC

A B 12
 Certificates Infrastructure
Infrastructure
– Certificates need some infrastructure in place to
allow users to verify a given certificate.
– This can be done centrally or via a distributed
system.
– So how are certificates, and their certificate
chains, verified and disseminated?
(1) Trusted Third Party (TTP)
(2) Certificate Authority (CA)
(3) Simple Public Key Infrastructure (SPKI)
 Certificates Infrastructure

Trusted Third Party (TTP)

• Alice wants to carry out some transaction with
Bob.
• Alice wants to be sure that Bob is who he say
he is and Bob vice versa.
• Carol, who is trusted by both Alice and Bob,
offers to undertake this authentication process.
 Certificates Infrastructure

Certificate Authority
• Trusted, 3rd party organization
• CA (Certificate Authority) guarantees that the
individual granted a certificate is who he/she
claims to be
• CA usually has arrangement with financial
institution to confirm identity
• Critical to data security and electronic commerce
• Well known organisation establish themselves to
act as certificate authorities. Verisign, CREN,
etc.
• One can then obtain X.509 public key
certificates from them by submitting satisfactory
evidence of their identity. 15
 Certificate Infrastructure
Simple Public Key Infrastructure (SPKI)
– X.509 relies on global uniqueness, which can cause long
chains of certification that must be validated to someone
who is trusted.
– SPKI is a scheme for the creation and management of
sets of public certificates.
– Chains of certificates can be process using logical
inference to produce derived certificates.
– E.g. Bob believed Alice’s key is KApub
– Carol trusts Bob on Alice’s public key
– Therefore, Carol believes that Alice’s public
key is KApub.
 Certificate Standards
X.509
• Most widely used standard for certificates.
• Part of the X.500 standard for the construction of global directories
of names and attributes.
• X.509 is used in cryptography as a format definition for free
standing certificates.
• Public key is bound to a named entity called a subject.
• Binding is in the signature, which is issued by an Issuer.

X.509 Certificate Format

Subject: Distinguished Name, Public Key
Issuer: Distinguished Name, Signature
Validity Period: Not Before, Not After
Admin Info: Version, Serial
Extended Info: …
Internal Structure of Certificate

•Version
•Serial Number
•Signature Algorithm
•Issuer
•Subject MAC

•Validity
•Subject Public Key Information
•Extensions
•Signature

18
Structure of Distinguish Name

•Country Name
•State and Province Name
•Locality Name
•Organization Name
•Organization Unit Name
•Common Name
•Email Address
•URL

19
Certificate Types

•Digital Signature
•Key Encipherment
•Data Encipherment
•Key Certificate Signature
•CRL Signature
•Object Signing

MAC

20
Root Certificate

21
 Public key infrastructure (PKI)
• Public key infrastructure (PKI) - provides
the foundation necessary for secure e-
business through the use of
cryptographic keys and certificates
– Enables secure electronic transactions
– Enables the exchange of sensitive
information

PKI 22
 Public Key Infrastructure (PKI)
• PKI is an ISO authentication “framework” that uses public key
cryptography and X.509 standard protocols.

• The framework establishes a generalized architecture for

exchanging secure communication across networks. (Internet,
internal / external).

• PKI is a Hybrid Key System with an infrastructure allowing the PKI

certificate authority to create, maintain and manage digital
certificates.

• Each user is issued a Digital Certificate (DC) which contains

the end users public key along with other identifying information.

• The Digital Certificate is signed / validated by a trusted third party /

Certificate Authority (CA). The CA enables users who are not
trusted to each other (unknown) to trust each other.

• The most popular DC is an X.509 v3 This is same type of

23
certificate as an SSL / HTTPS Certificate.
 PKI entities / functions and roles
• Certificate Authority (CA) Issuer of Certificates

• Registration Authority (RA)Performs all functions of CA but cannot

issue DC’s

• Certificate Repository Structure used to hold CA’s

• Certificate Revocation Part of CA / RA that manages DC’s

Issuing System

• Key Management Backup, recovery, change, updating,

histories

• Cross Certification Ring / Web of Trust with other CA’s

• Time StampingProvides Timeline / Auditing

• Custom Application Software written with PKI logic included

Software in application / coding 24
Certificate Hierarchy

CA

CA CA

A B

25
CA Hierarchy in Practice

26
Alternative Trust Hierarchies

27
Cross Certification

RCA
RCA

BCA

BCA
GCA

CCA GCA

CCA

A B

28
Bridge CA BCA (L1) CRL

CML Validates
Certificate Path

CRL:
Justice User 6
Justice User 88
Justice Armed Forces CRL
Root

Coast Guard FBI Armed Forces

CRL: ICA
FBI User 6
FBI User 8

Army CA Navy CA AF CA

CPDL Builds
Certificate Path

• FBI User 5 • Navy User 7

Entrust User Signs SPYRUS User Verifies

and Transmits
Encrypted Message
to SPYRYUS User
 Original
JASDFL;K
Message
ASDFL;KJAS
(Decrypted, Sig
Entrust User Signature
Cert, Verifies Signature,
Decrypts and Displays
D2 Verified)
04978AS
Message
29
 Key Management
• Key Management and especially revocation is a big issue
• Revocation is commonly done with Certificate Revocation
Lists (CRLs)
–An off-line protocol
–On-line revocation mechanisms are also used (OCSP)
–Both have their (dis-)advantages
• In a PKI, a number of repositories exist (with PKCs and CRLs)
• Key management is one of the most difficult PKI problems
(it is the reason why some people say PKI doesn’t work)
• With this knowledge...think about long time storage of signed
documents
• By now it should be clear that a very important issue in a PKI are
the governing policies...

30
Certificate Revocation
•Revocation is managed with a Certificate Revocation List
(CRL), a form of anti-certificate which cancels a certificate
• Equivalent to 1970s-era credit card blacklist booklets
• Relying parties are expected to check CRLs before using
a certificate
– “This certificate is valid unless you hear somewhere that it
isn’t”

31
CRL Distribution Problems

• CRLs have a fixed validity period

– Valid from issue date to expiry date
• At expiry date, all relying parties connect to the CA to fetch
the new CRL
– Massive peak loads when a CRL expires (DDOS attack)
• Issuing CRLs to provide timely revocation exacerbates the
problem
– 10M clients download a 1MB CRL issued once a minute =
~150GB/s traffic
– Even per-minute CRLs aren’t timely enough for high-value
transactions with interest calculated by the minute

32
 Online Status Checking
•Online Certificate Status Protocol, OCSP
• Inquires of the issuing CA whether a given certificate is still
valid
– Acts as a simple responder for querying CRL’s
– Still requires the use of a CRL to check validity
• OCSP acts as a selective CRL protocol
– Standard CRL process: “Send me a CRL for everything you’ve
got”
– OCSP process: “Send me a pseudo-CRL/OCSP response for
only these certs”
– Lightweight pseudo-CRL avoids CRL size problems
– Reply is created on the spot in response to the request 33
– Ephemeral pseudo-CRL avoids CRL validity period problems
34
Online Certificate Status Protocol (OCSP)

• Returned status values are non-orthogonal

– Status = “good”, “revoked”, or “unknown”
– “Not revoked” doesn’t necessarily mean “good”
– “Unknown” could be anything from “Certificate was never
issued” to “It was issued but I can’t find a CRL for it”

35
OCSP Problems

•Problems are due in some extent to the CRL-based

origins of OCSP
– CRL can only report a negative result
– “Not revoked” doesn’t mean a cert was ever issued
– Some OCSP implementations will report “I can’t find a
CRL” as “Good”
– Some relying party implementations will assume “revoked”
“not good”, so any other status = “good”
– Much debate among implementors about OCSP semantics

36
Other Online Validation Protocols

• Simple Certificate Validation Protocol (SCVP)

– Relying party submits a full chain of certificates
– Server indicates whether the chain can be verified
– Aimed mostly at thin clients
• Data Validation and Certification Server Protocols (DVCS)
– Provides facilities similar to SCVP disguised as a general third-party data
validation mechanism
• Integrated CA Services Protocol (ICAP)
• Real-time Certificate Status Protocol (RCSP)
• Web-based Certificate Access Protocol (WebCAP)
• Delegated Path Validation (DPV)
– Offshoot of the SCVP/DVCS debate and an OCSP alternative OCSP-X

37
Discussion
Discussion

38