Public Key Cryptography: Uses and Infrastructure
CS 3IS3
Ryszard Janicki
Department of Computing and Software, McMaster University, Hamilton, Ontario, Canada
Acknowledgments: Material based on Information Security by Mark Stamp (Chapters 4.7-4.9)
Ryszard Janicki
Public Key Cryptography: Uses and Infrastructure 1/11
Uses for Public Key Cryptography
Uses for Public Key Crypto
Confidentiality
o Transmitting data over insecure channel o Secure storage on insecure media
Authentication protocols (later)
Digital signature
o Provides integrity and non-repudiation o No non-repudiation with symmetric keys
Part 1 Cryptography 141
Ryszard Janicki
Public Key Cryptography: Uses and Infrastructure 2/11
Repudiation and Non-Repudiation
Repudiation
Alice orders 100 shares of stock from Bob
Alice computes MAC using symmetric key
Stock drops, Alice claims she did not order
Can Bob prove that Alice placed the order?
No! Bob also knows the symmetric key,so he could have forged the MAC
Problem :Bob knows Alice placed the order, but he can’t
prove it
Non-repudiation
Alice orders 100 shares of stock from Bob
Alice signs order with her private key
Stock drops, Alice claims she did not order
Can Bob prove that Alice placed the order?
Yes! Alice’s private key used to sign the order – only Alice knows her private key
This assumes Alice’s private key has not been lost/stolen
Ryszard Janicki
Public Key Cryptography: Uses and Infrastructure 3/11
Confidentiality and Non-Repudiation?
Public Key Notation
Sign message M with Alice’s private key: [M]Alice Encrypt message M with Alice’s public key: {M}Alice
M = “I love you” M = “I love you”
Bob Alice
Sign and Encrypt
Alice sends message to Bob
Sign and encrypt: {[M]Alice}Bob Encrypt and sign: [{M} ]
{[M]Alice}Bob {[M]Alice}Charlie
Encrypt and Sign
Alice Bob Charlie
M = “My theory, which is mine….”
M = “My theory, which is mine. . . .” Q: What’s the problem?
A: No problem public key is public
[{M}Bob]Alice
Part 1 Cryptography Alice
[{M}Bob]Charlie
Charlie
147
Bob
Ryszard Janicki
Public Key Cryptography: Uses and Infrastructure 4/11
Note that Charlie cannot decrypt M
Public Key Infrastructure (PKI)
Public Key Certificate
Digital certificate contains name of user and user’s public key (possibly other info too)
It is signed by the issuer, a Certificate Authority (CA), such as VeriSign: M = (Alice, Alice’s public key), S = [M]CA, Alice’s Certificate = (M,S)
Signature on certificate is verified using CA’s public key. Must
verify that M = {S}CA Certificate Authority
Certificate authority (CA) is a trusted 3rd party (TTP) – creates and signs certificates
Verify signature to verify integrity and identity of owner of corresponding private key.
Does not verify the identity of the sender of certificate – certificates are public!
Big problem if CA makes a mistake! CA once issued Microsoft certification to someone else.
A common format for certificates is X.509
Ryszard Janicki
Public Key Cryptography: Uses and Infrastructure 5/11
Public Key Infrastructure (PKI)
Ryszard Janicki
Public Key Cryptography: Uses and Infrastructure 6/11
PKI
Public Key Infrastructure (PKI): the stuff needed to securely use public key cryptography
Key generation and management Certificate authority (CA) or authorities Certificate revocation lists (CRLs), etc.
No general standard for PKI
We mention 3 generic “trust models”
We only discuss the CA (or CAs)
Ryszard Janicki
Public Key Cryptography: Uses and Infrastructure 7/11
PKI Trust Models
Monopoly model
One universally trusted organization is the CA for the known universe
Big problems if CA is ever compromised
Who will act as CA ???
System is useless if you don’t trust the CA!
Oligarchy
Multiple (“a few”) trusted CAs
This approach is used in browsers today
Browser may have 80 or more CA certificates, just to verify certificates!
User can decide which CA or CAs to trust
Ryszard Janicki
Public Key Cryptography: Uses and Infrastructure 8/11
PKI Trust Models II
Anarchy model
Everyone is a CA. . .
Users must decide who to trust
This approach used in Pretty Good Privacy (PGP): “Web of trust”
Why is it anarchy?
Suppose certificate is signed by Frank and you don’t know Frank, but you do trust Bob and Bob says Alice is trustworthy and Alice vouches for Frank. Should you accept the certificate?
Many other trust models/PKI issues
Ryszard Janicki
Public Key Cryptography: Uses and Infrastructure 9/11
Symmetric Key vs Public Key
Symmetric key(s)
Speed
No public key infrastructure (PKI) needed (but have to generate/distribute keys)
Public Key(s)
Signatures (non-repudiation)
No shared secret (but,do have to get private keys to the right user…)
Ryszard Janicki
Public Key Cryptography: Uses and Infrastructure 10/11
Real World Confidentiality
Real World Confidentiality
Hybrid cryptosystem
o Public key crypto to establish a key
Hybrid cryptosystem
o SymPmubelitcrkiecy kcreyyptocrtoypesttoabtliosheankceryypt data… Symmetric key crypto to encrypt data. . .
Can Bob be sure he’s talking to Alice?
Part 1 Cryptography 159
I’m Alice, {K}Bob
E(Bob’s data, K) E(Alice’s data, K)
Alice
Bob
Ryszard Janicki
Public Key Cryptography: Uses and Infrastructure 11/11