University of the Aegean

De Facto Joint Research Group

PKI: Is it worth
something, or what?
John Iliadis1,2, Stefanos Gr...
Overview
➢
➢

➢
➢
➢

Communication Networks: Now and Then.
Symmetric Cryptosystems versus
Asymettric Cryptosystems
Applica...
Communication
Networks:
Now and Then
➢

Then: Centralised, Closed
➢

➢

➢
➢
➢

private or semi-private, no access
allowed,...
Communication Networks:
Now and Then (cont.)
➢

Now: Distributed, Open
➢
➢
➢
➢
➢
➢

no ownership,
no central control,
resi...
Key Distribution Symmetric Cryptosystems
➢
➢
➢
➢

Direct
Key Translation Center
Key Distribution Center
Based on asymmetri...
Key Translation Center
(symmetric crypto)
1

A

3

KTC

2

B

4

•A->KTC: enciphered key
•KTC->B: sends B re-enciphered ke...
Key Distribution Center
(symmetric crypto)
1

A

2a

KDC

2b

B

•A->KDC: request for shared key
•KDC->A: sends A encipher...
Key Distribution in
Symmetric Cryptosystems
A Note
➢

All mechanisms require the existence of a
shared symmetric or asymme...
Key Distribution:
Asymmetric
Cryptosystems
➢

➢

Protected channels (data origin
authentication and data integrity
protect...
Key Distribution:
Asymmetric
Cryptosystems (cont.)
CA

1
2

3

4

A

B

•A->CA: KeyA (?)
•CA->A: CertificateA
•CA<->B: Cer...
Key Distribution in
Asymmetric
Cryptosystems - A Note
➢

Mechanisms require the existence of either
an integrity protected...
Key Distribution:
A Final Note
The Case of Asymmetric versus Symmetric
Cryptosystems, and vice-versa.
Verdict: Innocent on...
Key Distribution:
A Final Note (cont.)
The Case of Asymmetric versus Symmetric
Cryptosystems, and vice-versa.
Verdict 2: T...
Key Distribution:
A Final Note (cont.)
Asymmetric crypto was not invented to
meet the needs of new, distributed
and loosel...
Digital Certificates
Offline authentication token
Third, trusted entity vouches for it
Expiration, revocation
Contents:
–
...
Digital
Signatures
➢

➢

Generating certificate-supported
signatures
Non-repudiation
➢
➢
➢

Timestamping
Non-repudiation m...
Some Threats in
Electronic
Transactions
➢
➢
➢
➢

➢
➢
➢

Monitoring of communication lines
Shared key guessing/stealing
Sha...
Insecure
Electronic
Transactions
Entity1

Network

Entity2

insecure communication channel
John Iliadis, Stefanos Gritzali...
Facing Threats
monitoring of communication lines
Encryption with randomly generated shared
session key
shared session key ...
Facing Threats
(cont.)
Masquerade - Web spoofing
Exchange of X509v3 certificates and
verification against a Directory
Pass...
Securing electronic
transactions
Entity1

Network

Issuing certificates

Entity2

Issuing certificates

CSP

John Iliadis,...
CSP : The Cornerstone
of PKI.
An Overview

➢

➢

TTP : “an impartial organisation delivering
business confidence, through ...
CSP : The Cornerstone of
a Public Key
Infrastructure.
Technical Infrastructure
•
•
•

•

•

Certification Authority, provi...
CSP : The Cornerstone of a
Public Key Infrastructure.
Technical Infrastructure

Database
local to CSP

CSP
Directory
Servi...
CSP services
and functions
➢
➢

➢

➢
➢

➢

Electronic Registration
Key Personalisation, Generation, and
Repository
Certifi...
PKI
➢
➢
➢
➢

Set of CSPs
Interoperability and corroboration
Legal framework
Value-Added services
➢
➢
➢
➢

Timestamping
Inf...
European Directive on
Electronic Signatures
Directive aims at technology independence
Problem: Directive identifies requir...
Secure Signature
Creation Devices
Hardware tokens
– easier to deploy
– wide acceptance by public as a «secure»
method
– de...
Secure Signature Creation
Devices (cont.)
➢

Factors to consider:
➢
➢
➢

➢
➢

Ease of use,
confidence/acceptance by public...
Areas needing
further research
Identification and naming (global naming?
translation versus transliteration?),
Certificate...
Areas needing
further research
(cont.)
➢

➢

➢

Role of notaries and timestamping
authorities (underlying legal framework?...
Some interesting
problems to be studied
Certificate 1
Certificate 2
John Doe
John Doe
org: X
org: Y (X?)
Country: GR
Count...
Qualified
Value-added
Services
➢

➢

Need for «Qualified Value-added Services»
Should there be a limit on the kind of
serv...
Fashion and PKI
Current commercial PKI trends
– It’s fashionable
– It’s easy to deploy…
– It meets several security requir...
Fashion and PKI
(cont.)
…however:
– Typical installations and operation of
CSP software, withour prior analysis of
require...
Fashion and PKI
(cont.)
➢

➢
➢
➢
➢
➢
➢

Requirements->Services->Functions
->Implementation
Certificate and Security Policy...
Conclusion
PKI is a panacea for security as much
as aspirin is a panacea for pain.
Easing ulcer pains with aspirin
SHOULD ...
Upcoming SlideShare
Loading in …5
×

PKI: Is it worth something, or what?

465 views
398 views

Published on

Fifth European Intensive Programme on Information and Communication Technologies Security (IPICS 2002), organised by the University of the Aegean, Greece and IFIP. July 2002, Samos island, Greece

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
465
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

PKI: Is it worth something, or what?

  1. 1. University of the Aegean De Facto Joint Research Group PKI: Is it worth something, or what? John Iliadis1,2, Stefanos Gritzalis1 Department of Information and Communication Systems Engineering University of the Aegean E-mail: {jiliad,sgritz}@aegean.gr 1 2 Department of Informatics Technological Educational Institute of Athens E-mail: jiliad@cs.teiath.gr
  2. 2. Overview ➢ ➢ ➢ ➢ ➢ Communication Networks: Now and Then. Symmetric Cryptosystems versus Asymettric Cryptosystems Applications of Asymmetric Cryptosystems Facing Threats in Electronic Transactions Certification Service Providers, (a.k.a. Certification Authorities, a.k.a. Trusted Third Parties ???) ➢ ➢ ➢ EU Directive on Digital Signatures Further Research on PKI Conclusions John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 2 out of 37
  3. 3. Communication Networks: Now and Then ➢ Then: Centralised, Closed ➢ ➢ ➢ ➢ ➢ private or semi-private, no access allowed, wide spectrum of proprietary networking/communication protocols, expensive, targeted user group, early Internet instances. John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 3 out of 37
  4. 4. Communication Networks: Now and Then (cont.) ➢ Now: Distributed, Open ➢ ➢ ➢ ➢ ➢ ➢ no ownership, no central control, resilience. access to anyone, standardised protocols, low-cost access. John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 4 out of 37
  5. 5. Key Distribution Symmetric Cryptosystems ➢ ➢ ➢ ➢ Direct Key Translation Center Key Distribution Center Based on asymmetric techniques ➢ ➢ secret key agreement secret key transport John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 5 out of 37
  6. 6. Key Translation Center (symmetric crypto) 1 A 3 KTC 2 B 4 •A->KTC: enciphered key •KTC->B: sends B re-enciphered key, OR •KTC->A: sends A re-enciphered key •A->B: A sends B re-enciphered key John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 6 out of 37
  7. 7. Key Distribution Center (symmetric crypto) 1 A 2a KDC 2b B •A->KDC: request for shared key •KDC->A: sends A enciphered shared key •KDC->B: sends B enciphered shared key If KDC cannot communicate securely with B (2b), then A assumes responsibility for distribution of enciphered shared key to B John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 7 out of 37
  8. 8. Key Distribution in Symmetric Cryptosystems A Note ➢ All mechanisms require the existence of a shared symmetric or asymmetric key and an inline Key Center. Centralised Closed Private Proprietary protocols Expensive John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Distributed No ownership No central control Resilience Access to anyone Standardised protocols Low-cost access. Slide 8 out of 37
  9. 9. Key Distribution: Asymmetric Cryptosystems ➢ ➢ Protected channels (data origin authentication and data integrity protection, e.g. courier and registered mail) CSP-assisted (i.e. certificates) John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 9 out of 37
  10. 10. Key Distribution: Asymmetric Cryptosystems (cont.) CA 1 2 3 4 A B •A->CA: KeyA (?) •CA->A: CertificateA •CA<->B: CertificateA or CertificateCA •A->B: CertificateA John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 10 out of 37
  11. 11. Key Distribution in Asymmetric Cryptosystems - A Note ➢ Mechanisms require the existence of either an integrity protected channel, or at least an offline CSP* Centralised Closed Private Proprietary protocols Expensive *Other CSP operational requirements, like revocation, necessitate the online operation of CSPs John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Distributed No ownership No central control Resilience Access to anyone Standardised protocols Low-cost access. Slide 11 out of 37
  12. 12. Key Distribution: A Final Note The Case of Asymmetric versus Symmetric Cryptosystems, and vice-versa. Verdict: Innocent on all charges, both of them. – there are applications that necessitate symmetric crypto, like small scale closed networks, top-secret communication lines (onetime pads), requirements for fast encryption (e.g. slow processor speeds: smart cards) etc. – there are applications that necessitate asymmetric crypto, like applications over communication channels where one cannot protect the confidentiality of the exchanged messages (key distribution?) John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 12 out of 37
  13. 13. Key Distribution: A Final Note (cont.) The Case of Asymmetric versus Symmetric Cryptosystems, and vice-versa. Verdict 2: The Case should never have been taken to court! – There’s no point in excluding either one of them. Joint usage leads to best results (e.g. Digital Envelopes, asymmetric based distribution of symmetric keying material). – There are advantages and disadvantages in both. The main difference is in key management requirements: confidentiality against authenticity John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 13 out of 37
  14. 14. Key Distribution: A Final Note (cont.) Asymmetric crypto was not invented to meet the needs of new, distributed and loosely federated networking environments. It existed before. It has been a solution in search of a problem… John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 14 out of 37
  15. 15. Digital Certificates Offline authentication token Third, trusted entity vouches for it Expiration, revocation Contents: – – – – – – identification info of certificate holder identification info of CA public key of certificate holder expiration date other info (e.g. CSI location info) signed by CA John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 15 out of 37
  16. 16. Digital Signatures ➢ ➢ Generating certificate-supported signatures Non-repudiation ➢ ➢ ➢ Timestamping Non-repudiation mechanisms Underlying legal framework John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 16 out of 37
  17. 17. Some Threats in Electronic Transactions ➢ ➢ ➢ ➢ ➢ ➢ ➢ Monitoring of communication lines Shared key guessing/stealing Shared key stealing Unauthorised modification of information in transit Masquerade - Web spoofing Password stealing Unauthorised access John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 17 out of 37
  18. 18. Insecure Electronic Transactions Entity1 Network Entity2 insecure communication channel John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 18 out of 37
  19. 19. Facing Threats monitoring of communication lines Encryption with randomly generated shared session key shared session key stealing/guessing -cryptographically secure random key generators -encryption of shared session key with the public key of the receiving entity Non-authorised modification of (in-transit) information secure hashing algorithms for message authentication codes John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 19 out of 37
  20. 20. Facing Threats (cont.) Masquerade - Web spoofing Exchange of X509v3 certificates and verification against a Directory Password stealing Passwords are never transmitted in the network Unauthorised access Local ACL. Authentication by certificate verification John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 20 out of 37
  21. 21. Securing electronic transactions Entity1 Network Issuing certificates Entity2 Issuing certificates CSP John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 21 out of 37
  22. 22. CSP : The Cornerstone of PKI. An Overview ➢ ➢ TTP : “an impartial organisation delivering business confidence, through commercial and technical security features, to an electronic transaction” CSPs are Trusted Third Parties that control the life cycle of certificates John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 22 out of 37
  23. 23. CSP : The Cornerstone of a Public Key Infrastructure. Technical Infrastructure • • • • • Certification Authority, providing certificates. Registration Authority, registering users and binding their identities to certificates. Repositories, storage and dissemination entities containing CSP-related public material such as certificates and CRLs. Certificate holders, holding certificates issued from Cas, which they use in order to sign or authenticate themselves. Dependent entities, entities that use the certificates presented by other certificate holders in order to authenticate the latter or verify their signature. John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 23 out of 37
  24. 24. CSP : The Cornerstone of a Public Key Infrastructure. Technical Infrastructure Database local to CSP CSP Directory Services Certificate holder Dependent entity John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 24 out of 37
  25. 25. CSP services and functions ➢ ➢ ➢ ➢ ➢ ➢ Electronic Registration Key Personalisation, Generation, and Repository Certificates: Structure, Generation, Distribution, Storage, and Retrieval Certificate Directory Management CRLs: Structure, Generation and Maintenance, Distribution, Storage, and Retrieval Auditing John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 25 out of 37
  26. 26. PKI ➢ ➢ ➢ ➢ Set of CSPs Interoperability and corroboration Legal framework Value-Added services ➢ ➢ ➢ ➢ Timestamping Information Archiving Notary Public ... John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 26 out of 37
  27. 27. European Directive on Electronic Signatures Directive aims at technology independence Problem: Directive identifies requirements that fall under the scope of technology (e.g. secure signature creation devices, Annex III) Solution: Define sets of components that comply with the Directive. Caution needed when defining these sets; they must not conflict with other, underlying regulatory frameworks John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 27 out of 37
  28. 28. Secure Signature Creation Devices Hardware tokens – easier to deploy – wide acceptance by public as a «secure» method – degree of security awareness required: low Security requirements and evaluation standards – harder to deploy; compliance certification (enduser systems?) – degree of public confidence: low – degree of security awareness required: high John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 28 out of 37
  29. 29. Secure Signature Creation Devices (cont.) ➢ Factors to consider: ➢ ➢ ➢ ➢ ➢ Ease of use, confidence/acceptance by public, cost of implementation, operation and maintenance, security level and assurance, others... John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 29 out of 37
  30. 30. Areas needing further research Identification and naming (global naming? translation versus transliteration?), Certificate path validation (who? trust model?), Signature policy (underlying legal framework?), Scalable revocations and scalable suspensions (scalability, transparency?). John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 30 out of 37
  31. 31. Areas needing further research (cont.) ➢ ➢ ➢ Role of notaries and timestamping authorities (underlying legal framework? timely submission?), Trusted archival services (how long should an archive hold info? Who should it be revealed to?), Use of biometrics in relation to electronic signatures (beware: “panic password” versus finger cut-off…). John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 31 out of 37
  32. 32. Some interesting problems to be studied Certificate 1 Certificate 2 John Doe John Doe org: X org: Y (X?) Country: GR Country: GR In general, TTP service-level collaboration has to be studied further – cross-certification (technical, legal) – revocation – ... John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 32 out of 37
  33. 33. Qualified Value-added Services ➢ ➢ Need for «Qualified Value-added Services» Should there be a limit on the kind of services CSPs may develop and offer to the public? Should we ensure that the new services they will be providing in the future will not damage their impartiality? John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 33 out of 37
  34. 34. Fashion and PKI Current commercial PKI trends – It’s fashionable – It’s easy to deploy… – It meets several security requirements, through a wide set of security services ranging from confidentiality to public notary – It’s a panacea! John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 34 out of 37
  35. 35. Fashion and PKI (cont.) …however: – Typical installations and operation of CSP software, withour prior analysis of requirements and without designing a Security Policy and a Certificate Policy, are a present tense situation, at least on an internal company-wide level. The resulting problems will soon be present and tense. PKI is nor a cure-all, neither a magical solution to security problems John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 35 out of 37
  36. 36. Fashion and PKI (cont.) ➢ ➢ ➢ ➢ ➢ ➢ ➢ Requirements->Services->Functions ->Implementation Certificate and Security Policy of CSP Legal framework and regulations Complexity in design and development User-awareness needed Low user-acceptance Clearly not an InfoSec bandage John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 36 out of 37
  37. 37. Conclusion PKI is a panacea for security as much as aspirin is a panacea for pain. Easing ulcer pains with aspirin SHOULD BE AVOIDED AT ALL COSTS... John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 37 out of 37

×