Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...
PKI Secures Sensitive Electronic Communications
1. PKI & Personal Digital Certificates,
The Key to Securing Sensitive
Electronic Communications
December 2, 2010
Nicholas Davis
2. Agenda
• Introduction
• We will eat
• We will watch movies
• We will find an error in the textbook
• We will learn
• We will chat
• We will have fun
3. Twix
• Twix is a candy bar made by Mars, Inc.,
consisting of a biscuit finger, topped with
caramel and coated in milk chocolate. Being
somewhat smaller in width than other
confectionery bars, Twix bars are typically
packaged in pairs. Twix was first produced in the
UK in 1967, and introduced in the United States
in 1979
4. Overview
Why is electronic privacy such a hot
topic these days?
What is a digital certificate?
What is PKI?
Why are these technologies important?
Trusted Root Authorities
Using digital certificates for email encryption
Key Escrow, the double edged sword
Integrating digital certificates into email for
Security
How is PKI related to SSL?
Using certificates for code signing of software
Real world issues with PKI
Discussion
5. Whay is Electronic Privacy
Such a Hot Topic Today?
• Evolution of the Internet,
commerce, banking, healthcare
• Dependence on Email
• Government regulations, SOX,
HIPAA, GLB, PCI, FERPA
• Public Image
• Business warehousing
• Industrial Espionage
• The government
6. The Topic is More Interesting
When It Affects You!
8. Discussion Topic One
• Do you think the threat of Email
eavesdropping is real?
• What about the government’s argument
about Email being like a “postcard?”
• Should Target be allowed to look at
Walmart emails on a public network?
• Are you angry now, or just afraid?
• Who has the responsibility in this
situation?
10. Digital Certificates Continued
Digital Certificate
Electronic Passport
Good for authentication
Good non-repudiation
Proof of authorship
Proof of non-altered content
Encryption!
Better than username - password
12. Public and Private Keys
The digital certificate has two parts, a
PUBLIC key and a PRIVATE key
The Public Key is distributed to
everyone
The Private Key is held very closely
And NEVER shared
Public Key is used for encryption and
verification of a digital signature
Private Key is used for Digital signing and
decryption
14. Getting Someone’s Public Key
The Public Key must be shared to be
Useful
It can be included as part of your
Email signature
It can be looked up in an LDAP
Directory
Can you think of the advantages and
disadvantages of each method?
16. What is PKI?
• PKI is an acronym for Public Key
Infrastructure
• It is the system which manages and
controls the lifecycle of digital
certificates
• The PKI has many features
17. What Is In a PKI?
• Credentialing of individuals
• Generating certificates
• Distributing certificates
• Keeping copies of certificates
• Reissuing certificates
• Revoking certificates
• Renews certificates
18. Credentialing
• Non technical, but the most
important part of a PKI!
• A certificate is only as trustworthy as
the underlying credentialing and
management system
• Certificate Policies and Certificate
Practices Statement
19. Certificate Generation and Storage
• How do you know who you are
dealing with in the generation
process?
• Where you keep the certificate is
important
20. Distributing Certificates
• Can be done
remotely – benefits
and drawbacks
• Can be done face
to face – benefits
and drawbacks
21. Keeping Copies – Key Escrow
• Benefit –
Available in case
of emergency
• Drawback – Can
be stolen
• Compromise is
the best!
• Use Audit Trails,
separation of
duties and good
accounting
controls for key
escrow
22. Certificate Renewal
• Just like your passport, digital certificates
expire
• This is for the safety of the organization
and those who do business with it
• Short lifetime – more assurance of
validity but a pain to renew
• Long lifetime – less assurance of validity,
but easier to manage
• Can be renewed with same keypair or
new keypair depending on escrow
situation
23. Expiration
• A rare moment for me…I get to point out
and error in the textbook! (Page 418)
• A message signed with an expired private
key will show as invalid to the recipient
• However, a private key can ALWAYS be
used to decrypt a message, even an
expired private key.
• Nobody is perfect, forgive the textbook
author!
24. Revocation
• Just like Stefan Wahe’s dirving
license, it can (and should be) be
revoked prior to expiration
• CRL – Certificate Revocation List
• OCSP – Online Certificate Status
Protocol
• Both are real time
• In practice, both are rarely used
25. Recovery
• No escrow = no luck
• But with escrow it must be easy,
right? !!NOT!!
• Proving identity
• Getting copy from escrow
• Secure delivery to recipient
• Complex, tempting to cut corners,
but resist temptation!
• The book’s idea is even more
complex!
26. Trusted Root Authorities
• A certificate issuer
recognized by all
computers around
the globe
• Root certificates
are stored in the
computer’s central
certificate store
• Requires a
stringent audit and
a lot of money!
28. Using Certificates to Secure Email
• Best use for certificates, in my
opinion
• Digital certificate provides proof that
the email did indeed come from the
purported sender
• Public key enables encryption and
ensures that the message can only
be read by the intended recipient
29. Secure Email is Called
S/MIME
• S/MIME = Secure
Multipurpose Mail
Extensions
• S/MIME is the
industry standard,
not a point
solution, unique to
a specific vendor
30. Digital Signing of Email
• Proves that the email came from
you
• Invalidates plausible denial
• Proves through a checksum that the
contents of the email were not
altered while in transit
• Provides a mechanism to distribute
your public key
31. Digital Signatures Do Not Prove When
a Message or Document Was Signed
You need a
neutral third party
time stamping
service, similar to
how hostages
often have their
pictures taken in
front of a
newspaper to
prove they are still
alive!
32. Send Me a Signed Email, Please,
I Need Your Public Key
33. Using a Digital Signature for Email
Signing
Provides proof that the
email came from the
purported sender…Is
this email really from
Vice President Cheney?
Provides proof that the
contents of the email
have not been altered
from the original
form…Should we
really invade Mexico?
36. What if This Happens at Madison
College?
Could cause harm in
a critical situation
Case Scenario
Multiple hoax emails
sent with Chancellor’s
name and email.
When real crisis
arrives, people might
not believe the
warning.
It is all about trust!
37. Digital Signing Summary
• Provides proof of the author
• Testifies to message integrity
• Valuable for both individual or
mass email
• Supported by most email
clients….Remember the 80-20
rule..Perfect in the enemy of
good!
38. What Encryption Does
Encrypting data with a
digital certificate
Secures it end to end.
• While in transit
• Across the network
• While sitting on email
servers
• While in storage
• On your desktop
computer
• On your laptop computer
• On a server
39. Encryption Protects the Data At Rest
and In Transit
Physical theft from office
Physical theft from airport
Virtual theft over the network
40. Why Encryption is Important
• Keeps private information private
• HIPAA, FERPA, SOX, GLB compliance
• Proprietary research
• Human Resource issues
• Legal Issues
• PR Issues
• Industrial Espionage
• Over-intrusive Government
• You never know who is
listening and watching!
41. What does it actually look like in practice?
-Sending-
42. What does it actually look like in
practice (unlocking my private key)
-receiving-
43. What does it actually look like in practice?
-receiving- (decrypted)
45. What does it look like in practice?
-receiving- (intercepted)
46. Intercepting the Data in Transit
• How might encrypted email be a
security threat to your organization?
47. Digital Certificates For Machines Too
• SSL – Secure
Socket Layer
• Protection of data
in transit
• Protection of data
at rest
• Where is the
greater threat?
• Our certs protect
both!
48. Benefits of Using Digital
Certificates
Provide global assurance of your identity,
both internally and externally to the organization
Provide assurance of message authenticity
and data integrity
Keeps private information private, end to
end, while in transit and storage
You don’t need to have a digital certificate
To verify someone else’s digital signature
Can be used for individual or generic mail
accounts.
49. The Telephone Analogy
When the
telephone was
invented, it was
hard to sell.
It needed to
reach critical
mass and then
everyone wanted
one.
50. That All Sounds Great in Theory,
But Do I Really Need It?
• The world seems
to get along just
fine without digital
certificates…
• Oh, really?
• Let’s talk about
some recent
stories
52. How Do Users Feel About the
Technology?
• Ease of use
• Challenges
• Changes in how they do their daily
work
• Benefits
• Drawbacks
53. It Really Is Up To You!
• Digital certificates / PKI is not hard to
implement
• It provides end to end security of
sensitive communications
• It is comprehensive, not a mix of point
solutions
• You are the leaders of tomorrow, make
your choices count by pushing for
secure electronic communications!
55. Signatures - Evidence
• What is a signature?
• A signature is not part of the substance of a
transaction, but rather, it represents an
understanding, acceptance or indication of
agreement
• Evidence: A signature authenticates a person by
linking the signer with the signed document.
When the signer makes a mark in a distinctive
manner, the writing becomes attributable to the
signer.
• Example: Credit card receipt
56. Signatures – The Three Part Process
• Ceremony, Approval and Commitment
57. Signatures – The Three
Part Process
• Ceremony:
• The act of signing a document calls to the
signer's attention the significance of the
signer's act, and thereby helps prevent
reckless or careless commitments
58. Signatures – The Three
Part Process
• Approval:
• In certain contexts defined by law or
custom, a signature expresses the
signer's approval or authorization of
the writing, or the signer's intention
that it have legal effect
59. Signatures – The Three
Part Process
• Commitment:
• A signature on a written document
often imparts a sense of clarity and
finality to the transaction
60. Signatures
• Traditional signatures put the cart before
the horse!
• How can you be certain that a mortgage
application with Nicholas Davis’s
signature was indeed signed by Nicholas
Davis?
• As trusting people, we generally accept a
written signature at face value
61. Signatures
• Trust – When the going gets tough,
scoundrels can emerge, to challenge the
signature on a document
• Verification against other documents –
Assumes that you have access to other
signed documents and assumes that
signatures on those documents were not
forged
62. Signature
• Before a signature can be trusted, we
must have proof that the signature does
truly belong to the signer
• This is not as easy at it sounds…..
63. Signatures – Credentialing
Process
• Credentialing – An initial method of
attestation to the truth of certain stated
facts, such as identity.
• Example: Government photo ID, address
verification or proof of your SSN#, are all
attestation methods used to credential
people
64. Signatures – Authentication
Process
• Authentication – The process of verifying
that a person is in fact who they claim to
be
• Example: Showing your driver’s license to
the guard at the front desk authenticates
me as genuinely being Nicholas Davis
65. Signatures – Authorization
Process
• Authorization -- The granting of power or
authority to someone, to do something
specific
• Example: The information system
authorizes Nicholas Davis the rights to
view certain files
66. Signatures -- Trust
• In order for a signature to be relied upon
and trusted for authorization of a
transaction, the individual presenting the
signature must first be credentialed and
then authenticated, prior to allowing them
to authorize a transaction
• A three step process: Credentialing,
Authentication, Authorization
• In the world of written signatures,
organizations rarely credential or
authenticate people
67. Signatures -- Trust
• A written signature, provided without
a solid credentialing and
authentication process, can make
an organization and its customers
vulnerable to fraudulent transactions
• To further protect the organization
and our customers from fraud, we
look to information technology and
the use of digital signatures…..
68. Digital Signatures vs.
Written Signatures
• A digital signature provides proof of:
• Verified identity of the signer
• Document integrity (The document has not been
altered since it was digitally signed)
• Non-repudiation (the signer can’t deny signing the
document, as it was done with their digital certificate,
which only they had access to)
• A written signature provides proof of:
• Unverified identity of the signer
• Which type of signature provides a higher degree of
trust?
69. Digital Signatures – A Note About Identity Theft
• As the Internet and E-Commerce
continue to evolve and grow, it is
important to understand what this
change in business environment
means
• More and more traditional business
processes are being converted to
online applications
• It is harder to impersonate someone in
person than it is over the Internet
70. Digital Signatures
• Written signatures may be
acceptable in person, but are
impractical and risky when used in
an online transaction because, we
no longer can associate a face with
the signature
• If our processes are going digital, so
must our signatures!
71. Digital Signatures vs Electronic Signatures
• “Electronic signature” and “Digital
signature” are not synonymous.
• An electronic signature can be a symbol,
sound, or process used to sign a
document or transaction.
• A digital signature, on the other hand, is a
secure electronic signature which uses
encryption to authenticate the entity who
signed the document, encapsulate
document contents to protect from
unauthorized alteration and provide proof
of non-repudiation
72. Digital Signatures vs
Electronic Signatures
• A digital signature is a form of an
electronic signature, but an
electronic signature is not
necessarily a digital signature.
• Electronic signatures at best provide
only questionable proof of identity,
and do not provide proof of
information/message integrity or
non-repudiation
73. How Can I Help You?
ndavis1@wisc.edu
Tel. 608-347-2486