This document discusses public key cryptography and authentication frameworks. It covers:
- Public key cryptography uses key pairs (public and private keys) to authenticate identity and encrypt/sign data.
- Authentication frameworks like X.509 use a certification authority to issue certificates that bind users' identities to their public keys.
- PGP uses a "web of trust" where users can sign each other's keys rather than relying on a central authority.
- ID-based cryptography aims to simplify authentication frameworks by deriving public keys directly from users' identities.
2. Public-Key Cryptography
• Public key cryptography involves a pair of keys known as
a public key and a private key (a public key pair), which
are associated with an entity that needs to authenticate its
identity electronically or to sign or encrypt data.
• Each public key is published and the corresponding
private key is kept secret.
• Public-key = F(Private-key)
3.
4. Authentication Framework
• A "simple" key-management method requires each parties to manage
huge number of public keys in an open communication.
• In public-key cryptography a trusted principal helps in the management
of secret keys.
• Service is a combination of sub-services such as key registration,
authentication and name-directory.
• Relationship has to be established between the server principal to
conduct a secure communication.
• Each end user has to manage a single secret key shared with the
authentication server.
5. • Key-management service is called public-key certification service, and a
trusted server is called a certification authority (CA).
• CA will issue a public-key certificate for each end user in the domain of
that CA.
• A public-key certificate is a structured data record with uniquely
identifiable identity of the holder and public key parameter.
• Certificate is digitally signed by the issuing CA which provides a
cryptographic binding between the holder's identity and their public key.
• Thus the verification principal establishes a secure key channel between
the CA and the end user.
8. Certificate Issuance
• In the issuance of a certificate, a CA validate the identity of a principal
who requests a certificate.
• The principal should also prove that she/he knows the private
component of the public key to be certified.
• The proof can either be in the form of a user creating a signature,
verifiable using the public key, or zero-knowledge proof protocol
between the user and the CA.
• Some applications requires the private component of a public key to
have certain structure.
• In such applications, a zero-knowledge protocol can be designed to
enable a proof of the needed structure.
9. Certificate Revocation
• Compromise of a user's private key or a change of user information are
two examples of this situation.
• In the case of the directory-based certification framework, the root CA
should maintain a hot list of the revoked certificates in online.
• Alternatively, the root CA may issue a "D-revocation list”, which only
contains newly revoked certificates.
• The system-wide users can update their local copies of the certificate
revocation list whenever they receive a D-revocation list.
• A revocation of a certificate should be timestamped by the revocation
CA.
• Signatures of a principal issued prior to the date of her/his certificate's
revocation is considered as valid.
10. Framework - X.509 Public-key Certification
Framework
• The standard public-key certification framework, called the X.509 [152]
certification infrastructure, called a directory information tree (DIT).
• In such a tree hierarchy, each node represents a principal whose public-
key certificate is issued by its immediate parent node.
• The leaf nodes are end-user principals.
• The non-leaf nodes are CAs at various levels and domains
• Each of these domains has many sub-domains, e.g, the education
domain has various university sub-domains.
• The root node is called the root CA which is a well-known principal in
the whole system.
• The root CA should certify its own public key.
• Two end-user principals can establish a secure communication channel
by finding upward in the DIT a CA who is the nearest common ancestor
node of them.
11. PGP "Web of Trust"
• PGP "web of trust" or "key-ring" (PGP stands for "Pretty Good Privacy"
which is a secure e-mail software developed by Zimmermann.
• This authentication model scales up in an unhierarchical manner.
• In the PGP "web of trust," any individual can be a "CA" for any other
principals in the system by signing their "key certificates" which is simply
a pair name key .
• Evidently, the signing relationship forms a web structure.
• Thus, when Alice wants to establish the authenticity of Bob's key, she
should request to see a number of Bob's "key certificates." If some of
the issuing "CAs" of these certificates are "known" by Alice "to some
extent," then she gains a certain level of authenticity about Bob's public
key. Alice can demand Bob to provide more "certificates" until she is
satisfied with the level of the trust.
12. Simple Public Key Infrastructure (SPKI)
• A directory-based public-key certification framework named SPKI is also
a tree-structured framework, similar to an X.509 key certification
framework.
• However, its naming convention includes a person's usual name and a
hash of the public key value.
• This naming method is suggested by Rivest and Lampson in SDSI (which
stands for "A Simple Distributed Security Infrastructure").
• SDSI features localization naming rules.
• These features also aim to make a decentralized authentication and
authorization framework.
• Thus, a SPKI name is also called a SDSI name.
• SPKI also considers "authorization" and "delegation" entries which carry
authorization and delegation information.
13. Protocols associated with X.509 Public-key
Authentication Infrastructure
• Certificate Management Protocol (CMP) : This protocol supports online
interactions between Public Key Infrastructure (PKI) components.
• For example, a management protocol might be used between a
Certification Authority (CA) and a client system with which a key pair is
associated with two CAs that issue cross-certificates for each other.
• These interactions are needed when, e.g., an entity is required to prove
the possession of a private key upon its request for key certification or
key update.
• Online Certificate Status Protocol (OCSP) : This protocol enables
applications to determine the (revocation) state of an identified
certificate.
• OCSP may be used to satisfy some of the operational requirements of
providing more timely revocation information than is possible with CRLs
and may also be used to obtain additional status information
14. Protocols associated with X.509 Public-key
Authentication Infrastructure
• Internet X.509 Public Key Infrastructure Time Stamp Protocols : This
protocol consists of a request sent to a Time Stamping Authority
(TSA) and of the response that is returned.
• Non-repudiation services require the ability to establish the existence
of data before specified times.
• This protocol may be used as a building block to support such
services.
• Internet X.509 Public Key Infrastructure Operational Protocols: FTP
and HTTP.
• This is a specification of protocol conventions for PKI to use the File
Transfer Protocol (FTP) and the Hypertext Transfer Protocol (HTTP) to
obtain certificates and certificate revocation lists (CRLs) from PKI
repositories.
15.
16. Non-Directory Based Authentication Framework
• The key generation procedure in the usual sense of public-key
cryptography renders all public keys random. Consequently, it is
necessary to associate a public key with the identity information of
its owner in an authentic manner.
• We have seen that such an association can be realized by a public-
key authentication framework: a tree-like hierarchical public-key
certification infrastructure (e.g., X.509 certification framework).
However, to establish and maintain a tree hierarchy, PKI incur a
non-trivial level of system complexity and cost.
• It has long been desired that the standard public-key authentication
framework be simplified.
• It is reasonable to think that, if public keys are not random-looking,
then the system complexity and the cost for establishing and
maintaining the public-key authentication framework may be
reduced.
• Postal mail systems work properly this way.
• Private-key = F(Master-key, Public-key)
17. Shamir's ID-Based Signature Scheme
• In Shamir's ID-based signature scheme there are four
algorithms:
Setup: this algorithm is operated by TA (from now on let
us call TA Trent) to generate global system parameters and
master-key.
User-key-generate: this algorithm (also operated by Trent),
inputting master-key and an arbitrary bit string id {0, 1}*,
outputs private-key which corresponds to id;
Sign: a signature generation algorithm; inputting a
message and the signer's private key, it outputs a signature.
Verify: a signature verification algorithm; inputting a
message-signature pair and id, it outputs True or False.