Public Key Infrastructure
– tell me in plain English AND THEN
deep technical how PKI works
Steve Lamb
stephlam@microsoft.c...
Objectives
Demystify commonly used terminology
Explain how PKI works
Get you playing with PKI in the lab
Make some simple ...
Agenda
Foundational Concept (level 200)
PKI and Signatures (level 330)
Recommendations (level 310)
Reference material
Comm...
What can PKI enable?
Secure Email – sign and/or encrypt messages
Secure browsing – SSL – authentication and encryption
Sec...
Foundational Concepts
Encryption vs. Authentication
Encrypted information cannot be automatically
trusted
You still need authentication
Which we...
Assets
What we are securing?
Data
Services (i.e. business etc. applications or their
individually accessible parts)

This ...
Digital Security as Extension of
Physical Security of Key Assets
Strong Physical
Security of KA

Weak Physical
Security of...
Remember CP and CPS!
“The Certification Practice & Certification
Practice Statement (CP/CPS) is a formal
statement that de...
Symmetric Key Cryptography
Plain-text input

Plain-text output

“AxCv;5bmEseTfid3)
fGsmWe#4^,sdgfMwi
r3:dkJeTsY8Rs@!q3
%”
...
Symmetric Pros and Cons
Strength:
Simple and really very fast (order of 1000 to 10000
faster than asymmetric mechanisms)
S...
Public Key Cryptography
Knowledge of the encryption key doesn’t give
you knowledge of the decryption key
Receiver of infor...
Public Key Encryption
Clear-text Input

Cipher-text
“Py75c%bn&*)9|fDe^
bDFaq#xzjFr@g5=&n
mdFg$5knvMd’rkveg
Ms”

“The quick...
Public Key Pros and Cons
Weakness:
Extremely slow
Susceptible to “known ciphertext” attack

Problem of trusting public key...
Hybrid Encryption (Real World)
Launch key
for nuclear
missile
“RedHeat”
is...

Symmetric
encryption
(e.g. DES)

Symmetric ...
Hybrid Decryption
*#$fjda^j
u539!3t
t389E *&@
5e%32^kd

Launch key
for nuclear
missile
“RedHeat”
is...

Symmetric
decrypti...
PKI and Signatures
Public Key Distribution Problem
We just solved the problem of symmetric key distribution
by using public/private keys
But…...
Eureka!
We need PKI to solve that problem
And a few others…
Creating a Digital Signature
Message or File

128 bits
Message Digest

This is a
really long
message
about
Bill’s…

Digita...
Verifying a Digital Signature
Digital Signature
Jrf843kjf
gf*£$&Hd
if*7oUsd
*&@:<CHD
FHSD(**

Asymmetric
decryption
(e.g. ...
Word About Smartcards
Some smartcards are “dumb”, i.e. they are only a
memory chip
Not recommended for storing a private k...
Recommendations
Don’t be scared of PKI!
Set up a test environment to enable hyou to
“play”
Minimise the scope of your firs...
Summary
Cryptography is a rich and amazingly mature
field
We all rely on it, everyday, with our lives

Know the basics and...
References
Visit www.microsoft.com/security
Read sci.crypt (incl. archives)
Attend SEC499 for “Encryption in Detail” on Fr...
Thanks to Rafal Lukawiecki for providing some of the content
for this presentation deck – his contact details are as
follo...
Common Algorithms
DES, IDEA, RC2, RC5, Twofish
Symmetric
DES (Data Encryption Standard) is still the most popular
Keys very short: 56 bits
B...
Rijndael (AES)
Standard replacement for DES for US government, and,
probably for all of us as a result…
Winner of the AES ...
CAST and GOST
CAST
Canadians Carlisle Adams & Stafford Tavares
64 bit key and 64 bit of data
Chose your S-boxes
Seems resi...
Careful with Streams!
Do NOT use a block cipher in a loop
Use a crypto-correct technique for treating
streams of data, suc...
RC4
Symmetric
Fast, streaming encryption

R. Rivest in 1994
Originally secret, but “published” on sci.crypt

Related to “o...
RSA, DSA, ElGamal, ECC
Asymmetric
Very slow and computationally expensive – need a computer
Very secure

Rivest, Shamir, A...
Quantum Cryptography
Method for generating and passing a secret key or a random stream
Not for passing the actual data, bu...
MD5, SHA
Hash functions – not encryption at all!
Goals:
Not reversible: can’t obtain the message from its hash
Hash much s...
Diffie-Hellman, “SSL”, Certs
Methods for key generation and exchange
DH is very clever since you always generate a new “ke...
Cryptanalysis
Brute force
Good for guessing passwords, and some 40-bit symmetric keys (in
some cases needed only 27 attemp...
Strong Systems
It is always a mixture! Changes all the time…
Symmetric:
AES, min. 128 bits for RC2 & RC5, 3DES, IDEA, care...
Weak Systems
Anything with 40-bits (including 128 and 56 bit versions
with the remainder “fixed”)
Most consider DES as fai...
Upcoming SlideShare
Loading in …5
×

Pki by Steve Lamb

880 views

Published on

PKI by Steve Lamb

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
880
On SlideShare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
28
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Pki by Steve Lamb

  1. 1. Public Key Infrastructure – tell me in plain English AND THEN deep technical how PKI works Steve Lamb stephlam@microsoft.com http://blogs.technet.com/steve_lamb IT Pro Security Evangelist Microsoft Ltd
  2. 2. Objectives Demystify commonly used terminology Explain how PKI works Get you playing with PKI in the lab Make some simple recommendations
  3. 3. Agenda Foundational Concept (level 200) PKI and Signatures (level 330) Recommendations (level 310) Reference material Common Algorithms (level 360)
  4. 4. What can PKI enable? Secure Email – sign and/or encrypt messages Secure browsing – SSL – authentication and encryption Secure code – authenticode Secure wireless – PEAP & EAP-TLS Secure documents – Rights Management Secure networks – segmentation via IPsec Secure files – Encrypted File System(EFS)
  5. 5. Foundational Concepts
  6. 6. Encryption vs. Authentication Encrypted information cannot be automatically trusted You still need authentication Which we can implement using encryption, of course
  7. 7. Assets What we are securing? Data Services (i.e. business etc. applications or their individually accessible parts) This session is not about securing: People (sorry), cables, carpets, typewriters and computers (!?) Some assets are key assets Passwords, private keys etc…
  8. 8. Digital Security as Extension of Physical Security of Key Assets Strong Physical Security of KA Weak Physical Security of KA Strong Physical Security of KA Strong Digital Security Strong Digital Security Weak Digital Security Good Security Everywhere Insecure Environment Insecure Environment
  9. 9. Remember CP and CPS! “The Certification Practice & Certification Practice Statement (CP/CPS) is a formal statement that describes who may have certificates, how certificates are generated and what they may be used for.” http://www.nhsia.nhs.uk/pathology/pages/docum ents/cp_cps.doc
  10. 10. Symmetric Key Cryptography Plain-text input Plain-text output “AxCv;5bmEseTfid3) fGsmWe#4^,sdgfMwi r3:dkJeTsY8Rs@!q3 %” “The quick brown fox jumps over the lazy dog” Cipher-text “The quick brown fox jumps over the lazy dog” Encryption Decryption Same key (shared secret)
  11. 11. Symmetric Pros and Cons Strength: Simple and really very fast (order of 1000 to 10000 faster than asymmetric mechanisms) Super-fast (and somewhat more secure) if done in hardware (DES, Rijndael) Weakness: Must agree the key beforehand Securely pass the key to the other party
  12. 12. Public Key Cryptography Knowledge of the encryption key doesn’t give you knowledge of the decryption key Receiver of information generates a pair of keys Publish the public key in a directory Then anyone can send him messages that only she can read
  13. 13. Public Key Encryption Clear-text Input Cipher-text “Py75c%bn&*)9|fDe^ bDFaq#xzjFr@g5=&n mdFg$5knvMd’rkveg Ms” “The quick brown fox jumps over the lazy dog” Clear-text Output “The quick brown fox jumps over the lazy dog” Encryption public Recipient’s public key Decryption Different keys private Recipient’s private key
  14. 14. Public Key Pros and Cons Weakness: Extremely slow Susceptible to “known ciphertext” attack Problem of trusting public key (see later on PKI) Strength Solves problem of passing the key Allows establishment of trust context between parties
  15. 15. Hybrid Encryption (Real World) Launch key for nuclear missile “RedHeat” is... Symmetric encryption (e.g. DES) Symmetric key encrypted asymmetrically (e.g., RSA) RNG Digital Envelope As above, repeated for other recipients or recovery agents User’s public key (in certificate) RandomlyGenerated symmetric “session” key *#$fjda^j u539!3t t389E *&@ 5e%32^kd Digital Envelope Other recipient’s or agent’s public key (in certificate) in recovery policy
  16. 16. Hybrid Decryption *#$fjda^j u539!3t t389E *&@ 5e%32^kd Launch key for nuclear missile “RedHeat” is... Symmetric decryption (e.g. DES) Symmetric “session” key Recipient’s private key Asymmetric decryption of “session” key (e.g. RSA) Digital envelope contains “session” key encrypted using recipient’s public key Digital Envelope Session key must be decrypted using the recipient’s private key
  17. 17. PKI and Signatures
  18. 18. Public Key Distribution Problem We just solved the problem of symmetric key distribution by using public/private keys But… Scott creates a keypair (private/public) and quickly tells the world that the public key he published belongs to Bill People send confidential stuff to Bill Bill does not have the private key to read them… Scott reads Bill’s messages 
  19. 19. Eureka! We need PKI to solve that problem And a few others…
  20. 20. Creating a Digital Signature Message or File 128 bits Message Digest This is a really long message about Bill’s… Digital Signature Jrf843kjfgf* £$&Hdif*7o Usd*&@:<C HDFHSD(** Py75c%bn&*)9|fDe^b DFaq#xzjFr@g5=&n mdFg$5knvMd’rkveg Ms” Hash Function (SHA, MD5) Calculate a short message digest from even a long input using a one-way message digest function (hash) Asymmetric Encryption private Signatory’s private key
  21. 21. Verifying a Digital Signature Digital Signature Jrf843kjf gf*£$&Hd if*7oUsd *&@:<CHD FHSD(** Asymmetric decryption (e.g. RSA) Py75c%bn&*) 9|fDe^bDFaq #xzjFr@g5= &nmdFg$5kn vMd’rkvegMs” ? == ? Signatory’s public key Everyone has access to trusted public key of the signatory Are They Same? Same hash function (e.g. MD5, SHA…) This is a really long message about Bill’s… Py75c%bn&*) 9|fDe^bDFaq #xzjFr@g5= &nmdFg$5kn vMd’rkvegMs” Original Message
  22. 22. Word About Smartcards Some smartcards are “dumb”, i.e. they are only a memory chip Not recommended for storing a private key used in a challenge test (verifying identity) Anyway, they are still better than leaving keys on a floppy disk or on the hard drive Cryptographically-enabled smartcards are more expensive but they give much more security Private key is secure and used as needed Additional protection (password, biometrics) is possible Hardware implements some algorithms Self-destruct is possible
  23. 23. Recommendations Don’t be scared of PKI! Set up a test environment to enable hyou to “play” Minimise the scope of your first implementation Read up on CP & CPS Document the purpose and operating procedures of your PKI
  24. 24. Summary Cryptography is a rich and amazingly mature field We all rely on it, everyday, with our lives Know the basics and make good choices avoiding common pitfalls Plan your PKI early Avoid very new and unknown solutions Certificate Policy Certification Practises statement
  25. 25. References Visit www.microsoft.com/security Read sci.crypt (incl. archives) Attend SEC499 for “Encryption in Detail” on Friday at 14.45 in Room 1 For more detail, read: Cryptography: An Introduction, N. Smart, McGraw-Hill, ISBN 0-07-709987-7 Practical Cryptography, N. Ferguson & B. Schneier, Wiley, ISBN 0-471-22357-3 Contemporary Cryptography, R. Oppliger, Artech House, ISBN 1-58053-642-5 (to be published May 2005, see http://www.esecurity.ch/Books/cryptography.html) Applied Cryptography, B. Schneier, John Wiley & Sons, ISBN 0-471-11709-9 Handbook of Applied Cryptography, A.J. Menezes, CRC Press, ISBN 0-84938523-7, www.cacr.math.uwaterloo.ca/hac (free PDF) PKI, A. Nash et al., RSA Press, ISBN 0-07-213123-3 Foundations of Cryptography, O. Goldereich, www.eccc.uni-trier.de/eccc-local/ECCC-Books/oded_book_readme.html Cryptography in C and C++, M. Welschenbach, Apress, ISBN 1-893115-95-X (includes code samples CD)
  26. 26. Thanks to Rafal Lukawiecki for providing some of the content for this presentation deck – his contact details are as follows… rafal@projectbotticelli.co.uk Strategic Consultant, Project Botticelli Ltd Copyright 2004 © Project Botticelli Ltd & Microsoft Corp. E&OE. For informational purposes only. No warranties of any kind are made and you have to verify all information before relying on it. You can re-use this presentation as long as you read, agree, and follow the guidelines described in the “Comments” field in File/Properties.
  27. 27. Common Algorithms
  28. 28. DES, IDEA, RC2, RC5, Twofish Symmetric DES (Data Encryption Standard) is still the most popular Keys very short: 56 bits Brute-force attack took 3.5 hours on a machine costing US$1m in 1993. Today it is done real-time Triple DES (3DES) more secure, but better options about Just say no, unless value of data is minimal IDEA (International Data Encryption Standard) Deceptively similar to DES, and “not” from NSA 128 bit keys RC2 & RC5 (by R. Rivest) RC2 is older and RC5 newer (1994) - similar to DES and IDEA Blowfish, Twofish B. Schneier’s replacement for DES, followed by Twofish, one of the NIST competition finalists
  29. 29. Rijndael (AES) Standard replacement for DES for US government, and, probably for all of us as a result… Winner of the AES (Advanced Encryption Standard) competition run by NIST (National Institute of Standards and Technology in US) in 1997-2000 Comes from Europe (Belgium) by Joan Daemen and Vincent Rijmen. “X-files” stories less likely (unlike DES). Symmetric block-cipher (128, 192 or 256 bits) with variable keys (128, 192 or 256 bits, too) Fast and a lot of good properties, such as good immunity from timing and power (electric) analysis Construction, again, deceptively similar to DES (Sboxes, XORs etc.) but really different
  30. 30. CAST and GOST CAST Canadians Carlisle Adams & Stafford Tavares 64 bit key and 64 bit of data Chose your S-boxes Seems resistant to differential & linear cryptanalysis and only way to break is brute force (but key is a bit short!) GOST Soviet Union’s “version” of DES but with a clearer design and many more repetitions of the process 256 bit key but really 610 bits of secret, so pretty much “tank quality” Backdoor? Who knows…
  31. 31. Careful with Streams! Do NOT use a block cipher in a loop Use a crypto-correct technique for treating streams of data, such as CBC (Cipher Block Chaining) For developers: .NET Framework implements it as ICryptoTransform on a crypto stream with any supported algorithm
  32. 32. RC4 Symmetric Fast, streaming encryption R. Rivest in 1994 Originally secret, but “published” on sci.crypt Related to “one-time pad”, theoretically most secure But! It relies on a really good random number generator And that is the problem Nowadays, we tend to use block ciphers in modes of operation that work for streams
  33. 33. RSA, DSA, ElGamal, ECC Asymmetric Very slow and computationally expensive – need a computer Very secure Rivest, Shamir, Adleman – 1978 Popular and well researched Strength in today’s inefficiency to factorise into prime numbers Some worries about key generation process in some implementations DSA (Digital Signature Algorithm) – NSA/NIST thing Only for digital signing, not for encryption Variant of Schnorr and ElGamal sig algorithm ElGamal Relies on complexity of discrete logarithms ECC (Elliptic Curve Cryptography) Really hard maths and topology Improves RSA (and others)
  34. 34. Quantum Cryptography Method for generating and passing a secret key or a random stream Not for passing the actual data, but that’s irrelevant Polarisation of light (photons) can be detected only in a way that destroys the “direction” (basis) So if someone other than you observes it, you receive nothing useful and you know you were bugged Perfectly doable over up-to-120km dedicated long fibre-optic link Seems pretty perfect, if a bit tedious and slow Practical implementations still use AES/DES etc. for actual encryption Magiq QPN: http://www.magiqtech.com/press/qpn.pdf Don’t confuse it with quantum computing, which won’t be with us for at least another 50 years or so, or maybe longer…
  35. 35. MD5, SHA Hash functions – not encryption at all! Goals: Not reversible: can’t obtain the message from its hash Hash much shorter than original Two messages won’t have the same hash MD5 (R. Rivest) 512 bits hashed into 128 Mathematical model still unknown But it resisted major attacks SHA (Secure Hash Algorithm) US standard based on MD5
  36. 36. Diffie-Hellman, “SSL”, Certs Methods for key generation and exchange DH is very clever since you always generate a new “keypair” for each asymmetric session STS, MTI, and certs make it even safer Certs (certificates) are the most common way to exchange public keys Foundation of Public Key Infrastructure (PKI) SSL uses a protocol to exchange keys safely See later
  37. 37. Cryptanalysis Brute force Good for guessing passwords, and some 40-bit symmetric keys (in some cases needed only 27 attempts) Frequency analysis For very simple methods only (US mobiles) Linear cryptanalysis For stronger DES-like, needs 243 plain-cipher pairs Differential cryptanalysis Weaker DES-like, needs from 214 pairs Power and timing analysis Fluctuations in response times or power usage by CPU
  38. 38. Strong Systems It is always a mixture! Changes all the time… Symmetric: AES, min. 128 bits for RC2 & RC5, 3DES, IDEA, carefully analysed RC4, 256 bit better Asymmetric: RSA, ElGamal, Diffie-Hellman (for keys) with minimum 1024 bits (go for the maximum, typically 4096, if you can afford it) Hash: Either MD5 or SHA but with at least 128 bit results, 256 better
  39. 39. Weak Systems Anything with 40-bits (including 128 and 56 bit versions with the remainder “fixed”) Most consider DES as fairly weak algorithm CLIPPER A5 (GSM mobile phones outside US) Vigenère (US mobile phones) Dates from 1585! Unverified certs with no trust Weak certs (as in many “class 1” personal certs)

×