1 / 22

Public Key Management

Public Key Management. Brent Waters. Last Time . Saw multiple one-way function candidates for sigs. OWP (AES) Discrete Log Trapdoor Permutation (RSA) Went over RSA-based signatures in detail. DSA (Digital Signature Algorithm). Discrete log based signature scheme

Télécharger la présentation

Public Key Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Public Key Management Brent Waters

  2. Last Time • Saw multiple one-way function candidates for sigs. • OWP (AES) • Discrete Log • Trapdoor Permutation (RSA) • Went over RSA-based signatures in detail

  3. DSA (Digital Signature Algorithm) • Discrete log based signature scheme • Similar to El Gamal Signatures • 1991 NIST proposed • Became first govt. adopted signature scheme • Short signatures • 2 160-bit components • Slow signing and verification • Exponentiation • Awkward description • Security reduces to funny assumption

  4. RSA Patent (until 2000) Longer sigs ~200 bytes Encryption (Export Controls) DSA Patent Free Short Signatures ~40bytes No encryption Why DSA standard?

  5. I ambob@stanford.edu Public Key Certificate Certificate Encrypted Message CA master-key Public Key Management • How does Alice obtain Bob’s public key • Answer: Certificate Authority signs other keys

  6. Certificates • X.509 Standard cert= name, org, address | public key |expiration |... + signature of certificate by C.A. Extensions (Version 3) Sign certs only... Bob obtains certificate offline

  7. How do we validate Certificate Auth? • Alice must have public key of certificate authority • Publish in N.Y. Times • Everyone see, adversary cannot forge all • Make sure Jayson Blair not on staff • Not realistic • Ships with Browser or Operating System • Done in practice

  8. Trust in CA • C.A. is trusted • If compromised can forge a cert for Bob • Attack might be detected • CA key should be strongly guarded • BBN SafeKeeper: tempest attacks

  9. Public Key Generation Algorithm • 1) Alice generates pub/priv. key pair sends pub to CA • 2) CA verifies Alice knows private key • Challenge/response • Self-signed certificate • 3) CA generates cert and sends to Alice • CA doesn’t know Alice’s key

  10. A1 A2 A3 A4 A1 A2 CA Trust models (Symmetric vs Public) Symmetric Public Key Pub/cert KDC Pub/cert

  11. Symmetric Online KDC Knows my key If compromised past+future gone (forward security helps—guesses?) Public Offline Knows only public key Harder to do attack Only future messages exposed Trust models (Symmetric vs Public)

  12. A A CA1 CA2 Cross Domain Certification Many domains, can’t load them all How does Bob verify if doesn’t even have CA key?

  13. Hierarchical solution root Stanford Amazon Cert chain: Check cert all way to root Hierarchies are pretty flat in practice cs

  14. A B C Web of Trust No authority: I trust A who trusts B.... Which model do you like better?

  15. Certificate Revocation • Revoke Bob’s certificate • Private key is stolen • Leaves company, doesn’t own ID • Expiration Date in Cert (1 year) • CRL Periodically send lists to everyone Long lists, hard to manage • OSCP (Online Certificate status protocol) Online authority to answer queries Signing key at risk if distribute authorities

  16. Certificate Revocation Is B revoked A VA1 Proof of Y/N Secure VA VA2 Order revoked certs and build hash tree Secure VA signs root Either show path of revoked or prove by neighbors

  17. A bit disappointing ... • , but now have an on-line party again

  18. Price of Security • How much for 1 year certificate? • $349 • 40 bit security on some browsers • $995 (Pro Version)

  19. Certificates in Practice

  20. Certificates in Practice

  21. Certificates in Practice

  22. I Counted 105 How many “root” certs on your browser?

More Related