Title: Advantages and Disadvantages of Public Key Infrastructure PKI Trust Models
1Advantages and Disadvantages of Public Key
Infrastructure (PKI) Trust Models
- Allen A. Hughes, Ph.D.
- Assistant Professor of MIS
- George Mason University
- February 21, 2002
2Topics
- Cryptography Fundamentals
- Cryptographic Services
- Secret v. Public Key
- Ensuring a Secure Channel
- Problems of Secret Key for E-Commerce
Transactions - Public Key Cryptography
- RSA Algorithm Properties
- Public Key Encryption and Digital Signature
- Digital Certificates and X.509
- Key Management Issues
- PKI--Definition and Goal
- Models and Architectures
- Single Root Certification Authority (CA)
- Single Root CA plus Registration Authorities (RA)
- Multiple CAs (Oligarchy)
- Configured CAs plus Delegated CAs
- Anarchy (PGP--Pretty Good Privacy)
- Top-Down (PEM--Privacy Enhanced Mail)
- Summary
3Cryptographic Services
- Confidentiality
- content of the transaction is disclosed only to
the intended recipient - Integrity
- content of the transaction arrives unchanged
- Authentication
- sender and receiver are who they say they are
- Non-repudiation
- strong form of authentication
- cannot (reasonably) deny your role in the
transaction - convince others also (such as a judge)
4Secret Key Encryption
Secret Key
Joe
Sam
Secret Key
- Need a secure channel to exchange the key
5Ensuring a Secure Channel
- Agree in advance
- Exchange keys in person
- Exchange keys by special mail
- Exchange keys over the network
- Special procedures
- Not in cleartext
- Agree on an impulse
- Merchants would want sales from impulse buying
- Other?
6Problems of Secret Key for E-Commerce
Transactions
- General Proliferation of Secret Keys
- keys n (n-1) / 2 , where
- n is the number of nodes in a communications
network - Questions
- How does a merchant set up enough secret keys for
its customers? - Should we actually consider the number of
potential customers, in which case the number of
secret keys really escalates. - Secret keys would be special use, i.e., a
customer for a merchant would not use the same
secret key for transactions with another
merchant, whether it be a competitor or something
else.
7Secret v. Public Key
Secret Key
Secret Key
Joe
Sam
Sams PUBLIC Key
Sams PRIVATE Key
- Secret Key Symmetric--Same key to encrypt and
decrypt - Public Key Asymmetric--Different keys to
encrypt and decrypt -
8Public Key Cryptography
- Origins can be traced to British Bletchly Park in
the 1940s and 1950s. Details were classified
until the mid-1990s. - Diffie and Hellman generally credited with
inventing public key systems in 1976. - Algorithm for generating a shared key on impulse.
- Rivest, Shamir, and Adelman (RSA) algorithm
published in 1978.
9RSA Algorithm Properties
- 2-part key-pair (Public and Private)
- Algorithm is such that sender encrypts with the
receivers public key and receiver decrypts with
the private key. - Encryption and decryption are commutative--either
order of using key-pair achieves the same result. - Can use this property to create a unique digital
signature to authenticate the sender.
10Public Key Encryption and Digital Signature
Sams Public Key
Sams Private Key
Joe
Sam
Joes Private Key
Joes Public Key
Joes Private Key
Sams Public Key
Joes Public Key
Sams Private Key
Sams Public Key
Sams Private Key
Joes Private Key
Joes Public Key
11Public Key Encryption(Discrete Math/Modulus
Arithmetic)
12PKI--Definition and Goal
- Set of protocols, clients, servers, and processes
to allow merchants to validate customers - Peter Denning, George Mason University
- Loosely defined as the set of infrastructural
services that support the wide-scale use of
public key-based digital signatures and
encryption. - Warwick Ford and Michael Baum, VeriSign
- The goal of PKI is to enable secure, convenient,
and efficient discovery of public keys. - Radia Perlman, Sun Microsystems
13Key Management Issues
- Generating keys
- Keeping backup keys
- Handling compromised keys
- Changing/Reissuing keys
- Destroying expired keys
- Reliable distribution of public keys
- Reliable meaning integrity and authentication
14Public Key Certificates
- Reliable distribution of public keys
- Reliable meaning integrity and authentication
- Public-key Encryption
- Sender needs public key of receiver
- Public-key Digital Signatures
- Receiver needs public key of sender
- Public-key Key Agreement
- Both need each others public keys
15Digital Certificates and X.509
- A digital certificate is electronic
identification that is issued to an individual by
a trusted entity (certificate authority). - The digital certificates contains the public key
of the individual and establishes trust that the
public key is authentic. - The certificate authority is a trusted
third-party that issues a certificate based on an
established set of authentication, background
check, and security procedures. - X.509 is the ISO/ANSI Standard establishing the
content and format for digital certificates
16Digital Certificates and X.509
- License to compute
- A digital certificate is issued by an Authority
that the members have in common. - A digital certificate is issued based on some set
of policies and rules. - A digital certificate provides a means of trust
and identification.
17Digital Certificates and X.509(concluded)
- Certificate Contents
- Version
- Serial Number
- Signature Algorithm
- RSA MD5, 512
- Issuer
- Validity Period
- Subject
- Subject Public Key Info
- Owners Public Key
- Owners Digital Signature
- Issuers Digital Signature
- Certificate Role
- Confirm Identity
- Verify Electronic Information
- Offers Confidentiality via Encryption
18PKI Models and Architectures
- Single-Root Certification Authority (CA)
- Single-Root CA plus Registration Authorities (RA)
- Multiple CAs (Oligarchy)
- Configured CAs plus Delegated CAs
- Anarchy (PGP--Pretty Good Privacy)
- Top-Down (PEM--Privacy Enhanced Mail)
- Flexible Bottom-Up
- Up-Cross-Down
- Relative Names
- SET--Secure Electronic Transactions
- MISSI--Multilevel Information Systems Security
Initiative (DoD)
19General Hierarchical Structure
20Single-Root Certificate Authority (CA)
- Description
- All certificates (for the world) are obtained
from one organization that runs the CA. Public
key of the Root CA would be embedded in the
computing/communications device at its inception. - Advantages
- Straightforward concept
21Single-Root CA Model
Root CA
a
b
c
d
i
j
k
l
e
f
g
h
m
n
o
p
users a, b, c,
Root CA
22Single-Root Certificate Authority (CA)(continued)
- Disadvantages
- Scalability
- Single point of trust--who or what one
organization would be universally trusted to
provide secure, reliable service and not exercise
monopolistic power? - RAND?
- MITRE?
- SRI?
- Swiss Government?
- United Nations?
- Propagating a change in the Root CA key to all
entities - Single-Root CA needs to ensure authenticity of
the user requesting the certificate
23Single-Root CA plusMultiple Registration
Authorities (RA)
- Description
- RA facilitates the registration process, but does
not issue certificates. RAs are trusted by the CA
to verify the linking of an entity to a key, and
send the signed request to the CA - Advantages
- RAs more convenient for users to access.
- Disadvantages
- Still need an impeccable, unimpeachable CA
24Single-Root CAplus Multiple RAs Model
Root CA
RA
RA
RA
RA
User a
User b
User c
User h
User g
User f
User e
User d
25Single-Root CA PlusMultiple RAs Model
Root CA
a
b
c
d
i
j
k
l
e
f
g
h
m
n
o
p
user
RA
user
RA
Root CA
user
RA
26Multiple CAs (Oligarchy)
- Description
- Many organizations in the business of supplying
digital certificates. - Advantages
- Competition among trusted CAs should prevent
vendors from excising monopolistic profits and
achieve good reliability. - Disadvantages
- Weakest link vulnerability--compromise of any of
the dozens of keys is as serious as compromise of
the single key in the single-root CA model.
27Multiple CAs Model
Root CA
Root CA
Root CA
a
b
c
d
i
j
k
l
e
f
g
h
m
n
o
p
user
Root CA
user
Root CA
user
Root CA
28Configured CAsplus Delegated CAs
- Description
- Configured CAs are CAs whose keys have been
configured into the users workstation and can
sign certificates authorizing other CAs
(delegated CAs) to grant certificates. - Chain lengths typically limited to three.
- Advantages
- More places from which to obtain certificates
than Single-Root CA, thus likely to be more
convenient for the user. - Less time to obtain a usable certificate than
with RAs. - Chain length limit.
- Disadvantages
- Weakest link vulnerability Compromise of any CA
completely compromises security. - The certificate chain is longer than with RAs and
verification is therefore less efficient.
29Configured CAs plus Delegated CAs Model
Z
X
Y
Q
R
S
T
A
C
E
G
I
K
M
O
a
b
c
d
i
j
k
l
e
f
g
h
m
n
o
p
30Configured CAs plus Delegated CAs Model
Configured CA
Delegated CA
Delegated CA
Delegated CA
Delegated CA
Delegated CA
Delegated CA
User a
User b
User c
User d
User e
User f
User g
31Anarchy (PGP-Pretty Good Privacy)
- Description
- Web of Trust Alice trusts Bob, Bob trusts
Charlie, Charlie trusts Donna, therefore Alice
should trust Donna. - Each user configures public keys they have
obtained securely, perhaps personally.
Certificates are obtained through various means,
including e-mail and downloading from public
databases. - PGP signing parties at conferences or informal
gatherings. - Advantages
- Works well among friends
- Disadvantages
- Does not scale beyond a small community of
trusted users, resulting in a large database of
certificates through which to search. - Uncertainty in the chain of trust--really no way
to judge the trustworthiness of someone several
links removed. - Arbitrarily long chains are typically allowed.
- No preordained core set of configured CAs.
32Anarchy Model
Mary
Jane
Bob
Alice
Ann
Abe
Bill
Phil
Sally
Arron
Earl
Issac
Kevin
Carl
Charlie
George
Donna
Tony
33Top-Down (PEM--Privacy Enhanced Mail)
- Description
- Exactly one configured root CA, which can
delegate to other CAs, which can delegate to
other CAs, , but only within a hierarchical
namespace. - The rule of trusting a CA only for a portion of
the namespace is called name subordination. - Domain Name System Security Extensions hierarchy
is similar to the model. - Basis for PEM
- Advantages
- There is a preordained configured CA within the
namespace that can be trusted. - Disadvantages
- Weakest link vulnerability the entire PKI
depends on the security of the single-root key. - To change the root key would require massive
reconfiguration at all nodes.
34PEM Certification Graph
Internet Policy Registration Authority
IPRA
High Assurance
Mid-Level Assurance
Residential
Personal
PCAs--Policy Certification Authorities
GMU
RAND
Virginia
Anonymous
CAs--Certificate Authorities
SOM
Fairfax
Tony
Tabourn
Subjects
Hughes
Hughes
35Summary
36Summary(continued)
37Summary(concluded)