Advantages and Disadvantages of Public Key Infrastructure PKI Trust Models

1
Advantages and Disadvantages of Public Key
Infrastructure (PKI) Trust Models

• Allen A. Hughes, Ph.D.
• Assistant Professor of MIS
• George Mason University
• February 21, 2002

2
Topics

• Cryptography Fundamentals
• Cryptographic Services
• Secret v. Public Key
• Ensuring a Secure Channel
• Problems of Secret Key for E-Commerce
  Transactions
• Public Key Cryptography
• RSA Algorithm Properties
• Public Key Encryption and Digital Signature
• Digital Certificates and X.509
• Key Management Issues
• PKI--Definition and Goal
• Models and Architectures
• Single Root Certification Authority (CA)
• Single Root CA plus Registration Authorities (RA)
• Multiple CAs (Oligarchy)
• Configured CAs plus Delegated CAs
• Anarchy (PGP--Pretty Good Privacy)
• Top-Down (PEM--Privacy Enhanced Mail)
• Summary

3
Cryptographic Services

• Confidentiality
• content of the transaction is disclosed only to
  the intended recipient
• Integrity
• content of the transaction arrives unchanged
• Authentication
• sender and receiver are who they say they are
• Non-repudiation
• strong form of authentication
• cannot (reasonably) deny your role in the
  transaction
• convince others also (such as a judge)

4
Secret Key Encryption
Secret Key
Joe
Sam
Secret Key

• Need a secure channel to exchange the key

5
Ensuring a Secure Channel

• Agree in advance
• Exchange keys in person
• Exchange keys by special mail
• Exchange keys over the network
• Special procedures
• Not in cleartext
• Agree on an impulse
• Merchants would want sales from impulse buying
• Other?

6
Problems of Secret Key for E-Commerce
Transactions

• General Proliferation of Secret Keys
• keys n (n-1) / 2 , where
• n is the number of nodes in a communications
  network
• Questions
• How does a merchant set up enough secret keys for
  its customers?
• Should we actually consider the number of
  potential customers, in which case the number of
  secret keys really escalates.
• Secret keys would be special use, i.e., a
  customer for a merchant would not use the same
  secret key for transactions with another
  merchant, whether it be a competitor or something
  else.

7
Secret v. Public Key
Secret Key
Secret Key
Joe
Sam
Sams PUBLIC Key
Sams PRIVATE Key

• Secret Key Symmetric--Same key to encrypt and
  decrypt
• Public Key Asymmetric--Different keys to
  encrypt and decrypt

8
Public Key Cryptography

• Origins can be traced to British Bletchly Park in
  the 1940s and 1950s. Details were classified
  until the mid-1990s.
• Diffie and Hellman generally credited with
  inventing public key systems in 1976.
• Algorithm for generating a shared key on impulse.
• Rivest, Shamir, and Adelman (RSA) algorithm
  published in 1978.

9
RSA Algorithm Properties

• 2-part key-pair (Public and Private)
• Algorithm is such that sender encrypts with the
  receivers public key and receiver decrypts with
  the private key.
• Encryption and decryption are commutative--either
  order of using key-pair achieves the same result.
• Can use this property to create a unique digital
  signature to authenticate the sender.

10
Public Key Encryption and Digital Signature
Sams Public Key
Sams Private Key
Joe
Sam
Joes Private Key
Joes Public Key
Joes Private Key
Sams Public Key
Joes Public Key
Sams Private Key
Sams Public Key
Sams Private Key
Joes Private Key
Joes Public Key
11
Public Key Encryption(Discrete Math/Modulus
Arithmetic)
12
PKI--Definition and Goal

• Set of protocols, clients, servers, and processes
  to allow merchants to validate customers
• Peter Denning, George Mason University
• Loosely defined as the set of infrastructural
  services that support the wide-scale use of
  public key-based digital signatures and
  encryption.
• Warwick Ford and Michael Baum, VeriSign
• The goal of PKI is to enable secure, convenient,
  and efficient discovery of public keys.
• Radia Perlman, Sun Microsystems

13
Key Management Issues

• Generating keys
• Keeping backup keys
• Handling compromised keys
• Changing/Reissuing keys
• Destroying expired keys
• Reliable distribution of public keys
• Reliable meaning integrity and authentication

14
Public Key Certificates

• Reliable distribution of public keys
• Reliable meaning integrity and authentication
• Public-key Encryption
• Sender needs public key of receiver
• Public-key Digital Signatures
• Receiver needs public key of sender
• Public-key Key Agreement
• Both need each others public keys

15
Digital Certificates and X.509

• A digital certificate is electronic
  identification that is issued to an individual by
  a trusted entity (certificate authority).
• The digital certificates contains the public key
  of the individual and establishes trust that the
  public key is authentic.
• The certificate authority is a trusted
  third-party that issues a certificate based on an
  established set of authentication, background
  check, and security procedures.
• X.509 is the ISO/ANSI Standard establishing the
  content and format for digital certificates

16
Digital Certificates and X.509

• License to compute
• A digital certificate is issued by an Authority
  that the members have in common.
• A digital certificate is issued based on some set
  of policies and rules.
• A digital certificate provides a means of trust
  and identification.

17
Digital Certificates and X.509(concluded)

• Certificate Contents
• Version
• Serial Number
• Signature Algorithm
• RSA MD5, 512
• Issuer
• Validity Period
• Subject
• Subject Public Key Info
• Owners Public Key
• Owners Digital Signature
• Issuers Digital Signature

• Certificate Role
• Confirm Identity
• Verify Electronic Information
• Offers Confidentiality via Encryption

18
PKI Models and Architectures

• Single-Root Certification Authority (CA)
• Single-Root CA plus Registration Authorities (RA)
• Multiple CAs (Oligarchy)
• Configured CAs plus Delegated CAs
• Anarchy (PGP--Pretty Good Privacy)
• Top-Down (PEM--Privacy Enhanced Mail)
• Flexible Bottom-Up
• Up-Cross-Down
• Relative Names
• SET--Secure Electronic Transactions
• MISSI--Multilevel Information Systems Security
  Initiative (DoD)

19
General Hierarchical Structure
20
Single-Root Certificate Authority (CA)

• Description
• All certificates (for the world) are obtained
  from one organization that runs the CA. Public
  key of the Root CA would be embedded in the
  computing/communications device at its inception.
• Advantages
• Straightforward concept

21
Single-Root CA Model
Root CA
a
b
c
d
i
j
k
l
e
f
g
h
m
n
o
p
users a, b, c,
Root CA
22
Single-Root Certificate Authority (CA)(continued)

• Disadvantages
• Scalability
• Single point of trust--who or what one
  organization would be universally trusted to
  provide secure, reliable service and not exercise
  monopolistic power?
• RAND?
• MITRE?
• SRI?
• Swiss Government?
• United Nations?
• Propagating a change in the Root CA key to all
  entities
• Single-Root CA needs to ensure authenticity of
  the user requesting the certificate

23
Single-Root CA plusMultiple Registration
Authorities (RA)

• Description
• RA facilitates the registration process, but does
  not issue certificates. RAs are trusted by the CA
  to verify the linking of an entity to a key, and
  send the signed request to the CA
• Advantages
• RAs more convenient for users to access.
• Disadvantages
• Still need an impeccable, unimpeachable CA

24
Single-Root CAplus Multiple RAs Model
Root CA
RA
RA
RA
RA
User a
User b
User c
User h
User g
User f
User e
User d
25
Single-Root CA PlusMultiple RAs Model
Root CA
a
b
c
d
i
j
k
l
e
f
g
h
m
n
o
p
user
RA
user
RA
Root CA
user
RA
26
Multiple CAs (Oligarchy)

• Description
• Many organizations in the business of supplying
  digital certificates.
• Advantages
• Competition among trusted CAs should prevent
  vendors from excising monopolistic profits and
  achieve good reliability.
• Disadvantages
• Weakest link vulnerability--compromise of any of
  the dozens of keys is as serious as compromise of
  the single key in the single-root CA model.

27
Multiple CAs Model
Root CA
Root CA
Root CA
a
b
c
d
i
j
k
l
e
f
g
h
m
n
o
p
user
Root CA
user
Root CA
user
Root CA
28
Configured CAsplus Delegated CAs

• Description
• Configured CAs are CAs whose keys have been
  configured into the users workstation and can
  sign certificates authorizing other CAs
  (delegated CAs) to grant certificates.
• Chain lengths typically limited to three.
• Advantages
• More places from which to obtain certificates
  than Single-Root CA, thus likely to be more
  convenient for the user.
• Less time to obtain a usable certificate than
  with RAs.
• Chain length limit.
• Disadvantages
• Weakest link vulnerability Compromise of any CA
  completely compromises security.
• The certificate chain is longer than with RAs and
  verification is therefore less efficient.

29
Configured CAs plus Delegated CAs Model
Z
X
Y
Q
R
S
T
A
C
E
G
I
K
M
O
a
b
c
d
i
j
k
l
e
f
g
h
m
n
o
p
30
Configured CAs plus Delegated CAs Model
Configured CA
Delegated CA
Delegated CA
Delegated CA
Delegated CA
Delegated CA
Delegated CA
User a
User b
User c
User d
User e
User f
User g
31
Anarchy (PGP-Pretty Good Privacy)

• Description
• Web of Trust Alice trusts Bob, Bob trusts
  Charlie, Charlie trusts Donna, therefore Alice
  should trust Donna.
• Each user configures public keys they have
  obtained securely, perhaps personally.
  Certificates are obtained through various means,
  including e-mail and downloading from public
  databases.
• PGP signing parties at conferences or informal
  gatherings.
• Advantages
• Works well among friends
• Disadvantages
• Does not scale beyond a small community of
  trusted users, resulting in a large database of
  certificates through which to search.
• Uncertainty in the chain of trust--really no way
  to judge the trustworthiness of someone several
  links removed.
• Arbitrarily long chains are typically allowed.
• No preordained core set of configured CAs.

32
Anarchy Model
Mary
Jane
Bob
Alice
Ann
Abe
Bill
Phil
Sally
Arron
Earl
Issac
Kevin
Carl
Charlie
George
Donna
Tony
33
Top-Down (PEM--Privacy Enhanced Mail)

• Description
• Exactly one configured root CA, which can
  delegate to other CAs, which can delegate to
  other CAs, , but only within a hierarchical
  namespace.
• The rule of trusting a CA only for a portion of
  the namespace is called name subordination.
• Domain Name System Security Extensions hierarchy
  is similar to the model.
• Basis for PEM
• Advantages
• There is a preordained configured CA within the
  namespace that can be trusted.
• Disadvantages
• Weakest link vulnerability the entire PKI
  depends on the security of the single-root key.
• To change the root key would require massive
  reconfiguration at all nodes.

34
PEM Certification Graph
Internet Policy Registration Authority
IPRA
High Assurance
Mid-Level Assurance
Residential
Personal
PCAs--Policy Certification Authorities
GMU
RAND
Virginia
Anonymous
CAs--Certificate Authorities
SOM
Fairfax
Tony
Tabourn
Subjects
Hughes
Hughes
35
Summary
36
Summary(continued)
37
Summary(concluded)