PKI To The Masses IPCCC 2004

1
PKI To The MassesIPCCC 2004

• Dan Massey
• USC/ISI

2
PKI Is Necessary

• My PKI related actions since arriving at IPCCC
• Used an SSH host public key for remote login.
• Used an IMAP certificate to download email.
• Received a PGP signed email message.
• Accessed a secure website using an SSL
  certificate.
• Proposed Infrastructure PKI related actions
• Secure BGP would use PKI to protect Internet
  routes.
• Secure DNS would use PKI to protect Internet
  names.

3
The Need for a Secure Infrastructure

• BGP and DNS Provide No Authentication
• Lack of BGP authentication misdirected DNS
  queries.
• This happens to be DNS traffic, but could be
  email, web, etc.
• Server could have replied with false DNS data.

originates route to 192.26.92/24
ISPs announced new path for 20 minutes to 3 hours
1 of 13 DNS servers For com/net/org
Internet
c.gtld-servers.net
192.26.92.30
BGP monitor
4
The PKI Solution

• Routing sign the routing updates
• Use public key cryptography to verify the origin
  is allowed to originate the path.
• Have each node sign its next link in the route
  (to prove the path is valid)
• S-BGP (Kent/BBN), SoBGP (White/Cisco)
• DNS sign the DNS response
• DNSSEC (IETF DNSEXT Working Group)

5
Secure DNS Query and Response
Caching DNS Server
www.darpa.mil
Authoritative DNS Servers
www.darpa.mil A
192.5.18.195 www.darpa.mil RRSIG(A) signature
by darpa.mil private key
End-user
Attacker can not forge this answer without
knowing the darpa.mil private key.
6
So Whats the Problem?

• Was my IPCCC use of PKI worthwhile?
• SSH reported host key has changed
• Has anyone ever rejected a key due to this
  message?
• The IMAP email certificate I used was
  self-signed.
• Who should have signed this certificate?
• I did not verify the PGP key for the signed
  email.
• How would I do this effectively? PGP key
  servers??
• Should I have checked the web SSL certificate?
• No deployment of infrastructure (DNS,BGP) PKIs.

7
Limitations of PKI Deployment

• The theoretical promise of PKI technology greatly
  exceeds the deployed use.
• Fundamental key management issues remain
• Effectively Deployment Requires
• Mechanism for learning the public key
• Mechanism for changing the public key
• Limit damage of compromised key (revocation?)
• Claim this can only work in strong hierarchy.

8
Steps To Real Deployment

• S-BGP create a hierarchy where none exists.
• Who signs you are allowed to announce this
  prefix?
• How do you distribute the database?
• Secure DNS overlays PKI on the DNS tree.
• Simple structure in theory
• Root key signs the com, net, org, edu, uk, etc,
  keys
• Com key signs the cisco.com, ibm.com, foo.com
  keys
• Cisco.com key signs research.cisco.com,
  www.cisco.com
• But this assumes the entire tree deploys DNSSEC.

9
DNS The PKI Of The Future (?)

• Can use a signed DNS as the missing PKI.
• Store ssh host keys in the DNS along with host IP
  address (IETF working group for this)
• Store SSL and IMAP certificates in the DNS (DNS
  CERT record is already defined)
• Store PGP email keys in the DNS (Functionality
  revoked by Massey and Rose)
• What is wrong with the picture?
• No revocation mechanism
• Will this create a PKI or break the DNS?
• Is the DNS an appropriate trust model?