Jonathan Baulch

1
Public Key Infrastructure

• Jonathan Baulch

2
Public Key Infrastructure

• Introduction
• Digital Certificates
• Web of Trust

3
Introduction

• Security architecture to increase the level of
  confidence when passing information
• Multiple meanings
• Methods, technologies, and techniques to provide
  a secure infrastructure
• Use of a public and private key pair for
  authentication and proof of content

4
Introduction

• Expected benefits of Public Key Infrastructure
  (PKI)
• Certainty of the quality of information sent and
  received electronically
• Certainty of the source and destination of that
  information
• Assurance of the time and timing of that
  information
• Certainty of the privacy of that information
• Assurance that the information may be introduced
  as evidence in a court of law

5
Components of PKI

• Certification Authority
• Revocation
• Registration Authority
• Certificate Publishing Methods
• Certificate Management System
• PKI aware applications

6
Diffie-Hellman Protocol

• Developed by Diffie and Hellman in 1976
• Published in ground-breaking paper New
  Directions in Cryptography
• Allows two users to exchange a secret key over an
  unsecure channel without any prior secrets

7
Diffie-Hellman Protocol

• Uses a prime number p and parameter g (g lt p)
  with the following property
• For every number n between 1 and p-1 inclusive,
  there is a power k of g such that n gk mod p
• Alice and Bob agree on a p and g
• Each pick a secret number
• Each send the value A/B of gsecret number mod p
• Each then compute A/Bsecret number mod p
• Alice and Bob will then have the same value

8
Digital Certificates

• Four types of certificates
• Personal certificates
• Server certificates
• Software publisher certificates
• Certificate authority certificates

9
X.509 Standard

• Defines what information can go into a
  certificate and how to write it down
• All X.509 certificates contain
• Version
• Serial Number
• Signature Algorithm Identifier
• Issuer Name
• Validity Period
• Subject Name
• Subject Public Key Information

10
Web of Trust

• Concept used in PGP, GnuPGP, and other Open PGP
  compatible systems to establish authenticity of
  public key and its owner
• Decentralized model
• Any user can be a part of, and a link between,
  multiple webs
• Developed by Phillip Zimmermann in 1992

11
Pretty Good Privacy

• Uses a combination of public key and symmetric
  encryption
• Serial combination of hashing, data compression,
  symmetric key cryptography, and public key
  cryptography
• Each public key is bound to a user name or email
• Created to contrast the X.509 system of a
  hierarchal approach based on certificate authority

12
Problems with PGP

• Users who lose the private key can no longer
  decrypt messages
• Without central controller, web of trust depends
  on other users for trust
• Those with new certificates will not be readily
  trusted by other users systems
• Possible that a new user could not find anyone
  else to endorse a new certificate