An Introduction to Security Concepts and Public Key Infrastructure PKI

1
An Introduction toSecurity Concepts andPublic
Key Infrastructure (PKI)
Mary Thompson
2
Security Levels

• Confidentiality
• Protection from disclosure to unauthorized
  persons
• Integrity
• Maintaining data consistency
• Authentication
• Assurance of identity of person or originator of
  data
• Non-repudiation
• Originator of communications can't deny it later
• Authorization
• Identity combined with an access policy grants
  the rights to perform some action

3
Security Building Blocks

• Encryption provides
• confidentiality, can provide authentication and
  integrity protection
• Checksums/hash algorithms provide
• integrity protection, can provide authentication
• Digital signatures provide
• authentication, integrity protection, and
  non-repudiation

4
Keys

• Symetric Keys
• Both parties share the same secret key
• Problem is securely distributing the key
• DES - 56 bit key considered unsafe for
  financial purposes since 1998
• 3 DES uses three DES keys
• Public/Private keys
• One key is the mathematical inverse of the other
• Private keys are known only to the owner
• Public key are stored in public servers, usually
  in a X.509 certificate.
• RSA (patent expires Sept 2000), Diffie-Hellman,
  DSA

5
Hash Algorithms

• Reduce variable-length input to fixed-length (128
  or 160bit) output
• Requirements
• Can't deduce input from output
• Can't generate a given output
• Can't find two inputs which produce the same
  output
• Used to
• Produce fixed-length fingerprint of
  arbitrary-length data
• Produce data checksums to enable detection of
  modifications
• Distill passwords down to fixed-length encryption
  keys
• Also called message digests or fingerprints

6
Message Authentication Code MAC

• Hash algorithm key to make hash value dependant
  on the key
• Most common form is HMAC (hash MAC)
• hash( key, hash( key, data ))
• Key affects both start and end of hashing process
• Naming hash key HMAC-hash
• MD5 1 HMAC-MD5
• SHA-1 1 HMAC-SHA (recommended)

7
Digital Signatures

• Combines a hash with a digital signature
  algorithm
• To sign
• hash the data
• encrypt the hash with the sender's private key
• send data signers name and signature
• To verify
• hash the data
• decrypt the signature with the sender's public
  key
• the result of which should match the hash

8
Elements of PKI

• Certificate Authorities (CA)
• OpenSSL, Netscape, Verisign, Entrust, RSA Keon
• Public/Private Key Pairs - Key management
• x.509 Identity Certificates - Certificate
  management
• LDAP servers

9
X.509 Identity Certificates

• Distinguished Name of user
• CUS, OLawrence Berkely National Laboratory,
  OUDSD, CNMary R. Thompson
• DN of Issuer
• CUS, OLawrence Berkely National Laboratory,
  CNLBNL-CA
• Validity dates
• Not before ltdategt, Not after ltdategt
• User's public key
• V3- extensions
• Signed by CA

10
Certificate Authority

• A trusted third party - must be a secure server
• Signs and publishes X.509 Identity certificates
• Revokes certificates and publishes a
  Certification Revocation List (CRL)
• Many vendors
• OpenSSL - open source, very simple
• Netscape - free for limited number of
  certificates
• Entrust - Can be run by enterprise or by Entrust
• Verisign - Run by Verisign under contract to
  enterprise
• RSA Security - Keon servers

11
LDAP server

• Lightweight Directory Access Protocol
• Evolved from DAP and X.500 Identities
• Used by CA's to store user's Identity Certificate
• Open source implementations
• Standard protocol for lookup, entry, etc.
• Access control is implemented by user, password.

12
SSL - OpenSSL

• Secure message passing protocol
• Developed by Netscape, now an IETF RFC (TLS Jan
  '99)
• Protocol for using one or two public/private
  keys
• to authenticate a sever to a client
• and by requiring a client key to authenticates
  the client to the server
• establish a shared symetric key (the session key)
• uses the session key to encypt all data over the
  secure channel
• Gives you authentication, message integrity and
  confidentiality
• Everything except authorizaton

13
SSL Handshake

• Negotiate the cipher suite
• Establish a shared session key
• Authenticate the server (optional)
• Authenticate the client (optional)
• Authenticate previously exhanged data

14
SSL handshake details

• Client hello
• Client challenge
• Available cipher suites (eg RSA RC4/40 MD5)
• Server hello
• Server certificate
• Connection ID
• Selected cipher suite
• Server adapts to client capabilities
• Optional certificate exchange to authenticate
  server/client
• Commercial sites only use server authentication

15
SSL Handshake - details
Client
Server
Generate Challenge Define Protocols
Challenge
Encryption protocols
Return Server Certificate Generate connection
ID Confirm Protocols
Server Cert
Verify server certificate
Connection Id
Encryption protocols
Decrypt session key Generate server read/write
Key pairs
Generates session key Generate Client read/write
key pairs Encyrpt session key
(Session Key) Server's public key
Encrypt random challenge phrase
Decrypt and verify challenge phrase
(Client's Challenge) Server Write Key
16
SSL Handshake
Client Authentication
Client
Server
Generate new challenge Requests Client certificate
Decrypt challenge
(Challenge phrase) Server write key
Decrypt Message Digest and Client Certificate
Calculate message digest on Challenge and
Server certificate
Message Digest Client Certificate Client
private key
Verify Client certificate and recompute message
digest
Done
(Session Identifier) Server's write key
17
Status

• Single purpose CAs e.g. Globus (SSLeay)
  Collaboratory, DOE-Grid (Netscape)
• Enterprises slow to run CAs
• Many different Vendors - Verisign, Entrust,
  Netscape, RSA Security Keon
• Incompatible Key and Certificate management
  between vendors
• Certificates are not integrated with existing
  applications that need authorization
• Large amount of corporate overhead in running a
  CA
• Uncertain legal implications of issuing
  certificates
• Lab is currently looking at the RSA Keon server
  as it has integration with ssh and NIS
  authorization

18
Public Key Cryptography Standards - PKCS

• PKCS 7
• Cryptographic Message Syntax Standard
• PKCS 10
• Certification Request Syntax Standard - used by
  Netscape browser, IE, and SSL libraries
• PKCS 11
• Cryptographic Token Interface Standard - An API
  for signing and verifying data by a device that
  holds the key
• PKCS 12
• Personal Information Exchange Syntax Standard -
  file format for storing certificate and private
  key - used to move private information between
  browsers

19
References

• Peter Guttman's tutorial
• http//www.cs.auckland.ac.nz/pgut001/tutorial/
  about 500 slides covering cryptography, secure
  connection protocols, PKI, politics and more.
• RSA Laboratories PKCS specifications
• http//www.rsasecurity.com/rsalabs/pkcs/
• SSL/TLS
• TLS v 1.0 RFC - http//www.ietf.org/rfc/rfc2246.tx
  .
• SSL-v3 http//www.netscape.com/eng/ssl3/draft302.t
  xt
• openSSL http//www.openssl.org/
• Certificates
• http//futile.lbl.gov/mecury/cappt/index.html