Cryptography and Public Key

Infrastructure

1

2

Agenda

Cryptography What is it?

Public-key infrastructure (PKI) How PKI uses cryptography?

Standards and specifications What are the standards that we adhere to?

Smart cards role in PKI What are smart cards for?

Applications PKI enabled applications

ACS’s product line What role does ACS play?

3

Motivation

Almost all smart card applications use cryptography.

Cryptography is all around us!

We are using more PKI than you think!

4

Crypto and PKI are everywhere!

5

Part 1: Cryptography

What is Cryptography?

Cryptography is a tool to provide security

Cryptography has 4 purpose…

6

Four purposes of cryptography

No one else has seen it.

Confidentiality (encryption/decryption)

No one else has modified it.

Data integrity (digital signature)

You are who you say you are.

Authentication (digital signature)

If you signed it, you cannot deny signing it.

Non-repudiation (digital signature)

7

Two main types of encryption schemes1. Symmetric-key (Secret-key) encryption

- Same key for both sender and recipient 2. Asymmetric-key (Public-key) encryption

- Each user have a public encryption key euser and a private decryption key duser.

Encryption

8

Secret key encryption

Alice BobChannel

9

Secret key encryption

Standard symmetric key algorithms:

DES, 3DES, AES.

To demonstrate:

Courtesy of Pike Wong of HKUST

10

Secret key encryption

Let’s invade the earth at 17:00

today

Encrypt

Decrypt

Let’s invade the earth at 17:00

today

&(*_+#LPLD)!?”:<@!)(&^$%ras^

*()

I See … heehee

11

Secret key encryption

Problem: Key Distribution

Potential key leakage

Difficult to manageHere’s my key

Human spy

Here’s my key

OK, I got your key

Me too!

Next time I will know when they start the attack!

12

Secret key encryption

Problem: Repudiation

2 parties have the same key

The encrypted message can be viewed and modified by both parties

Decrypt

EncryptCan you buy 1000 shares of MS for

me? Ok, I will buy 1000 shares of MS for

you

Give me the money for that 1000 shares!

Hey, I’ve not asked you to buy anything!

The Next Day

But the email is encrypted with

your key!

Hey, remember that you have the

same key!

13

Pair of public/private key per user.

Base on mathematical hard problem.

Public key encryption

Alice BobChannel

Bob’s

Public Key

Bob’s

Private Key

14

Public key encryption

Advantages:

Only distribute public key to other (key distribution)

Only owner knows his private key (non-repediation)

Disadvantages:

Computational expensive

Standard asymmetric key encryption algorithms:

RSA, ECC.

15

Public key encryption

Pong’s public key encrypt

Pong’s private key decrypt

&(*_+#LPLD)!?”:<@!)(&^$%ras^

*()

Human spy

Even we got the key, we cannot know the secret!?

16

Combining two techniques for encryption

Alice BobChannel

Bob’s

Public Key

Bob’s

Private Key

Session

KeySession

Key

17

Hash functions

A one-way function H(•) that takes a message m and output a “fingerprint” of the message (digest). (e.g. SHA-1, SHA-256)

Used as a part of digital signatures.

19

Digital signatures

Supports data integrity, authentication and non-repudiation.

Use public key algorithms.

Use hash functions to create a short message for signing.

Standard signature algorithms are:

RSA, DSA, ECDSA

20

Digital signatures

Alice signing a document with her private key.

21

Signature verification

Bob verifying Alice’s signed document with her public key.

22

Difference between public key encryption and signature

Encryption:

Anyone encrypt with public key

Owner decrypt with private key

Signature:

Owner sign with private key

Anyone verify signature with public key

23

Notes on secret key algorithms

Key Strength Input Comments

DES 56 64 Standardized in1977, insecure

now

2 key 3DES 80 64 Secured up to 2010

3 key 3DES 112 64 Most peer reviewed. Secured up

to 2030

CAST5 128 64 Secure, standard in PGP

IDEA 128 64 Patent issues, efficient

AES (Rijndael) 128,192,256 128 International standard (2001)

Twofish 128,192,256 128 AES Finalist

24

Summary of public key algorithms

The most popular algorithms today are RSA and ECC.

Longer the key length, the harder it is to crack.

RSA (Rivest, Shamir, Adleman) is based on the difficulty of factoring large integers.

Given N where N=pq where p and q are prime,find p and q.

Widely used in electronic commerce.

Freely available (patent expired)

N

qp

Multiply

Easy

Factor

Hard

25

Summary of public key algorithms

Elliptic Curve Cryptography (ECC) is based on the difficulty of finding discrete log on an elliptic curve. Given P and Q where Q = mP, find m

Next generation and very efficient.

MS Vista and 7 support in CNG.

Numerous patents hampering acceptance.

Others such as Digital Signature Algorithm and Diffie-Hellman is not popular anymore.

26

Notes on public key algorithms

Use of symmetric key algorithm requires public key algorithms of equivalent strength.

Source: NIST SP800-57 Part 1.

Algorithm

security

Lifetimes

Bits of

security

Symmetric Key

Algorithm

FFC

(e.g., DSA, D-H)

IFC

(e.g., RSA)

ECC

(e.g., ECDSA)

Through 2010 80 2TDEA L = 1024

N = 160

k = 1024 f = 160-223

Through 2030 112 3TDEA L = 2048

N = 224

k = 2048 f = 224-255

Beyond 2030 128 AES-128 L = 3072

N = 256

k = 3072 f = 256-383

… 192 AES-192 L = 7680

N = 384

k = 7680 f = 384-511

… 256 AES-256 L = 15360

N = 512

k = 15360 f = 512+

Public Key Infrastructure

27

28

Why do we need a PKI?

Public key security issues:

Users can generate their own public/private key pairs and exchange them – but how do other parties trust them?

If you receive a public key from Alien Pkie, how do you know it’s Pkie’s key and not the human spy’s?

Solution: Digital Certificates

Bind the user’s public key with a digital certificate signed by a trusted third party.

The trusted third party is called the certification authority (CA).

CA will vouch for its subscribers.

29

Entities of PKI

Individual Subscribers

Certificate Authority (CA)

Corporations

Relying Parties

Trust each other

30

Components of a Certification Authority

Registration Authority (RA) – Registers subscribers into the system.

Certification Authority (CA) – Creates digital certificates by binding user identity to public key.

Certificate Repository – a directory service to store certificates for subscribers.

Certificate Revocation System – Service to invalidate any certificates that has been compromised.

Hong Kong Post Repository and CRL

31

So, what is a digital certificate?

Used to establish trust between entities. Ensures that:

The integrity of the public key is protected The public key and identity information are bounded to the claimed owner

in a trusted manner.

Digital signatures. Your identifying information and public key is signed with the

CA’s private key.

32

X.509 Certificate - Format

To Be Signed (TBS) Certificate

•Version

•Serial Number

•Certificate Signature Algorithm

•Issuer Name

•Validity

•Subject Name

•Subject Public Key Info

•Issuer Unique ID

•Subject Unique ID

•Extensions

X.509 Certificate

•Signature Algorithm Identifier

•Signature Value

The de facto standard is the X.509 v3 certificate format.

Specified in IETF RFC 3280.

33

X.509 Certificate - Example

To Be Signed (TBS) Certificate

•Version

•Serial Number

•Certificate Signature Algorithm

•Issuer Name

•Validity

•Subject Name

•Subject Public Key Info

•Issuer Unique ID

•Subject Unique ID

•Extensions

X.509 Certificate

•Signature Algorithm Identifier

•Signature Value

CN = Andrew Chan

E = andrew.chan@acs.com.hk

O = Hongkong Post e-Cert (Personal)

C = HK

Algorithm = PKCS#1 RSA

Public Key = 0x30..01

Not Before: 19/3/2004 6:26:26

Not After: 19/3/2007 6:26:26

CN = Hongkong Post e-Cert CA 1

O = Hongkong Post

C = HK

Version 3

0D:0C:B0

PKCS#1 SHA-1 RSA

34

X.509 Certificate – Signing certificate

To Be Signed (TBS) Certificate

•Version

•Serial Number

•Certificate Signature Algorithm

•Issuer Name

•Validity

•Subject Name

•Subject Public Key Info

•Issuer Unique ID

•Subject Unique ID

•Extensions

X.509 Certificate

•Signature Algorithm Identifier

•Signature Value

35

Certificate Revocation List (CRL)

When a certificate has been revoked or suspended, an entry (of their serial number) is made into the CRL.

Clients can download CRL at the CA’s repository.

CA updates their CRL according to their Certificate Practice Statement (CPS).

37

The steps in subscribing to a CAProvides Proof of identity

and (optionally) generate

public/private key pair Requests Certificate

Issues Certificate and

posts in the repository

Validate subscriber’s

public key

Subscriber RA CA

RepositoryRelying

Parties

Receives certificate

38

Life Cycle of a Certificate

39

How does your PC uses certificates?

Windows has number of Root CA certificates in the Certificate Store.

Root CA certificates are certificates that your PC trust implicitly.

All intermediate CA certs and end-entity certs that are signed by or chained to those Root CA certs are implicity trusted.

Microsoft has a Root Certificate Program to determine who to trust.

Root CA cert

Intermediate CA certs

Your cert or a website’s cert

40

How trust is established on your PC

41

Certificates

42

Trusted Certificate Authority

43

Non-trusted CA

44

Smart Card Role in PKI

Secure, temper-resistant and portable way of transporting and using cryptographic keys.

Cryptographic smart cards:

Contains powerful crypto co-processors

All private key and secret key never leaves the card.

Public/private key pair can be generated inside the smart card.

All private key and secret key computations are performed in the card.

Users can have their card with them at all times.

Sometimes called “PKI Smart Card”

45

Using a crypto smart card for digital signature.

46

Using a crypto smart card for digital signature.

4747

Digital Certificate Generation

• 2 methods of generating digital certificate:

1. The CA generate a key pair in a secure environment, signed by CA and import the cert to the smart card

• Pros: The cert can import to any media supporting the cert format

• Cons: The CA has your private key because the key pair is generated

outside your smart card!

1. Key pair is

generated by CA.

2. The certificate is

signed by CA’s private

key

3. The certificate together

with private key is

imported into the secure

device

48

2. The key pair is generated inside the smart card

Pros: The private key never leaves the smart card for maximum security

Cons: It cannot export to other media

Digital Certificate Generation

49

Standards and Specifications

A multitude of standards governs PKI technologies in smart cards to ensure interoperability,

Public Key Infrastructure (X.509) (PKIX)

Public Key Cryptographic Standard (PKCS)

ISO7816 – Card level standard.

50

Public-Key Cryptographic Standard (PKCS)

Defined by RSA Data Security Inc for providing a platform independent interface to use public-key technologies.

Covers many areas including:

Algorithms (PKCS#1)

Certificates (PKCS#7)

Cryptographic Tokens Interface (PKCS#11)

Cryptographic Tokens themselves (PKCS#15)

51

Public-Key Cryptographic Standard (PKCS)

52

Card Standard - ISO7816Part: Description Year/Amd

1 Physical characteristics 1998/2003

2 Dimensions and location of the contacts 1999/2004

3 Electronic signals and transmission protocols 2006

4 Organization, security and commands for interchange 2005

5 Registration of application providers 2004

6 Interindustry data elements for interchange 2004

7 Interindustry cmds for Structured Card Query Language 1999

8 Commands for security operations 2004

9 Commands for card management 2004

10 Electronic signals and ATR for synchronous cards 1999

11 Personal verification through biometric methods 2004

12 USB electrical interface and operating procedures Draft

15 Cryptographic information application 2004

53

Accessing Crypto cards via middleware

Smart cards uses standard interfaces:

ISO7816 for contact cards.

Problem, each smart card has its own command set.

Solution: Middleware

Middleware provides a standard interface for different applications to use different cards.

Applications does not need to know the card specific commands.

54

Different ways of accessing crypto smart cards

App #1

Outlook

App #2

Smart Card Logon

App #3

Other Applications (Acrobat,

Firefox, Thunderbird, etc.)

Windows Resource Manager

App #4

Other Applications

ACS Cryptographic

Service Provider

(for 2K, XP Vista, 7 ..)

ACS PKCS#11

(for Non-MS app,

Linux)Middleware

OS Layer

Applications

ACS Smart Card reader

and Smart Card

Base Cryptographic

Service Provider

ACS Card Module

( for XP, Vista, 7)

ACS Smart Card Reader Driver

55

Cryptographic Service Provider (CSP)

• Used for Microsoft applications in Windows Platform.

• It is in the form of an MS signed DLL.

• Example applications include:

– Windows Domain Logon

– Internet Explorer

– Outlook

– Outlook Express

– Microsoft Word 2003 onwards

– Adobe Acrobat

• In XP / Vista / 7, a MS built base CSP can be used with Card Module (Minidriver)

56

• Like a CSP, it is a middleware module that provide API’s to

applications by exposing entry points using a DLL concept.

• PKCS #11 can be programmed cross platform to work under

linux using pcsclite.

• Example applications include:

– Firefox

– Thunderbird

– Lotus Notes

– All Unix and Linux software.

PKCS#11

57

Network Security

PKI ApplicationE-Commerce

File Encryption

Domain Windows Logon

Secure Email

Applications

59

Applications – HK Jockey Club

Online Betting system in HK Jockey Club to authenticate the account holder and guarantee non-repudiation

60

Applications – GovHK

Online Government service in GovHK to authenticate the Citizen and guarantee non-repudiation

•Register as Voter or Change Voters' Particulars

•Apply or Renew Vehicle License

•E-Tax

61

Applications – Online Banking

Online Banking system in Bank of China, Bank of East Asia and Dah Sing Bank to authenticate the account holder and guarantee non-repudiation

62

Applications – Online stock trading

Online Stock trading system in HKEX, KGI, Tai Fook to authenticate the account holder and guarantee non-repudiation

63

Applications – E-Commerce (電子商貿)

• Digital Signature is a proved trustable way without physically storefront that able to sign any payment and document for data-integrity and non-repudiation!

• Eliminate the need to physically route documents over long distance as long as thousands of dollars in delivery fees

• Less paper usage (and save $$)

• Example of applications– Online Investment

– Online shopping

– Online betting

– E-Contract signing

64

Applications – Files and Disks encryption

• Provide two-factor authentication to your harddisk or USB token by storing keys into the Cryptomate.

– Something you have – Cryptomate

– Something you know – PIN / Password

• No one can encrypt the file without the presence of the key inside Cryptomate!!

65

Application – Microsoft Smart Card Deployment

Windows Server 2000 / 2003 / 2008Domain Server with Active Directory

Certificate Authority

Smart Card Enrolment AgentWindows 2000 / XP Pro / Vista / 7

A Domain Computer with Enrolment Certificate

With ACOS5 Software Package installed

Client ComputersWindows 2000 / XP Pro / Vista / 7

Domain Computers with ACS ACOS5 Software Package installed

LAN

• Microsoft Windows already have built in smart card support.

• Designed to be used for corporate environment.

66

Applications – Network / Windows logon

• To enhance security of network including sensitive information.

• Example

– Windows logon

– SSL

– Corporate Intranet

– VPN

67

SSL Client cert authentication logon

SSL Server cert for server authentication

Applications – Network authentication

68

Secure Email

Outlook, Live Mail, Thunderbird, Lotus notes, etc. all supports email signature and encryption.

Signature ensures authentication, data integrity and non-repudiation

Encryption ensures confidentiality

69

ACS Smart Card Product Line

ACOS1 / ACOS2 8KB v3.8 Phased out. Replaced by ACOS3

ACOS3/3X 32/72/256 KB v1.162 / v1.160 / v1.150 ACOS2 direct replacement with many enhancements.

ACOS5 / Cryptomate 32 KB v1.2 RSA-enabled card

ACOS5 64 KB Enhanced RSA-enabled card

ACOS6 64 KB v3.07 Flexible multi-function card

ACOS6 SAM 64 KB v4.07 SAM for ACOS2/3/6 and memory cards.

ACOS7 8 KB Dual interface (contact/contactless) smart card.

ACOS10 32KB PBOC EDEP Cards.

72

ACOS5 32KB v1.2

Conforms to ISO7816 part 1,2,3,4,8,9

Enhanced ACOS6 with RSA features.

File types include Transparent, Linear Fixed, Linear Variable, Cyclic.

Symmetric key algorithms: DES, 3DES, AES128

Asymmetric key algorithm: RSA 512, 1024 and 2048 bits with Key generation

Hashing Algorithm on board: SHA-1 (can support others outside the card).

Supports SM for authenticity, integrity and confidentiality with DES/3DES.

73

Cryptomate

ACOS5 32K and ACR38 in a USB token format.

Special token driver.

74

ACOS5 64KB

Conforms to ISO7816 part 1,2,3,4,8,9

Enhanced ACOS5 with 64K EEPROM.

File types include Transparent, Linear Fixed, Linear Variable, Cyclic.

Symmetric key algorithms: DES, 3DES, 3K3DES, AES128/192/256

Asymmetric key algorithm: RSA 512 – 4096-bit (in 256-bit steps) with Key generation

Hashing Algorithm on board: SHA-1, SHA-256 (can support others outside the card).

Supports SM for authenticity, integrity and confidentiality with 3K 3DES.

75

ACOS5/Cryptomate SDK/Client Kit

Contains middleware PKCS#11 and CSP.

File systems conforms to ISO7816/PKCS Part 15

Middleware works on 98/ME/2000/XP/2003/Vista/7/Linux(v2.4)

SDK has additional development tools

Card tools, sample codes, reference manuals.

Sample applications for ACOS5 includes:

Email signature and decryption.

SSL client-side certificate.

Document signing.

Windows domain logon.

Digital rights management.

80

Thank you!

Any questions/comments?