demystifying pki: introduction to the cryptography behind public key infrastructure

Demystifying PKI:

Introduction to

The Cryptography BehindPublic Key Infrastructure

Security Services

• Data Integrity– Verification that the data has not been modified

• Authentication– e.g., your personal signature

• Non-Repudiation– e.g., Sender/Receiver in a financial transaction

• Confidentiality– i.e., scrambled text

Data Integrity

• The Assurance That the Data Has Arrived Intact, With No Tampering or Corruption of the Bits.

• Data Integrity Is Achieved Electronically Through the Use of Cryptographic Checksums (One-way Hashes) Over the Data.

Data Integrity Hash Functions

• Hash Functions are Complex Mathematical Functions Which Generate a Unique “Fingerprint” of the Data. Each String of Data is Mathematically Reduced to a Fixed-Size Output Block, Regardless of the Amount of Input Data

• The Same Output is Always Produced From The Same Input

“$” “1” “0” “9”

36 49 48 57User Data

3725

HashFunction

The Result Produced By a Hashing Function is Called a Message Digest

Two Examples:Secure Hash Algorithm (SHA)Message Digest #5 [RSA] (MD-5)

Authentication

• The Binding of the Sender’s (or Issuer’s) Credentials to the Data. This Process Can Be Likened to Your Personal Signature– It Is Unique to You and Can Be Recognized (Verified)

Later by All Parties Involved

Non-Repudiation

• The Fact That a Third Party Can Verify Your Authentication (e.g., Your Signature) on a Transaction Means That You Cannot Deny Participation in the Transaction

Confidentiality/Privacy

• Encryption (scrambling) of the data to prevent unauthorized disclosure.

Mechanics of Security

• Cryptographic algorithms (mathematical processes) used to implement security

• Symmetric vs. Asymmetric• Key Generation• Digital Signatures• Encryption• Public Key Infrastructure

Symmetric Cryptography

Encryption Algorithms

• Encryption Has Historically Been Used in Military Applications to Secure Tactical or Intelligence Related Information During Wartime.

For This Reason, Encryption Is Classified As a Munition or Instrument of War by Most Countries. The Improper Use of Encryption Is Often Considered a Terrorist Act.

Many Countries Place Restrictions on the Import and Export of Encryption, as Well as the Use of Encryption Within the Country.

“The problem of good cipher design is essentially one of

finding difficult problems..... we may construct our

cipher in such a way that breaking it is equivalent to...

the solution of some problem known to be laborious.”

- Claude Shannon (1949)


Conventional Algorithms

Encryption Decryption

Key=010011..1 Key=010011..1

• Also Called Secret-Key Algorithms– Symmetric - Use The Same Key For Encryption and Decryption– Security Depends on Keeping the Session Key Secret

Symmetric Encryption/Decryption

• Secret Key used to encrypt data• Sender and receiver must have same key• Key distribution and compromise recovery are difficult

KeyGeneration

DESThis is plain text. It can be a document, image, or any other data file

12A7BC544109FD00A6293FECC7293B9BCAA12020384AC6F4D93B8


SecretKey

SecretKey

SENDER RECEIVER

Same Key

Conventional Algorithms

• Stream Ciphers

– Perform a Mathematical Transformation Using One Bit From the Key String and One Bit From the Data Stream.

The Classic Stream Cipher Is Called a Vernam Cipher

It is Based on the Exclusive OR Function

Repeating Key

Stream

+

Stream Ciphers Vernam Cipher

= 101001011101001011 101001011 101001011 ...

= 101101011101101011101101011 ...

MessageDebit $500

.XOR.

CryptoTextE%f2$Uz7@W

Block Ciphers• Perform a Mathematical Transformation On Data In Fixed-Size Blocks, One

At a Time.• The Cipher Mode Determines How The Algorithm Is Applied To Data Streams,

Block-By-Block• Block Ciphers are Fairly Similar From a Functional Point-of-View• We’ll Now Look at an Example of One Well-Known Block Cipher in Detail...

DES Algorithm

Message EncryptedMessage

DES Key

Encrypt

Anatomy of DES

Original Message Stream is Broken Into 64-Bit Blocks (8 Ascii Characters)

64-Bit Block of Original Text

Each Block is Separately Fed Into The DES Algorithm

(Hence the Term Block Cipher)

56-Bit Key

The Reduced 56-Bit Key Becomes The Working DES Session Key

The Keysize is Reduced to 56 Bits During The Initial Permutation

Bits 8,16,24,32,40,48,56,64

The Original DES Key is 64 Bits

Anatomy of DES64-Bit Block of Original Text

Initial Permutation

64-Bit Block of Original Text 56-Bit Key

Anatomy of DES

Original Right Half is

Copied to New Left Half

The 32-Bit Right Half of The Input Block is Copied Into the Left Half of The Output Block

32-Bit Right Half

48-Bit ExpandedRight Half

Expansion

Blocking

The 32-Bit Right Half of The Input Block is Then Expanded to 48-Bits

Old Right Half

Old Right Half


32-Bit Right Half


48-Bit SubKey

Expansion

Blocking

Permutation



Anatomy of DES

Old Right Half

The 56-Bit Session Key is Further Reduced to a 48-Bit SubKey

Anatomy of DES

S5 S6 S7 S8S1 S2 S3 S4

Inside Each Register, 2-bits are Used as Control Bits, and 4-bits as Data

A Substitution Table is Used Inside Each Register to Calculate Its Output

The Input is Shifted Into the S-Registers in 6-bit groups.

The S-Registers Perform Substitution and Compaction, Converting the 48-Bit Block to 32-Bits

Anatomy of DES

S-Register 1 2 3 4

Control Left (CL)

Control Right (CR)

For Each of the Four Choices of the Two “Control Bits” , the S-register Performs a Different Substitution on the Half-byte Values of the Four “Input Bits”

CL CR 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

0 0 14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7

0 1 0 15 7 4 14 2 13 1 10 6 12 11 4 5 3 8

1 0 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0

1 1 15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13

Example: S(1, 0, 1, 1, 1, 0) {

7

11 00 11 11 11 00

= (1, 0, 1, 1){

11

1111 00 11

New Right Half


32-Bit Right Half


48-Bit SubKey

S5 S6 S7 S8S1 S2 S3 S4

Permutation

Expansion

Blocking

Permutation



Substitution and Compaction

Anatomy of DESOld Left Half

Old Right Half New Right Half


32-Bit Right Half


48-Bit SubKey

New 64-Bit Block (To Next Round)

S5 S6 S7 S8S1 S2 S3 S4

Permutation

Expansion

Blocking

Permutation



New Right Half

Substitution and Compaction

Anatomy of DESNew 64-Bit Block

Triple Des Algorithm (TDES)

DESDecrypt

EncryptedData

%4Jb3xy

• Implements 3 Successive Iterations of DES

DESEncrypt

DESEncrypt

CryptoTextE%f2$Uz7@W

MessageDebit $500

Key #1

Key #2

EncryptedData

vG$uvbpA

Key #1 or #3

• Uses Two or Three 56-Bit Keys (112-bit or 168-bit)


• Strengthening Encryption Algorithms– Strength of an Algorithm Measures How Long It Would Take an

Adversary to Deduce the Key

The More Difficult the Mathematics, the Stronger the Algorithm

The Longer the Key, the Stronger the Algorithm

The More Often the Key Is Changed, the Stronger the Security

The Stronger the Algorithm, the Slower it Usually is Due to the Mathematical Overhead Required

Asymmetric Cryptography

Most commonly known as Public Key Cryptography

1. Key Generation

• Key pair is use in public key cryptography– Key generation provides the basis for trust– Private key protected and never shared– Public key bound in certificate and shared

Key PairGeneration

PrivateKey

PublicKey

CertificationAuthorityUser Name

OrganizationLocation Digital

Certificate

End UserToken

X.509Directory

A Digital Signature Is a Special Block That is Appended

to an Electronic Message.

Signature Block

Stock PurchaseOrder

2. Digital Signature

Allows for Verification of the AUTHENTICATION of

the Sender and of the INTEGRITY of the content of an Electronic Message.

Only Public-key Techniques Can Provide This.


How Alice Creates A How Alice Creates A Digital SignatureDigital Signature

AA AliceAlice

Alice’s Private KeyAlice’s Private Key

SSecureecureHHashashAAlgorithmlgorithm

Dear Sir,Dear Sir,

Please Send Please Send

Me The Me The

Widget. Widget.

Please Please

Charge VISA Charge VISA

Card 4123...Card 4123...


How Alice Creates A How Alice Creates A Digital SignatureDigital Signature

AA AliceAlice

Alice’s Private KeyAlice’s Private Key

Message Digest (160 bits)

Dear Sir,Dear Sir,

Please Send Please Send

Me The Me The

Widget. Widget.

Please Please

Charge VISA Charge VISA

Card 4123...Card 4123...

SSecureecureHHashashAAlgorithmlgorithmSignatureSignature

Encrypt

Digital Signature

VERIFIED


• Sender uses private key to sign• Receiver uses sender’s public key to verify• Result is Pass or Fail

Sign

Sender’sPrivate

Key

SENDER

DigitallySigned

RECEIVER

Verify

Sender’sPublicKey

Sender’sCertificateSender’s

Token

VERIFIED

This is plain

text. It can

be a document,

image, or any

other data file

This is plain

text. It can

be a document,

image, or any

other data file

Algorithms for Digital Signature

• Digital Signature Algorithm (DSA)– Federal Standard (FIPS 186)

• Secure Hash Algorithm (SHA-1)• Rivest Shamir Adleman (RSA)

• Message Digest #5 (MD5)• Elliptic Curve Digital Signature Algorithm (ECDSA)

r=(gk mod p) mod qs=(k-1(H(m)+xr)) mod q

c=me mod nm=cd mod n

Digitized vs. Digital SignatureDigitized vs. Digital Signature

A A DigitizedDigitized signature is a scanned image that can be pasted signature is a scanned image that can be pasted on any documenton any document

A A DigitalDigital Signature is a numeric value that is created by Signature is a numeric value that is created by performing a cryptographic transformation of the data using performing a cryptographic transformation of the data using the “signer’s” private key the “signer’s” private key

1A56B29FF6310CD3926109F200D5EF719A274C66821B09AC3857FD62301AA2700AB3758B6FE93DD

Digitized Signature Digital Signature

Digital Certificates

• Analogous to a Driver’s License or Employee Badge– Issued By Some Authority That Members Have in

Common– Issued Under Some Set of Rules (Policies)– Document Issued Contains Public Information

• Not Sensitive• Not Compromising

– Provides Trust to Peers, Identification to Others

1. Message Encryption

• Use token to generate a random message key• Encrypt message with symmetric algorithm (DES)

Sender’s Token

DES

This is plain text. It can be a document, image, or any other data file


MessageKey

SENDER

Use RNG toGENERATE

2. Key Transport (Wrap)

• Encrypt message key with sender’s private key and recipient’s public key and a public key algorithm (RSA)

RSA

Sender’sPrivate

Key

SENDER

Sender’s Token

MessageKey

Recipient’sPublicKey

Recipient’sCertificate

(From previous step)

WrappedMessage Key

3. Compose Message

• Send wrapped message key, encrypted message, and (optionally) sender’s certificate to recipient

WrappedMessage Key


EncryptedMessage

SENDER

Sender’sCertificate

S/MIME, MSPS/MIME, MSP

4. Key Transport (Unwrap)

• Use the sender’s public key and the recipient’s private key to unwrap the message key with public key algorithm (RSA)

RSA

MessageKey

WrappedMessage Key

Recipient’sPrivate

Key

Recipient’s Token

Sender’sPublicKey

Sender’sCertificate

RECIPIENT

• Diffie-Hellman Works Because of a One-Way Function – The Function Is “Easy” to Compute but the Inverse Is “Hard” to Compute.

• Specifically D-H Uses Discrete Exponents and Discrete Logs.

Bob Alicegb

gagb mod p ga mod p

logg (x)

(easy)(easy) (hard)(hard)

Alternative Key Exchange MethodThe Diffie-Hellman Public Key System

Bob Alice

80

110

Secret = 8 Secret = 11

Igor knows 1010, 80 & 110Division Required!

Public = 8 x 10 10 = 80 Public = 11 x 10 10 = 110

Diffie-Hellman• Return to the 3rd Grade...

– Multiplication Is “Easy” and Division Is “Hard”• Diffie-Hellman Is Based on “X” and “/”• Bob and Alice Share a Generator (a) Value “10”

= 11 x 80 = 880= 8 x 110 = 880 MessageKey

5. Message Decryption

• Use unwrapped (RSA) or computed shared (D-H) message key to decrypt the data using a symmetric algorithm (e.g., DES)



MessageKey

RECIPIENT

This is a critical noteon our 1999revenue ...

$):”<(%$%&(@?<:”^%:)(*&%@#%(*^$+#@

KRFKEY

RECOVERYAGENT

KEYRECOVERY

AGENT

Basic Key Recovery

Encrypted DataEncrypted Data

KRF Key Recovery FieldKey Recovery FieldMessage KeyMessage Key

Private KeyPrivate Key

Public KeyPublic Key

Using Security Services


• Client Authentication on a Web Server– Netscape, Microsoft– Compared to Access Control List on Server

• Server Authentication on a Web Client– Netscape, Microsoft– Stops Man-in-the-middle Attack

• Message Authentication– S/MIME E-mail Message– Netscape, MS Outlook Express 98

• Audit– Authentication of User Provides Non-repudiation of Client Access – May Provide Legal Proof for Later Arbitration

Digital Signatures


• Confidentiality– Link Encryption

• IPSec (Layers 2/3)– Secure tunnel between VPN boxes

• SSL (Layers 4/5)– Secure “tunnel” to web server– Netscape, Microsoft

• FTP (Layers 6/7)– Secure file transfer

PKIPublic Key

Infrastructure

Digital Certificates

X.509User Info +

Public Key

Certification Authority

• Certification Authority acts as a trusted third party:– Binds user information to public key.– Issues an unforgeable certificate.

• Digital certificate can be published in a public directory/repository.• Digital certificate can be used to provide the required security services: integrity,

confidentiality, authentication, authorization, and non-repudiation.• ITU Recommendation X.509 is the accepted standard for digital certificates in

Government and industry.

Digital Certificate

X.509 Certificates (cont.)

• X.509 Version 3 certificates:– Defined extensions that can be added to the base

certificate:• public key information• policy information• additional subject attribute information• constraint information• CRL information

– Widely accepted in Gov’t and industry.– Commercial and Gov’t implementations.

Public Key Infrastructure

Public KeyCertificates

CertificationAuthorities

PKIServices

Public Key Infrastructure

InformationDist. & Mgmt

RegistrationManagement

Public KeyManagement

CertificateManagement

X.509

TokenManagement

Risk Reduction and PKI

BusinessRequirements

Legal Requirements

Technology Requirements

X.509

Cryptographic Security Solutions:

Provide Security Assurances: Privacy/Confidentiality Data Integrity Source and Destination (Client/Server/User) Authentication Access Control Non-Repudiation

Support The Emerging PKI Marketplace

PKI Security Solutions: Enable Enterprise E-Commerce

Issue, Manage, Revoke Certificates Apply Enterprise Certificate Policies and Procedures

Summary

demystifying pki: introduction to the cryptography behind public key infrastructure

Documents

data stream

string of data

key string

improper use of encryption

export of encryption

secretkey algorithmssymmetric

functionrepeating key

complex mathematical