1 / 9

Compliance Defects in Public-key Cryptography

Compliance Defects in Public-key Cryptography. Presented by Gene Yang.

teleri
Download Presentation

Compliance Defects in Public-key Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Compliance Defects in Public-key Cryptography Presented by Gene Yang “ A public-key security system trusts its users to validate each others’s public keys rigorously and to manage their own private keys securely. Both tasks are hard to do well, but public-key security systems lack a centralized infrastructure for enforcing users' discipline. ” By Don Davis.

  2. Outline • Public-key infrastructure services • How public-key infrastructure (PKI) works • Compliance Defects • Conclusion

  3. Public-key Infrastructure services • A public-key security system comprise three infrastructure services • Certification Authority (CA) • Signs users’ public keys • Directory • Public-access database of valid certificates • Certificate Revocation List (CRL) • Public-access database of invalid certificates

  4. Private key CA (root) Public key ID Public Key CA CA Root CA’s Private key CA CA Certificate User ID Info User’s Public Key CA ID Info Digitally signed by CA’s private key Root CA’s Public Key How PKI Works 1. Key Creation • The user create a new key pair. • The user proves his ID to CA (not electronically). • The CA signs a certificate that names the user • as the bearer of his new public key. • The user also recerives the Root CA’s • public key for later use. • The user chooses a secret passphrase, and • uses it to encrypt his asymmetric private key. 2. Single Sign On • At login, the user types his pass • phraseto decrypt his private key. • With his private key, the user • participates in public-key protocols.

  5. How PKI works cont. 3. Authenticating Others • The user either exchanges certificates directly with other users,or he get others' certificatesfrom the Directory service. • Before using a certificate, the user must check the CRLfor notice of the certificate's revocation. • Must validate the CA's signature. 4. Password-Change • The user should regularly change the passphrase with which he decrypts hisasymmetric private key. 5. Key-Revocation • Certificates are timestamped to expire after a few months or a year. • If a user's passphrase or his private key is compromised, then he must inform the CRLadministrator,who disseminates a notice that the corresponding public-key certificate has been revoked • The user should check the CRL every time he uses a certificate, because the CRL may beupdated at any moment.

  6. Compliance Defects • Authenticating the User. • CA signs public-key certificate. • Problem: CA cannot trust electronic assurances of new user. • Face to face identification checks are required. However, it becomes unrealistic. • Authenticating the CA. • A user must authenticate public key certificate by checking its certifying signature and the signature on each public key in its chain of CAs. • Problem: public-key crytography cannot afford the user any automatic procedure for validating the top-level CA key. • Keep root key in the smart card or under the pass phrase’s encryption.

  7. Compliance Defects Cont. • Certificate Revocation Lists. • When a user's public key must be removed from use, the only way to enforce prompt revocation is to check every certificate before use against a Certificate Revocation List. • Problem: a rigorous check of a certificate's validity requires that the public key of each CRL in the chain to the Root has to be revocation-checked. • This extra performance burden makes it likely thatpublic- key deployment is proceeding without a revocation infrastructure.

  8. Compliance Defects Cont. • Private-Key Management. • The user must keep his private key in memory throughout his login session. • Problem: it exposes a long-lived secret, the private key. • Private key can be compromised by physical theft, viruses and Trojan-House programs. • Pass phrase Quality. • User don't share their passphrases with any security service or administrator. • Problem: there is no way to enforce expiration or quality controls on pass phrases. • If the user find the controls of local pass phrase is inconvenient, he can just use a more lenient program to encrypt his private key.

  9. Conclusion • Public-key's decentralized nature actually places a lot of trust on users, that properly belongs to the security infrastructure and its administrators. • Question: Is that public-key cryptography best suited to securing communications between servers or desktop applications?

More Related