Introduction to Public Key Infrastructure (PKI)

Office of Information Security

The University of Texas at Brownsville & Texas Southmost College

Topics

Goals of Secure Messaging

How Asymmetric Key Systems Meet These Goals

Attacks Against Asymmetric Key Systems

How PKI mitigates these attacks

Goals for Secure Messaging

Confidentiality

Integrity

Data Origin Authentication

Non-repudiation

Goals For Secure Messaging Confidentiality: messages are kept private

Integrity: messages have not been altered in transit

Data origin authentication: recipient has assurance that the message really came from the ostensible author

Non-repudiation: author may not later claim that she did not write a certain message

How do we achieve these goals?

Confidentiality can be achieved via symmetric key systems or asymmetric key systems

Each has its benefits and drawbacks

Symmetric Key Systems

Same key is used for encryption and decryption

Alice generates a key and uses it to encrypt a message

Alice sends this key along with her message so that Bob can decrypt the message

Asymmetric Key Systems

Uses two separate keys: one for encryption and decryption

Private key – kept secret and never shared

Public key – advertised publicly as part of your certificate

Symmetric/shared secret/session key - This key is generated for one-time or one-session use, and then discarded.

THE KEYS

Private Key Public KeySymmetric KeyShared Secret KeySession Key

Asymmetric Cryptography

Alice obtains Bob’s public key and encrypts the message using that key

Only Bob’s private key can decrypt the message, which ensures that only Bob can read the message

(Probably)

Additional Benefits of Asymmetric Key Systems

Asymmetric key systems also provide integrity, data origin authentication, and non-repudiation

Alice can use her private key to “sign” a document

Bob knows that the message really came from Alice, and that the message has not been altered in transit (integrity)

Integrity with Digital Signatures

Digital signatures also provide integrity via a process called hashing

A hash also “encrypts” a message, but in this case, the goal is not confidentiality.

A hash is a “non-invertible” or one-way function, which means that once a hash is performed on a message, you cannot get the original message back

Hashing, continued

Hash algorithm defined: a one-way “encryption” algorithm that takes a message of any length and produces a smaller, unique output message

Analogy: Your fingerprint is a smaller version of you that uniquely identifies you, but you cannot be reconstructed from your fingerprint

Remember that hashing does not keep your data private!!!

How Hashing Creates a Signature

Alice hashes her message, then encrypts the hash with her private key

This process creates a “signature” that is appended to a plaintext message

Bob obtains Alice’s public key, decrypts the signature to uncover the plaintext hash, then runs the same hash function on the plaintext message.

Signing Messages - Alice

Message

Message Digest1

HHashAlgorithm

Encrypted Digest

(Digital Signature)

Message

Signing

Encrypted Digest(Digital Signature)

Alice’s private key

Receiving - Bob

Message H Message Digest2

Receiving

HashAlgorithm

Encrypted Digest(Digital Signature)

Message Digest1

Alice’s public key

Match?

Problems with Asymmetric Key Systems

Computational load for encryption

Man-in-the-middle attacks: public key substitution and signature forging

Computational Overhead

Asymmetric systems provide better security, but symmetric systems provide better performance

Solution: use the symmetric key to encrypt and decrypt the data; use public and private keys to encrypt and decrypt the symmetric key

Putting it All TogetherMessage Encrypted Message

Symmetric Key

Bob’s Public Key

Encrypted Symmetric Key

Digital Envelope

Putting it All Together

MessageEncrypted Message

Symmetric Key

Encrypted Symmetric Key

Digital Envelope

Bob’s Private Key

Attacks Against Asymmetric Key Systems

Public Key Substitution Risks

Public-Key Substitution Risk Molly can remove Bob’s public key and replace it

with her own. Then Alice encrypts using “Bob’s” public key.

Molly intercepts the message, decrypts it with her own private key, and modifies it.

Molly re-encrypts it with Bob’s real public key. Bob can decrypt it with his private key, so he never detects the attack.

Forging Signatures Molly removes Alice’s public key and replaces it

with her own.

Alice signs a message with her private key. Molly intercepts it, strips the signature, then modifies the message.

Molly creates a new signature for the message using her own private key.

Forging Signatures

Bob receives the signature and decrypts it with “Alice’s” public key.

Bob also runs the hash over Molly’s bogus message and verifies the signature.

The Problem

We need a way to tie a public/private key pair to a person

A digital signature only ties a message to a private key, not to a person!

The Solution We need a trusted third party that can

authoritatively bind a key pair to a person

This trusted third party is called a “certification authority” (CA)

The CA issues a digital certificate to each user, which contains the public key for that user

Certificates: Binds a Person to a Key Pair

The public key (embedded in a digital certificate) is in a public directory that is freely accessible

Now when you download someone’s public key, you know that it belongs to a specific person

How This Binding is Accomplished

The CA has a public and private key pair, just like people and devices

The CA uses its private key to sign the body of the certificate, just as people use personal private keys to sign messages

To verify, one must use the CA’s public key to decrypt the signature, just as one would verify a personal signature from another user!

How This Binding is Accomplished

If the CA is a widely recognized authority, its certificate (along with its public key) will already be embedded in browsers

Two matching hashes ensure that the contents of the certificate have not been tampered with – certificate integrity

X.509 Certificate Format

Validity PeriodIssuer X.500 distinguished name

Subject X.500 distinguished name

Serial Number

Public keyKey/certificate usage

ExtensionsCA Digital Signature

ReviewThis slide will help you check your understanding of digital IDs

Define confidentiality, integrity, data origin authentication, and non-repudiation

What does it mean when I receive a message that is digitally signed? What does it mean when I receive a message that is encrypted?

From a technical standpoint, how do I send a message with a digital signature? How do I send an encrypted message?

What could happen if someone were to obtain my private key? What security goals does this weaken? What is the most secure way to maintain the private key?