Upload
tanika
View
37
Download
1
Embed Size (px)
DESCRIPTION
USC CSci599 Trusted Computing Lecture Five – Key Management February 9, 2007. Dr. Clifford Neuman University of Southern California Information Sciences Institute. Announcements. Assignment due today. Those that didn’t get TVSA paper last week see me. Mid-term in two weeks - PowerPoint PPT Presentation
Citation preview
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
USC CSci599Trusted ComputingLecture Five – Key ManagementFebruary 9, 2007
Dr. Clifford Neuman
University of Southern California
Information Sciences Institute
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Announcements
• Assignment due today.
• Those that didn’t get TVSApaper last week see me.
• Mid-term in two weeks
• For the most relevant of the assignments turned in I will be contacting you about presenting to the class.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Cryptography in Use
• Provides foundation for security services– Provides confidentiality– Validates integrity– Provides data origin authentication– If we know the key
• Where does the key come from– Straightforward plan
▪ One side generates key▪ Transmits key to other side▪ But how?
• How is the key protected– This is a key problem in security
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Key Management
• Key management is where much security weakness lies
– Choosing keys
– Storing keys
– Communicating keys
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
What to do with keys
• Practical issues– How to carry them
▪ Passwords vs. disks vs. smartcards, vs. hardware.
– Where do they stay, where do they go– How many do you have– How do you get them to begin with.– When can you use them.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Key Management and Trusted Computing
• Protecting the keys needed for trusted computing.
– This is the role of the TPM
– We will discuss how this is done.
• Using trusted computing to protect the keys needed for other applications.
– This can be a role for trustedcomputing in general.
– The TPM plays a role, but the rest of the system must extend this protection through the application stack.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
What it means to protect a key
• Prevent disclosure– A manageable problem in some
situations.• Prevent use of the key for unauthorized
purposes.– A much harder problem
• How do we preserve or transport keys?
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Key Distribution
• Conventional cryptography– Single key shared by both parties
• Public Key cryptography– Public key published to the world– Private key known only by owner
• Third party certifies or distributes keys– Certification infrastructure– Authentication
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
KDC Based Key Distribution
• User sends request to KDC: {s}• KDC generates a random key: Kc,s
– Encrypted twice: {Kc,s}Kc, {Kc,s}Ks
– {Kc,s}Kc called ticket – Ticket plus Kc,s called credentials– Ticket is opaque and forwarded with
application request• No keys ever traverse net in the clear
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Public Key Distribution
• Public key can be public!
– How does either side know who and what the key is for? Private agreement? (Not scalable.)
• Does this solve key distribution problem?
– No – while confidentiality is not required, integrity is.
• Still need trusted third party
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Recovery from exposed keys
• Revocation lists (CRL’s)– Long lists– Hard to propogate
• Lifetime / Expiration– Short life allows assurance of validitiy
at time of issue.• Realtime validation
– Online Certificate Status Protocol (OCSP)
• What about existing messages?
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Key Management Overview
• Who needs strong secrets anyway
– Users?
– Servers?
– The Security System?
– Software?
– End Systems?
• Secret vs. Public
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Group Key Management
• Group key vs. Individual key
– Identifies member of groups vs. which member of group
– PK slower but allows multiple verification of individuals
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Trust models for certification
• X.509 Hierarchical
– Single root (original plan)
– Multi-root (better accepted)
– SET has banks as CA’s and common SET root
• PGP Model
– “Friends and Family approach” - S. Kent
• Other representations for certifications
• No certificates at all
– Out of band key distribution
– SSH
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Certification Infrastructures
• Public keys represented by certificates
• Certificates signed by other certificates
– User delegates trust to trusted certificates
– Certificate chains transfer trust up several links
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Key in Trusted ComputingSlide by Arun Viswanathan
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Endorsement Key
• Every TPM has unique Endorsement key
– Semi-root of trust for system
▪ Real root is CA that signs public key associated with Endorsement key
– Generated and installed during manufacture
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Storage Root Key
• Root of Key Hierarchy for managing keys related to TPM (except EK)
– Root key never leaves TPM
– Can be changed to reinitialize ownership.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Storage Keys
• Can protect data
• Can protect other keys
• Some storage keys may be migrated.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Binding Key
• Private key to decrypt data perhaps encrypted by others using a public key
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Using Encryption
• LoadKey
– Generated or imported
• Sign
– Signs Data Presented to TPM
• Unbind
– Decrypt data from elsewhere in a public key
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Using Encryption
• Seal/Unseal
– Encrypt and subsequent decrypt
– This TPM Only
– PCRs must be correct
• Quote
– Sign current value of PCR
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Using Encryption
• CreateWrapKey– Creates and encrypts for transfer a new
RSA key• MakeIdentity
– Creates an Attestation Identitykey for a user
• TakeOwnership– Reinitialize TPM, and erases old keys
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Applications
• Authentication• Login checking• Digital Signatures on document• Email• Disk Encryption• Electronic commerce • Financial transactions• Broadcast access control (e.g. Satellite TV)
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Authentication
• User key may be needed from multiple machines.
– Either user enters it (vulnerable)
– Stored and used in smartcard (better)
• Transferred between and stored in TPMs.
– But how to validate presence of user
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Encryption Based Authentication
• Proving knowledge of encryption key– Nonce = Non repeating value
{Nonce or timestamp}KCS
C S
But where does Kc come from?
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Login Checking
• Traditional crypto-based login checking is to obtain user key and use it to authenticate to the TCB.
– But if the user key is in the TPM, or in a smartcard, it reduces to some kind of secret based authentication (e.g. password), or alternatively a biometric.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Digital Signatures
• Key used to “sign” document must be carried and stored where used.
– Can be stored in TPM, or protected so that it can only be accessed by TPM
– TPM applies signature, or yields key used to apply signature in other software.
– Must address issue of when key may be used, and to whom it may be given.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
• Digital signature for sending
• Authentication for retrieval
• Unsealing based on binding key for received encrypted email.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Disk Encryption
Covered in earlier lecture• Full Disk Encryption
– Key in register in disk– Or key in TPM and data encrypted/decrypted
by TPM• Seagate Drive uses register in Disk
– Key must be loaded– User prompt at BIOS– Or managed by TPM
▪ But OS image maybe on disk, how to get
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Ecommerce and Financial Transactions
• Some keys and assets may need to be protected against user
– Stored value cards
• Others are protected for the user
– Keys that authenticate requests by user, such as checks or credit card documents.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Satellite TV
Captured Content For Channel 1
Video Tape Recorder (VTR)
Video Encoder
Captured Content For Channel n
Video Tape Recorder (VTR)
Video Encoder
Scrambler
Conditional Access System
ModulatorUplink to Satellite
Multiplexer
Slide from Nilesh Maheshwari
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE
Satellite TVSlide from Nilesh Maheshwari
Paid Channels from Content Provider A
Set-top Box of Content
Provider AVideo Encoder
Paid Channels from Content
Provider B
Set-top Box of Content
Provider B
Video Encoder
Scrambler
Conditional Access System
ModulatorTo Subscribers or End-user’s STB
MultiplexerDownlink from
satellite
Unpaid Channels from Various Content Providers
QPSK TS Converter
Video on Demand System