CSCE 790 Secure Computer Systems PKI and Kerberos Professor Qiang - - PowerPoint PPT Presentation

csce 790 secure computer systems pki and kerberos
SMART_READER_LITE
LIVE PREVIEW

CSCE 790 Secure Computer Systems PKI and Kerberos Professor Qiang - - PowerPoint PPT Presentation

Nov 18, 2022 42 likes •304 views

CSCE 790 Secure Computer Systems PKI and Kerberos Professor Qiang Zeng Spring 2020 Previous Class Important Applications of Crypto User Authentication verify the identity based on something you know Sending the

slide-1
SLIDE 1

CSCE 790
 Secure Computer Systems


PKI and Kerberos

Professor Qiang Zeng Spring 2020

slide-2
SLIDE 2

Previous Class

  • Important Applications of Crypto

– User Authentication

  • verify the identity based on “something you know”
  • Sending the password over a secure channel
  • Challenge-response Hash(c || PA) over an insecure channel

– Data Integrity

  • Verify whether the data has been tampered with
  • MAC or Digital Signature

– Confidentiality

  • Diffie-Hellman Key Agreement

– For Forward Secrecy

CSCE 790 – Computer Systems Security 2

slide-3
SLIDE 3

DH Key Agreement

CSCE 790 – Computer Systems Security 3

slide-4
SLIDE 4

Key Sizes for the Diffie-Hellman Cipher

  • A = ga mod p
  • p should be >= 2048 bits, similar in RSA’s n
  • a and b should be >= 224 bits to achieve 112

bits key strength

  • g does not matter much, e.g., g can be 2

CSCE 790 – Computer Systems Security 4

slide-5
SLIDE 5

Previous class…

CSCE 790 – Computer Systems Security 5

How to achieve authentication and data integrity of communication over an insecure channel ? Two ways: (1) Alice sends the MAC along with the message, and the MAC is created using the key shared between Alice and Bob (2) Alice signs the message and sends the signature along with the message

slide-6
SLIDE 6

Previous class…

CSCE 790 – Computer Systems Security 6

Why is Diffie-Hellman Key Agreement subject to the man-in-the- middle Attack?

slide-7
SLIDE 7

Outline

  • PKI

– Digital Certificate – Certificate Authority – Verifying Certificates and Chain of Trust – Revoking Certificates

  • Kerberos

CSCE 790 – Computer Systems Security 7

slide-8
SLIDE 8

SSL Handshake: a simple version that does not provide forward secrecy

CSCE 790 – Computer Systems Security 8

RAlice and RBob are nonce numbers; {S}Bob: Alice selects a key (formally called the pre- master secret) and encrypts it using Bob’s public key; K is the master secret, which is used to derive the shared secrets/session keys for encryption and MAC for the session

slide-9
SLIDE 9

SSL Handshake with forward secrecy

CSCE 790 – Computer Systems Security 9

slide-10
SLIDE 10

Whose Public Key?

  • A Public Key is just a stream of bits
  • How do you know whose public key it is?
  • When one shows you her public key and claims

she is gmail.com, how to verify whether it is true

  • r a lie?
  • When logging on pnc.com, how do you know

whom you are providing the password to?

  • What if your private key is leaked and you want

to change the corresponding public key?

CSCE 790 – Computer Systems Security 10

slide-11
SLIDE 11

Digital Certificate

  • A Digital Certificate (also called Public Key

Certificate) is a file proving that a public key belongs to some entity

  • Public-Key Infrastructure (PKI) is the

infrastructure that manages (issues, uses, revokes) digital certificates

– E-commerce – Online banking – Confidential emails – …

CSCE 790 – Computer Systems Security 11

slide-12
SLIDE 12

What is inside a certificate?

  • Public key
  • Subject: the entity that owns the public key

– E.g., gmail.com, pnc.com, citi.com

  • Issuer: the entity that issued the certificate
  • Signature: the issuer signs the certificate and

generates the signature

  • Other info.: effective time, etc.

CSCE 790 – Computer Systems Security 12

slide-13
SLIDE 13

X.509 Digital Certificates

  • Version Number
  • Serial Number
  • Signature Algorithm ID
  • Issuer Name
  • Validity period

– Not Before – Not After

  • Subject name
  • Subject Public Key Info

– Public Key Algorithm – Subject Public Key

  • Extensions (optional)

– ...

  • Certificate Signature Algorithm
  • Certificate Signature

CSCE 790 – Computer Systems Security 13

slide-14
SLIDE 14

qiang@Qiangs-MacBook-Air:~$ openssl s_client -connect google.com:443 2>/dev/null |

  • penssl x509 -in /dev/stdin -noout -text

Certificate: Data: Version: 3 (0x2) Serial Number: 56:75:bc:e5:ef:d8:ad:69 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2 Validity Not Before: Dec 15 13:48:27 2016 GMT Not After : Mar 9 13:35:00 2017 GMT Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:a8:71:81:2e:40:17:a6:57:fe:6f:db:95:21:5c: d6:24:26:54:98:2a:48:... Exponent: 65537 (0x10001) … Signature Algorithm: sha256WithRSAEncryption 59:3f:cd:1d:eb:7f:98:39:f4:17:94:e1:56:7c:7d:27:3f:71: 24:15:b6:4f:84:8c:e3:58:6f:7a:cc:f3:…

CSCE 790 – Computer Systems Security 14

slide-15
SLIDE 15

Who issues certificates?

  • Certificate Authority (CA)
  • A Root CA issues certificates to intermediate

CAs, which further issue certificates to others

– It is much more flexible than relying on a Root CA to issue certificate – E.g., geotrust.com is a Root CA, which issues a certificate to Google, which further issues certificates to its domains such as google.com, mail.google.com

CSCE 790 – Computer Systems Security 15

slide-16
SLIDE 16

Who does a CA consult?

  • A CA usually sets up a functional department of

RA

  • A Registration Authority (RA) is an authority that

accepts, processes and verifies user requests for a digital certificate by checking the requester’s identity

  • Once the requester’s identify is verified, the RA

forwards the request to the certification authority to sign and issue a digital certificate

CSCE 790 – Computer Systems Security 16

slide-17
SLIDE 17

Tree of Certificates (per Root CA)

CSCE 790 – Computer Systems Security 17

slide-18
SLIDE 18

Chain of Trust

  • A Digital Certificate is verified using a Chain of Trust,

i.e., from the bottom up along the tree of certificates until reaching the root

– The certificate of a Root CA is called the Root Certificate – The Trust Anchor is the Root CA

  • Root Certificates are pre-installed in your browsers.

Your browser company assumes that you trust the corresponding Root CAs

– Top Root CAs: Comodo, VeriSign (Symante), GoDaddy – You do not really have much choice; essentially, you trust Chrome, Safari, IE

CSCE 790 – Computer Systems Security 18

slide-19
SLIDE 19

How to verify a digital certificate? -- Example

Certificates are verified from the bottom up

  • (1) Verify the certificate for www.pnc.com
  • (2) Verify the certificate for “Symantec Class 3 EV

SSL CA – G3”

  • (3) The browser notices that the certificate in step

(2) was signed by a root CA and thus accepts it

CSCE 790 – Computer Systems Security 19

slide-20
SLIDE 20

What if you have leaked the private key?

  • A certificate may be revoked

– Private key is stolen – Certificate owner is found illegal – The organization is deleted

  • A Certificate Revocation List (CRL) is a list of the

serial numbers of revoked certificates

– Created and signed by a CA

  • It means that whenever you verify a certificate,

you need to consult the current CRLs

– Complicated PKI; one of its main disadvantages

CSCE 790 – Computer Systems Security 20

slide-21
SLIDE 21

Question

CSCE 790 – Computer Systems Security 21

Why does each X.509 digital certificate have an expiration date? A revoked certificate can be removed from the CRL once the current time reaches the expiration date. Without expiration dates, the CRLs would grow indefinitely. Another reason is that CAs love money.

slide-22
SLIDE 22

Kerberos

  • A client sends a request for a ticket to the Key

Distribution Center (KDC)

  • The KDC creates a ticket-granting ticket (TGT)

for the client, encrypts it using the client's password as the key, and sends the encrypted TGT back to the client

  • The TGT, which expires at a specified time,

permits the client to obtain additional tickets for accessing services

CSCE 790 – Computer Systems Security 22

slide-23
SLIDE 23

Kerberos supports Single Sign-On (SSO)

CSCE 790 – Computer Systems Security 23

*TGT: Ticket-Granting Tickt

slide-24
SLIDE 24

Main Limitation of Kerberos

  • Single point of failure: it requires that the KDC

be online. If the KDC fails, the whole authentication system fails.

CSCE 790 – Computer Systems Security 24

slide-25
SLIDE 25

Kerberos vs PKI

  • Both PKI and Kerberos can be used for

authentication; But PKI is mainly used to authenticate a service, while Kerberos is to authenticate both services and users

  • PKI mainly builds on asymmetric cryptography,

while Kerberos mainly builds on symmetric cryptography

  • PKI is used over the Internet, while Kerberos is

typically used within a single organization

CSCE 790 – Computer Systems Security 25

slide-26
SLIDE 26

Writing Assignments

  • Is PKI subject to Single Point of Failure?
  • What is the big pain of PKI?

CSCE 790 – Computer Systems Security 26