next generation secure public key infrastructures
play

Next-Generation Secure Public-Key Infrastructures Pawe Szaachowski - PowerPoint PPT Presentation

May 14, 2023 •359 likes •757 views

Next-Generation Secure Public-Key Infrastructures Pawe Szaachowski Network Security Group, ETH Zrich Public Key Infrastructure (PKI) Scalability issues with symmetric crypto Distribution Challenges in managing n secrets

  1. Next-Generation Secure Public-Key Infrastructures Paweł Szałachowski Network Security Group, ETH Zürich

  2. Public Key Infrastructure (PKI) ▪ Scalability issues with symmetric crypto • Distribution • Challenges in managing n secrets Symmetric keys 2

  3. Public Key Infrastructure (PKI) ▪ Scalability issues with symmetric crypto • Distribution • Challenges in managing n secrets ▪ Asymmetric crypto (DH, RSA, … ) solves the scalability problems, ... but creates a new one: ▪ How to ensure that public-key is accessible and authentic ? Symmetric keys PKI (public keys) 3

  4. Current SSL/TLS PKI Model ▪ SSL/TLS Protocol ▪ Certification Authority (CA) is trusted by clients and domains ▪ Step (1) performed one-time per certificate CA a.com (1) a.com Client a.com 4

  5. Current SSL/TLS PKI Model ▪ SSL/TLS Protocol ▪ Certification Authority (CA) is trusted by clients and domains ▪ Step (1) performed one-time per certificate CA a.com (1) a.com ClientHello (2a) ServerHello a.com (2b) Client a.com 5

  6. Problem with current SSL/TLS PKI: 
 Weak certificate authentication ▪ Certificates signed by single CA • Currently, cannot sign certificate by multiple CAs ▪ Weakest-link security with too many trusted entities • Current browsers trust ~1500 keys that can issue valid certificates Man-In-The-Middle attack: ... CA4 CA1 CA3 CA2 a.com Attacker a.com Client 6

  7. Problem with current SSL/TLS PKI: 
 Weak certificate authentication ▪ Certificates signed by single CA • Currently, cannot sign certificate by multiple CAs ▪ Weakest-link security with too many trusted entities • Current browsers trust ~1500 keys that can issue valid certificates Man-In-The-Middle attack: ... CA4 CA1 CA3 CA2 (2) (1) ClientHello (3) ServerHello a.com Attacker a.com a.com Client 7

  8. Problem with current SSL/TLS PKI: 
 Weak certificate authentication ▪ Certificates signed by single CA • Currently, cannot sign certificate by multiple CAs ▪ Weakest-link security with too many trusted entities • Current browsers trust ~1500 keys that can issue valid certificates Man-In-The-Middle attack: ... CA4 CA1 CA3 CA2 (2) (1) (4) ClientHello ClientHello (5) (3) ServerHello ServerHello a.com Attacker a.com a.com Client 8

  9. Problems with current SSL/TLS PKI 9

  10. Problems with current SSL/TLS PKI ▪ Weakest-link security ▪ Revocation system is insecure and inefficient • Various schemes • Some CAs are too-big-to-fail ▪ Trust agility • Domains cannot state which CAs are trusted ▪ Transparency • CAs’ actions are not transparent ▪ Imbalance • CAs have almost unlimited power ▪ Misconfigurations • SSLv2, weak crypto, NULL cipher suites 10

  11. Problems with current SSL/TLS PKI: 
 Security warnings and error handling ▪ Drawbacks of TLS error handling by browsers and users • Users prefer to ignore errors and visit web sites • Browsers prefer to avoid hard fail to cater to users • However hard fail is the only effective protection against an attack! • Observation : Domain should decide on error handling ClientHello ? ServerHello a.com a.com Attacker User 11

  12. Problems with current SSL/TLS PKI: 
 Security warnings and error handling ▪ Drawbacks of TLS error handling by browsers and users • Users prefer to ignore errors and visit web sites • Browsers prefer to avoid hard fail to cater to users • However hard fail is the only effective protection against an attack! • Observation : Domain should decide on error handling ClientHello ? ServerHello a.com a.com Attacker User Browser Hard/Soft fail 12

  13. PoliCert: Secure and Flexible TLS Certificate Management [CCS’14] ▪ Observation: many problems can be solved when domains can express their own security policies • Many domains have multiple certificates (and servers) and want to ensure consistent policy across all certificates (and servers) • Desire to enforce security policy for all subdomains ▪ PoliCert allows domains to express security policies (certificates, connections, policy inheritance rules for subdomains, and TLS error handling controls) • Subject Certificate Policy ( SCP ) – infrequently updated • Multi Signature Certificate ( MSC ) – frequently updated ▪ How to create and make policies accessible? 13

  14. PoliCert: Parties ▪ Clients/CAs/Domains as today ▪ Logs are public and highly available ▪ Auditors monitor Logs Certificate Issuance CA and Registration Domain Log Log Audit Certificate Validation Client Auditor 14

  15. SCP and MSC Creation ▪ SCP (one per domain): a.com’s • Used for management SCP • Signed by long-term CAs’ keys CA1 • Describes MSCs and connections: ▪ Who is trusted by Domain (list of trusted CAs and Logs)? CA2 ▪ When should MSC be accepted? ▪ Security parameters of connection ▪ Failure scenario (errors handling) CA3 ▪ Inheritance (to enforce subdomains) ▪ How can SCP be updated? • SCP’s key can be stored off-line CA4 ▪ MSC (many per domain): a.com • Used for TLS connection setup CA5 • Must be signed by SCP’s key CA6 15

  16. SCP and MSC Creation ▪ SCP (one per domain): a.com’s • Used for management SCP • Signed by long-term CAs’ keys CA1 • Describes MSCs and connections: ▪ Who is trusted by Domain (list of trusted CAs and Logs)? CA2 ▪ When should MSC be accepted? ▪ Security parameters of connection ▪ Failure scenario (errors handling) CA3 ▪ Inheritance (to enforce subdomains) ▪ How can SCP be updated? a.com’s • SCP’s key can be stored off-line MSC CA4 ▪ MSC (many per domain): a.com • Used for TLS connection setup CA5 • Must be signed by SCP’s key CA6 16

  17. SCP Registration and Update ▪ Registration and update are synchronized among Logs (these operations are Log1 infrequent) (1) (2) SCP Reg/Upd ▪ Update must be be a.com’s SCP Confirmation Log2 compliant with update (3) a.com parameters of current SCP Log3 observe Auditor Log4 17

  18. MSC Registration and Revocation ▪ Registration and revocation does not require any Log1 synchronization MSC Reg/Rev a.com’s MSC a.com’s MSC Confirmation Log2 a.com Log3 observe Auditor Log4 18

  19. Append-Only Log ▪ Log (on demand) can prove: ▪ What is current SCP for a Domain ▪ That MSC is logged and (not) revoked ▪ That one snapshot of the log is an extension of another 19

  20. MSC validation 
 (every 2h) proof request proofs Log inf.ethz.ch (periodically) synchronize Auditor Client ▪ Client checks if: • MSC and SCP are logged • MSC is not revoked • MSC is compliant with SCPs ▪ Client can contact Auditor to verify Log’s proofs 20

  21. MSC validation 
 (every 2h) proof request proofs Log inf.ethz.ch (1a) MSC, SCPs (inf.ethz.ch, ethz.ch, ch), proofs (1a) (2) Saves SCPs Auditor Client ▪ Client checks if: • MSC and SCP are logged • MSC is not revoked • MSC is compliant with SCPs ▪ Client can contact Auditor to verify Log’s proofs 21

  22. MSC validation 
 (every 2h) proof request proofs Log inf.ethz.ch (1a) MSC, SCPs (inf.ethz.ch, ethz.ch, ch), proofs (1a) Are proofs (2) correct ? Saves SCPs (3) Auditor Client ▪ Client checks if: • MSC and SCP are logged • MSC is not revoked • MSC is compliant with SCPs ▪ Client can contact Auditor to verify Log’s proofs 22

  23. Parameters Inheritance ▪ SCPs can have parameters that are inherited by subdomains (i.e., subdomains have to adhere to them) ▪ In case of inheritance parameter can only be changed if it makes the parameter more secure inf.ethz.ch's policy ethz.ch's policy ch's policy *CA ={B,C,D,E,F,G} CA={A,B,C,D,E} *CA ={A,B,C,D} *SSL_SEC =Medium SSL_SEC=Low *SSL_SEC =High ... ... ... CA – list of trusted CAs SSL_SEC – minimum security level of SSL/TLS connection *PARAM – value is inherited by subdomains 23

  24. Parameters Inheritance ▪ SCPs can have parameters that are inherited by subdomains (i.e., subdomains have to adhere to them) ▪ In case of inheritance parameter can only be changed if it makes the parameter more secure inf.ethz.ch's policy ethz.ch's policy ch's policy *CA ={B,C,D,E,F,G} CA={A,B,C,D,E} *CA ={A,B,C,D} *SSL_SEC =Medium SSL_SEC=Low *SSL_SEC =High ... ... ... Step 1 CA={A,B,C,D,E} SSL_SEC=Low ... 24

  25. Parameters Inheritance ▪ SCPs can have parameters that are inherited by subdomains (i.e., subdomains have to adhere to them) ▪ In case of inheritance parameter can only be changed if it makes the parameter more secure inf.ethz.ch's policy ethz.ch's policy ch's policy *CA ={B,C,D,E,F,G} CA={A,B,C,D,E} *CA ={A,B,C,D} *SSL_SEC =Medium SSL_SEC=Low *SSL_SEC =High ... ... ... Step 2 Step 1 CA={A,B,C,D,E} CA={A,B,C,D,E} SSL_SEC= High SSL_SEC=Low ... ... 25

  26. Parameters Inheritance ▪ SCPs can have parameters that are inherited by subdomains (i.e., subdomains have to adhere to them) ▪ In case of inheritance parameter can only be changed if it makes the parameter more secure inf.ethz.ch's policy ethz.ch's policy ch's policy *CA ={B,C,D,E,F,G} CA={A,B,C,D,E} *CA ={A,B,C,D} *SSL_SEC =Medium SSL_SEC=Low *SSL_SEC =High ... ... ... Final Step 2 Step 1 CA={A,B,C,D,E} CA={A,B,C,D,E} CA={A,B,C,D,E} SSL_SEC= High SSL_SEC= High SSL_SEC=Low ... ... ... 26

  27. Use Cases bank.com's policy *SSL_SEC =High *FAIL_SSL_SEC =Hard ... www1.bank.com TLS 1.2 www4.bank.com TLS 1.2 www2.bank.com Client SSL 2.0 www3.bank.com TLS 1.2 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Public Key Infrastructures Foundations for secure e-commerce (bmevihim219) Dr. Levente Buttyn

Public Key Infrastructures Foundations for secure e-commerce (bmevihim219) Dr. Levente Buttyn

Public Key Infrastructures Foundations for secure e-commerce (bmevihim219) Dr. Levente Buttyn associate professor BME Hlzati Rendszerek s Szolgltatsok Tanszk Lab of Cryptography and System Security (CrySyS) buttyan@hit.bme.hu,

538 views • 25 slides
YFS 1.0 is the next generation distributed file system for secure private, public and hybrid

YFS 1.0 is the next generation distributed file system for secure private, public and hybrid

YFS 1.0 is the next generation distributed file system for secure private, public and hybrid cloud storage deployments. YFS 1.0 is not a hardware appliance. Backward compatible with IBM AFS 3.6 and OpenAFS. No flag day required

359 views • 16 slides
The Web Week 10 LBSC 671 Creating Information Infrastructures Virtual Private Networks a

The Web Week 10 LBSC 671 Creating Information Infrastructures Virtual Private Networks a

The Web Week 10 LBSC 671 Creating Information Infrastructures Virtual Private Networks a secure private network over the public Internet Public Internet Intranet virtual leased line Intranet Tonight Think about what the Web

758 views • 63 slides
Design and Simulation Issues for Secure Power Networks as Resilient Smart Grid Infrastructures

Design and Simulation Issues for Secure Power Networks as Resilient Smart Grid Infrastructures

November 2015 Design and Simulation Issues for Secure Power Networks as Resilient Smart Grid Infrastructures Prof. O. A. Mohammed mohammed@fiu.edu Tel: 305-321-5622 Energy Systems Research Laboratory Department of Electrical & Computer

1.02k views • 26 slides
Secure Key Generation from Biased PUFs Roel Maes, Vincent van der Leest, Erik van der Sluis

Secure Key Generation from Biased PUFs Roel Maes, Vincent van der Leest, Erik van der Sluis

Secure Key Generation from Biased PUFs Roel Maes, Vincent van der Leest, Erik van der Sluis (Intrinsic-ID) Frans Willems (TU Eindhoven) Introduction PUF-based key generation Key Response Key PUF Generation Helper Data Noisy Key Key

496 views • 16 slides
Communicating the value of research infrastructures to the public, to policy makers and to various

Communicating the value of research infrastructures to the public, to policy makers and to various

Communicating the value of research infrastructures to the public, to policy makers and to various sectors of society Andrew Smith, Head of External Relations www.elixir-europe.org Matching treatments to cancers One in 10 women in the EU

556 views • 16 slides
Public Key Infrastructures Using PKC to solve network security problems Distributing public

Public Key Infrastructures Using PKC to solve network security problems Distributing public

Public Key Infrastructures Using PKC to solve network security problems Distributing public keys P keys allow parties to share secrets over unprotected channels Extremely useful in an open network: Parties are not under a single

420 views • 21 slides
Surbana Jurong Investing in Public Health Infrastructures Pang Yee Ean Pandemic Healthcare

Surbana Jurong Investing in Public Health Infrastructures Pang Yee Ean Pandemic Healthcare

Surbana Jurong Investing in Public Health Infrastructures Pang Yee Ean Pandemic Healthcare Control System Fiscal Budget Economy Public Health as Priority for Infrastructure Funding MY PUNGGOL WATERWAY, SINGAPORE Singapores longest

284 views • 17 slides
Public Interest Tech = who gets to build critical digital infrastructures where, with which

Public Interest Tech = who gets to build critical digital infrastructures where, with which

Public Interest Tech = who gets to build critical digital infrastructures where, with which resources, to whose benefit, at what expense? Why am i here? Mostly: https://medium.com/@katharina.meyer/von-moonshots-und-protot

389 views • 17 slides
HPC Infrastructures HPC Infrastructures Moreno Baricevic CNR-INFM DEMOCRITOS, Trieste NETTAB

HPC Infrastructures HPC Infrastructures Moreno Baricevic CNR-INFM DEMOCRITOS, Trieste NETTAB

Distributed Applications, Web Services, Tools and GRID Infrastructures for Bioinformatics HPC Infrastructures HPC Infrastructures Moreno Baricevic CNR-INFM DEMOCRITOS, Trieste NETTAB 2006 - Santa Margherita di Pula (CA) - July 10-13, 2006

820 views • 40 slides
On Public-Key Infrastructures by Ronald L. Rivest MIT Lab for Computer Science (SDSI is joint

On Public-Key Infrastructures by Ronald L. Rivest MIT Lab for Computer Science (SDSI is joint

On Public-Key Infrastructures by Ronald L. Rivest MIT Lab for Computer Science (SDSI is joint work with Butler Lampson) 1 1 1 Outline Context and history Motivation and goals SDSI (Simple Distributed Security

549 views • 36 slides
Public-Key Cryptography Lecture 12 CCA Secure PKE Hybrid Encryption CCA Secure PKE In SKE, to get

Public-Key Cryptography Lecture 12 CCA Secure PKE Hybrid Encryption CCA Secure PKE In SKE, to get

Public-Key Cryptography Lecture 12 CCA Secure PKE Hybrid Encryption CCA Secure PKE In SKE, to get CCA security, we used a MAC Bob would accept only messages from Alice But in PKE, Bob wants to receive messages from Eve as well! But only if it is

336 views • 14 slides
To provide secure, safe and reliable operation, control and despatch of generation facilities.

To provide secure, safe and reliable operation, control and despatch of generation facilities.

VISION 01 To provide secure, safe and reliable operation, control and despatch of generation facilities. MISSION 02 To contribute in the development of prosperous Pakistan by managing smooth and economical transmission and despatch system

892 views • 18 slides
Outline Spatial Data Infrastructures Spatial Data Infrastructures Some Questions on SDIs

Outline Spatial Data Infrastructures Spatial Data Infrastructures Some Questions on SDIs

Outline Spatial Data Infrastructures Spatial Data Infrastructures Some Questions on SDIs Value Chain for GI production Is there a Future for World Wide Web and its Impact Spatial Data Infrastructures? The Geospatial Web

214 views • 5 slides
Information Infrastructures Week 1 LBSC 671 Creating Information Infrastructures Tonight

Information Infrastructures Week 1 LBSC 671 Creating Information Infrastructures Tonight

Information Infrastructures Week 1 LBSC 671 Creating Information Infrastructures Tonight Whats this class about? Pieces of the puzzle All the usual stuff (syllabus, grading, ) Information Wisdom Knowledge

368 views • 36 slides
How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

DIMACS Workshop On Secure Routing March 10, 2010 How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing Protocols? $ $ Sharon Goldberg Microsoft Research & Boston University y Michael Schapira

701 views • 54 slides
A Two-way Path between Formal and Informal Design of Embedded Systems Mingshuai Chen 1 , Anders P.

A Two-way Path between Formal and Informal Design of Embedded Systems Mingshuai Chen 1 , Anders P.

Background From HCSP to Simulink Case Study Correctness Justification Concluding Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A Two-way Path between Formal and Informal Design of Embedded Systems Mingshuai Chen

552 views • 43 slides
Benchmarks and Quality Evaluation of CAS ACA 2016 Kassel Germany Albert Heinle Symbolic

Benchmarks and Quality Evaluation of CAS ACA 2016 Kassel Germany Albert Heinle Symbolic

Benchmarks and Quality Evaluation of CAS ACA 2016 Kassel Germany Albert Heinle Symbolic Computation Group David R. Cheriton School of Computer Science University of Waterloo Canada 20160801 1 / 16 Correct Benchmarking of CAS

313 views • 20 slides
Relaxed Linear References for Lock-free Data Structures Elias Castegren , Tobias Wrigstad

Relaxed Linear References for Lock-free Data Structures Elias Castegren , Tobias Wrigstad

Relaxed Linear References for Lock-free Data Structures Elias Castegren , Tobias Wrigstad ECOOP17, Barcelona sa Structured Aliasing http://www.kristianstadik.se/www/wordpress/wp-content/uploads/2016/06/midsommar.jpg

1.12k views • 67 slides
Non-Volatile Memory Tia ianzheng Wang Justin Levandoski Paul Larson The making of

Non-Volatile Memory Tia ianzheng Wang Justin Levandoski Paul Larson The making of

Easy Lock-Free Programming in Non-Volatile Memory Tia ianzheng Wang Justin Levandoski Paul Larson The making of concurrent data structures With locks: one thread at a time Lock-free: use atomic instructions directly

436 views • 20 slides
Leveraging Value Locality in Optimizing NAND Flash-based SSDs Aayush Gupta , Raghav Pisolkar,

Leveraging Value Locality in Optimizing NAND Flash-based SSDs Aayush Gupta , Raghav Pisolkar,

Leveraging Value Locality in Optimizing NAND Flash-based SSDs Aayush Gupta , Raghav Pisolkar, Bhuvan Urgaonkar and Anand Sivasubramaniam Computer Systems Lab The Pennsylvania State University 1 Agenda Relook at Locality Another

485 views • 32 slides
Integration of N-tiers application Using CAS Single Sign On system with a webmail application,

Integration of N-tiers application Using CAS Single Sign On system with a webmail application,

Integration of N-tiers application Using CAS Single Sign On system with a webmail application, Horde K.U.Leuven Association velpi@groupt.be http://shib.kuleuven.be Integration of N-tiers application http://associatie.kuleuven.be/

911 views • 58 slides
NEW TECHNOLOGY OLD LAW: SOME LEGAL CHALLENGES OF SELF-DRIVING VEHICLES ROBERT W. PETERSON

NEW TECHNOLOGY OLD LAW: SOME LEGAL CHALLENGES OF SELF-DRIVING VEHICLES ROBERT W. PETERSON

NEW TECHNOLOGY OLD LAW: SOME LEGAL CHALLENGES OF SELF-DRIVING VEHICLES ROBERT W. PETERSON PROFESSOR OF LAW DIRECTOR, CENTER FOR INSURANCE LAW AND REGULATION SANTA CLARA UNIVERSITY WHATS IN A NAME ? Autonomous, automated, or

782 views • 24 slides
CS 2104 Introduction to Problem Solving Test Your Mind Faryaneh Poursardar Virginia Tech Slides

CS 2104 Introduction to Problem Solving Test Your Mind Faryaneh Poursardar Virginia Tech Slides

CS 2104 Introduction to Problem Solving Test Your Mind Faryaneh Poursardar Virginia Tech Slides based on the Problem Solving and Comprehension book Goals: I ncrease the students power to analyze problems Learn to recognize and

1.41k views • 20 slides

More recommend