Public-Key Infrastructure (PKI)

Junghoo Cho

Four Security Guarantees

  • Internet is an open and public forum where everyone talks to everyone else

    • Data packets can be intercepted and seen by anyone
    • No guarantee on the origin and integrity of data packet
  • Q: Given this, what guarantees may we desire before we conduct important transactions over the Internet?

    1. Confidentiality
    2. Message/data integrity
    3. Authentication
    4. Authorization

Confidentiality

  • Q: How can we keep confidentiality of the messages?

    1. Steganography: “embed” true message within harmless-looking message

      • Kathy is laughing loudly
      • Change the lowest bit of image pixels
      • “Security by obscurity”
    2. Encryption: “scramble” message with a secret key, so that it wouldn’t make sense to others unless they have the key

      • Example: bitwise XOR with
      • 11110000 (message) XOR 10111001 (key) → 01001001 (ciphertext)
      • 01001001 (ciphertext) XOR 10111001 (key) → 11110000 (message)

Symmetric-Key Cipher

  • : encryption function, e.g., XOR
    • : plaintext (= message), : secret key
    • : ciphertext. transmitted over insecure channel
  • : decryption function, e.g., XOR
    • Inverse of :
  • The pair is called a cipher

Security of Cipher

  • Q: What property should have?
  • A: Ideally, one should never be able to guess from alone
    • Ciphertext should not reveal any information about plaintext
  • Perfect secrecy (= Shannon secrecy)
    • For all plaintext and ciphertext ,
  • OTP (one time pad) encryption is proven to be perfectly secret, but due to practical limitation, cannot be used directly
    • Many encryption algorithms try to “mimic” OTP, e.g., RC4

Popular Ciphers

  • AES (advanced encryption standard)
    • 128 bit block cipher
    • 128, 192, 256 bit keys
    • Adopted by NIST (national institute of standard and technology) as a replacement of DES in 2000
  • IDEA, A5 (used by GSM), …

Challenges

  • Q: Can use the same key for communicating with and ?
  • Q: If there are parties, how many keys are needed?
  • Q: How can two parties agree on a key “secretly” over the Internet in the first place?

Key Agreement Problem

  • Q: Can two parties send and receive encrypted messages without agreeing on a shared secret key?
  • A: Asymmetric-key cipher

Asymmetric-Key Cipher

  • Two pairs of keys, not one!
    • : encryption key
    • : decryption key
  • Q: How does this help?

Asymmetric-Key Cipher

  • Everyone has their own key pair
  • Everyone shares their with anyone: public key
    • Other users use the public key to encrypt a message to the user
  • Users keep their secret: private key
    • Users use their private key to decrypt message
  • No need to send the private key over insecure channel
    • Private key NEVER leaves the owner of the key

Asymmetric-Key Cipher

  • Idea first developed by Ellis, Cocks, and Williams (working for British NSA)
    • In early 70’s, but could not publish
  • First public-key cryptosystem by Diffie and Hellman in 1976
  • RSA (Rivest, Shamir and Adleman)
    • Most widely used asymmetric-key cipher
    • Used by many security protocols: SSL, PGP, CDPD, …

RSA: Key Generation

  1. Pick two random prime numbers and .
  2. Pick
    • does not have to be random
    • Popular choice:
  3. Find such that
    • Using extended-euclid algorithm
  4. (, ) becomes public key, (, ) becomes private key where
    • Throw away and

RSA Cipher

  • Encryption and Decryption functions

  • Q: Does this work?

RSA: Two Important Theorems

  • Q: Given a choice of , can we always find such that ?
  • A: Yes, there exists unique if is a coprime to
    • i.e., does not share any factor with
  • Q: Is the inverse of ?
  • A: Yes, for such , and
  • RSA works!
    • But most asymmetric-key ciphers are 1000x slower than any symmetric-key cipher
  • Q: Is it secure? What should we make sure for the security of RSA?

Security of Asymmetric-Key Cipher

  • Q: What properties should , , , and satisfy to make this secure?
  • A: One should never guess from without (~ perfect secrecy)
  • A: One should never guess from

Security of RSA (1)


  • Q: Can a hacker “break RSA”?
  • Q: What does the hacker know? ? ? ? ?
  • Q: What other relationship does the hacker know?
  • A:

Security of RSA (2)

  • Q: Can the hacker get by solving ?
  • A: RSA problem. No efficient solution known.
  • Q: Can the hacker get by solving ?
  • Q: Can the hacker get and from ?
  • A: Large-number factorization problem. No efficient solution known.

Security of RSA (3)

  • Security of RSA depends on the difficulty of two key problems
    • RSA problem: solve for
    • Large-number factorization problem: factorize for large , primes

Application of Asymmetric-Key Cipher

  • Q: How can we use an asymmetric-key cipher to keep message “confidential”?
  • A:
    1. Use asymmetric-key cipher to establish a shared key
    2. Using the shared key, use symmetric-key cipher to encrypt message
    • Performance and complexity issue
  • Q: How can we “authenticate” the other party?
  • A: Challenge-Response
    • Challenge: generate random value and send
    • Response: send back
    • Only the one with can send back

Application of Asymmetric-Key Cipher

  • Q: How can we check the message integrity? How can we make sure others did not temper with message?
  • A: Signature
    • Main idea: . That is, !
      • In RSA, for example,
    • “Private-key decrypted” checksum of message body
    • Given a message with signature, “encrypt” the signature using the public key of the author
    • Correct signature should have correct checksum

Public-Key Infrastructure

  • Q: How do we know the public key for A really belongs to A?
  • Q: In real world, how do we verify the identity of a person?
  • Q: Why do we trust it?
  • A: Public-Key Infrastructure (PKI)
    • Certificate Authority (CA)
      • Trusted entity that can issue trusted certificates to Web sites
      • Performs out-of-band identity verification before issuing a certificate
    • Certificate
      • Text (XXXX is the public key of A) signed by CA’s secret key
      • Others can “trust” the public key if they trust CA

HTTPS: High-Level Description

  1. When contacted by client, server presents its signed certificate
    • “XXX is the public key of amazon.com. This certificate is valid until …”
  2. Client “authenticates” server through challenge/response using the public key
  3. Client/server agrees on a symmetric-key through a secure channel established through asymmetric-key cipher
  4. Client/server communicate securely through symmetric-key cipher

Multi-Factor Authentication

  • Q: What if the user loses their secret password?
  • Multi-factor authentication
    • To minimize possibility of compromised keys, systems authenticate users based on combinations of
      • What you have (e.g., physical key, id card)
      • What you know (e.g., password)
      • Who you are (e.g., fingerprint)
    • 2-factor authentication

Popular Second Factor

  • Smartphone
    • Send an SMS/push notification on a registered device
  • USB key
    • e.g., FIDO U2F Security Key FIDO U2F USB
  • SmartCard
    • Temper-resistant security card SmartCard

Popular Second Factor

  • OTP (one time password) key
    • A physical card flashing a new security code, say, every minute
      • e.g. SecurID by RSA security
    • User provides the security code to log in SecurID

What We Learned

  • Four security guarantees
    • Confidentiality, integrity, authentication, authorization
  • Symmetric-key cipher: AES algorithm
  • Asymmetric-key cipher: RSA algorithm
  • Public-Key Infrastructure (PKI)
    • Certificate Authority (CA), certificate
  • HTTPS
  • Multi-factor authentication