Main Points Applying last week s lectures in practice Creating Secure Channels Example Applications Secure Channels PGP Pretty Good Privacy TLS Transport Layer Security VPN Virtual Private Network CS 161 194 1 Anthony D Joseph September 26 2005 September 26 2005 What is a Secure Channel Plaintext Encryption Decryption Authentication and Data Integrity Encryption Decryption Use Public Key Infrastructure or third party server to authenticate each end to the other Add Message Authentication Code for integrity Ciphertext and MAC A stream with these security requirements Authentication Ensures sender and receiver are who they claim to be Confidentiality Confidentiality Ensures that data is read only by authorized users Exchange session key for encrypt decrypt ops Data integrity Bulk data transfer Ensures that data is not changed from source to destination Non repudiation not discussed today Key Distribution and Segmentation Ensures that sender can t deny message and rcvr can t deny msg September 26 2005 CS161 Fall 2005 Joseph Tygar Vazirani Wagner 3 Symmetric Key based Secure Channel September 26 2005 4 Symmetric Key based Secure Channel One key for A B confidentiality One for A B authentication integrity Each message sent from A B contains Bob KABencrypt KABencrypt KABauth KABauth Message MAC Compare Message MAC Ciphertext E KABencrypt nonce msg Authenticity Integrity check MAC KABauth Ciphertext Nonce Message Decryption Encryption Nonce Check C E KABencrypt M MAC KABauth C Different keys for each direction 4 keys KABencrypt KABauth KBAencrypt KBAauth CS161 Fall 2005 Joseph Tygar Vazirani Wagner CS161 Fall 2005 Joseph Tygar Vazirani Wagner Alice Sender A and receiver B share secret keys September 26 2005 2 Creating Secure Channels Plaintext Internet CS161 Fall 2005 Joseph Tygar Vazirani Wagner How to exchange secret keys 5 September 26 2005 CS161 Fall 2005 Joseph Tygar Vazirani Wagner 6 1 PKI Components Secure Channel Choice 1 Use public key certificates Requires Public Key Infrastructure PKI Manages wide scale public key distribution Provides a trust distribution mechanism PKI Properties Authentication via Public Key Certificates Confidentiality via Encryption Integrity via Digital Signatures September 26 2005 CS161 Fall 2005 Joseph Tygar Vazirani Wagner 7 September 26 2005 Certification Authority Enables delegation of authority sign on behalf of X Root CA Verisign CA 2 berkeley edu CA 2 1 eecs berkeley edu September 26 2005 CS161 Fall 2005 Joseph Tygar Vazirani Wagner 9 Digital Certificate Chain Anthony s Digital Certificate Name Anthony Joseph Public Key 0xABCD12345 UCB EECS Digital Cert Signed data structure that binds an entity with its corresponding public key Signed by a recognized and trusted authority Certification Authority CA Provide assurance that a particular public key belongs to a specific entity September 26 2005 CS161 Fall 2005 Joseph Tygar Vazirani Wagner 10 Browsers Include Root CA Certificates Tools Options Advanced View Certs Name UCB EECS Public Key 0xEF67890B Signed by UCB EECS Verisign CA s Digital Cert Name Verisign CA Public Key 0xBCD012345 September 26 2005 8 Digital Certificate People processes responsible for creation delivery and management of digital certificates Organized in a hierarchy CA 1 yahoo com CS161 Fall 2005 Joseph Tygar Vazirani Wagner Signed by UCB UCB s Digital Certificate Name UCB Public Key 0x98765432 Signed by Verisign CA CS161 Fall 2005 Joseph Tygar Vazirani Wagner Signed by Verisign 11 CA September 26 2005 CS161 Fall 2005 Joseph Tygar Vazirani Wagner 12 2 PKI Example Creating Certs PKI Example Getting Keys 1 Alice generates her own key pair private key Alice 4 Alice gets Bob s public key from the CA public key Alice private key Alice 2 Bob generates his own key pair private key Bob 5 Bob gets Alice s public key from the CA p public key Bob ub li Al c ke ice y 3 Both send their public key to a CA and receive a public key certificate signed by CA September 26 2005 CS161 Fall 2005 Joseph Tygar Vazirani Wagner 13 PKI Example Secure Channel September 26 2005 Alice Private Message Recall Asymmetric cryptosystem is expensive Use only Alice for authentication and Public symmetric key exchange Sign Hash Hash and compare Encryption Bob Decryption Bob Private September 26 2005 CS161 Fall 2005 Joseph Tygar Vazirani Wagner 15 Third Party Authentication Hi Bob I m Alice Here s N L KAB Auth server Bob KB KA Bob Use a trusted third party authentication server and symmetric key cryptography for authentication integrity and confidentiality Users share secret key with auth server September 26 2005 CS161 Fall 2005 Joseph Tygar Vazirani Wagner 16 Root certificates versus shared secrets Alice constructs a secure channel to auth server Alice sends secret key message for Bob Also includes nonce and session key lifetime Why Server constructs secure channel to Bob Server forwards message September 26 2005 Auth server Both require a trusted third party server Both require wide spread deployment of server infrastructure Still have distribution problem KB KA 14 Authentication Choices Hi Bob I m Alice Here s N L KAB Alice CS161 Fall 2005 Joseph Tygar Vazirani Wagner Alice Message Bob Public private key Bob Secure Channel Choice 2 5 Alice uses private key to encrypt and sign authentication confidentiality integrity Alice ey ck bli b pu Bo CS161 Fall 2005 Joseph Tygar Vazirani Wagner Difference is use of public private key cryptosystem versus private shared key one Another alternative Pretty Good Privacy more later on 17 September 26 2005 CS161 Fall 2005 Joseph Tygar Vazirani Wagner 18 3 Pretty Good Privacy PGP Three Concrete Examples Provides Pretty Good Privacy PGP Transport Layer Security TLS Virtual Private Networks VPN Authentication Confidentiality Integrity optional Application examples file transfers e mail Weaker authentication than PKI but Freely available standalone and plug ins for many e mail clients Not controlled by a government or standard organization September 26 2005 CS161 Fall 2005 Joseph Tygar Vazirani Wagner 19 September 26 2005 PGP Services 20 PGP Public Key Management Authentication Digital signature uses DSS SHA or RSA SHA No rigid public key management scheme Problem how to reliably get public key Possible solution physically secure but unpractical or by phone Confidentiality Encryption triple DES or RSA PGP solution build a web of trust Integrity Let s assume you know several variably trusted users Each of these indvidual can sign
View Full Document
Unlocking...