Presented by Joshua Schiffman & Archana ViswanathTen Risks of PKI : What You’re not Being Told about Public Key Infrastructure –By Carl Ellison and Bruce Schneier Trust ModelsRooted Trust Model!In a rooted trust model, the root CA is the trust anchor and has a self-signed certificate.!The root CA issues a certificate to all direct subordinate CAs, if needed, which, in turn issue certificates to their subordinate CAs. A subordinate CA is trusted cryptographically, based on the signature of its parent.Network Trust Model!In a network trust model, all CAs are self-signed and trust relationships between CAs are based on cross-certificates. Cross-certificates establish trust between unrelated CAs.Hybrid Trust Model!It is a combination of the above two models.!Certain CAs are cross certified and certain others are rooted trust models. KeysRisk – “Who is using my key?”!Safety of Private Key at user end- Is the key encrypted?- Is the user computer protected?- Is the computer virus-free?!Basis of PKI – Non – Repudiation- The user is held responsible for all transactions executed with his key. KeysRisk – “Which John Robinson is he?”Certificates associate name with a public key! May end up getting the public key of somebody you don’t want to correspond with.! Principal recognition through names is not a good approach.! In cryptography, X.509 is an ITU-T standard for public key Infrastructure (PKI). ! X.509 specifies standard formats for public key certificates. KeysStructure of a certificate" !"#$%&' " ("#%)*+,-./"# " 0*1&#%23.+45+6(%1')2-#"7 " 4$$-"# " !)*%8%29! ! " (-/:";2 " (-/:";2+<-/*%;+="9+4'>&! ! " 4$$-"#+?'% -"+48"'2%>%"# " (-/:";2+?'% -"+48"'2%>%"# " Certificate Revocation ListsCertificate Revocation List (CRL) is a list of all the unexpired, revoked certificates. !Revocation Mechanisms- Delta CRLs – The latest additions to the revoked CRLs- First Valid Certificate (Issued with Serial numbers)- These have no expiration date.- They have a field called FIRST VALID CERTIFICATEfield which differentiates valid from invalid certificates.- Online Revocation Server – It is a system that can be queriedover the net about the revocation status of individual certificates.- Good Lists vs Bad Lists KeysRisk – “How Secure are the certificate practices?”!How is key lifetime computed?- Cryptographic lifetime – The lifetime during which the key can be used for encryption.- Theft lifetime – a function of the system’s vulnerability, the rate of physical and network exposure, attractiveness of the key to an attacker, etc. !Are Certificate Revocation Lists supported?- How is compromise of a key detected in order to trigger revocation?- Are the signatures made by the user dated in order to distinguish between good and bad ones in the event of compromise.- User’s responsibility – To check that he is communicating with the right principal as indicated by the certificate. UsersRisk – “Is the User part of the security design?”- Does the application using the certificates take the user into account or does it concern itself only with cryptography?• It is the onus of the user to decide whether to shop on an SSL-protected web page.•The certificate that is issued is for the URL and not for the content the URL hosts. Users “Why are we using the CA process anyway?”• Usability Issues – Limitations – Single Sign On• CA authenticity issues.• Mapping principal to public key issues• Certificate validity issuesCONCLUSION :• PKI is a commercial money making venture used for communication between unknown
View Full Document