Chapter 9i: Public Key Infrastructures Flashcards
Why do we need PKIs?
- Advantage of asymmetric crypto: …
- This allows users to distribute public keys via arbitrary channels, e.g.,
(1)
(2) - Problem: Who ever utilizes another entities public key must be sure that ….
Public keys are not required to be kept secret
1* Alice retrieves Bob’s public key from a mail sent by Bob
2* Bob downloads Alice’s public key from her web site
this public key really belongs to this entity → is authentic → can be trusted!
Why do need PKIs?
- Imagine: MitM Eve has exchanged the public keys with keys controlled by her
- Neither Alice nor Bob can spot that the key they have received is not authentic
- As Eve owns the private keys, what can she do now?
- compute signatures in the name of Alice and Bob
- decrypt / re-encrypt confidential messages exchanged between Alice and Bob
Why we need PKIs : How to establish “trust” in a public key?
Manual trust establishment: Alice and Bob exchange their keys via some method.
Explain the idea behind a PKI.
Certificates: The essence of PKI
Definition:
Semantics of the binding: What does the identifier refer to?
What’s always necessary? What do we need to do if the identifier is a name?
A certificate is a digitally signed binding of an identifier of an entity and the public key of an asymmetric key pair owned by that entity
Certificate creation
PKIs are created by issuing certificates between entities. Illustrate.
Common forms of PKI
We can now classify PKIs by looking at:
- Who are the issuers?
- Which issuers must be trusted = which TTPs exist?
- How do issuers verify that X and KX-pub belong together, or that X is really X?
Explain the terminology: “issuer”, CA, “Endorser”.
- Depending on the PKI, different words for “issuer” exist
- Often in hierarchical PKIs: “Certification Authority” (CA)
- In non-hierarchical PKIs sometimes: “Endorser”
- These words often hint at the role (power) of the issuers
Hierarchical PKIs
Why is this impractical?
- Who decides which global authority is trustworthy for the job?
- What are the agreed verification steps of an identity?
- Hard to imagine any government would rely on an authority outside its legal reach.
- The high load on the CA, might make it easier to trick the CA into mis-issuing a certificate.
- Single point of failure/attack.
What’s the role of RAs?
Note:
* Registration Authorities are indeed used today by large CAs
* Example: TUM operates a CA for web and mail certificates,
multiple RAs exist for the different faculties and institutes
* RA for informatics: RBG
Hierarchical PKIs: ‘Practical’ solutions to the problem
Many CAs :
Defining CAs as trusted:
* A CA must be trusted by participants in order to be useful
* How should participants decide which CAs to trust?
* “Solution”: ….
- One global CA is infeasible, even with RAs → Let us use many CAs, in different legislations.
- Should we accept them all equally? → No.
operating systems and software like browsers come pre-configured with a set of trusted CAs
Webs of Trust may also take many forms:
- Trust metrics to automatically reason about authenticity of bindings between entity and key
- E.g. introduce rules how many delegations are allowed, store explicit trust values, etc.
- CAs may act as ‘special’ participants
Currently deployed PKIs:
- Hierarchical PKI(s) with many CAs
- Webs of trust
Explain.
