Secure Key Distribution Methods in Public Key Infrastructure

Slide Note
Embed
Share

Explore the various methods of secure key distribution in Public Key Infrastructure, including the use of signatures, certificate authorities, roots of trust, and the web of trust. Understand how Bob can securely obtain public keys and certificates to establish trust in the system.


Uploaded on Sep 15, 2024 | 0 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. Public Key Infrastructure Slides by Prof. Jonathan Katz. Lightly edited by me.

  2. Public-key distribution Alice, pk* pk X Alice, pk Alice, pk* Alice, pk pk, sk

  3. Public-key distribution pk Alice, pk X Alice, pk Alice, pk* pk, sk

  4. Use signatures for secure key distribution! Assume a trusted party with a public key known to everyone CA = certificate authority Public key pkCA Private key skCA

  5. Use signatures for secure key distribution! Alice asks the CA to sign the binding (Alice, pk) certCA Alice = SignskCA(Alice, pk) (CA must verify Alice s identity out of band)

  6. Use signatures for secure key distribution! Bob obtains Alice, pk, and the certificate certCA Alice check that VrfypKCA((Alice, pk), certCA Alice) = 1 Bob is then assured that pk is Alice s public key As long as the CA is trustworthy Honest, and properly verifies Alice s identity and the CA s private key has not been compromised

  7. Chicken-and-egg problem? How does Bob get pkCA in the first place? Several possibilities

  8. Roots of trust Bob only needs to securely obtain a small numberof CA s public keys Need to ensure secure distribution only for these few, initial public keys E.g., distribute as part of an operating system, or web browser Firefox: Tools->Options->Privacy & Security->View Certificates->Authorities

  9. Web of trust Obtain public keys in person Key-signing parties Obtain certificates on your public key from people who know you If A knows pkB, and B issued a certificate for C, then C can send that certificate to A What trust assumptions are being made here?

  10. Public repository Store certificates in a central repository E.g., MIT PGP keyserver To find Alice s public key Get all public keys for Alice, along with certificates on those keys Look for a certificate signed by someone you trust whose public key you already have

  11. PKI in practice Does not work quite as well as in theory Proliferation of root CAs Compromises of CAs Revocation Users/browsers may not verify certificates

Related


More Related Content