Pki 2

COMP3355 Cyber Security (2023 Fall) PKI
Public Key Infrastructure (PKI)
Chenxiong Qian
cqian@cs.hku.hk
Previously on Crypto
 Symmetric crypto
 DES, AES, etc.
 One secret key
 Fast
 Asymmetric crypto
 RSA
 One public key and one private key
 Slow
 Key exchange, signing, authentication
In This Class
 What is public key infrastructure (PKI)?
 What is the purpose of PKI?
 How does PKI work?
 How to secure PKI?

Man-in-the-middle (MITM) Attack

 Alice and Bob want to establish a communication channel with a symmetric key
Encrypt
Decrypt
Alice Bob

 Eve pretends to be Bob
Hi Alice, I am
Bob, here is my
public key.
Encrypt
Decrypt
Alice Eve

File File
Alice Bob
SHA-256
File is not
modified.
Message
SHA-256 Digest Yes
Alice’s private key Alice’s public key
Equal?
No
Encrypt Decrypt
File is
Message Encrypted Encrypted Decrypted Message modified.
Digest Message Message Digest
Digest Digest

Hi Bob, I am Alice, I
File will send you a file. File
Eve Bob
SHA-256
File is not
modified.
Message
SHA-256 Digest Yes
Eve’s private key Eve’s public key
Equal?
No
Encrypt Decrypt
File is
Message Encrypted Encrypted Decrypted Message modified.
Digest Message Message Digest
Digest Digest

 Eve controls the communication channel
Alice Bob
Problem
 How can we verify the identify in the digital world?
Digital Certificate
 A certificate is an electronic document that is used to identify an
individual, a server, a company, or some other entity, and to associate
that identity with a public key
Digital Certificate
Digital Certificate
Digital Certificate
Digital Certificate
Digital Certificate
Digital Certificate
Digital Certificate
Digital Certificate
 Check a website’s certificate
Digital Certificate
 Check a website’s certificate

 Public Key Infrastructure (PKI) is a set of hardware, software, people,
policies, and procedures needed to create, manage, distribute, use,
store, and revoke digital certificates

 Certificate Authority
 Sign and issue
certificates
PKI Overview

 Sign and issue
certificates
 Registration Authority
 Identify and authenticate PKI Overview
certificate applicants

 Validation Authority
 Sign and issue
 Verify the validity of
certificates
a certificate
 Registration Authority
 Identify and authenticate PKI Overview
certificate applicants
Registration Authority
 A gatekeeper of CA
 Does not sign or issue certificates
 Checks applicants’ IDs and paperwork
 Forwards the request to CA
Certificate Authority
 CA receives the request from RA
Name: Peter Parker

Organization: The Avengers
Address: New York, USA
…….
Request from RA
 Signs the applicant’s entity info and public key
 Generates the signature
 Signs the signature using its private key
CA’s Private Key
Name: Peter Parker Hash & Sign

…….
Request from RA
 Issues the certificate that contains
 The entity info and public key
 The signature (encrypted using CA’s private key)
 Etc.
CA’s Private Key
Name: Peter Parker

Name: Peter Parker Sign
…….
…….
Digital Signature
Request from RA
Certificate
Certificate
 X.509 is an International Telecommunication Union (ITU) standard
defining the format of public key certificates
HKU’s Wi-Fi
Issued by DigiCert Inc
Will be expired on Aug 19th, 2023
Public key
Signature
CA’s Private Key
Name: Peter Parker

Name: Peter Parker Sign
…….
…….
Digital Signature
Request from RA
Certificate
Use the Certificate
I am Peter, this
is my
certificate
Name: Peter Parker

…….
Digital Signature
Use the Certificate
I need to validate
it before using the
public key
Name: Peter Parker

…….
Digital Signature
Use the Certificate

 Calculates the certificate’s hash
SHA-256 Signature
Name: Peter Parker

…….
Digital Signature
Use the Certificate

 Gets CA’s public key
SHA-256 Signature
Name: Peter Parker

…….
CA’s public key

Digital Signature
Use the Certificate

 Uses CA’s public key to decrypt the encrypted signature in the
certificate
SHA-256 Signature
Name: Peter Parker Signature

…….
CA’s public key

Digital Signature
Decryption
Use the Certificate

 Compares two signatures
He is Peter.
Yes
SHA-256 Signature Equal?
No
He is not
Name: Peter Parker Signature Peter.
…….
CA’s public key

Digital Signature
Decryption

 Trusted parties
 CA, RA, VA
 Top popular CAs
Most of time, we use “CA” to refer all

three parties: CA, RA, and VA.

 Trusted parties
 CA, RA, VA
 Top popular CAs
CA Hierarchy
 Root CA
 Issues certificates to
intermediate CAs
 Intermediate CA
 Issues certificates to
end users
Single/One-Tier Hierarchy
 The single CA is both a root CA
and an issuing CA
 Security risks
 The only CA is online
 If the CA is compromised:
 Cannot quickly distribute a new
root CA
 Cannot revoke the CA
 Management issues
 Not flexible
 Not scalable
Two-Tier Hierarchy
 Separate the root CA and
issuing CA
 Root CA is offline
 Issuing CAs are online
 Benefits:
 Security
 Scalability
 Flexibility
 Manageability cost
increases
Three-Tier Hierarchy
 The second tier CAs
 Policy CAs
 Revoke CAs
 Benefits:
 Security
 Scalability
 Flexibility
 Manageability cost
increases
Certificate Path
Reference
Root CA’s Certificate
Intermediate CA Intermediate CA’s Certificate
Private Key Root CA Private Key Root CA
Distinguished Name
Intermediate CA
Distinguished Name
Self-Sign
Sign Root CA Public Key
Intermediate CA Root CA
Public Key
Root CA Signature
Sign Intermediate CA
Signature
End User Root CA

Distinguished Name Distinguished Name
Intermediate
Ender User
Public Key CA
End User Signature
Intermediate CA Reference
Distinguished Name
End User
End User’s Certificate
Certificate Verification
Root CA’s Certificate
Intermediate CA’s Certificate
Root CA
Distinguished Name
Intermediate CA
Distinguished Name Verify
Root CA Public Key
Verify Intermediate CA
Public Key
Root CA Signature
Intermediate CA
Signature
End User Root CA

Distinguished Name Distinguished Name Reference
Ender User
Public Key
End User Signature
Intermediate CA
Distinguished Name
Reference
End User’s Certificate
Demo
 https://stackexchange.com
Demo
Demo
 https://stackoverflow.com
 Why does “stackoverflow” use
“*.stackexchange” certificate?
Demo
 http://google.com
 Big techs self-sign certificates
Questions
 Who is responsible to generate keys?
 How to protect CAs from attacks?
 How to update/revoke certificates?

Key Generation
 Basic approach:
 Alice generates her own key pair
 The CA signs a statement about Alice’s public key and issues a public key
certificate (PKC)
 Bob knows Alice’s public key from verifying the PKC
 What’s the problem?

 Neither Bob nor the CA know that Alice has the private key
Key Generation
 Improved approach (Most common)
 Alice generates her own key pair
 Alice brings the public key and a signed request showing that she knows the
private key
 CA verifies the signed request and the public key
 The CA signs a statement about Alice’s public key and issues a PKC
 Bob knows Alice’s public key from verifying the PKC
 What is the problem?

 What if Alice lost her private key?
 Revoke and issue a new certificate
Key Generation
 Improved approach
 CA generates the key pair for Alice and then issues the key pair to Alice
 What’s the problem?

 Alice worries that CA may store or disclose the private key
How to enforce the security of CA?

 Physical Security
 Doors requiring multiple verifications
 A proximity card, a PIN pad, biometric scanners, security guards
 Put servers in cages
 Closed-circuit surveillance
 Use Multiple Person Control
 No single person can gain access to sensitive assets
 Keep root CA and higher-level CAs offline
 Etc.
Symantec Example
One of many fingerprint scanners at the entrance to a Inside these security cabinets are the hardware security modules
data center at Symantec's SSL certificate vault. that safeguard millions credentials used to authenticate the
websites of Symantec customers.
Symantec Example
The digital assets for Symantec can be accessed The key-ceremony room.
only when three separate employees insert a
USB-looking key and enter a corresponding PIN.
Key Ceremony Video
The Internet Corporation for Assigned Names and Numbers (ICANN)

DigiNotar Story
 Aug. 27th, 2011
 An Iranian man “Alibo” couldn’t connect to Gmail
 He switched to a virtual private network that disguised his location, and he
can access Gmail
 Posted a question about the issue on the Gmail Help Forum
 Two days later
 Google issued a public statement
DigiNotar Story
DigiNotar Story
 Aug. 27th, 2011
can access Gmail
 Two days later
 Google issued a public statement
 Within a month
 The Dutch government took over DigiNotar
 Within two months
 DigiNotar declared bankruptcy and dissolved
DigiNotar Story
 On July 19th, DigiNotar found some signed certificates not listed in the
logs, and DigiNotar launched an internal investigation
 Aug. 27th, 2011
can access Gmail
 Two days later
 Google issued a public statement The attacker accessed 300,000
Gmail accounts
 Within a month
 The Dutch government took over DigiNotar
 Within two months
 DigiNotar declared bankruptcy and dissolved
How did the attack happen?

Certificate Revocation
 Key leaked
 CA went wrong
 Certificate went wrong
 The world went wrong
Demo
 https://revoked.badssl.com
This demo was shown in Sep 2022 when the

certificate was not expired.
Demo
 https://www.digicert.com/kb/digicert-root-certificates.htm
  Demo Sites for Root  revoked
Validation Authority
He is Peter.
Yes
No
He is not
…….
CA’s public key

Digital Signature
Decryption
 Verify the validity of a certificate
 Expired? He is Peter.
 Revoked?
Yes
No
He is not
…….
CA’s public key

Digital Signature
Decryption
 Verify the validity of a certificate
 Expired?
 The certificate contains the expiration status
 Revoked?
 The certificate has no information indicating revocation status
Certification Revocation List (CRL)

 Create a metadata record about the unusable status of the certificate
in a special list of revoked certificates (CRL)
 The revoked certificate itself won’t change
 A CRL is generated and published periodically
 Daily, hourly, etc.
Certificate Revocation Check (CRL)

 Check a certificate’s revocation status using a CRL

Demo
 https://www.apple.com
Demo
 https://www.apple.com
 Fetch the CRL
 wget http://crl.apple.com/apevsrsa2g1.crl
 Dump the CRL
 openssl crl -inform DER -in apevsrsa2g1.crl -text -out crl.txt
 Search the serial number:
 2A 70 C0 82 19 20 B6 96 FD 26 B7 5A 72 B8 EC E4
Demo2
 https://digicert-tls-ecc-p384-root-g5-revoked.chain-demos.digicert.co
m
Demo2
 https://digicert-tls-ecc-p384-root-g5-revoked.chain-demos.digicert.co
m
 Fetch the CRLs
 wget http://crl3.digicert.com/DigiCertG5TLSECCSHA3842021CA1-1.crl -O 1.crl
 wget http://crl4.digicert.com/DigiCertG5TLSECCSHA3842021CA1-1.crl -O 2.crl
 Dump the CRLs
 openssl crl -inform DER -in 1.crl -text -out crl1.txt
 openssl crl -inform DER -in 2.crl -text -out crl2.txt
 Search the serial number:
 05 9C B6 7A C3 33 6F EE E8 56 B2 72 86 3C 6F 53

 The checking workload is significant
 A CRL is large
 The revocation status may lag
 CRL’s publication interval
 Can check offline
Certificate Revocation Check

 Check a certificate’s revocation status using OCSP (online certificate
status protocol)

status protocol)
 Response
 Good
 The certificate is not revoked
 Revoked
 The certificate is revoked
 Unknown
 Does not recognize the serial number

status protocol)
 Response
 Good
 The certificate is not revoked
 Revoked
 The certificate is revoked
 Unknown
 Does not recognize the serial number
 Faster, more up-to-date information
 The OCSP server may go down
 Privacy
 The CA/OCSP server will know the websites being visited
Demo
 www.hku.hk
 Get the certificate
 openssl s_client -connect www.hku.hk:443 2>&1 < /dev/null | sed -n '/-----
BEGIN/,/-----END/p' > hku.pem
 Get the intermediate certificates
 openssl s_client -connect www.hku.hk:443 -showcerts 2>&1 < /dev/null
 Copy and paste the intermediate certificates in “chain.pem”
 Get the OCSP URI
 openssl x509 -text -noout -in hku.pem
 Or openssl x509 -noout -ocsp_uri -in hku.pem
 Send the OCSP request
 openssl ocsp -issuer chain.pem -cert hku.pem -text -url
http://status.geotrust.com
Crypto Review
 Symmetric Key
 Alice and Bob share a secret key
 They encrypt and decrypt messages using the same secret key
Crypto Review
 Asymmetric Key
 Bob generates a key pair: a public key and a private key
 Alice gets Bob’s public key
 Alice encrypts the message with the public key
 Alice sends the encrypted message to Bob
 Bob uses his private key to decrypt the message
Crypto Review
 Digital Certificate
 CA issues a certificate for Bob’s public key
 Alice gets Bob’s certificate
 Alice walks through the certificate path to verify Bob’s certificate
 Alice gets Bob’s public key from the certificate
Crypto Review
 Digital Certificate with CRL Check
 CA issues a certificate for Bob’s public key
 Alice gets Bob’s certificate
 Alice checks the CRL to make sure Bob’s certificate is not revoked
 Alice walks through the certificate path to verify Bob’s certificate
 Alice gets Bob’s public key from the certificate
Q&A about Crypto?

Pki 2

Uploaded by

Copyright:

Available Formats

Pki 2

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Pki 2

Uploaded by

Copyright:

Available Formats

COMP3355 Cyber Security (2023 Fall) PKI

Public Key Infrastructure (PKI)

 What is the purpose of PKI?

 How does PKI work?

 How to secure PKI?

Man-in-the-middle (MITM) Attack

Man-in-the-middle (MITM) Attack

Man-in-the-middle (MITM) Attack

Man-in-the-middle (MITM) Attack

Man-in-the-middle (MITM) Attack

Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)

Name: Peter Parker

CA’s Private Key

Name: Peter Parker Hash & Sign

Name: Peter Parker

Issued by DigiCert Inc

Will be expired on Aug 19th, 2023

CA’s Private Key

Name: Peter Parker

Use the Certificate

Name: Peter Parker

Use the Certificate

Name: Peter Parker

Use the Certificate

Name: Peter Parker

Use the Certificate

Name: Peter Parker

CA’s public key

Use the Certificate

Name: Peter Parker Signature

CA’s public key

Use the Certificate

CA’s public key

Public Key Infrastructure (PKI)

Most of time, we use “CA” to refer all

Public Key Infrastructure (PKI)

End User Root CA

End User Signature

End User Root CA

End User Signature

 How to protect CAs from attacks?

 How to update/revoke certificates?

 What’s the problem?

 What is the problem?

 What’s the problem?

How to enforce the security of CA?

Key Ceremony Video

The Internet Corporation for Assigned Names and Numbers (ICANN)

How did the attack happen?

This demo was shown in Sep 2022 when the

CA’s public key

CA’s public key

Certification Revocation List (CRL)

Certificate Revocation Check (CRL)

Certificate Revocation Check (CRL)

Certificate Revocation Check (CRL)