T U T U N J U H A N A

T E L E C O M M U N I C A T I O N E N G I N E E R I N G

S C H O O L O F E L E C T R I C A L E N G I N E E R I N G & I N F O R M A T I C S

I N S T I T U T T E K N O L O G I B A N D U N G

h t t p : / / t e l e c o m m u n i c a t i o n . i t b . a c . i d / ~ t u t u n / E T 4 0 8 5

ET4045 Telecommunication Network Security

CrytographyPart 3

2

Message Authentication

3

Encryption often overkill computationally expensive

Use message authentication instead

4

Message authentication allows communicating parties to verify that received messages are authentic

Verify content of message has not been altered

Source is authentic

Message has not been artificially delayed (playback attack)

Sequence of messages is maintained

Message Digests5

Function H( ) that takes as input an arbitrary length message and outputs a fixed-length strength: “message signature”

Note that H( ) is a many to-1 function

H( ) is often called a “hash function”

6

Desirable properties:

Easy to calculate

Irreversibility: Can’t determine m from H(m)

Collision resistance: Computationally difficult to produce m and m’ such that H(m) = H(m’)

Seemingly random output

Hash Function Algorithms7

MD5 hash function widely used (RFC 1321)

computes 128-bit message digest in 4-step process.

arbitrary 128-bit string x

appears difficult to construct msg m whose MD5 hash is equal to x.

SHA-1 is also used.

US standard [NIST, FIPS PUB 180-1]

160-bit message digest

Message Authentication Code (MAC)8

9

Digital Signatures

10

Cryptographic technique analogous to handwritten signatures.

sender (Bob) digitally signs document, establishing he is document owner/creator.

verifiable, nonforgeable: recipient (Alice) can prove to someone that Bob, and no one else (including Alice), must have signed document

11

12

Digital Signature Standard13

14

A little recaps Remember that in the first assignment I told You to download my

public key at

https://www.dropbox.com/s/jo77l5mo7hyw0fd/pubkey-tutun.pem?dl=0

You TRUST me that the public key is belongs to me because Itold you

What if TRUDY told you that MY public key is at https://www.dropbox.com/s/jo77l5mo7hyw0fd/pubkey-tutun.pem?dl=0

You CAN’T be sure that TRUDY tell the truth, it might be that the public key is belongs to TRUDY instead

15

So we need something to verify that the public key is really belongs to someone/something (routers, servers etc.) certification authority

Certification Authorities16

Certification authority (CA): binds public key to particular entity, E.

E (person, router) registers its public key with CA. E provides “proof of identity” to CA.

CA creates certificate binding E to its public key digital certificates

certificate containing E’s public key digitally signed by CA

CA says “this is E’s public key”

17

When Alice wants Bob’s public key: gets Bob’s certificate (Bob or elsewhere).

apply CA’s public key to Bob’s certificate, get Bob’s public key

Certificates: summary18

Primary standard X.509 (RFC 2459)

Certificate contains:

Issuer name

Entity name, address, domain name, etc.

Entity’s public key

Digital signature (signed with issuer’s private key)

X.509 Identity Certificates19

Distinguished Name of user C=US, O=Lawrence Berkely National Laboratory, OU=DSD, CN=Mary R.

Thompson

DN of Issuer (CA) C=US, O=Lawrence Berkely National Laboratory, CN=LBNL-CA

Validity dates: Not before <date>, Not after <date>

User's public key Plus parameters, e.g. RSA

V3- extensions Alternative user name, key usage etc.

Signing algorithm parameters e.g. SHA-1, MD5 CA signature Defined in ANS1 notation - language independent

20

How are Digital Certificates Issued?

Who is issuing them?

Why should I Trust the Certificate Issuer?

How can I check if a Certificate is valid?

How can I revoke a Certificate?

Who is revoking Certificates?

PKI

21

Public Key Infrastructure

Elements of PKI22

Certificate Authorities (CA) OpenSSL, Netscape, Verisign, Entrust, RSA Keon

Public/Private Key Pairs - Key management

x.509 Identity Certificates - Certificate management

LDAP servers

X509 PKI23

Basic Components:

Certificate Authority (CA)

Registration Authority (RA)

Certificate Distribution System

PKI enabled applications

“Provider” Side

“Consumer” Side

X509 PKI Certificate Authority (CA)24

Basic Tasks:

Key Generation Digital Certificate Generation Certificate Issuance and Distribution Revocation Key Backup and Recovery System Cross-Certification

X509 PKI Registration Authority (RA)25

Basic Tasks:

Registration of Certificate Information

Face-to-Face Registration

Remote Registration

Automatic Registration

Revocation

X509 PKI Certificate Distribution System26

Provide Repository for:

Digital Certificates

Certificate Revocation Lists (CRLs)

Typically:

Special Purposes Databases

LDAP directories

Certificate Revocation List (CRL)27

CRLs are published by CAs at well defined interval of time

It is a responsibility of “Users” of certificates to “download” a CRL and verify if a certificate has been revoked

User application must deal with the revocation processes

Revoked Certificates remain in CRL until they expire

Simple Certificate Path28

Alice trusts the root CA Bob sends a message to Alice

Alice needs Bob’s certificate, the certificate of the CA that signed Bob’s certificate, and so on up to the root CA’s self signed certificate.

Alice also needs each CRL for each CA.

Only then can Alice verify that Bob’s certificate is valid and trusted and so verify the Bob’s signature.

*

Alice Bob

Trusted

Root