Professional Documents
Culture Documents
Jerad Bates - Public Key Infrastructure
Jerad Bates - Public Key Infrastructure
(PKI)
Jerad Bates
University of Maryland, Baltimore County
December 2007
Overview
Introduction
Building Blocks
Certificates
Organization
Conclusions
Introduction
In the beginning there were shared secret keys
KA,KS KB,KS
Digital Signatures
Sign: PEK-(H(M)) = S
Verify: PDK+(S) = H(M)
Reliable as long as only the signer knows K-
Having K- allows one to sign, having K+ only allows
one to verify the signature
Slow to calculate
K’s + and - could just be a user’s public and private
keys
Building Blocks
Putting Them Together
Root CA
Small CA
Small CA
Smaller CA
Super Root CA
Smaller CA
Gary
Chad
Dan
Alice Fred
Each user’s Certificate is signed by zero or more other users
Certificate validity calculated from levels of trust assigned by signers
Assigned levels (Chad)
Implicit: User themselves – Chad
Complete: Any Certificate signed by the user them self – Fred and Emily
Intermediate Calculated Item
Partial Trust: Any Certificate signed by a ‘Complete’ Certificate – Bob and Dan
Calculated (Chad)
Valid: Any Certificate signed by an ‘Implicit’ or ‘Complete’ level Certificates – Chad, Fred, Emily,
Dan, and Bob
Marginally Valid: Any Certificate signed by two or more ‘Partial’ trust Certificates – Gary
Invalid: Any Certificate signed by a ‘Marginally Valid’ or no one - Alice
Conclusions
A PKI allows us to take the concept of a Key Server and apply it to
Public Keys
It allows greater flexibility then a Key Server in that users do not
need to communicate with the Root CA every time a Session Key is
needed
There are a vast variety of models for disseminating trust in a PKI
Even though PKIs look like an amazing idea, in practice there are
numerous problems implementing them on a large scale
Who does everyone trust?
What format do people use?
Security of the multitude of programs that rely on PKIs
Sources
[1] Adams, Carlisle, and Steve Lloyd. Understanding
PKI: Concepts, Standards, and Deployment
Considerations. Second ed. Boston, MA: Addison-
Wesley, 2003.
[2] Ferguson, Neils, and Bruce Schneier. Practical
Cryptography. Indianapolis, IN: Wiley, Inc., 2003.
[3] Stinson, Douglas R. Cryptography: Theory and
Practice. 3rd ed. Boca Raton, FL: Chapman &
Hall/CRC, 2006.
[4] Tanenbaum, Andrew S., and Maarten V. Steen.
Distributed Systems: Principles and Paradigms. 2nd
ed. Upper Saddle River, NJ: Pearson Prentice Hall, 2007.