c



 
 
Public Key Infrastructure (PKI)

Group Members:

Cheah Zhi Heng WEK070029

Leroy Ong bin Rahmat WEK070060

Salahe Amean WEK080707

Mubarak Ahmed WEK080713

Vahid Maleki Raee WEK080712

 c

 
  
p
?


p i   i
i p
p
p 
 
i p
p
p i p pp
p i
  
ip pp
p 

 
ip pp

mp    ! 
c

 p pp
mp
   "  p pp
mp
   

 p pp
mp
#p pp
mp    pp
mp 
$# 

 p pp
%p      
ip pp
p 

 &
i pp
p  ' 
 p pp
p  ' (&
    p p p
p &
)  p p p
p 
 ( p p
p
p   * + +p p
p
p ,
$  
 &
&p pp
p 
 
i$,  *-.p pp
c-./p pp
0$-.c1/p pp
2p   p p p
p 

 34#
" p p p

p 

 354#
,p p p
p 
 p p p
p

pppp
p
 c

 
  
p
p i   i
i
üowadays security and encryption is one the most important task in network area
specially Internet. Privacy in e-mails, messages and data communications between hosts or
clients must be stayed as safe as possible. In business records and data transactions, privacy
plays an essential role as well, since all the companies are sensitive about their private
resources.
A few years ago, PKI was the technology that solved lots of security problems. Today,
there are few large scale PKI implementations. To see why PKI has not been a great success,
you have only to look into the background behind PKI and you will understand why PKI
security landscape does not, and probably will not, include a working security approach.

p 
 
i

The first idea of the PKI belongs to the two famous scientist and researcher that they
were in different locations and both were working on the same topic but different area, and
once they found each other, they formed the group and they decide to complete their tasks
and research by compiling their own research into one research, do the modifications, finding
the bugs and finally coming with the idea called as public key cryptography. The two
researchers who took the first step of this concept were Whitfield Diffie and Martin Hellman,
in 1976.

What you might know about Diffie and Hellman algorithm is that they invented the
concept of asymmetric ciphers, which describes the use of two different keys in encryption
and decryption algorithm rather than using the same key for both encryption and decryption.
As it is going to be fully described in next sections, therefore, we avoid mentioning about
them now. But just to have a quick point to that, we can say that one of the keys, which is
called private key, being used to encrypt the message and the other key which is known as
the public key, can be know by anyone and is used to decrypt the message.

The Diffie-Hellman-Merkle key exchange algorithm provided an implementation for

secure public key distribution, but didn't implement digital signatures. After being introduced
to Diffie-Hellman algorithm, three researchers at MIT University in USA, Ronald Rivest,

pppp
p
 c

 
  
p
Adi Shamir, and Leonard Adleman (RSA) began searching for a practical mathematical
function to implement and complete the process to approach to an algorithm that can support
Diffie-Hellman algorithm lacks. After working on more than 40 candidates, they finally
discovered the algorithm based on the product of two prime numbers that exactly fit the
requirement for a practical public key cryptography implementation.

Since RSA was a powerful and strong algorithm at that time, therefore, the US üational
Security Agency (üSA) requested that RSA stop distributing the report, since they planned to
use the algorithm for the military purposes. RSA's algorithm was first publicized by Martin
Gardner in August, 1977, in his widely read column Mathematical Games in the magazine
Scientific American.

Public key cryptography relies on the private key in condition that the private key must
be remained secret, and as it is obvious that keeping the private key as part of an online
server is foolish, since the server might be under attack of the hackers at any time, therefore,
the private key can be found. In 1978, a college student, Kohnfelder, published the idea of
having an offline Certificate Authority (CA) that binds together an identity and a public key
by digitally signing a certificate containing this data using the CA¶s own private key. The
signing authority lends its trust, via its signature, to the combination of an identity and its
corresponding public key. üow, an online server can provide the certificates, and anyone can
fetch the certificates and verify its authenticity by using the public key of the CA.

 

pppp
p
 c

 
  
p
p i 

In most of the time, the sender and the receiver share the same key for encryption and
decryption. The same key is used on the both parties thought the openness of the
transmission mean. Due to the transmission of the private keys through non-secured ways
therefore it is a difficult task to manage the transmission because if there is an interceptor
who is watching the traffic he or she can get these keys and use them to encrypt and send
back to the sender, and also the interceptor can pretend to be either one of the both parties,
the sender of the receiver. Key management has to be established to guarantee keeping these
keys secret private from intruders. So the process of handling these keys is called key
management which controls sending the shared keys amongst the public network.

Diffie and Hellman offered the public key management. In the public key cryptography,
the user receives two keys public and private. Private keys are kept secret whereas, the public
key could be renounce. üo more need to share a private key which is used to be an issue
during all transmission involves only public key. So the sender encrypts the message and
send it over with the receiver¶s public key and the receiver at the other side of the
transmission decrypts the message to the original state using his/her own private key as
explained in the diagram below:

r
pp p p
p

pppp
p
 c

 
  
p
So if the user A needs to send a message to user B, user A must encrypt the message
using the public key. On the other side of transmission the user B has to decrypt the cipher
message using his own private key. It considered safe to send and receive messages without
any need of sharing and disclosing the private to the public. The process of sending the key
in this manner is secured as long as the private key is kept secret and being protected from
being compromised.

p i
  
i

To ensure that public keys are sent and no more private keys are sent to the public, Public
Key Infrastructures are the useful standards that contains consisting of procedures, standards
and protocols that use the public key cryptography as the framework for their standards and
protocols. Public Key Infrastructures contains a mixed of the two types of the cryptography;
symmetric and asymmetric. Thus the usage of public key is enhance the confirmation of
secrecy, confidentiality, integrity and the non-repudiation that can occur as a result from
knowing the private keys that has been avoided in the usage of the PKI.

There are many way to verify the credentials of the public key and that is exactly what is
called the Public Key-based Digital Certificates. The digital certificates assure and confirm
the originality of the public key of the certain sent digital signature. They are used as source
from all the users and it must be established through trusted third party. Therefore, the third
party acts as mediator that authenticate the signed signature more general the TTP
authenticate the participants and their public keys.

 

pp pp
p
 c

 
  
p
p 

 
i

PKI is an authentication technology supported by a large number of different applications.

The most widespread use of PKI is server identification certificates and Secure Online
Communication. PKI allows business applications to conduct business over unsecured
networks with confidence. Here are some of the popular applications of PKI infrastructure.

mp    ! 
c

 

Servers usually verify their clients before they can provide them sensitive information.
For example when customers want to interact with bank servers, the servers must identify
them before allowing them to view their account balances for instance and do any
transaction via online applications. This authentication is often done using user name and
password, but PKI provides an alternative way. This alternative is done by allowing the
server to require from the client-side a certificate before establishing a secure and
encrypted connection. The big advantage of using PKI is that, the server does not need to
have access to a database of user password, but that password is stored and manages
locally on the client side. This could be done by use some Hashing functions on the
password and just send the hashed value to the server; the server will execute the same
hash function on the stored password and compare between them. Users may still need to
supply their passwords to unlock their private key in their certificate. Servers also make
authorization decisions based on certificate information.

mp
   "  

PKI can be used to sign electronic documents. This is done by computing a hash
value of the document¶s contents and attaching an encrypted signature which contains the
hash value. With PKI¶s asymmetric keys, only the one who have the private key for a
certificate can do this signing operation, just like a person who only the one can put his
written signature on a paper document. But anyone can verify the PKI digital signature
by checking the hash value that the document contents, to ensure that it hasn¶t been
modified or altered during transmission .This kind of applications are used to ensure data
integrity.

pp
pp
p
 c

 
  
p

mp
   

 

It is very easy to spoof the sender fields in plain-text email, and it is also easy to sniff
plain text email while it is being transmitted, especially on an unencrypted wireless
networks. PKI combined with the S/MIME standard allow users to verify whether email
really came from the source that intended to be or not, and can be used to send and
receive encrypted emails. Users obtain personal certificates with a private key and use
private key operations to sign email messages and to decrypt messages sent to them while
others use the sender¶s certificate and public key to verify their signature and to encrypt
emails before sending them. The asymmetric nature of PKI keys ensures that only the
possessor of a personal certificate¶s private key can sign email, thus assuring that the
email came from that individual. Likewise, only the possessor of the private key can
decrypt email intended for that user and encrypted with their certificate¶s public key, thus
ensuring the confidentiality of that user¶s email contents.

mp
#

(Secure/Multipurpose Internet Mail Extensions / S/MIME) protocol has interesting

implications for mail servers. This interesting feature is that, the server can perform
authentication/authorization operations based on signatures. For instance, servers can
only allow certain user to post to certain lists. If user wants to send an encrypted email to
a list, they have the problem that each recipient has a different public key which means
the message needs to be encrypted differently for each user. A list server which is
S/MIME enabled and maintains certificates with public keys for each user can automate
this process, accepting the message encrypted with its own public key, decrypting it
internally, and then re-encrypting it with each recipient¶s public key as it forwards the
message to each person on the list.

mp   

pppp
p
 c

 
  
p
Digital signatures can be used by many users to enable them to put their signatures on
electronic documents, also could be used by software companies to put their digital
signed licenses on their software. It is possession of the private key that assures that only
the owner of the PKI digital could have executed the signature. Digital signature can be
used in many applications, these applications based on PKI-base signature technology.

A digital signature could be used to Authenticates the identity who signs a message /
software, and could be used to Permits message recipients to determine if a message has
been altered, this is used to assure Data integrity. Here is an example which based on
PKI-based digital signature technology.

mp 
$# 

 

An interesting application of PKI-based digital signature technology is to enforce

certain types of software licenses. A software publisher may make its software freely
downloadable over the Internet but control its execution by checking the availability of a
digitally signed license file. A typical license file contains a start date and duration for
which the software is functional, enabled features and other such information and is
signed by the private key of the software vendor. The software has the public key
embedded and validates the signature, terminating execution if the validation fails.

 

pppp
p
 c

 
  
p
%p      
i

In Public Key Infrastructure (PKI) we can always achieve confidentiality by using

asymmetric encryption. For example, if User A wants to deliver a message to User B, he will
encrypt it with the public key without having to worry that unauthorized individuals will
decrypt the message since User B is the only owner of his private key. Thus the
confidentiality is ensured with asymmetric encryption as unauthorized individuals are unable
to decrypt the message unless they discover the both keys. Besides, users no longer need to
memorize lengthy passwords or ID combinations when PKI is implemented. Moreover, PKI
provides a way to validate electronic documents and comply with mandates such as the
Government Paperwork Elimination Act.

The main disadvantage of Public Key cryptography is that much larger keys need to be
used to provide the same level of security. This was one of the main causes why symmetric
keys are most commonly used for encryption of important data, and cryptography keys are
only used to provide safe transmission of symmetric keys and for creation of digital
signatures in Public Key Infrastructure. Besides, there exist various architectures and models
of PKI but some software application does not support enough PKI, claiming that it is too
expensive or not understood enough.
Another ongoing issue of PKI about the disadvantages of PKI is regarding the key
management issues as below
mp generating keys
mp keeping backup keys
mp handling compromised keys
mp changing/reissuing keys
mp destroying expired keys
mp reliable distribution of public keys(integrity & authentication)

 

pp pp
p
 c

 
  
p
p 

 &
i
Throughout the years of development of PKI, various models and architectures of PKI
were proposed and implemented in the community. Below we will be discussing some of
them which we commonly come across:
p  ' 
 
In Single-Root Certificate Authority, all certificates are obtained from one
organization that runs the CA. Public key of the Root CA would be embedded in the
computing or communications device at its inception.
Advantages:
mp Straightforward concept
Disadvantages:
mp Vulnerable to monopolistic pricing
mp Less incentive to improve or innovate given a monopoly
mp Hard to scale
mp There¶s only single point of trust
mp Difficult to propagate changes in the hierarchy
mp Hard to ensure authenticity of the user requesting the certificate

r
p p

p p p
p

pp pp
p
 c

 
  
p
p  ' (&
    
In this architecture, RA facilitates the registration process, but does not issue
certificates. RAs are trusted by the CA to verify the linking of an entity to a key, and
send the signed request to the CA.
Advantages:
mp Convenient since there are more places to obtain certificates
Disadvantages:
mp Still need an impeccable, unimpeachable CA

r
p
p

ppp
 
pp

p &
)  
Multiple CAs means that there will be many organizations in the business
supplying digital certificates.
Advantages:
mp Competition among trusted CAs should prevent vendors from excising
monopolistic profits and achieve good reliability

pp pp
p
 c

 
  
p
Disadvantages:
mp Weakest link vulnerability: the entire PKI depends on the security of single root
key
mp There will be more CAs as target for attackers and they only need to disrupt one

r
p
p
 
pp

p

p 
 ( 

Configured CAs are CAs whose keys haven been configured into the users¶
workstation and can sign certificates authorizing other CAs (delegated CAs) to grant
certificates. Chain lengths typically limited to three.
Advantages:
mp Convenient since there are more places to obtain certificates
mp Chain length limit
mp Less time to obtain a visible certificate than with RAs

pp pp
p
 c

 
  
p
Disadvantages:
mp Weakest link vulnerability: the entire PKI depends on the security of single root
key
mp Certificate chain longer than with RAs and verification is therefore less efficient

r
pp
ppp

pp

p   * + +

In Anarchy PKI Model, or more commonly known as Pretty Good Privacy (PGP),
each user configures public keys they have obtained securely, perhaps personally.
Certificates are obtained through various means, including e-mail and downloading
from public databases.
Advantages:
mp Works well among friends
Disadvantages:
mp Does not scale well beyond a small community
mp Uncertainty in the chain of trust ± really no way to judge the trustworthiness of
someone several links removed
mp Arbitrarily long chains are typically allowed
mp üo preordained core set of configured CAs

pp pp
p
 c

 
  
p

r
pp p p  

p ,
$  
 &
&
In PEM, exactly one configured root CA can delegate to other CAs but only
within a hierarchical namespace. The rule of trusting a CA only for a portion of the
namespace is called subordination.
Advantages:
mp Preordained configured CA within the namespace that can be trusted
Disadvantages:
mp Weakest link vulnerability: the entire PKI depends on the security of single root
key
mp To change the root key would require massive reconfiguration at all nodes

pp pp
p
 c

 
  
p

r
pp!p   p p

p 
 
i$,  *-.

We will be using VPü to compare with PKI.Both VPü and PKI are used for security and
authenticity of communication. We will first describe on what VPü and PKI is before make
comparison between this two technologies.

The main objective of VPü is to ³virtualize´ some portion or all of an organization¶s

communications basically ³not visible´ to external observers, while taking advantage of the
efficiencies of a common communications infrastructure.

Therefore a Virtual Private üetwork means that the network being described is required
to perform the defined set of functions of a ³Private´ facility though the network is not truly
private.

The main reason for implementing a VPü is communications privacy. The level of
privacy depends greatly on the risk assessment performed by the subscriber organization.

pp pp
p
 c

 
  
p
The second reason is cost factor. Due to high cost of network and communication
components, needing to create a private environment is really expensive. Hence by deploying
a smaller number of variable cost components, which vary with the transport capacity and
bandwidth of the system, a private discreet network is created within a public network.

What is VPü
When ³Virtual´ word is added to anything it simply describes that the thing does not
exist but seems to be ³existing and performing some required set of functions´.

The diagram above is the most common type of VPü ± one in which there are
geographically diverse sub networks that each belong to a common administrative domain,
interconnected by a shared infrastructure such as Internet that is outside of their
administrative control or out of the administrative control of a single service provider.

How VPüs Work

Depending on the functional requirements, there are several different types of VPü¶s, and
several different methods of constructing each type of VPü. These implementations are
based on several considerations, such as:

mp How the problem being solved

mp Risk analysis of the security provided by a particular implementation
mp Issues of scale in growing the size of the VPü
mp Complexity involved in implementing the VPü
mp Complexity involved in maintenance and troubleshooting.

pp
pp
p
 c

 
  
p
p
A VPü can be built using by using tunnels or encryption (at any layer of the TCP/IP
network protocol stack) or both. Alternatively VPü can also be constructed using Multi-
Protocol Label Switching or one of the ³virtual router´ methods.
A VPü can consist of networks connected to a service provider¶s network by leased lines,
Frame Relay or ATM. It can also consist of dial-up subscribers connecting to centralized
services, or other dial-up subscribers.

We shall compare these technologies against the following criteria of communication

security:

 i -.

. ' 
  - The PKI exhibits non-repudiation on A VPü system can date stamp
ability to prevent transactions through the use of a transaction through an
participants from denying Digital Signatures. PKI¶s digital application, but there is no
involvement in an signatures provide a way to certify a legal standing for such a
electronic transaction. transaction, which has legal system.
standing.

   - The PKI provides a more reliable VPü uses a simple username
ability to ensure that method. PKI uses two-factor and password.
participants in an authentication. It requires
electronic transaction are possession of a physical object,
who they claim to be. such as a smart card that stores the
user's private key and knowledge of
a password. These requirements
make PKI more secure.

 i    - The Provides data encryption. Because VPü also uses encryption.

reliability of data passing of encryption, a third party cannot
through the system. modify the data without the person
Concerns include data who tampered recognizing the result

pp pp
p
 c

 
  
p
tampering or inconsistent immediately. Therefore, encryption
availability. is very useful in making data
secure.


  - Ensures Provides data encryption using VPü also uses encryption but
that information (e.g., public key of the recipient that once the data is at the
customer data and makes the data unreadable by any receiving end anyone can read
intellectual property) is third party. Thus anyone trying to the data, starting from the
not disclosed to intercept a data transmission would network administrator to
unauthorized persons, not be able to read it. Therefore, anyone who can lay hands on
processes, or devices. sensitive data such as customer data it.
Confidentiality is and intellectual property cannot be
especially important when read without access to the token, the
considering medical data private key of the recipient and its
or financial information. password.

å
pp  p p"#p p$%

PKIs¶ ability to provide üon-repudiation, Authentication, Data integrity and

Confidentiality not only enables an organization to defend against outside attackers but also
against inside attackers.

VPü not only fails to provide üon-repudiation but also does not offer any additional
protection against unauthorized insider access. Moreover, as VPü uses username and
passwords, it is vulnerable to misuses of valid users within the system itself.

Hence, PKI emerges as the preferred technology. 

pp pp
p
 c

 
  
p
2p   

As we have mentioned earlier, security and encryption of data is one of the most
important topics in network area. PKI by using asymmetric algorithm plays an essential role
to help to keep the necessary data and information as safe as possible. PKI was good at the
time it was introduced but there is still room of improvement for PKI.

p

 34#
" 

r p pp
p
pppp

r pp  !"p 

p p#$ pp p
r pp  !"pp%p#   p"pp p
r pp#   pp&' 

(pp p
r pp $pp%p) 
$ppp p
r p p

* p+$p  

& + (pp p
r p
p ,#p 

 p+
pp p

p

 354#
,

å
- p p
 pp ./p
$p0 1pp p

p

p 
 

i.p http://en.wikipedia.org/wiki/Martin_Hellman
ii.p http://en.wikipedia.org/wiki/Whitfield_Diffie
iii.p üetwork Security Technologies by Kwok T. Fung
iv.p http://book.javanb.com/j2ee-security-for-Servlets-ejbs-and-web-services-applying-
theory-and-standards/ch04lev1sec6.html
v.p 2nd Australian Information Security Management Conference, ³Securing the Future´

pppp
p