Public Key Infrastructure PKI Fachhochschule Trier

Präsentation zum Thema: "Public Key Infrastructure PKI Fachhochschule Trier"—  Präsentation transkript:

1 Public Key Infrastructure PKI Fachhochschule Trier
Vortragsreihe: 1 Public Key Infrastructure PKI Fachhochschule Trier Professor Dr. Dieter Steinmann

2 Professor Dr. Dieter Steinmann d.steinmann@fh-trier.de
Professor an der Fachhochschule Trier, Fachbereich Wirtschaft, Betriebswirtschaft III Schwerpunkte + Enterprise Resource Planning Systeme, SAP R/3 + Entwicklung von Geschäftsprozessen + Professionelle Nutzung des Internets in Unternehmen WWW + + Professor Dr. Dieter Steinmann

3 Internet (Quelle: www.caida.org)
Professor Dr. Dieter Steinmann

4 Professor Dr. Dieter Steinmann d.steinmann@fh-trier.de
Internet Schutzbedürfnisse Schutz von/vor Identität Transaktion Zugriff, Manipulation Absender und Inhalte Persönlichkeit Serverdaten Zugriff, Manipulation Software Professor Dr. Dieter Steinmann

5 Schutz der Persönlichkeit
Privacy Privacy statement Privacy Organisationen + TRUSTe, Electronic Frontier Foundation,                                                                     Professor Dr. Dieter Steinmann

6 Sicherheit in E-Commerce
Kaufabwicklung Anbieter Kunde Interne Systeme Kreditprüfung und Zahlung Zahlungsinstitut Professor Dr. Dieter Steinmann

7 Professor Dr. Dieter Steinmann d.steinmann@fh-trier.de
Authentifizierung Smartcard PIN/TAN, ITAN Biometrische Verfahren Trust Center (Registrierung und Verzeichnisdienst) Authentifizierung Vergabe von Schlüsseln Bekanntgabe und Prüfung von Schlüsseln Professor Dr. Dieter Steinmann

8 Public Key Infrastructure - Trust Service/Center
# Identifizieren der Person, der Institution # Erzeugen der Schlüssel (Diskette oder Smartcard) # Verzeichnisdienst # Veröffentlichung der öffentlichen Schlüssel # Verzeichnis der gesperrten Schlüssel # Prüfen der Schlüssel Professor Dr. Dieter Steinmann

9 PIN/TAN-Verfahren (ITAN)
# Anmelden am System # Eingabe einer TAN für jede Transaktion # Vergabe einer PIN, eines Passwortes # Erzeugen einer Liste mit Transaktionsnummern, Zuordnung zu Benutzern, Versand der Transaktions- nummern auf sicherem Weg Professor Dr. Dieter Steinmann

10 Sicherheit und Standards Zahlungsabwicklung
SET, Secure Electronic Transactions, Kreditkartenoperationen, Visa, Mastercard, PIN/TAN HBCI, Home Banking Computer Interface, entwickelt im ZKI (Zentralen Kreditausschuß), ersetzt PIN/TAN, Smart Cards Elektronische Unterschrift Physikalische Personenerkennungsverfahren (Iris, Fingerabdruck, ...) (American Express, MasterCard, Visa, IBM, GlobeSet und Hitachi, Brokat) Globeset Set-specifications ( SET (Secure Electronic Transaction) SET (Secure Electronic Transaction) is a system for ensuring the security of financial transactions on the Internet. It was supported initially by Mastercard, Visa, Microsoft, Netscape, and others. With SET, a user is given an electronic wallet (digital certificate) and a transaction is conducted and verified using a combination of digital certificates and digital signatures among the purchaser, a merchant, and the purchaser's bank in a way that ensures privacy and confidentiality. SET makes use of Netscape's Secure Sockets Layer (SSL), Microsoft's Secure Transaction Technology (STT), and Terisa System's Secure Hypertext Transfer Protocol (S-HTTP). SET uses some but not all aspects of a public key infrastructure (PKI). Here's how SET works: Assume that a customer has a SET-enabled browser such as Netscape or Microsoft's Internet Explorer and that the transaction provider (bank, store, etc.) has a SET-enabled server. The customer opens a Mastercard or Visa bank account. Any issuer of a credit card is some kind of bank. The customer receives a digital certificate. This electronic file functions as a credit card for online purchases or other transactions. It includes a public key with an expiration date. It has been digitally signed by the bank to ensure its validity. Third-party merchants also receive certificates from the bank. These certificates include the merchant's public key and the bank's public key. The customer places an order over a Web page, by phone, or some other means. The customer's browser receives and confirms from the merchant's certificate that the merchant is valid. The browser sends the order information. This message is encrypted with the merchant's public key, the payment information, which is encrypted with the bank's public key (which can't be read by the merchant), and information that ensures the payment can only be used with this particular order. The merchant verifies the customer by checking the digital signature on the customer's certificate. This may be done by referring the certificate to the bank or to a third-party verifier. The merchant sends the order message along to the bank. This includes the bank's public key, the customer's payment information (which the merchant can't decode), and the merchant's certificate. The bank verifies the merchant and the message. The bank uses the digital signature on the certificate with the message and verifies the payment part of the message. The bank digitally signs and sends authorization to the merchant, who can then fill the order. Selected Links GlobeSet states that it is "the world's largest provider of e-commerce transaction software for OEM solutions." Professor Dr. Dieter Steinmann

11 Grundprinzip Sicherheitsvereinbarungen
„Abhören der Kommunikation“ Internet- Front-End Internet- Server LOG IN Verschlüsselung vereinbaren Authentifizierung Server-Zugriff LOGIN Verschlüsselung vereinbaren Authentifizierung Berechtigungen Protokolle Virenschutz 1 2 3 Professor Dr. Dieter Steinmann

12 Symmetrische Verschlüsselung (symmetrisch)
DES (Data Encryption Standard) Data Encryption Standard (DES) is a widely-used method of data encryption using a private (secret) key that was judged so difficult to break by the U.S. government that it was restricted for exportation to other countries. There are 72,000,000,000,000,000 (72 quadrillion) or more possible encryption keys that can be used. For each given message, the key is chosen at random from among this enormous number of keys. Like other private key cryptographic methods, both the sender and the receiver must know and use the same private key. DES applies a 56-bit key to each 64-bit block of data. The process can run in several modes and involves 16 rounds or operations. Although this is considered "strong" encryption, many companies use "triple DES", which applies three keys in succession. This is not to say that a DES-encrypted message cannot be "broken." Early in 1997, RSA, owners of another encryption approach, offered a $10,000 reward for breaking a DES message. A cooperative effort on the Internet of over 14,000 computer users trying out various keys finally deciphered the message, discovering the key after running through only 18 quadrillion of the 72 quadrillion possible keys! Few messages sent today with DES encryption are likely to be subject to this kind of code-breaking effort. DES originated at IBM in 1977 and was adopted by the U.S. Department of Defense. It is specified in the ANSI X3.92 and X3.106 standards and in the Federal FIPS 46 and 81 standards. Concerned that the encryption algorithm could be used by unfriendly governments, the U.S. government has prevented export of the encryption software. However, free versions of the software are widely available on bulletin board services and Web sites. Since there is some concern that the encryption algorithm will remain relatively unbreakable, NIST has indicated DES may not be recertified as a standard and submissions for its replacement are being accepted. The next standard will be known as the Advanced Encryption Standard (AES). Selected Links RSA has an excellent FAQ on Cryptography that addresses DES together with other encryption methods and issues. Quelle: Verschlüsselung und Entschlüsselung mit dem gleichen Schlüssel (DES) Problem: # Schlüsselaustausch # Alle Beteiligten können mit dem gleichen Schlüssel ver- und entschlüsseln Professor Dr. Dieter Steinmann

13 Asymmetrisches RSA-Verfahren
Private key Public key RSA (Rivest-Shamir-Adleman) RSA is an Internet encryption and authentication system that uses an algorithm developed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. The RSA algorithm is the most commonly used encryption and authentication algorithm and is included as part of the Web browsers from Netscape and Microsoft. It's also part of Lotus Notes, Intuit's Quicken, and many other products. The encryption system is owned by RSA Security. The company licenses the algorithm technologies and also sells development kits. The technologies are part of existing or proposed Web, Internet, and computing standards. How the RSA System Works The mathematical details of the algorithm used in obtaining the public and private keys are available at the RSA Web site. Briefly, the algorithm involves multiplying two large prime numbers (a prime number is a number divisible only by that number and 1) and through additional operations deriving a set of two numbers that constitutes the public key and another set that is the private key. Once the keys have been developed, the original prime numbers are no longer important and can be discarded. Both the public and the private keys are needed for encryption /decryption but only the owner of a private key ever needs to know it. Using the RSA system, the private key never needs to be sent across the Internet. The private key is used to decrypt text that has been encrypted with the public key. Thus, if I send you a message, I can find out your public key (but not your private key) from a central administrator and encrypt a message to you using your public key. When you receive it, you decrypt it with your private key. In addition to encrypting messages (which ensures privacy), you can authenticate yourself to me (so I know that it is really you who sent the message) by using your private key to encrypt a digital certificate. When I receive it, I can use your public key to decrypt it. A table might help us remember this. To do thisUse whoseKind of keySend an encrypted messageUse the receiver's Public key Send an encrypted signatureUse the sender's Private key Decrypt an encrypted messageUse the receiver's Decrypt an encrypted signature (and authenticate the sender)Use the sender's Selected Links RSA Security offers the RSA Labs FAQ. Verschlüsselung mit dem fremden public key, Entschlüsselung nur noch mit dem fremden private key möglich Entschlüsselung nur mit dem private key möglich RSA - Rivest, Shamir und Adleman Professor Dr. Dieter Steinmann

14 Signatur (Texte, Software, ...)
Private key Public key Signieren einer Nachricht nur mit dem private key möglich (Hash Code) Prüfen der Echtheit und des Absenders einer Nachricht mit dem öffentlichen Schlüssel (Hash Code) RSA - Rivest, Shamir und Adleman Professor Dr. Dieter Steinmann

15 Public Key Infrastructure (Asymmetrisch)
RSA, Rivest, Shamir und Adleman Digitale Zertifikate X.509 Verschlüsselung mit dem public key Entschlüsselung mit dem private key PKI (public key infrastructure) A PKI (public key infrastructure) enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. The public key infrastructure provides for digital certificates that can identify individuals or organizations and directory services that can store and, when necessary, revoke them. Although the components of a PKI are generally understood, a number of different vendor approaches and services are emerging. Meanwhile, an Internet standard for PKI is being worked on. The public key infrastructure assumes the use of public key cryptography, which is the most common method on the Internet for authenticating a message sender or encrypting and decrypting a message. Traditional cryptography has usually involved the creation and sharing of a secret key for the encryption and decryption of messages. This secret or private key system has the significant flaw that if the key is discovered or intercepted by someone else, messages can easily be decrypted. For this reason, public key cryptography and the public key infrastructure is the preferred approach on the Internet. (The private key system is sometimes known as symmetric cryptography and the public key system as asymmetric cryptography.) A public key infrastructure consists of: A certificate authority (CA) that issues and verifies digital certificates. A certificate includes the public key or information about the public key A registration authority (RA) that acts as the verifier for the certificate authority before a digital certificate is issued to a requestor One or more directories where the certificates (with their public keys) are held (usually in an ITU X.500 standard directory) A certificate management system How Public and Private Key Cryptography WorksIn public key cryptography, a public and private key are created simultaneously using the same algorithm (a popular one is known as RSA) by a certificate authority (CA). The private key is given only to the requesting party and the public key is made publicly available (as part of a digital certificate) in a directory that all parties can access. The private key is never shared with anyone or sent across the Internet. You use the private key to decrypt text that has been encrypted with your public key by someone else (who can find out what your public key is from a public directory). Thus, if I send you a message, I can find out your public key (but not your private key) from a central administrator and encrypt a message to you using your public key. When you receive it, you decrypt it with your private key. In addition to encrypting messages (which ensures privacy), you can authenticate yourself to me (so I know that it is really you who sent the message) by using your private key to encrypt a digital certificate. When I receive it, I can use your public key to decrypt it. Here's a table that restates it: To do thisUse whoseKind of keySend an encrypted messageUse the receiver'sPublic keySend an encrypted signatureUse the sender'sPrivate keyDecrypt an encrypted messageUse the receiver'sPrivate keyDecrypt an encrypted signature (and authenticate the sender)Use the sender'sPublic keyWho Provides the InfrastructureA number of products are offered that enable a company or group of companies to implement a PKI. The acceleration of e-commerce and business-to-business commerce over the Internet has increased the demand for PKI solutions. Related ideas are virtual private networks (VPNs) and the IP Security (IPSec) standard. Among PKI leaders are: RSA, which has developed the main algorithms used by PKI vendors Verisign, which acts as a certificate authority and sells software that allows a company to create its own certificate authorities GTE CyberTrust, which provides a PKI implementation methodology and consultation service that it plans to vend to other companies for a fixed price Check Point, which offers a product, VPN-1 Certificate Manager, that is based on the Netscape Directory Server Xcert, whose Web Sentry product that checks the revocation status of certificates on a server, using the Online Certificate Status Protocol (OCSP) Netscape, whose Directory Server product is said to support 50 million objects and process 5,000 queries a second; Secure E-Commerce, which allows a company or extranet manager to manage digital certificates; and Meta-Directory, which can connect all corporate directories into a single directory for security management Pretty Good PrivacyFor , the Pretty Good Privacy (PGP) product lets you encrypt a message to anyone who has a public key. You encrypt it with their public key and they then decrypt it with their private key. PGP users share a directory of public keys that is called a key ring. (If you are sending a message to someone that doesn't have access to the key ring, you can't send them an encrypted message.) As another option, PGP lets you "sign" your note with a digital signature using your private key. The recipient can then get your public key (if they get access to the key ring) and decrypt your signature to see whether it was really you who sent the message. Selected Links Marc Branchaud's paper, A Survey of Public Key Infrastructures includes a tutorial on how public key cryptography works and compares several PKI approaches. On ZDNet, Jim Kerstetter's story, Public-key rollouts poised for takeoff, suggests some likely developments. VeriSign's Global Affiliate Services lets a company act as its own certificate authority (CA) but use Verisign's processing and root keys. The company can handle its own certificate distribution and set up its own rules and revocation list. RSA Security is the home of the system and encryption algorithms that underlie most PKI approaches. IBM's Vault Registry product is a PKI management system that can be installed on IBM's RISC System/6000 and on Microsoft Windows NT servers. The IETF's Request for Comments 2693 describes SPKI Certificate Theory. The Open Group offers Postscript and Portable Document Format (PDF) versions of proposals for various PKI standards. Quelle: Signatur prüfen mit dem Public key Signatur erzeugen mit dem private key Professor Dr. Dieter Steinmann

16 Professor Dr. Dieter Steinmann d.steinmann@fh-trier.de
Trust Center Komponenten # Registrierung # Verzeichnisdienst (Deutsche Telekom AG) Professor Dr. Dieter Steinmann

17 Abrufbare Verzeichnisse, Zertifikatsprüfung
+ public key directory – pkd + anonymus public key directory (apkd) + certificate revocation list – cl + Prüfung eines einzelnen Zertifikates + ttp-messageformat + ttp-viewer kostenlos downloadbar Professor Dr. Dieter Steinmann

18 Public Key Crypto Standards
Professor Dr. Dieter Steinmann

19 Serversicherheit Übersicht
Anmelden am Server, Sitzung eröffnen Austauschen von Verschlüsselungsinformationen Nutzen der Serverdienste, Transaktionen Abmelden Professor Dr. Dieter Steinmann

20 Professor Dr. Dieter Steinmann d.steinmann@fh-trier.de
Serversicherheit Public key des servers Public key des servers [Verschlüsselung] Technologien ssl, secure socket layer, tls, transport socket layer, internet drafts, # http over TLS, # upgrading to tls within http/1.1, # extensions to TLS for OpenPGP keys, download http: port 80 https: port 443 Private key des Servers [Enschlüsselung] Professor Dr. Dieter Steinmann

21 Professor Dr. Dieter Steinmann d.steinmann@fh-trier.de
-Sicherheit Erstellen der Verschlüsseln Anmelden am Server Übertragen auf den Server Anmelden am Server Abholen vom Server Entschlüsseln Lesen MIM or MME file A MIM or MME file is a file in the Multi-Purpose Internet Mail Extensions (MIME) format that is created by some programs, including that of America Online (AOL), to encapsulate that contains image or program attachments. The MIM or MME refers to the three-letter extension or suffix (".mim" or ".mme") at the end of the file name. AOL creates a MIM or MME file when a user sends a note with attachments to other users. Such notes sent to other than AOL users tend to be restored to their original form by the receiver's software. However, AOL recipients receive a MIM or MME file that they need to "open" so that they can get the individual files inside. AOL users with Windows can use Winzip (using the "Classic Winzip" mode of operation). Mac users can use a similar utility. AOL users who enter the keyword "MIME" receive this explanation from AOL: The Internet's system handles basic text files nicely, but doesn't reliably handle binary files -- files like pictures or word processing documents. So, when you send an message with a file attachment to someone on the Internet, the AOL software automatically encodes or translates the attachment using a system called MIME. (MIME stands for Multipurpose Internet Mail Extensions.) MIME converts the binary attachment to a text format that can be handled by Internet . The message's recipient needs a program that can decode the MIME and turn it back into a binary file that the computer can work with. When you receive MIME files...When someone sends you a MIME-encoded file in , it needs to be translated back into a format that your computer can understand. Depending on the mail system that the sender used, the AOL software may or may not be able to automatically decode the MIME file. If it was able to decode the file, the 's file attachment will be in its original, binary format: such as .GIF, or .ZIP. If AOL was unable to decode the MIME file, the attachment will be in MIME format, with a filename extension of .MME. Download this file--it is simple to use a utility to convert the .MME file back to a binary file. Windows users can use these applications to easily decode MIME files. * WinZip: * MIME Decoders: MIME Help & Software After you've downloaded and installed these programs, please be sure to read the READ ME guide for information on how to use the decoder(s). Macintosh users can use these applications to easily decode MIME files. * Decoder: Harmony Software Home Page After you've downloaded and installed any of these programs, please be sure to read the READ ME guide for information on how to use the decoder. When you send an attachment to an Internet user... When you attach a file to an message that you send to an Internet user, it will automatically be MIME-encoded. In order to use the attachment, your message's recipient must have a MIME-compliant program or use software that can decode MIME files--to translate it back into a format that his or her computer can understand. If the recipient has a MIME-compliant program, the MIME attachment will probably be automatically decoded for him. If not, the recipient can easily translate the file using a utility program. smtp Smtp-Server POP-Server Professor Dr. Dieter Steinmann

22 E-mail Verschlüsselungsstandards
Pretty good privacy, pgp, MIME, SMIME PGP (Pretty Good Privacy) PGP (Pretty Good Privacy) is a popular program used to encrypt and decrypt over the Internet. It can also be used to send an encrypted digital signature that lets the receiver verify the sender's identity and know that the message was not changed en route. Available both as freeware and in a low-cost commercial version, PGP is the most widely used privacy-ensuring program by individuals and is also used by many corporations. Developed by Philip R. Zimmermann in 1991, PGP has become a de facto standard for security. PGP can also be used to encrypt files being stored so that they are unreadable by other users or intruders. How It Works PGP uses a variation of the public key system. In a public key system, each user has a publicly known encryption key and a private key known only to that user. You encrypt a message you send to someone else using their public key. When they receive it, they decrypt it using their private key. Since encrypting an entire message can be time-consuming, PGP uses a faster encryption algorithm to encrypt the message and then uses the public key to encrypt the shorter key that was used to encrypt the entire message. Both the encrypted message and the short key are sent to the receiver who first uses the receiver's private key to decrypt the short key and then uses that key to decrypt the message. PGP comes in two public key versions - RSA and Diffie-Hellman. The RSA version, for which PGP must pay a license fee to RSA, uses the IDEA algorithm to generate a short key for the entire message and RSA to encrypt the short key. The Diffie-Hellman version uses the CAST algorithm for the short key to encrypt the message and the Diffie-Hellman algorithm to encrypt the short key. For sending digital signatures, PGP uses an efficient algorithm that generates a hash code from the user's name and other signature information. This hash code is then encrypted with the sender's private key. The receiver uses the sender's public key to decrypt the hash code. If it matches the hash code sent as the digital signature for the message, then the receiver is sure that the message has arrived securely from the stated sender. PGP's RSA version uses the MD5 algorithm to generate the hash code. PGP's Diffie-Hellman version uses the SHA-1 algorithm to generate the hash code. To use PGP, you download or purchase it and install it on your computer system. Typically, it contains a user interface that works with your customary program. You also need to register the public key that your PGP program gives you with a PGP public-key server so that people you exchange messages with will be able to find your public key. Network Associates maintains an LDAP/HTTP public key server that has 300,000 registered public keys. This server is mirrored at other sites around the world. Where Can You Use PGP Originally, the U.S. government restricted the exportation of PGP technology. Today, however, PGP encrypted can be exchanged with users outside the U.S if you have the correct versions of PGP at both ends. Unlike most other encryption products, the international version is just as secure as the domestic version. The freely available PGP cannot legally be used for commercial purposes - for that, one must obtain the commercial version from Network Associates (formerly PGP, Inc.). There are several versions of PGP in use. Add-ons can be purchased that allow backwards compatibility for newer RSA versions with older versions. However, the Diffie-Hellman and RSA versions of PGP do not work with each other since they use different algorithms. This term was originally written by Sabrina Dei Giudici from Web Marketing, Perth, Western Australia. Selected Links William Stalling's article, "Getting Cryptic - PGP or You and Me" is a worthwhile introduction. The home of PGP is now at Network Associates ( You can find out more about PGP and also download the current version from the International PGP Page ( Quelle: Professor Dr. Dieter Steinmann

23 Sicherheit der Komponenten im Internet
Sicherheitskonzept des Betriebssystems und des Netzwerkbetriebssystems Sicherheitskonzept des Frontends Sicherheit des Mail-Systems Sicherheitskonzept der Übertragungsstrecke Sicherheit des Servers Sicherheit des Verschlüsselungskonzepts Professor Dr. Dieter Steinmann