SPKI analysis
in
strand space
Alex Vidergar, 1Lt, USAF
Air Force Institute of Technology
Graduate School of Computer Science & Engineering
Thesis Advisor: Robert Graham, Maj, USAF
Overview

SPKI
• what it is and why we use it

Strand Space
• How this tool was used effectively

Example Analysis
• Transport Layer Security (TLS)

Conclusions about new security properties
• Authorizations
Simple Public Key Infrastructure




Championed by Ron Rivest (RSA) and
Carl Ellison (Intel)
Simple Distributed Security Infrastructure (SDSI)
and SPKI merged in the 90s
Developed to overcome shortcoming in the
currently deployed PKI (X.509)
Two types of certificates Name & Authorization
X.509 Shortcomings

Unrealistic Goals
• Global reach of the x.500 directory
• Single global standard
• Unique names in one namespace

Privacy
• Participation in the network may unwillingly
revealing details about organization

Lack of Flexibility
• Updated information impossible
• Multiple keys unsupported
SPKI Solutions

Egalitarian Design
• Every Principal acts as Certificate Authority
(CA)
• Local Names


Humans tend to relate well to things they name
themselves
Local name space
• Allows unique names to be applied as
understood by the principals that will be using
them
• Fully qualified names act globally

Alice’s Bob’s Charlie ≠ Allison’s Bob’s Charlie
SPKI Solutions

Delegation of Authority
• Delegation bit
• University Example
University Enrollment
 Course Enrollment

• Department
 School
- student
SPKI: Authorization Tags

Customized to applications
• Once again not standardized
• Flexibility

Security through obscurity?
• What is access of 10 mean?
• More importantly, meaningful to the
issuers of access to a resource
SPKI: Flexibility or Meager Design?

Constant theme of Flexibility
• Very Vague Specification

Highly customizable
• Requires diligence in implementation


Easily integrated into a system
Potential security issues may arise
Solution: Strand space analysis
Strand Space

Existing Strand Space Model
• Public Key Protocol



Diffie-Hellman
Injective hash function
Signatures in addition to encryptions
• Mixed Strand Space



Disparate protocols operating in the same space
Respect
Disjoint Encryption
Strand Space : Merge

Mixed PKI Strand Space
• Amalgamation of needed features of
previous strand space models
• Ideal environment for testing SPKI
protocols being integrated into other
systems
TLS : Analysis

Ideal analysis protocol:
Transport Layer Security


Arguably the most widely used Internet
protocol for secure transactions
Intrinsic use of certificates
• Uses x.509

Layered protocol execution
• TLS > DH > Resume
TLS : modifications

TLS uses x.509 certificates
• Mayweh implements SSL with SPKI



Substitute x.509 for SPKI name certs
Functionally identical
Limited Network security
• Assumed operating in secure environment
TLS : the sweet Onion

TLS is a layer of protocols
• TLS itself is a shell

Arranges for other protocols to run
• Does not provide security

Security provided by sub protocols
• Diffie-Hellman
• RSA
TLS : Primary Protocols
Server
Authentication
Protocol

Client unauthenticated
TLS : Primary Protocols
Server & Client
Authentication
Protocol

Both principals
authenticated
Mixed Strand Space : Resume
Resume Protocol



Inherently
uninteresting
Provides only a
recount of a
previously executed
session
Relies on message
digest for coordination
and agreement
Mixed Strand Space :
Certificate Chain Discovery


Certificate Chain Discovery Protocol
Designed from the ground up with TLS in mind
• establish authentication of CA
• validation of certificate
• maintain security of primary protocol
Mixed Strand Space :
Certificate Chain Discovery

Possible to assume
disjoint set of keys
• therefore disjoint
encryption is trivial

Message formats
designed disjointly
• once again simple
proof of respect if
designed properly
Analysis

Respect
• Concept born in paper Mixed Strand Spaces
• Supplemented

Method for defining respect
• Characterize test components
• Identify sets of messages

Applied to Diffie-Hellman
• Protocol design based on Respect

SPKI Certificate Chain Discovery
• Disjoint Encryption
• Respect of primary protocol’s test components
• Necessary to Prove for each protocol as
primary?
Analysis
Disjoint Encryption
• Protocol Independence through Disjoint Encryption
• Better Refined concept of respect → Independence


Disjoint set of test components
Previous notion of Respect
• covers naïve case of disjoint sets

Allows more complex secondary protocols to be designed
• In the CCD Protocol Design Case

CCD design from respect is indeed Disjoint Encryption
• Disjoint Outbound
• Disjoint Inbound
simple case: no shared terms
• Visual representation of mixed strand spaces

Problematic with entwined sub-protocols
Simple and Powerful

Signed statements are certifications

An authority is an authority
• Certificate Authorities traditionally are simply
name authorities


Does not have to be limited to names
Authorizations are thus provided by an
authorization principal
• Already incorporated with authorization
certificates in SPKI standard

Explicit Rely-Guarantee Functionality
Summary

SPKI
• Vague specification makes it flexible


Requires diligence in implementation
Strand Space
• Mixed-PKI strand space

TLS
• Ideal testing ground for SPKI analysis

Authorization
• Intrinsic to SPKI standard
• CA are trusted to provide
Questions