Scott Bell
CIS 798 Fall, 2011

• Ten Risks of PKI: What You’re not Being Told about Public Key Infrastructure
– Carl Ellison and Bruce Schneier
– Computer Science Journal Volume XVI, number 1,
2000.
• Risks of Relying on Cryptography
– Bruce Schneier
– Communications of the ACM, Volume 42, number 10,
Oct 1999.

• What is Cryptanalysis?
– “the art of devising methods for cryptanalysis” ~ Merriam Webster:
– the procedures, processes, methods, etc., used to translate or interpret secret writings, as codes and ciphers, for which the key is unknown.

• How do ‘hackers’ do this?
– Mathmatical route by beating the encryption algorithm
– Creativity/reverse engineering
• “cheating” IS allowed...and even encouraged!
• Side channel attacks (power consumption, time, electromagnetic radiation, failure analysis)
• Weaknesses in the process outside of the encryption algorithm (perhaps the pseudo random key generator)
• Attacks that “the engineers never even thought about”

• What does it do?
– System of digital certificates
– match IDs with public and private key pairs
– used for public key encryption
• How do you get a certificate?
– Issued by a certification authority (CA)
• e.g.: Verisign, GoDaddy, Equifax, etc

• How do people know your certificate is secure?
– Signed using a root certificate by the CA
– “guarantees” that your certificate is authentic.
• Who can be a CA?
– Anybody!
– Issue their own root certificate
• Though it may not be recognized by browsers, etc.
• How do you trust them?
– Excellent question...thoughts?
– There are lists of trusted root certificates
– Should they be regulated?

• Who holds the private key?
– How does the CA know Alice is really Alice?
• Meet in person
• Credit bureau info
• …”I promise, I really am Bill Gates” ;)
– What does Alice mean? (Who is “Alice”?)
• Lots of people named Scott Bell!!!
– Even in my high school
– Who decides what name you can register ?
• Microsoft Corporation was registered in 2001 … to somebody else!
• Did the CA do their job?

What is non-repudiation?
– “To ensure that a transferred message has been sent and received by the parties claiming to have sent and received the message” - webopedia
– Prevents a person from saying “I didn't do it!”

• This leads to some interesting questions:
– Who has control of the computer/key issuing
Alice’s encrypted messages?
– Who's held accountable?
– What are the consequences?
– How does this compare to credit cards?

• How long should a key be good for?
– 1 year? 1 day?
• My dad vs Amazon
– How vulnerable is the key to theft?
• Ease of access
• How tantalizing is the target?

– Perhaps estimate a probability of being compromised?
• Key is x months old, mid sized e-commerce, relatively secure system = y% likely to have been compromised.
• For what value Y do we experience too much risk?

• Certificate is compromised…what happens?
• Added to a list of ‘bad certificates’
• How do we find out?
– Look up as needed…problems?
• Slow performance
• Possible DOS attacks

• How do we find out? <contd>
– Download and store updated list periodically…problems?
• How to determine if a document was signed prior to revocation?
• Use timestamps…problems?
– Is timestamp source secure?

• IMPORTANT
Neither the State of Washington nor any agency, officer, or employee of the State of Washington warrants the accuracy, reliability, or timeliness of any information in the Public Access System and shall not be liable for any losses caused by such reliance on the accuracy, reliability, or timeliness of such information. While every effort is made to ensure the accuracy of this information, portions may be incorrect or not current. Any person or entity who relies on information obtained from the
System does so at his or her own risk.

• What is it?
– Sign on once and you’re done, authentication passed around for you
– Good or bad?
• Easy, saves time
• Single point of failure compromises multiple systems.

• Let the buyer beware
• Does buying a certificate make you secure?
• Who is generating positive press for PKI? CA’s!
• Why are they popular?
– One size fits all
– Relatively easy to implement
– Are those good reasons?