PKI (Public Key Infrastructure)

 Public-key cryptography
Briefly speaking, public-key cryptographic algorithms have a public key p and private
key e. Anyone can encrypt data with p, but only the holder of e can decrypt. Conversely,
the holder of e can encrypt a message with e, and anyone that has p can decrypt the
message. This implies that:
o Encryption and decryption are one-way: without corresponding keys, given
ciphertext, it is difficult to get the plaintext; given plaintext, it is difficult to get
the ciphertext.
o Anyone can transfer information to the holder of e securely. Only the holder of e
can decrypt the message.
o The holder of e can prove a message is indeed sent from him by sending the
message and another version of the message encrypted with e. The receiver can
verify the author by comparing the decrypted message and the actual message.
(This is known as digital signature.)
 Diffie-Hellman key exchange
DH allows two parties to exchange a secret key securely. Suppose there are two sides A
and B, then:
o A and B agrees on a big positive prime g
and a smaller positive prime p
 .
 A picks a random positive integer x<p and sends gxmodp
 to B.
 B picks a random positive integer y<p and sends gymodp
 to A.
 Both A and B can compute the shared secret by calculating K=gxymodp
4. .
An outsider will not be able to get K
because he does not know x or y
 .
 Man-In-The-Middle (MITM) Attack
Despite the fact that the combination of public-key cryptography and DH seems to be secure, it
is susceptible to MITM attacks. That is to say, an attacker C can talk with A and B at the same
time, tricking each party into thinking that C is the other side. In this way, C can steal the secret.
The PKI is intended to defeat MITM attack.
 An example A and B were to talk directly. However, M can intercept their traffic, which
makes the connections looks like A⟷M⟷B.
1. M intercepts the public key sent from A to B. Now he sends his own public key to
B.
2. When B wants to send something to A, B will encrypt the message with M’s
public key.
3. M can decrypt the message and encrypt it again with A’s public key.
4. M send the message to A.
 Both parties will not be able to spot M, and their traffic is completely compromised.
 How PKI defeats MITM attack
 Two key components in PKI
o Digital Certificates: It is a document that proves the owner ship of the public key
mentioned in the certificate. Digital certificates are signed by CAs who certify the
owner ship of their contained public keys.
o Certificate Authority (CA): they are responsible for verifying the identity of users
and providing them with signed digital certificates.
 The certificates (public keys) of CAs are already installed in operating systems and
browsers. This is the root of trust.
 If the attacker…
o Creates a fake certificate: the certificate cannot be signed by a trusted CA.
Therefore, it will not be accepted by browsers.
o Forwards the real certificate: the validation will pass in browser. However, the
session key will be encrypted with the real certificate’s public key afterwards. The
attacker will be unable to get the session key, and the actual traffic stays
encrypted.
o Uses his own certificate: the common name of this own certificate will differ from
the attacked website. Therefore, it will not be accepted by browsers.
 How to create a self-signed CA and issue certificates
1. Generate public/private key pairs for the CA
2. openssl req -x509 -newkey ras:4096 -sha256 -keyout key.pem -out cert.pem
3. Generate public/private key pairs for a server
4. openssl genrsa -aes128 -out server_key.pem 2048
5. Generate certificate signing request
6. openssl req -new -key server_key.pem -out server.csr -sha256
7. Sign the certificate on CA side
8. openssl ca -in server.csr -out server_cert.pem -md sha256 -cert cert.pem
-keyfile key.pem
9. Deploy the certificate on the server side Put the private key into the certificate
10. cp server_key.pem server_deploy.pem
11. cat server_cert.pem >> server_deploy.pem
12. Test the certificate with openssl test server
13. openssl s_server -cert server_deploy.pem -accept 4433 -www