Cryptography Reference
In-Depth Information
Diffie-Hellman Key Exchange with Certificates
Alice
Bob
a
=
k
pr
,
A
b
=
k
pr
,
B
a
B
A
=
k
pub
,
A
≡
α
mod
p
B
=
k
pub
,
B
≡
α
mod
p
Cert
A
=[(
A
,
ID
A
)
,
s
A
]
Cert
B
=[(
B
,
ID
B
)
,
s
B
]
Cert
A
−−−−−−−−−−−−→
Cert
B
←−−−−−−−−−−−−
verify certificate:
verify certificate:
ver
k
pub
,
CA
(Cert
B
)
ver
k
pub
,
CA
(Cert
A
)
compute session key:
compute session key:
k
AB
≡
B
a
k
AB
≡
A
b
mod
p
mod
p
One very crucial point here is the verification of the certificates. Obviously, with-
out verification, the signatures within the certificates would be of no use. As can be
seen in the protocol, verification requires the public key of the CA. This key must
be transmitted via an authenticated channel, otherwise Oscar could perform MIM
attacks again. It looks like we haven't gained much from the introduction of cer-
tificates since we again require an authenticated channel!
However, the difference
from the former situation is that we need the authenticated channel only once,
at set-up time.
For instance, public verification keys are nowadays often included
in PC software such as Web browsers or Microsoft software products. The authen-
ticated channel is here assumed to be given through the installation of original soft-
ware which has not been manipulated. What's happening here from a more abstract
point of view is extremely interesting, namely a
transfer of trust
. We saw in the
earlier example of DHKE without certificates, that Alice and Bob have to trust each
other's public keys directly. With the introduction of certificates, they only have to
trust the CA's public key
k
pub
,
CA
. If the CA signs other public keys, Alice and Bob
know that they can also trust those. This is called a
chain of trust
.
13.3.3 Public-Key Infrastructures (PKI) and CAs
The entire system that is formed by CAs together with the necessary support mecha-
nisms is called a
public-key infrastructure
, usually referred to as
PKI
. As the reader
can perhaps start to imagine, setting up and running a PKI in the real world is a
complex task. Issues such as identifying users for certificate issuing and trusted dis-
tribution of CA keys have to be solved. There are also many other real-world issues;
among the most complex are the existence of many different CAs and revocation of
certificates. We discuss some aspects of using certificate systems in practice in the
following.
