Cryptography: PKI applied to Secure Shell Protocol
✅ Paper Type: Free Essay | ✅ Subject: Computer Science |
✅ Wordcount: 7375 words | ✅ Published: 23rd Sep 2019 |
5.4 Digital signature algorithm: RSA
10.1.3 Why implementing Certificate Authentication on OpenSSH
10.2.1 Setting up a FQDN domain
10.2.2 Generating Signing Keys
10.2.3 Generating Host Certificate
10.2.4 Configure server to use host certificate
10.2.5 Configure client to verify server certificate
Figure 1. Symmetric Encryption [1]
Figure 2 Asymmetric Encryption [1]
Figure 3 Advantages of Digital Signature
Figure 4 RSA Digital Signature [3]
Figure 5 Signing a document [4]
Figure 6 Signature verification process [4]
Figure 7 Issuing Certificate[14]
Figure 8 Logging in using certificates [14]
Figure 10 PKI Components and roles [8]
Figure 11 OpenSSH RSA certificate [12]
Figure 12 OpenSSH server certificate
Figure 13 auth /etc/hosts file
Figure 14 auth /etc/hostname file
Figure 15 Verifying parameters on auth
Figure 16 server /etc/hosts file
Figure 17 server /etc/hostname file
Figure 18 Verifying parameters on server
Figure 19 client /etc/hosts file
Figure 20 client /etc/hostname file
Figure 21 verifying configuration on client
Figure 22 Generating keys for signing host certificates
Figure 24 copying server public key to CA
Figure 25 signing server public key
Figure 26 Certificate generation output
Figure 27 command to copy generated certificate to server
Figure 28 Transferring certificate to server
Figure 29 Display sshd_config file on server
Figure 30 modified known_host file on client
Figure 31 Successful connection after certificate validation
2 Abstract
This report aims at introducing the concepts and mechanisms behind Digital Signatures and the security framework on which it is based on: Public Key Infrastructure (PKI).
A brief introduction to other cryptographic concept is also provided in order to provide a wide view of the security features adopted in the last years to recent. The concepts implied by PKI are then applied in relation to Secure Shell (SSH), an industry standard used by administrators for accessing systems remotely in a safe way.
Get Help With Your Essay
If you need assistance with writing your essay, our professional essay writing service is here to help!
Find out more about our Essay Writing Service
The practical assessment, included in the Appendix A, will introduce step-by-step the actions required in order to create a Certificate Authority and generate signed host certificates, which will then be used to verify identify of servers to remote clients, removing the need of exchanging public keys between parties before communication.
The report will conclude with a brief reflection on the changes implied by the security features adopted nowadays, with an eye towards current researches and future implementations.
The wide distribution of networked systems and the increasing usage of internet have heavily influenced today’s society, including businesses. In fact, several operations such as banking, sale and purchase of products and the exchange of information have emphasized electronic transactions , minimizing operations’ cost while enhancing productivity. This has identified information security as the major issue for any business or individual who exchange sensitive information, or perform operations , over an open environment such as the internet because there is a need to prevent such information from being tampered. Consequently, the need of enforcing the fundamentals of information security (confidentiality , integrity and reliability) during data transmission between communicating parties led to the creation of security features such as digital signatures , of which algorithms are based on the security framework called Public Key Infrastructure (PKI) .
Cryptography uses mathematical algorithms and processes to convert intelligible plaintext into unintelligible ciphertext, and vice versa. Applications of cryptography include:
• Data encryption for confidentiality
• Digital signatures to provide non-repudiation (accountability) and verify data integrity
• Certificates for authenticating people, applications and services, and for access control (authorization)
There are two main kinds of cryptography: shared secret and public key.
4.1 Symmetric cryptography
In shared secret cryptography, sender and receiver use the same key for both encryption and decryption purposes. Because of this symmetry, it is critical to keep the key secret and to avoid network-based key distribution as an attacker could intercept the shared key and decrypt data sent from communicating parties.
Figure 1. Symmetric Encryption [1]
4.2 Asymmetric cryptography
Also known as Public key Cryptography, it uses a pair of keys: a public key and a private key.
The public key is publicly available, so it can be transmitted over insecure connection while the private key is kept private to the owner.
The pair of keys can be used for both encryption or decryption purposes, depends on usage.
To ensure confidentiality, the data is encrypted using the public key and can only be decrypted by the private key .
To ensure non-repudiation and integrity, the data is encrypted using the private key and can only be decrypted with the public key.
Distribution of keys between parties is greatly simplified using this protocol.
Figure 2 Asymmetric Encryption [1]
A digital signature is a set of enciphered data created using a cryptographic algorithm, based on the concept of public key cryptography, its main scope is to protect communicating parties against each other in a situation where there is no complete trust, and something more than authentication is required. [2]
The First model of digital signature was first introduced in the paper “New directions for Cryptography” (IEEE Transactions on Information Theory, 1976) where Whitfield Diffie and Martin Hellman presented the idea that a form of digital signature could be made using PKE in a way that anyone could verify its authenticity but no one else could duplicate it.
Most secure web transactions today are already dependent on digital signatures, which are included as part of the digital certificate a server presents to a client to identify itself and vice versa.
Example of current uses of digital signatures:
- Inter-bank payment systems (BACS, SWIFT,CHAPS .)
- e-passports and other e-id cards
- VPN and Remote host connections
- SSL enabled websites
- Signing documents (PDFs, Emails, etc)
5.1 Advantages
Figure 3 Advantages of Digital Signature
5.2 Disadvantages
Figure 4 Disadvantages of Digital Signature
5.3 Attacks
It must be mentioned that the digital signature scheme does not offer complete security against data theft or data manipulation. Numerous researchers have identified some of the weaknesses embedded in such security implementation, for example: