RSA PKI Solution Missy Huang Technical Consultant, North Asia RSA, the Security Division of EMC

Enabling Trust for e-Business “It’s what we do” Authentication Access Management Data Privacy Data Integrity Transaction Integrity Firewall / VPN Anti-Virus Anti-Phising/Anti-Pharming Internet Access Control Encryption Because e-security is increasingly viewed not only as a means of defense, but also as an enabler, the term “e-security” is simply too broad. Many industry analysts have developed their own views on the various segments of the e-security market -- e.g., IDC and their “3A’s” (Authentication, Authorization, and Administration). RSA’s own perspective is that the e-Security market can be broken down into three primary segments: 1) “Defense” 2) “Detect” 3) “Enable” - which we also think of as bringing Trust to e-business process. In each of these categories, a select number of companies have emerged as the category leader -- for example, CheckPoint and Symantec in the “Defend” category; ISS in the “Detect” category. RSA Security is the leader in its category of trusted e-business process. Intrusion Detection Vulnerability Assessment E-Mail Scanning SIEM (Security Information of Event Management)

What’s PKI – Public Key Infrastructure “A public key infrastructure (PKI) consists of protocols, services, and standards supporting applications of public key cryptography.” ---RSA FAQ http://www.rsasecurity.com/rsalabs

以密碼學為基本原理 密碼學是與通訊加密有關的學問 有三種密碼系統 : PKI 同時採用了上述的三種密碼系統 對稱式密碼系統，Symmetric key (shared secret) 自羅馬時代便已存在 非對稱式密碼系統，Public key 於1976年推出這個理論 Digital Signature 於1989年開發出MD2 PKI 同時採用了上述的三種密碼系統 Mrs. Simoneau is my son Jason’s math teacher, if Jason’s grades begin to slip I’ll let her know that she is becoming famous through this talk and it may help to cut Jason some slack. Fortunately Jason is doing quite well and it looks like I won’t have to use this contingency plan. One important point on this slide. Please recommend to people that they do not refer to Symmetric Key Crypto as Secret Key Crypto; even though you will see this in documents some times. The reason is that in Public/Private Key Crypto (PPK - I’ve told you twice now that PPK = Public/Private Key so watch out from now on), … in PPK the Private Key remains hidden (or secret) and therefore the term “Secret Key” could refer to a Symmetric Key or to a Private Key. Since this stuff is confusing enough as it is, please have them use the term Symmetric.

對稱式密碼系統使用同一把鑰匙加密集解密資料 演算法則: RC4 and DES 密碼學實際應用的例子(對稱式密碼學) Symmetric Key RC4 encryption 對稱式密碼系統使用同一把鑰匙加密集解密資料 演算法則: RC4 and DES Mom’s apple pie recipe must remain secret at all costs. We know that Mrs. Fields is attempting to break out of the Chocolate Chip Cookie niche and into the Apple Pie niche. It is quite possible that Mrs. Fields has (unwittingly of course) employed some devious partners who are attempting to intercept Mom’s recipe as I send it across the Internet to my sister. Note the grayed out individual hiding in the Internet - that is the attacker!

非對稱式密碼系統兩個不同但數學上相關的鑰匙 (key) 如果使用其中一把鑰匙加密，只能用另外一把鑰匙解密 密碼學實際應用的例子(非對稱式密碼學) 非對稱式密碼系統兩個不同但數學上相關的鑰匙 (key) 如果使用其中一把鑰匙加密，只能用另外一把鑰匙解密 演算法則: RSA, Elliptic Curve. 收信者的 Private Key 收信者的Public Key

兩種密碼學結合的應用方式： 對稱式密碼學的應用 非對稱式密碼學的應用 Encrypted “Digital Envelope” Mom’s Secret Apple Pie Recipe Mom’s Secret Apple Pie Recipe Encrypted Random Symmetric Key To: Bill “Digital Envelope” “Key Wrapping” Combine the two types of crypto to get the best of both worlds: First the sender uses a randomly generated symetric key to encrypt the recipe. Then the sender encrypts the symmetric key using the public key of the person to whom you are sending the text (in this case it is being sent to Bill, so you encrypt the symmetric key using Bill’s Public Key) The two of the results - they encrypted text, and the symmetric key “wrapped” using the recipient’s public key are ‘glued’ togeather into a digital envelope so they can be sent as a single package. Bill’s Public Key 非對稱式密碼學的應用

兩種密碼學結合的應用方式：(續) 非對稱式密碼學的應用 對稱式密碼學的應用 “Digital Envelope” Encrypted Mom’s Secret Apple Pie Recipe Encrypted “Wrapped Key” To: Bill “Digital Envelope” Mom’s Secret Apple Pie Recipe Random Symmetric Key Bill’s Private Key At the other end, the recipient “unglues” the encrypted text from the wrapped key. The wrapped key is decrypted using their private key and this results in getting the original symmetric key back. The symmetric key is then used to decrypt the encrypted recipe which results in getting the original recipe back. At this point, the symmetric key is disposed of and not used again. This system works well. The fast symmetric encryption is used to encrypt the bulk data, and results in a compat encrypted text. The slower PPK encryption is used to wrap the symmetric key so it can be safely sent to the recipient, and even though it is slow you are only encrypting the symmetric key so this doesn’t take much time. 非對稱式密碼學的應用 對稱式密碼學的應用

雜湊函數 (Hashes) Hashes 是一種廣泛使用在密碼學裡的一種數學運算函數，它具 有很重要的特性： 例如：SHA1、MD5 無法從雜湊函數的結果值反推回原始本文 例如：SHA1、MD5

數位簽章 (Digital Signatures) Mom’s Secret Apple Pie Recipe Mom’s Secret Apple Pie Recipe Digest Encrypted Digest “雜湊函數” PPK supports digital signatures and non-repudiation. To sign, the clear text is run through a hash function (no, this is not something to do with bongs and college). A hash function is a math function which will result in a fixed length output regardless of the size of the input. Simple analogs are parity bits, where a parity bit just tells you if the number of 1s in a binary number is an even or an odd number - it does not matter how long the original number is the parity bit is always a 0 or a 1. A CRC in data communications is another example. When sending a message, comm software or hardware will run a 16 or 32 bit polynomial equasion across the message which will result in a 16 or 32 bit remainer. It does not matter how long the message is, the CRC is always 16 or 32 bits. Crypto hash functions are a similar class of math, but these functions are carefully selected for their security properties. Crypto hash functions are designed/selected to be sure that it will be impossible to select two clear text documents which will hash to the same value, and that your cannot tell anything about the original clear text from the resultant hash. As you can see, it might be useful to think of the output of the hash function (called the digest) like a fingerprint of the original document. Once the digest is generated, you encrypt the digest using your private key, attach the encrypted digest to the original clear text and send it on. Signer’s Private Key Digest Encrypted

數位簽章 (Digital Signatures) “雜湊函數” Mom’s Secret Apple Pie Recipe Digest ‘ Mom’s Secret Apple Pie Recipe Digest Encrypted “是否相同?” At the other end, the clear text is seperated from the encrypted digest (the signature). The clear text is run through the same hash function and this generates a new copy of the digest. The encrypted digest is decrypted using the sender’s public key, which yeilds the original digest. You can now compare the original digest with the new version you just created by hashing the clear text. If these two digests match you can tell the following: - Mrs. Fields was not able to slip an extra teaspoon of nutmeg into the recipe as it was being sent across the Internet. You know that if the digests match, then what you received was not modified in flight. - Since you decrypted the encrypted digest with the sender’s public key, and you know that the only way that this decryption would work is if the digest was originally encrypted using the sender’s private key, and you know that the only person who has that private key is the sender, then you know: - The recipe was sent by the sender (signature) - The sender cannot claim later that they weren’t the one who sent it (non-repudiation) Non-repidiation is important in things like financial transactions. If I ordered a truckload of twinkies, and authorized the use of my credit card to pay for the twinkies, and then signed the order using my private key, I cannot claim later that I didn’t authorize the shipment and that I will keep the twinkies but that you are not allowed to debit my account. Signer’s Public Key Digest Encrypted Digest

身分辨識 不可否認性 完整性 私密性 認證性 透通性 PKI 同時使用這三種密碼系統 …. 傳送端 身分辨識 不可否認性 (數位簽章) 完整性 Hash creates unique digest Append digest to the document Create document Encrypt digest with sender’s PRIVATE key 私密性 認證性 透通性 Append the digest and the document Encrypt the document using a SYMMETRIC key Encrypt the symmetric key with the receiver’s PUBLIC key

私密性 透通性 認證性 身分辨識 不可否認性 完整性 PKI 同時使用這三種密碼系統 …. 接收端 私密性 透通性 認證性 Encrypted digital envelope arrives at destination Decrypt the symmetric key with receiver’s PRIVATE key Decrypt document using the SYMMETRIC key 身分辨識 不可否認性 (數位簽章) 完整性 Decrypt digest with sender’s PUBLIC key Rehash decrypted document and compare against the original digest

PKI 如何滿足這些需求 ? 身分辨識 (Authentication) 確認用戶端的身分 – 公鑰/私鑰技術 (Public/Private Key) 私密性 (Confidentiality) 保護敏感的資訊 – SSL, S/MIME, IPSec 權限審核 (Authorization) 存取各自的資料 – Access Control 完整性 (Integrity) 確保資料在交易過程中未經變更 – 雜湊函數(SHA1,MD5) 不可否認性 (Non-repudiation) 證明雙方確實進行 過交易 – 電子簽章

RSA Keon® CA 自動化的申請流程，允許使用者快速方便的申請 及下載其憑證 以Internet為設計出發 管理者及使用者可以方便的利用流覽器使用 內建支援 OCSP (Online Certificate Status Protocol) 以提供應用程式即時的 憑證合法狀態查詢 經過國際認證 – 通過Common Criteria EAL4+ 及 Identrus Certification 是世界上唯一的CA通過Common Criteria EAL4+ 是世界上唯一的CA通過NIAP的CIMC Protection Profile測試

RSA Digital Certificate Management Products & Solutions RSA Certificate Manager Industry leading CA RSA Validation Solution Ensure high-levels of trust & protection for organizations RSA Root Signing Service Solutions Web Server SSL Enables cost effective trusted server authentication Secure Digital Signing Enables trusted transactions and communications for streamlining processes Secure e-Mail Enables trusted messaging for streamlining processes Secure VPN Cost effectives, easy to use strong authentication of users and devices

RSA Keon Product Family RSA Keon Certificate Authority Family RSA Keon Certificate Management RSA Keon Registration Management RSA Keon Key Recovery Module RSA Validation Manager RSA Keon Web Passport

Registration Authority RSA Keon Key Recovery Module RSA Keon® CA 組合元件 RSA Keon Registration Authority RSA Keon Key Recovery Module RSA Keon WebSentry/ E-sign Web Server User RSA Keon CA has several components that you can deploy depending on your particular environment and needs. RSA Keon Certificate Authority (CA) provides the core functionality for issuing, managing and validating digital certificates. Optional components include: RSA Keon Registration Authority (RA), which is used for enrolling new users from remote offices or partner sites. RSA Keon Key Recovery Module which provides a secure way to generate, store, and, when needed, recover a users private encryption key RSA Keon WebSentry which can be plugged into existing web servers to enhance their ability to validate user certificates and control access to sensitive web pages or files stored there. RSA Keon Certificate Authority RSA Keon Registration Authority

Certificate Validation: Certificate Status Checking with OCSP Web Applications Certificate Status is checked at Server or Desktop User- to-User Interaction The RSA Validation Solution enables immediate validation of digital certificates to ensure high-levels of trust and protection for organizations involved in electronic communications and transactions. RSA Validation Solution is a scalable, industry standards-based, real-time status checking solution designed to ensure the validity and integrity of electronic transactions for Enterprise and Government organizations. The RSA Validation Solution resolves certificate revocation list deployment and scalability performance issues which can prevent an organization from accurately assessing the validity of certificates.

Certificate Validation: Certificate Status Checking with OCSP Certificate Authorities (RSA or other) Web Applications ABC Co. CA LDAP Directory (ABC Co.) LDAP Directory (123 Co.) CRLs Certificate Status is checked at Server or Desktop 123 Co. CA LDAP Directory (XYZ Co.) User- to-User Interaction Fetch CRLs XYZ Co. CA What is the Advantage of using the Validation Server (OCSP)? Each application only needs to be configured to look in one central place for OCSP status (not fetch CRLs from multiple directories). The OCSP request and response is very small, instead of getting the status for every revoked or suspended certificate on a CRL, you get the status of just the certificate you are interested in. One Validation Server can provide responses for multiple CAs. The validation server is a central point for configuration of status sources. VERY SCALABLE and EASY TO MANAGE! RSA Validation Manager Check Status of specific certificate with OCSP

Checking Status with OCSP: Scalability & High Assurance Web Applications Certificate Authorities (RSA &/or MS CA) RSA Validation Manager LDAP Directory CRLs Fetch CRLs LDAP Directory CRLs Check Status of specific certificate with OCSP OCSP Synchronization This diagram shows some of what was mentioned on the last slide, one Validation Manager can fetch CRLs from multiple LDAP directories, and also fetch status from another OCSP responder. For each certificate being validated, the Validation Manager can check the status from a different location depending on how the CA that issued that certificate is configured. The RSA Validation Manager also offers enterprise ready features such as distributed validation authority servers to communicate updated certificate status information to OCSP responders without the need to distribute CRLs across the network. (Distributed validation authority synchronization will be available in RSA Validation Manager 2.5, which is scheduled to be released in second quarter of 2004) Status RSA Validation Manager Third Party OCSP

RSA Keon Web PassPort Security Infrastructure Applications Authentication Engines Certificate Authorities Maintained Directories Security Infrastructure Forms Signing Online Payments ID Applications The RSA Keon Web PassPort system includes several components. The user authenticates to a Web page that is protected by the Web PassPort server. The Web PassPort server authenticates the user, retrieves the user’s digital credentials from an LDAP-compliant directory, and securely delivers them along with the Web PassPort plug-in. The Web PassPort plug-in is a small, downloaded plug-in that enables the transparent use of certificates with Web browsers, mail clients and other applications, simplifying the environment for the end user. The user’s credentials are initially created by the RSA Keon Web PassPort virtual card manager and securely stored in an LDAP-compliant directory. When used with the RSA Keon Certificate Server, the optional Web PassPort OneStep module enables the auto-enrollment and pickup of certificates. Mobile Credentials: The virtual smart cards are securely downloaded over the Internet to users. The download occurs over http sockets, so there is no need to loosen firewall policies. Users can download their virtual smart cards from different B2B sites using the same plug-in software, maximizing network bandwidth and user productivity. Users can download their credentials for a site from any PC browser — at home or the office — allowing them to do business where it is convenient for them. Flexible Authentication: For maximum authentication flexibility, RSA Keon Web PassPort software supports both RSA SecurID two-factor user authentication and passwords. Once users have authenticated, they have immediate access to their credentials. Storage of Digital Certificates and Keys in a Virtual Smart Card: At the heart of RSA Keon Web PassPort is the virtual smart card, a secure container with the user’s X.509 encrypting and signing certificates and associated private keys. Sensitive components of the container are encrypted with 112 bit 3DES (Data Encryption Standard) and the container itself is encrypted with a 256 bit RC5 ® symmetric key. For enhanced security, the user’s virtual smart cards are never written to the user’s local file system. RSA Keon Web PassPort software supports multiple virtual smart cards per user, which enables the user to access different B2B environments that do not trust each other. User receives encrypted virtual cards RSA Keon Web PassPort Browser Plug-in downloads and immediately activates

RSA Keon Web PassPort Certificate Auto-Enrollment RSA Keon OneStep gets necessary attributes to complete user certificate RSA Keon CA with RSA Keon Web PassPort OneStep Plug-In Web Server RSA Keon Web PassPort Server LDAP Directory Authenticated user. RSA Keon OneStep authenticates user via authentication cookie. If no certificate, user is forwarded to CA enrollment page. User immediately receives certificate.

RSA Keon Web PassPort Authentication and Download Web Server RSA ACE/Server (optional) LDAP Directory Web PassPort Server RSA SecurID Authentication LDAP Authentication User’s virtual cards and symmetric keys User Contacts URL over SSL browser session. User authenticates with RSA SecurID token or LDAP bind password. User receives encrypted authentication cookie and Web PassPort Plug-In. Plug-In immediately activates. User receives encrypted virtual card cookie, virtual cards, and symmetric keys. Symmetric keys are used to decrypt virtual cards.

PKI 應用 VPN 認證 Web Applicaion SSL 認證 + 簽章 內部公文系統 認證 + 簽章 採購系統, 合約系統 電子簽章 Document Digital Right Management (文件控管)