Download presentation
1
Public Key Infrastructure (X509 PKI)
Marco Casassa Mont Trusted E-Services Laboratory - HP Labs - Bristol
2
Outline Basic Problem of Confidence and Trust
Background: Cryptography, Digital Signature, Digital Certificates (X509) Public Key Infrastructure (PKI) (X509) PKI: Trust and Legal Issues
3
Confidence and Trust Issues in the Digital World
4
Basic Problem There are Confidence and Trust Issues … Intranet
Extranet Internet Alice Bob Bob and Alice want to exchange data in a digital world. There are Confidence and Trust Issues …
5
Confidence and Trust Issues
In the Identity of an Individual or Application AUTHENTICATION That the information will be kept Private CONFIDENTIALITY That information cannot be Manipulated INTEGRITY That information cannot be Disowned NON-REPUDIATION Intranet Extranet Internet Alice Bob
6
Starting Point: Cryptography
7
Starting Point: Cryptography
It is the science of making the cost of acquiring or altering data greater than the potential value gained Cryptosystem It is a system that provides techniques for mangling a message into an apparently intelligible form and than recovering it from the mangled form Plaintext Encryption Ciphertext Decryption Plaintext &$*£(“!273 Hello World Hello World Key Key
8
Cryptographic Algorithms
All cryptosystems are based only on three Cryptographic Algorithms: MESSAGE DIGEST (MD2-4-5, SHA, SHA-1, …) Maps variable length plaintext into fixed length ciphertext No key usage, computationally infeasible to recover the plaintext SECRET KEY (Blowfish, DES, IDEA, RC2-4-5, Triple-DES, …) Encrypt and decrypt messages by using the same Secret Key PUBLIC KEY (DSA, RSA, …) Encrypt and decrypt messages by using two different Keys: Public Key, Private Key (coupled together)
9
Cryptographic Algorithms based
on Private Key Plaintext Encryption Decryption Ciphertext Private Key Pros Efficient and fast Algorithm Simple model Provides Integrity, Confidentiality Cons The same secret key must be shared by all the entities involved in the data exchange High risk It doesn’t scale (proliferation of secrets) No Authentication, Non-Repudiation
10
Cryptographic Algorithms based
on Public Key Pros Private key is only known by the owner: less risk The algorithm ensures Integrity and Confidentiality by encrypting with the Receiver’s Public key Intranet Extranet Internet Alice Bob Plaintext Encryption Decryption Ciphertext Alice’s Public Key Alice’s Private Key
11
Cryptographic Algorithms based
on Public Key Pros The algorithm ensures Non-Repudiation by encrypting with the Sender’s Private key Intranet Extranet Internet Alice Bob Plaintext Encryption Decryption Ciphertext Bob’s Private Key Bob’s Public Key
12
Cryptographic Algorithms based
on Public Key Cons Algorithms are 100 – 1000 times slower than secret key ones They are initially used in an initial phase of communication and then secrets keys are generated to deal with encryptions How are Public keys made available to the other people? There is still a problem of Authentication!!! Who ensures that the owner of a key pair is really the person whose real life name is “Alice”? Intranet Extranet Internet Alice Bob Moving towards PKI …
13
Digital Signature
14
Digital Signature A Digital Signature is a data item that vouches the origin and the integrity of a Message The originator of a message uses a signing key (Private Key) to sign the message and send the message and its digital signature to a recipient The recipient uses a verification key (Public Key) to verify the origin of the message and that it has not been tampered with while in transit Intranet Extranet Internet Alice Bob
15
Digital Signature Signer Channel Receiver Message Message
Digest Algorithm Digest Algorithm Hash Function Hash Function Digest Public Key Encryption Decryption Private Key Expected Digest Actual Digest Signature Signer Channel Receiver
16
Digital Signature There is still a problem linked to the
“Real Identity” of the Signer. Why should I trust what the Sender claims to be? Moving towards PKI …
17
Digital Certificate
18
Digital Certificate A Digital Certificate is a binding between an entity’s Public Key and one or more Attributes relating its Identity. The entity can be a Person, an Hardware Component, a Service, etc. A Digital Certificate is issued (and signed) by someone - Usually the issuer is a Trusted Third Party A self-signed certificate usually is not very trustworthy
19
Digital Certificate CERTIFICATE Issuer Subject Subject Public Key
Signature
20
Digital Certificate How are Digital Certificates Issued? Problems
Who is issuing them? Why should I Trust the Certificate Issuer? How can I check if a Certificate is valid? How can I revoke a Certificate? Who is revoking Certificates? Moving towards PKI …
21
Public Key Infrastructure (PKI)
22
Public Key Infrastructure (PKI)
A Public Key Infrastructure is an Infrastructure to support and manage Public Key-based Digital Certificates
23
Public Key Infrastructure (PKI)
“A PKI is a set of agreed-upon standards, Certification Authorities (CA), structure between multiple CAs, methods to discover and validate Certification Paths, Operational Protocols, Management Protocols, Interoperable Tools and supporting Legislation” “Digital Certificates” book – Jalal Feghhi, Jalil Feghhi, Peter Williams
24
Public Key Infrastructure (PKI)
Focus on: X509 PKI X509 Digital Certificates Standards defined by IETF, PKIX WG: … even if X509 is not the only approach (e.g. SPKI)
25
X509 PKI – Technical View Basic Components: Certificate Authority (CA)
Registration Authority (RA) Certificate Distribution System PKI enabled applications “Provider” Side “Consumer” Side
26
X509 PKI – Simple Model CA RA Certification Entity Application Service
Cert. Request RA Application Service Signed Certificate Internet Certs, CRLs Directory Remote Person Local Person
27
Certificate Authority (CA)
X509 PKI Certificate Authority (CA) Basic Tasks: Key Generation Digital Certificate Generation Certificate Issuance and Distribution Revocation Key Backup and Recovery System Cross-Certification
28
Registration Authority (RA)
X509 PKI Registration Authority (RA) Basic Tasks: Registration of Certificate Information Face-to-Face Registration Remote Registration Automatic Registration Revocation
29
Certificate Distribution System
X509 PKI Certificate Distribution System Provide Repository for: Digital Certificates Certificate Revocation Lists (CRLs) Typically: Special Purposes Databases LDAP directories
30
Certificate Revocation List
Revoked Certificates remain in CRL until they expire
31
Certificate Revocation List (CRL)
CRLs are published by CAs at well defined interval of time It is a responsibility of “Users” of certificates to “download” a CRL and verify if a certificate has been revoked User application must deal with the revocation processes
32
Online Certificate Status Protocol
(OCSP) An alternative to CRLs IETF/PKIX standard for a real-time check if a certificate has been revoked/suspended Requires a high availability OCSP Server
33
CRL vs OCSP Server CRL OCSP User CA Directory User OCSP Server CA
Download CRL CRL User CA CRL Directory Certificate IDs to be checked Download CRL CRL User OCSP Server CA Answer about Certificate States Directory OCSP
34
PKI-enabled Applications
X509 PKI PKI-enabled Applications Functionality Required: Cryptographic functionality Secure storage of Personal Information Digital Certificate Handling Directory Access Communication Facilities
35
X509 PKI Trust and Legal Issues
36
X509 PKI Trust and Legal Issues
Why should I Trust a CA? How can I determine the liability of a CA?
37
Approaches to Trust and
X509 PKI Approaches to Trust and Legal Aspects Why should I Trust a CA? How can I determine the liability of a CA? Certificate Hierarchies, Cross-Certification Certificate Policies (CP) and Certificate Policy Statement (CPS)
38
Certificate Hierarchies
X509 PKI Approach to Trust Certificate Hierarchies and Cross-Certification
39
CA Technology Evolution
RA LRA Directory Services Internet Try to reflect Real world Trust Models
40
Simple Certificate Hierarchy
Root CA Each entity has its own certificate (and may have more than one). The root CA’s certificate is self signed and each sub-CA is signed by its parent CA. Each CA may also issue CRLs. In particular the lowest level CAs issue CRLs frequently. End entities need to “find” a certificate path to a CA that they trust. Sub-CAs End Entities
41
Simple Certificate Path
* Alice Bob Simple Certificate Path Trusted Root Alice trusts the root CA Bob sends a message to Alice Alice needs Bob’s certificate, the certificate of the CA that signed Bob’s certificate, and so on up to the root CA’s self signed certificate. Alice also needs each CRL for each CA. Only then can Alice verify that Bob’s certificate is valid and trusted and so verify the Bob’s signature.
42
Cross-Certification and
Multiple Hierarchies 1 2 3 Multiple Roots Simple cross-certificate Complex cross-certificate
43
Approach to Trust : Problems
X509 PKI Approach to Trust : Problems Things are getting more and more complex if Hierarchies and Cross-Certifications are used
44
Cross-Certification and
Path Discovery Trusted Root Trusted Root 3 *
45
Approach to Legal Aspects Certificate Practice Statement
X509 PKI Approach to Legal Aspects Certificate Policy And Certificate Practice Statement
46
Certificate Policy (CP)
A document that sets out the rights, duties and obligations of each party in a Public Key Infrastructure The Certificate Policy (CP) is a document which usually has legal effect A CP is usually publicly exposed by CAs, for example on a Web Site (VeriSign, etc.)
47
Certificate Policy (CP)
POLICY OUTLINE COMMUNITY & APPLICABILITY RIGHTS, LIABILITIES & OBLIGATIONS CP CERTIFICATE & CRL PROFILES IDENTIFICATION & AUTHENTICATION TECHNICAL SECURITY CONTROL OPERATIONAL REQUIREMENTS
48
Policy Issues (CP) Liability Issues Repository Access Controls
Confidentiality Requirements Registration Procedures - Uniqueness of Names - Authentication of Users/Organisations Certificate Acceptance Suspension and Revocation (Online/CRL) Physical Security Controls
49
Certificate Policy Statement (CPS)
A document that sets out what happens in practice to support the policy statements made in the CP in a PKI The Certificate Practice Statement (CPS) is a document which may have legal effect in limited circumstances
50
Certificate Policy Statement (CPS)
INTRODUCTION GENERAL PROVISIONS IDENTIFICATION & AUTHENTICATION SPECIFICATION ADMINISTRATION CPS CERTIFICATE & CRL PROFILES OPERATIONAL REQUIREMENTS TECHNICAL SECURITY CONTROLS PHYSICAL, PROCEDURAL & PERSONNEL
51
IETF (PKIX) Standards X.509 Certificate and CRL Profiles
PKI Management Protocols Certificate Request Formats CP/CPS Framework LDAP, OCSP, etc.
52
Identity is Not Enough: Attribute Certificates
IETF (PKIX WG) is also defining standards for Attribute Certificates (ACs): Visa Card (Attribute) vs. Passport (Identity) Attribute Certificates specify Attributes associated to an Identity Attribute Certificates don’t contain a Public key but a link to an Identity Certificate
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.