Public Key Infrastructure (X509 PKI) : Marco Casassa Mont

Public Key Infrastructure (X509 PKI)
Marco Casassa Mont

Trusted E-Services Laboratory - HP Labs - Bristol
Public Key Infrastructure (PKI)
HP Laboratories, Bristol, UK
Outline
Basic Problem of Confidence and Trust
Background: Cryptography, Digital Signature, Digital Certificates (X509) Public Key Infrastructure (PKI) (X509) PKI: Trust and Legal Issues
Confidence and Trust Issues in the Digital World

Basic Problem
Intranet Extranet Internet
Bob
Alice
Bob and Alice want to exchange data in a digital world.
There are Confidence and Trust Issues

Confidence and Trust Issues

In the Identity of an Individual or Application
AUTHENTICATION That the information will be kept Private CONFIDENTIALITY That information cannot be Manipulated INTEGRITY That information cannot be Disowned NON-REPUDIATION
Bob
Alice
Starting Point: Cryptography
Starting Point: Cryptography

Cryptography
It is the science of making the cost of acquiring or altering data greater than the potential value gained
Cryptosystem
It is a system that provides techniques for mangling a message into an apparently intelligible form and than recovering it from the mangled form
Plaintext Hello World Encryption Key Ciphertext &$*(!273 Decryption Key Plaintext Hello World
Cryptographic Algorithms
All cryptosystems are based only on three Cryptographic Algorithms: MESSAGE DIGEST (MD2-4-5, SHA, SHA-1, )
Maps variable length plaintext into fixed length ciphertext No key usage, computationally infeasible to recover the plaintext
SECRET KEY (Blowfish, DES, IDEA, RC2-4-5, Triple-DES, )

Encrypt and decrypt messages by using the same Secret Key
PUBLIC KEY (DSA, RSA, )

Encrypt and decrypt messages by using two different Keys: Public Key, Private Key (coupled together)
Cryptographic Algorithms based on Private Key

Plaintext Encryption Ciphertext Decryption Plaintext
Pros
Private Key
Private Key
Efficient and fast Algorithm Simple model Provides Integrity, Confidentiality
Cons
The same secret key must be shared by all the entities involved in the data exchange High risk
It doesnt scale (proliferation of secrets) No Authentication, Non-Repudiation

Pros
Cryptographic Algorithms based on Public Key
Private key is only known by the owner: less risk The algorithm ensures Integrity and Confidentiality by encrypting with the Receivers Public key
Bob
Plaintext Encryption Ciphertext
Alice
Decryption Plaintext
Alices Public Key

Alices Private Key

Pros
The algorithm ensures Non-Repudiation by encrypting with the Senders Private key
Bob
Alice
Plaintext
Encryption
Ciphertext
Decryption
Plaintext
Bobs Private Key
Bobs Public Key

Cons

They are initially used in an initial phase of communication and then secrets keys are generated to deal with encryptions
Algorithms are 100 1000 times slower than secret key ones
How are Public keys made available to the other people? There is still a problem of Authentication!!!
Who ensures that the owner of a key pair is really the person whose real life name is Alice?
Bob
Alice
Moving towards PKI

Digital Signature
Digital Signature
A Digital Signature is a data item that vouches the origin and the integrity of a Message
The originator of a message uses a signing key (Private Key) to sign the
message and send the message and its digital signature to a recipient The recipient uses a verification key (Public Key) to verify the origin of the message and that it has not been tampered with while in transit
Bob
Alice
Digital Signature
Message Message
Digest Algorithm
Hash Function Digest
Digest Algorithm
Hash Function
Public Key
Private Key
Encryption
Decryption Expected Digest Actual Digest
Signature
Signer
Channel
Receiver
Digital Signature
There is still a problem linked to the Real Identity of the Signer.
Why should I trust what the Sender claims to be?
Moving towards PKI

Digital Certificate
Digital Certificate
A Digital Certificate is a binding between an entitys
Public Key and one or more Attributes relating its Identity.
The entity can be a Person, an Hardware Component, a Service, etc.
A Digital Certificate is issued (and signed) by someone - Usually the issuer is a Trusted Third Party A self-signed certificate usually is not very trustworthy
Digital Certificate
CERTIFICATE
Issuer
Subject Subject Public Key
Issuer Digital Signature

Digital Certificate
Problems
How are Digital Certificates Issued?

Who is issuing them? Why should I Trust the Certificate Issuer? How can I check if a Certificate is valid? How can I revoke a Certificate?
Who is revoking Certificates?

Moving towards PKI

A Public Key Infrastructure is an Infrastructure to support and manage Public Key-based Digital Certificates

A PKI is a set of agreed-upon standards, Certification
Authorities (CA), structure between multiple CAs, methods to discover and validate Certification Paths, Operational Protocols, Management Protocols, Interoperable Tools and supporting Legislation
Digital Certificates book Jalal Feghhi, Jalil Feghhi, Peter Williams
Focus on:
X509 PKI X509 Digital Certificates Standards defined by IETF, PKIX WG: http://www.ietf.org/ even if X509 is not the only approach (e.g. SPKI)
X509 PKI Technical View

Basic Components:
Certificate Authority (CA) Registration Authority (RA) Certificate Distribution System PKI enabled applications
Provider Side
Consumer Side
X509 PKI Simple Model

CA
Cert. Request
Certification Entity
Application Service
Signed Certificate
Internet
RA
Certs, CRLs Directory
Remote Person
Local Person
X509 PKI Certificate Authority (CA)

Basic Tasks:
Key Generation Digital Certificate Generation
Certificate Issuance and Distribution

Revocation
Key Backup and Recovery System

Cross-Certification
X509 PKI Registration Authority (RA)

Basic Tasks:
Registration of Certificate Information Face-to-Face Registration Remote Registration Automatic Registration
Revocation
X509 PKI Certificate Distribution System

Provide Repository for:
Digital Certificates Certificate Revocation Lists (CRLs) Typically: Special Purposes Databases
LDAP directories
Certificate Revocation List

Certificate Revocation List
Revoked Certificates remain in CRL until they expire
Certificate Revocation List (CRL)

CRLs are published by CAs at well defined interval of time It is a responsibility of Users of certificates to download a CRL and verify if a certificate has
been revoked
User application must deal with the revocation processes

Online Certificate Status Protocol (OCSP)

An alternative to CRLs
IETF/PKIX standard for a real-time check if a certificate has been revoked/suspended Requires a high availability OCSP Server
CRL vs OCSP Server

Download CRL CRL
User
Directory
Certificate IDs to be checked
CA
CRL
CRL
User
Answer about Certificate States
OCSP Server
Download CRL
CA
Directory
OCSP
X509 PKI PKI-enabled Applications

Functionality Required:
Cryptographic functionality Secure storage of Personal Information Digital Certificate Handling Directory Access
Communication Facilities
X509 PKI Trust and Legal Issues
X509 PKI Trust and Legal Issues

Why should I Trust a CA? How can I determine the liability of a CA?
X509 PKI Approaches to Trust and Legal Aspects

Why should I Trust a CA?
Certificate Hierarchies, Cross-Certification
How can I determine the liability of a CA?

Certificate Policies (CP) and Certificate Policy Statement (CPS)
X509 PKI Approach to Trust
Certificate Hierarchies and Cross-Certification

CA Technology Evolution
CA CA RA CA CA CA CA
Internet
Directory Services
CA CA
RA
RA
RA
Internet
RA
RA
Try to reflect Real world Trust Models

LRA
LRA
Simple Certificate Hierarchy

Root CA Sub-CAs
Each entity has its own certificate (and may have more than one). The root CAs certificate is self signed and each sub-CA is signed by its parent CA. Each CA may also issue CRLs. In particular the lowest level CAs issue CRLs frequently.
End Entities
End entities need to find a certificate path to a CA that they trust.
Simple Certificate Path

Trusted Root
Alice trusts the root CA Bob sends a message to Alice Alice needs Bobs certificate, the certificate of the CA that signed Bobs certificate, and so on up to the root CAs self signed certificate. Alice also needs each CRL for each CA.
*
Alice Bob
Only then can Alice verify that Bobs certificate is valid and trusted and so verify the Bobs signature.
Cross-Certification and Multiple Hierarchies

1
2 3
1. Multiple Roots 2. Simple cross-certificate 3. Complex cross-certificate

X509 PKI Approach to Trust : Problems Things are getting more and more
complex if Hierarchies and

Cross-Certifications are used
Trusted Root
Cross-Certification and Trusted Path Discovery Root

3
*
X509 PKI Approach to Legal Aspects
Certificate Policy
And
Certificate Practice Statement

Certificate Policy (CP)

A document that sets out the rights, duties and obligations of each party in a Public Key Infrastructure The Certificate Policy (CP) is a document which usually has legal effect
A CP is usually publicly exposed by CAs, for example on a Web Site (VeriSign, etc.)
Certificate Policy (CP)

POLICY OUTLINE
COMMUNITY & APPLICABILITY RIGHTS, LIABILITIES & OBLIGATIONS
CERTIFICATE & CRL PROFILES
CP
IDENTIFICATION & AUTHENTICATION OPERATIONAL REQUIREMENTS
TECHNICAL SECURITY CONTROL
Policy Issues (CP)

Liability Issues Repository Access Controls Confidentiality Requirements Registration Procedures
- Uniqueness of Names - Authentication of Users/Organisations
Certificate Acceptance
Suspension and Revocation (Online/CRL)

Physical Security Controls
Certificate Policy Statement (CPS)

A document that sets out what happens in practice to support the policy statements made in the CP in a PKI
The Certificate Practice Statement (CPS) is a document which may have legal effect in limited circumstances
Certificate Policy Statement (CPS)

INTRODUCTION GENERAL PROVISIONS SPECIFICATION ADMINISTRATION
IDENTIFICATION & AUTHENTICATION
CPS
CERTIFICATE & CRL PROFILES TECHNICAL SECURITY CONTROLS PHYSICAL, PROCEDURAL & PERSONNEL
OPERATIONAL REQUIREMENTS
IETF (PKIX) Standards

X.509 Certificate and CRL Profiles PKI Management Protocols Certificate Request Formats CP/CPS Framework LDAP, OCSP, etc.
http://www.ietf.org/
Identity is Not Enough: Attribute Certificates

IETF (PKIX WG) is also defining standards for Attribute Certificates (ACs): Visa Card (Attribute) vs. Passport (Identity) Attribute Certificates specify Attributes associated to an Identity Attribute Certificates dont contain a Public key but a link to an Identity Certificate

Public Key Infrastructure (X509 PKI) : Marco Casassa Mont

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Public Key Infrastructure (X509 PKI) : Marco Casassa Mont

Uploaded by

Copyright:

Available Formats

Public Key Infrastructure (X509 PKI)

Marco Casassa Mont

Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)

Confidence and Trust Issues in the Digital World

Public Key Infrastructure (PKI)

Bob and Alice want to exchange data in a digital world.

There are Confidence and Trust Issues

Confidence and Trust Issues

Intranet Extranet Internet

Starting Point: Cryptography

Public Key Infrastructure (PKI)

Starting Point: Cryptography

Public Key Infrastructure (PKI)

SECRET KEY (Blowfish, DES, IDEA, RC2-4-5, Triple-DES, )

PUBLIC KEY (DSA, RSA, )

Cryptographic Algorithms based on Private Key

Efficient and fast Algorithm Simple model Provides Integrity, Confidentiality

It doesnt scale (proliferation of secrets) No Authentication, Non-Repudiation

Cryptographic Algorithms based on Public Key

Intranet Extranet Internet

Alices Public Key

Alices Private Key

Cryptographic Algorithms based on Public Key

Intranet Extranet Internet

Bobs Private Key

Bobs Public Key

Public Key Infrastructure (PKI)

Cryptographic Algorithms based on Public Key

Moving towards PKI

Public Key Infrastructure (PKI)

Hash Function Digest

Decryption Expected Digest Actual Digest

Moving towards PKI

Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)

Issuer Digital Signature

How are Digital Certificates Issued?

Who is revoking Certificates?

Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)

X509 PKI Technical View

X509 PKI Simple Model

Public Key Infrastructure (PKI)

X509 PKI Certificate Authority (CA)

Certificate Issuance and Distribution

Key Backup and Recovery System

X509 PKI Registration Authority (RA)

X509 PKI Certificate Distribution System

Certificate Revocation List

Revoked Certificates remain in CRL until they expire

Public Key Infrastructure (PKI)

Certificate Revocation List (CRL)

User application must deal with the revocation processes

Online Certificate Status Protocol (OCSP)

Public Key Infrastructure (PKI)

CRL vs OCSP Server

Public Key Infrastructure (PKI)