X.

509 and its need
To remove the side effects caused by Certification Authority (CA), ITU designed X.509 which is a means to describe certificates in a structured way. Protocol used is ASN.1 ( Abstract Syntax Notation 1).

X.509 certificate format

Brief description of fields :
 Version number: defines version of X.509, current version i.e. third one is denoted by 2.  Serial number: defines unique number assigned to each certificate  Signature algorithm ID: identifies algorithm used to sign certificate  Issuer name: identifies CA that issued certificate, normally a hierarchy of strings that

defines a country, a state, organization, department and so on.
 Validity period: defines earliest time(not before) and latest time(not after) the certification

is valid
 Subject name: defines entity to which public key belongs, it is also a hierarchy of strings  Subject public key : defines owner’s public key, the heart of certificate, also defines

corresponding Public-key algorithm
1

 Issuer unique identifier : (optional field), allows two issuers to have the same issuer field

value, if issuer unique identifiers are different
 Subject unique identifier : (optional field) ), allows two different subjects to have the same

subject field value, if subject unique identifiers are different
 Extensions : (optional field), allows issuers to add more private information to the

certificate  Signature : made of three sections- first section contains all other fields in the certificate - second section contains the digest of first section encrypted with CA’s private key - third section contains the algorithm identifier used to create second section

CERTIFICATE RENEWAL Each certificate has a period of validity. If there is no problem with the certificate, CA issues a new certificate before old one expires.

CERTIFICATE REVOCATION-WHEN ITS NEEDED ? In some cases a certificate must be revoked before its expiration, some such cases are :  User’s private key (corresponding to public key listed in certificate) might have been compromised/leaked  CA is no longer willing to certify the user  CA’s private key, which verifies all certificates, may have been compromised, thus CA needs to revoke all unexpired certificates

HOW REVOCATION DONE ?  It is done periodically issuing a certificate revocation list(CRL)  List contains all revoked certificates that are not expired on the date CRL is issued  When a user wants to use a certificate, he first needs to check directory of corresponding CA for last certificate revocation

2

serial number and revocation date  Signature : made of three sections- .second section contains the digest of first section encrypted with CA’s private key . organization.third section contains the algorithm identifier used to create second section 3 .  This update date : defines when the list is released  Next update date : defines next date when the new list will be released  Revoked certificate :each certificate has two parts.CERTIFICATE REVOCATION FORMAT  Signature algorithm ID : identifies algorithm used to sign certificate  Issuer name : identifies CA that issued certificate. normally a hierarchy of strings that defines a country.first section contains all other fields in the certificate . department and so on. a state.

attaches its certificate. a community of verifiers and an authentication authority that is recognized by both. and sends the data structure. the signature. and its certificate 4 . A verifier may also be a principal.PKI (Public Key Infrastructure) In its most basic form. SCA{P. a public-key infrastructure (PKI) consists of a community of principals. The resulting data structure. 2) The principal’s public key and its identifying information (P) within a name–space sub -tree administered by the authority are signed by the authority. using a trust mechanism. KSP} and stores the private key (KSP) in local storage with integrity and confidentiality protection. and the authority is called a public-key certification authority or CA. KSCA. is called the principal’s public-key certificate. KVP}. The purpose of the infrastructure is to allow a verifier to authenticate attributes (commonly the identity) of a principal when they communicate over an unsecured network. 4) In order for the principal to authenticate itself to the verifier. The certificate is commonly returned to the principal. Authentication proceeds in the following steps: 1) The principal generates a public-private key pair {KVP. using its private key. 3) The verifier obtains the authority’s public key (KVCA) using a trust mechanism and stores it with integrity protection. it signs a data structure (D). It sends the public key (KVP) to the authority. The situation is shown in Figure 1. SP{D}.

PKIs with more than one authority are required. authorities only have a suitable relationship with a limited community. PKIs are required to scale beyond such limits. and the authorities’ keys must be shared amongst the participants in a secure manner. commonly. Large-scale PKI In order for an authority to communicate with principals and verifiers in a cost effective and reliable way. Therefore. And. it is secured by the signature of a trust list manager (TLM). But. The verifier can then confirm that the data originated with the principal identified in the certificate. Trust mechanisms Four trust mechanisms will be considered: • Out-of-band mechanisms • Certificate trust lists • Certificate request messages • Cross-certification a) Out-of-band mechanisms: These include following steps1) Publishing a fingerprint of an authority key in a trustworthy location and passing the unprotected key itself over an unsecured communications network.to the verifier over the unsecured network. Generally. b) Certificate trust list A certificate trust list is an extension of the first out-of-band technique. Trust mechanisms are used for this purpose. The mechanism operates in this way: 5 . the recipient can then verify the key using the trusted fingerprint 2) Securing a protocol with a key derived from a random string of printable characters (the random string is shared by means of a trustworthy channel) 3) Embedding a key in trusted software (the technique used by browsers and web servers). there must be an existing close relationship between them. instead of publishing the fingerprint in a trustworthy location.

The public key of the CA is commonly encoded as a self -signed certificate. the signature. The trust list manager imports the certification authority’s public verification key using a trust mechanism. the certificate. The resulting list is signed by the trust list manager and pushed to the verifier in the form of a certificate trust list. attaches its certificate and the public key of the certification authority. using a trust mechanism. 6 . it signs a data structure. the certificate trust list and the TLM’s public key. In order for the principal to authenticate itself to the verifier. The verifier can verify the identity of the principal using the data structure.1) The principal generates a public-private key pair and stores the private key in local storage 2) 3) 4) 5) 6) with integrity and confidentiality protection. The verifier obtains the trust list manager’s public key using a trust mechanism and stores it with integrity protection. The trust list manager calculates a fingerprint of the certification authority’s public key and places it in a list with other fingerprints. It sends the public key to the certification authority. using a trust mechanism. The principal’s public key and its identifying information within a name –space sub-tree administered by the certification authority are signed by the authority and returned to the principal with the CA’s public key.

using its own private key. 4) The verifier obtains the certification authority’s public key using a trust mechanism and stores it with integrity protection. It sends the public key to the registration authority. 2) The principal’s public key and its identifying information within a name –space sub-tree administered by the registration authority are signed by the registration authority and sent to the certification authority. using a trust mechanism. The resulting certificate is then commonly returned to the principal.c) Certificate request message The certificate request message is used by a registration authority (RA) The mechanism proceeds as follows: 1) The principal generates a public-private key pair and stores the private key in local storage with integrity and confidentiality protection. The signed message is called a certificate request message. 3) The certification authority verifies the signature of the registration authority. 7 . If it is valid. then it signs the public key and the identifying information of the principal.

The principal’s public key and its identifying information within a name –space sub-tree administered by CA1 are signed by CA1 and returned to the principal. the signature. In order for the principal to authenticate itself to the verifier. the certificate. CA2 obtains CA1’s public verification key using a trust mechanism. The verifier obtains CA2’s public verification key using a trust mechanism and stores it with integrity protection. It then signs the key in a data structure called a cross-certificate. it signs a data structure and attaches its certificate. using a trust mechanism. it signs a data structure and attaches its certificate. The verifier can confirm the identity using the data structure. the certificate and the CA’s public key. the signature. The verifier obtains the cross-certificate from CA2 over an unsecured network.5) In order for the principal to authenticate itself to the verifier. The verifier can verify the identity of the principal using the data structure. the cross-certificate and the public key of CA2. 8 . It sends the public key to CA1. d) Cross-certification The mechanism works as follows: 1) The principal generates a public-private key pair and stores the private key in local storage 2) 3) 4) 5) 6) with integrity and confidentiality protection.

not all interfaces are multi-vendor interoperable. others that are in experimental use and yet others that are primarily theoretical. 9 .Evolution of trust mechanisms All of the mechanisms described above are in routine use today. However. Figure 5 shows those mechanisms that are in routine use today. even those that conform with industry standards.

all of them rely on one or more of the out-of-band mechanisms for initialization. We’ll look at two practical large-scale PKI trust models:  The hierarchical trust model and  The bridge trust model. That is to say.Trust models Practical large-scale PKIs use a combination of trust mechanisms. 10 .  Hierarchical trust model A hierarchical trust model is one in which every key can be the subject of no more than one certificate or certificate request message. including providing the public key of at least one authority to the verifier in a secure way. But. We will be discussing two such models : a) Isolated hierarchical trust model b) Multiple hierarchical trust model a) Isolated hierarchical trust model The mechanisms used in an isolated hierarchical trust model are shown in Figure 6. is called that verifier’s “trust point” or “trust anchor”. even in a hierarchy a key may be the subject of more than one CTL). for the purpose of validating its certificates. An authority key passed to a verifier in this way. (This restriction is not usually applied to CTLs.

at least in theory. A allows its key to be used as the basis of trust in B’s key only for certain specified purposes and by a certain specified community of verifiers. the subject (B in the example) may dictate the policy. But. b) Multiple hierarchies A hierarchy operating in isolation is a somewhat artificial situation. 11 . A more realistic situation is one in which principals are required to operate subordinate to multiple roots. or A issues a certificate (or certificate request message or certificate trust list) for B.The symbol “A → B” means: B’s public key is passed to A so that entities that rely on A’s public key may also rely on B’s public key. It is common practice for the certificate issuer (A in this example) to dictate the terms of the certificate policy. it must impose conditions on its certificate subjects. trust is usually conditional. For the purposes of risk containment. or “A trusts B”. and in order to preserve those expectations. This is because parties that rely on its public key have expectations concerning the quality or suitability of its certificates. That is. as shown in Figure 7. or the issuer and subject may negotiate a mutually agreeable policy.

Unless the roots coordinate their policies. they will operate different policies and each will require its subordinates to operate in accordance with its policy. Only the end-entity is required to operate in accordance with the policies of all roots. Authorities may coordinate their policies by design or under the command of an oversight body. that of its root. each subordinate CA operates a different policy. and the shading indicates the policy under which the entity operates. an end-entity is the combination of a principal and a verifier. However. So. it is common for there to be no such coordination of policy between roots.In the diagram. Subordinate CAs operate only in accordance with the policy of their single superior CA. such as a regulatory body. 12 .

We will discuss two such models: a) Isolated bridge trust model b) Multiple bridges a) Isolated bridge trust model The trust mechanisms used in the bridge model are shown in Figure 8. the result will not be a hierarchy. Bridge trust model A subordinate CA can be certified by more than one root. The only difference is that various renaming have been done from “root CA” to “bridge CA”. “trust list manager” to “spoke CA” and “subordinate CA” to “spoke CA”. The specific trust mechanisms used between the entities are also different: this model does not use the certificate trust list mechanism. we call the result a bridge model. which is inconsistent with the definition of a hierarchy. But. 13 . shown in Figure 6. instead it uses cross-certification. Bridge model is very similar to the hierarchy. Instead. because then the subordinate CA would have more than one superior.

Figure 9 shows the more realistic situation of multiple bridged 14 . whereas.The essential difference. however. So. if a principal must be certified subordinate to more than one root. subordinate CAs can only be certified by one root. then it must have a separate key pair and there must be a separate subordinate CA for each root. whereas. in a hierarchy. between the two models is that spoke CAs can be certified by more than one bridge. in the bridge model. in a hierachy. the isolated bridge model depicts a somewhat artificial situation. b) Multiple bridges Just as in the case of the hierarchy. a principal can operate “downstream” of many bridges with a single key pair.

the single CA must operate in accordance with the policies of each upstream bridge. PKI in INDIA(and other related topics) Acts related to PKI : 15 . Whereas.The striking difference between this architecture and the architecture with multiple roots is that there may be only one spoke CA per domain. However. the spoke CA’s behaviour must be consistent with the policies of more than one upstream bridge. in the hierarchical model. there must be a subordinate CA for each root. So.

1) Objective of the Indian IT Act 2000 • • • To grant legal recognition to records maintained in electronic form. 2) Authentication Method Prescribed by the Indian IT Act 2000 • • • The Act specifies that authentication must be signed by Digital Signatures based upon Asymmetric Key Cryptography and Hash Functions. To define computer system and computer network misuse and make it legally actionable. Paper records were authenticated by handwritten signatures. The National Root CA uses a 2048 bit RSA key. Secure Digital Signature It should be verifiable that at the time it was affixed the digital signature was • • • unique to the subscriber affixing it capable of identifying such subscriber created in a manner or using a means under the exclusive control of the subscriber and is linked to the electronic record to which it relates in such a manner that if the electronic record was altered the digital signature would be invalidated Root Certifying Authority of India (RCAI) 16 . To prescribe methods for authenticating electronic records. Other CA and end entities use 1024 bit. Till this point only paper based records had legal recognition.

1. issuing Certificates to Banking industry for INFINET transactions http://idrbtca. Relying parties can verify the CAs public key signed by CCA through the CCA’s website.com/ • NIC : An organization of Government of India. Role of RCAI • The IT Act provides the Controller for Certifying Authorities (CCA) to license and regulate the working of CA.nic. The CCA operates RCAI for certifying the public keys of CA’s using it private key The CCA has established the RCAI under section 18(b) of the IT Act to digitally sign the public keys of CAs in the country The requirements fulfilled by the RCAI include the following: - • • • The license issued to the CA is digitally signed by the CA.in/ 17 . The RCAI certificate is the self-signed certificate.safescrypt. - - - - 2.org. All public keys corresponding to the signing private key of a CA are digitally signed by the CCA.in/ • IDRBT : Established by Reserve Bank of India. Licensed CAs • Safescrypt : a Private Certifying Authority http://www. issuing Certificates to Government organizations for G2G transactions https://nicca. It is used to sign the public keys of the licensed CAs. The CCA performs the Root CA functions in accordance with the Certificate Practice Statement of RCAI The RCAI root certificate is the highest level of certification in India.

tcs-ca.co.in/ • (n)Code Solutions CA (GNFC) - https://www.in/ • MTNL - http://www.icert.• 3i Infotech • TCS : Private Certifying Authority to issue Certificates to Individuals.tcs.com • Customs & Central Excise https://www.ncodesolutions.mtnltrustline.com Trust Model followed in India : National Root CA Licensed CA Licensed CA Licensed CA Subscriber s 18 Subscribers Subscriber s .gov. Company and Government users http://www.

Electronic applications and approvals of Special Economic zones and Export Oriented Units .The law mandates a hierarchical Trust Model. Key Applications for PKI Enabling a) b) c) - Government Filing Tax Returns online by taxpayers Citizen ID card Issuing forms and licenses Reservations & ticketing Banking Inter/ Intra bank messaging systems Corporate Internet Banking applications Internet Banking Financial Services/ Broking Online Trading Electronic Contract Notes Healthcare Healthcare Management System (HMS) Electronic Medical Recording (EMR) Electronic Prescriptions Existing Implementation a) Government i.Online Applications for licenses by the EXIM community 19 . Ministry of Commerce and Industry: . For a Digital Signature to have legal force it must derive its trust from the National Root CA certificate.

CDSL (Central Depository services (India) Ltd.ii.Online Tax returns through e-Intermediaries b) Banking i.NSE India PKI Forum It is an association of organizations that are interested in promotion of PKI. Two major depositories in India have their applications PKI enabled . Two major Stock Exchanges in India have secured their transactions with PKI .BSE . Primary members are the CCA and all the licensed CA. There are several important initiatives that can increase the number of digital certificates by an order of magnitude.000 (1 Million) digital certificates have been issued. Some broad objectives are : • To promote use of PKI and facilitate the penetration electronic transactions in society • To interact with other national and International PKI forums • To sponsor. ii. The important initiatives are : • Mandatory electronic filing of Income Tax returns • Mandatory electronic filing of Value Added Tax returns • Citizen services portals • Electronic passport initiative 20 .00. Any organization with same interest can be associate member. Income Tax Department: .NSDL (National Securities Depositories Limited) . Securing Inter/Intra bank messaging system (SBMS) PKI enabling Corporate Internet Banking application by banks like ICICI Bank. Punjab National Bank c) Financial Services & Broking i.) ii. conduct or organize training on subjects of interest • To disseminate information about electronic transactions PKI Outlook in India More than 10.

REFERENCES : 1) www.509 part) 21 .in 2) PKI Trust Models paper by Tim Moses 3) Cryptography and Network Security by Behrouz A. Forouzan and Debdeep Mukhopadhyay (X.cca.gov.