Public Key Infrastructure (X509 PKI)

1
Public Key Infrastructure (X509 PKI)
Marco Casassa Mont
Trusted E-Services Laboratory - HP Labs - Bristol
2
Outline

• Basic Problem of Confidence and Trust
• Background Cryptography, Digital Signature,
• Digital Certificates
• (X509) Public Key Infrastructure (PKI)
• (X509) PKI Trust and Legal Issues

3
Confidence and Trust Issues in the Digital World
4
Basic Problem
Bob and Alice want to exchange data in a digital
world.
There are Confidence and Trust Issues
5
Confidence and Trust Issues

• In the Identity of an Individual or Application
• AUTHENTICATION
• That the information will be kept Private
• CONFIDENTIALITY
• That information cannot be Manipulated
• INTEGRITY
• That information cannot be Disowned
• NON-REPUDIATION

6
Starting Point Cryptography
7
Starting Point Cryptography
Cryptography It is the science of making the
cost of acquiring or altering data greater than
the potential value gained
Cryptosystem It is a system that provides
techniques for mangling a message into an
apparently intelligible form and than recovering
it from the mangled form
Plaintext
Encryption
Decryption
Plaintext
Ciphertext
(!273
Hello World
Hello World
Key
Key
8
Cryptographic Algorithms
All cryptosystems are based only on three
Cryptographic Algorithms

• MESSAGE DIGEST (MD2-4-5, SHA, SHA-1, )

Maps variable length plaintext into fixed length
ciphertext No key usage, computationally
infeasible to recover the plaintext

• SECRET KEY (Blowfish, DES, IDEA, RC2-4-5,
  Triple-DES, )

Encrypt and decrypt messages by using the same
Secret Key

• PUBLIC KEY (DSA, RSA, )

Encrypt and decrypt messages by using two
different Keys Public Key, Private Key (coupled
together)
9
Cryptographic Algorithms based on Private Key
Pros

• Efficient and fast Algorithm
• Simple model
• ? Provides Integrity, Confidentiality

Cons

• The same secret key must be shared by all the
  entities involved in the data exchange
• High risk
• It doesnt scale (proliferation of secrets)
• ? No Authentication, Non-Repudiation

10
Cryptographic Algorithms based on Public Key
Pros

• Private key is only known by the owner less
  risk
• The algorithm ensures Integrity and
  Confidentiality by encrypting with
• the Receivers Public key

11
Cryptographic Algorithms based on Public Key
Pros

• The algorithm ensures Non-Repudiation by
  encrypting with
• the Senders Private key

12
Cryptographic Algorithms based on Public Key
Cons

• Algorithms are 100 1000 times slower than
  secret key ones
• They are initially used in an initial
  phase of communication and then
• secrets keys are generated to deal with
  encryptions
• How are Public keys made available to the other
  people?
• There is still a problem of Authentication!!!
• Who ensures that the owner of a key pair is
  really the person whose
• real life name is Alice?

Moving towards PKI
13
Digital Signature
14
Digital Signature
A Digital Signature is a data item that vouches
the origin and the integrity of a Message

• The originator of a message uses a signing key
  (Private Key) to sign the
• message and send the message and its digital
  signature to a recipient

• The recipient uses a verification key (Public
  Key) to verify the origin of
• the message and that it has not been tampered
  with while in transit

Intranet Extranet Internet
Alice
Bob
15
Digital Signature
Message
Message
Digest Algorithm
Digest Algorithm
Hash Function
Hash Function
Digest
Public Key
Encryption
Decryption
Private Key
Expected Digest
Actual Digest
Signature
Signer
Receiver
Channel
16
Digital Signature
There is still a problem linked to the Real
Identity of the Signer. Why should I trust
what the Sender claims to be?
Moving towards PKI
17
Digital Certificate
18
Digital Certificate
A Digital Certificate is a binding between an
entitys Public Key and one or more Attributes
relating its Identity.

• The entity can be a Person, an Hardware
  Component, a Service, etc.

• A Digital Certificate is issued (and signed) by
  someone

- Usually the issuer is a Trusted Third Party

• A self-signed certificate usually is not very
  trustworthy

19
Digital Certificate
Issuer
Subject
Subject Public Key
Issuer Digital Signature
20
Digital Certificate
Problems

• How are Digital Certificates Issued?
• Who is issuing them?
• Why should I Trust the Certificate Issuer?
• How can I check if a Certificate is valid?
• How can I revoke a Certificate?
• Who is revoking Certificates?

Moving towards PKI
21
Public Key Infrastructure (PKI)
22
Public Key Infrastructure (PKI)
A Public Key Infrastructure is an Infrastructure
to support and manage Public Key-based Digital
Certificates
23
Public Key Infrastructure (PKI)
A PKI is a set of agreed-upon standards,
Certification Authorities (CA), structure between
multiple CAs, methods to discover and validate
Certification Paths, Operational Protocols,
Management Protocols, Interoperable Tools and
supporting Legislation
Digital Certificates book Jalal Feghhi, Jalil
Feghhi, Peter Williams
24
Public Key Infrastructure (PKI)

• Focus on
• X509 PKI
• X509 Digital Certificates
• ? Standards defined by IETF, PKIX WG
• http//www.ietf.org/
• even if X509 is not the only approach (e.g.
  SPKI)

25
X509 PKI Technical View

• Basic Components
• Certificate Authority (CA)
• Registration Authority (RA)
• Certificate Distribution System
• PKI enabled applications

Provider Side
Consumer Side
26
X509 PKI Simple Model
Certification Entity
CA
Cert. Request
RA
Application Service
Signed Certificate
Internet
Certs, CRLs
Directory
Remote Person
Local Person
27
X509 PKI Certificate Authority (CA)

• Basic Tasks
• Key Generation
• Digital Certificate Generation
• Certificate Issuance and Distribution
• Revocation
• Key Backup and Recovery System
• Cross-Certification

28
X509 PKI Registration Authority (RA)

• Basic Tasks
• Registration of Certificate Information
• Face-to-Face Registration
• Remote Registration
• Automatic Registration
• Revocation

29
X509 PKI Certificate Distribution System

• Provide Repository for
• Digital Certificates
• Certificate Revocation Lists (CRLs)
• Typically
• Special Purposes Databases
• LDAP directories

30
Certificate Revocation List
Certificate Revocation List
Revoked Certificates remain in CRL until they
expire
31
Certificate Revocation List (CRL)

• CRLs are published by CAs at well defined
• interval of time
• It is a responsibility of Users of
  certificates to
• download a CRL and verify if a certificate has
  
• been revoked
• User application must deal with the revocation
• processes

32
Online Certificate Status Protocol (OCSP)

• An alternative to CRLs
• IETF/PKIX standard for a real-time check if a
• certificate has been revoked/suspended
• Requires a high availability OCSP Server

33
CRL vs OCSP Server
CRL
Download CRL
User
CA
CRL
Directory
Certificate IDs to be checked
Download CRL
CRL
User
OCSP Server
CA
Answer about Certificate States
Directory
OCSP
34
X509 PKI PKI-enabled Applications

• Functionality Required
• Cryptographic functionality
• Secure storage of Personal Information
• Digital Certificate Handling
• Directory Access
• Communication Facilities

35
X509 PKI Trust and Legal Issues
36
X509 PKI Trust and Legal Issues

• Why should I Trust a CA?
• How can I determine the liability of a CA?

37
X509 PKI Approaches to Trust and Legal Aspects

• Why should I Trust a CA?
• How can I determine the liability of a CA?

Certificate Hierarchies, Cross-Certification
Certificate Policies (CP) and Certificate
Policy Statement (CPS)
38
X509 PKI Approach to Trust
Certificate Hierarchies and Cross-Certification
39
CA Technology Evolution
Try to reflect Real world Trust Models
40
Simple Certificate Hierarchy
Root CA
Each entity has its own certificate (and may have
more than one). The root CAs certificate is
self signed and each sub-CA is signed by its
parent CA. Each CA may also issue CRLs. In
particular the lowest level CAs issue CRLs
frequently. End entities need to find a
certificate path to a CA that they trust.
Sub-CAs
End Entities
41
Simple Certificate Path
Trusted Root
Alice trusts the root CA Bob sends a message to
Alice Alice needs Bobs certificate, the
certificate of the CA that signed Bobs
certificate, and so on up to the root CAs self
signed certificate. Alice also needs each CRL
for each CA. Only then can Alice verify that
Bobs certificate is valid and trusted and so
verify the Bobs signature.
42
Cross-Certification and Multiple Hierarchies
1
2
3

1. Multiple Roots
2. Simple cross-certificate
3. Complex cross-certificate

43
X509 PKI Approach to Trust Problems
Things are getting more and more complex if
Hierarchies and Cross-Certifications are used
44
Cross-Certification and Path Discovery
Trusted Root
Trusted Root
3

45
X509 PKI Approach to Legal Aspects
Certificate Policy And Certificate Practice
Statement
46
Certificate Policy (CP)

• A document that sets out the rights, duties and
• obligations of each party in a Public Key
• Infrastructure

• The Certificate Policy (CP) is a document which
• usually has legal effect

• A CP is usually publicly exposed by CAs, for
• example on a Web Site (VeriSign, etc.)

47
Certificate Policy (CP)
48
Policy Issues (CP)

• Liability Issues

• Repository Access Controls

• Confidentiality Requirements

• Registration Procedures
• - Uniqueness of Names
• - Authentication of Users/Organisations

• Certificate Acceptance

• Suspension and Revocation (Online/CRL)

• Physical Security Controls

49
Certificate Policy Statement (CPS)

• A document that sets out what happens in
  practice
• to support the policy statements made in the CP
• in a PKI

• The Certificate Practice Statement (CPS) is a
• document which may have legal effect in
  limited
• circumstances

50
Certificate Policy Statement (CPS)
51
IETF (PKIX) Standards

• X.509 Certificate and CRL Profiles
• PKI Management Protocols
• Certificate Request Formats
• CP/CPS Framework
• LDAP, OCSP, etc.

http//www.ietf.org/
52
Identity is Not Enough Attribute Certificates

• IETF (PKIX WG) is also defining standards for
  Attribute Certificates (ACs)
• Visa Card (Attribute) vs. Passport (Identity)
• Attribute Certificates specify Attributes
  associated
• to an Identity
• Attribute Certificates dont contain a Public
  key
• but a link to an Identity Certificate