Title: Public Key Infrastructure (X509 PKI)
1Public Key Infrastructure (X509 PKI)
Marco Casassa Mont
Trusted E-Services Laboratory - HP Labs - Bristol
2Outline
- Basic Problem of Confidence and Trust
- Background Cryptography, Digital Signature,
- Digital Certificates
- (X509) Public Key Infrastructure (PKI)
- (X509) PKI Trust and Legal Issues
3 Confidence and Trust Issues in the Digital World
4Basic Problem
Bob and Alice want to exchange data in a digital
world.
There are Confidence and Trust Issues
5Confidence and Trust Issues
- In the Identity of an Individual or Application
- AUTHENTICATION
- That the information will be kept Private
- CONFIDENTIALITY
- That information cannot be Manipulated
- INTEGRITY
- That information cannot be Disowned
- NON-REPUDIATION
-
6Starting Point Cryptography
7Starting Point Cryptography
Cryptography It is the science of making the
cost of acquiring or altering data greater than
the potential value gained
Cryptosystem It is a system that provides
techniques for mangling a message into an
apparently intelligible form and than recovering
it from the mangled form
Plaintext
Encryption
Decryption
Plaintext
Ciphertext
(!273
Hello World
Hello World
Key
Key
8Cryptographic Algorithms
All cryptosystems are based only on three
Cryptographic Algorithms
- MESSAGE DIGEST (MD2-4-5, SHA, SHA-1, )
Maps variable length plaintext into fixed length
ciphertext No key usage, computationally
infeasible to recover the plaintext
- SECRET KEY (Blowfish, DES, IDEA, RC2-4-5,
Triple-DES, )
Encrypt and decrypt messages by using the same
Secret Key
Encrypt and decrypt messages by using two
different Keys Public Key, Private Key (coupled
together)
9Cryptographic Algorithms based on Private Key
Pros
- Efficient and fast Algorithm
- Simple model
- ? Provides Integrity, Confidentiality
Cons
- The same secret key must be shared by all the
entities involved in the data exchange - High risk
- It doesnt scale (proliferation of secrets)
- ? No Authentication, Non-Repudiation
10Cryptographic Algorithms based on Public Key
Pros
- Private key is only known by the owner less
risk - The algorithm ensures Integrity and
Confidentiality by encrypting with - the Receivers Public key
11Cryptographic Algorithms based on Public Key
Pros
- The algorithm ensures Non-Repudiation by
encrypting with - the Senders Private key
12Cryptographic Algorithms based on Public Key
Cons
- Algorithms are 100 1000 times slower than
secret key ones - They are initially used in an initial
phase of communication and then - secrets keys are generated to deal with
encryptions - How are Public keys made available to the other
people? - There is still a problem of Authentication!!!
- Who ensures that the owner of a key pair is
really the person whose - real life name is Alice?
Moving towards PKI
13Digital Signature
14Digital Signature
A Digital Signature is a data item that vouches
the origin and the integrity of a Message
- The originator of a message uses a signing key
(Private Key) to sign the - message and send the message and its digital
signature to a recipient
- The recipient uses a verification key (Public
Key) to verify the origin of - the message and that it has not been tampered
with while in transit
Intranet Extranet Internet
Alice
Bob
15Digital Signature
Message
Message
Digest Algorithm
Digest Algorithm
Hash Function
Hash Function
Digest
Public Key
Encryption
Decryption
Private Key
Expected Digest
Actual Digest
Signature
Signer
Receiver
Channel
16Digital Signature
There is still a problem linked to the Real
Identity of the Signer. Why should I trust
what the Sender claims to be?
Moving towards PKI
17Digital Certificate
18Digital Certificate
A Digital Certificate is a binding between an
entitys Public Key and one or more Attributes
relating its Identity.
- The entity can be a Person, an Hardware
Component, a Service, etc.
- A Digital Certificate is issued (and signed) by
someone
- Usually the issuer is a Trusted Third Party
- A self-signed certificate usually is not very
trustworthy
19Digital Certificate
Issuer
Subject
Subject Public Key
Issuer Digital Signature
20Digital Certificate
Problems
- How are Digital Certificates Issued?
- Who is issuing them?
- Why should I Trust the Certificate Issuer?
- How can I check if a Certificate is valid?
- How can I revoke a Certificate?
- Who is revoking Certificates?
Moving towards PKI
21Public Key Infrastructure (PKI)
22Public Key Infrastructure (PKI)
A Public Key Infrastructure is an Infrastructure
to support and manage Public Key-based Digital
Certificates
23Public Key Infrastructure (PKI)
A PKI is a set of agreed-upon standards,
Certification Authorities (CA), structure between
multiple CAs, methods to discover and validate
Certification Paths, Operational Protocols,
Management Protocols, Interoperable Tools and
supporting Legislation
Digital Certificates book Jalal Feghhi, Jalil
Feghhi, Peter Williams
24Public Key Infrastructure (PKI)
- Focus on
- X509 PKI
- X509 Digital Certificates
- ? Standards defined by IETF, PKIX WG
- http//www.ietf.org/
- even if X509 is not the only approach (e.g.
SPKI)
25X509 PKI Technical View
- Basic Components
- Certificate Authority (CA)
- Registration Authority (RA)
- Certificate Distribution System
- PKI enabled applications
Provider Side
Consumer Side
26X509 PKI Simple Model
Certification Entity
CA
Cert. Request
RA
Application Service
Signed Certificate
Internet
Certs, CRLs
Directory
Remote Person
Local Person
27X509 PKI Certificate Authority (CA)
- Basic Tasks
- Key Generation
- Digital Certificate Generation
- Certificate Issuance and Distribution
- Revocation
- Key Backup and Recovery System
- Cross-Certification
28X509 PKI Registration Authority (RA)
- Basic Tasks
- Registration of Certificate Information
- Face-to-Face Registration
- Remote Registration
- Automatic Registration
- Revocation
29X509 PKI Certificate Distribution System
- Provide Repository for
- Digital Certificates
- Certificate Revocation Lists (CRLs)
- Typically
- Special Purposes Databases
- LDAP directories
30Certificate Revocation List
Certificate Revocation List
Revoked Certificates remain in CRL until they
expire
31Certificate Revocation List (CRL)
- CRLs are published by CAs at well defined
- interval of time
- It is a responsibility of Users of
certificates to - download a CRL and verify if a certificate has
- been revoked
- User application must deal with the revocation
- processes
32Online Certificate Status Protocol (OCSP)
- An alternative to CRLs
- IETF/PKIX standard for a real-time check if a
- certificate has been revoked/suspended
- Requires a high availability OCSP Server
33CRL vs OCSP Server
CRL
Download CRL
User
CA
CRL
Directory
Certificate IDs to be checked
Download CRL
CRL
User
OCSP Server
CA
Answer about Certificate States
Directory
OCSP
34X509 PKI PKI-enabled Applications
- Functionality Required
- Cryptographic functionality
- Secure storage of Personal Information
- Digital Certificate Handling
- Directory Access
- Communication Facilities
35X509 PKI Trust and Legal Issues
36X509 PKI Trust and Legal Issues
- Why should I Trust a CA?
- How can I determine the liability of a CA?
37X509 PKI Approaches to Trust and Legal Aspects
- Why should I Trust a CA?
- How can I determine the liability of a CA?
Certificate Hierarchies, Cross-Certification
Certificate Policies (CP) and Certificate
Policy Statement (CPS)
38X509 PKI Approach to Trust
Certificate Hierarchies and Cross-Certification
39CA Technology Evolution
Try to reflect Real world Trust Models
40Simple Certificate Hierarchy
Root CA
Each entity has its own certificate (and may have
more than one). The root CAs certificate is
self signed and each sub-CA is signed by its
parent CA. Each CA may also issue CRLs. In
particular the lowest level CAs issue CRLs
frequently. End entities need to find a
certificate path to a CA that they trust.
Sub-CAs
End Entities
41Simple Certificate Path
Trusted Root
Alice trusts the root CA Bob sends a message to
Alice Alice needs Bobs certificate, the
certificate of the CA that signed Bobs
certificate, and so on up to the root CAs self
signed certificate. Alice also needs each CRL
for each CA. Only then can Alice verify that
Bobs certificate is valid and trusted and so
verify the Bobs signature.
42Cross-Certification and Multiple Hierarchies
1
2
3
- Multiple Roots
- Simple cross-certificate
- Complex cross-certificate
43X509 PKI Approach to Trust Problems
Things are getting more and more complex if
Hierarchies and Cross-Certifications are used
44Cross-Certification and Path Discovery
Trusted Root
Trusted Root
3
45X509 PKI Approach to Legal Aspects
Certificate Policy And Certificate Practice
Statement
46Certificate Policy (CP)
- A document that sets out the rights, duties and
- obligations of each party in a Public Key
- Infrastructure
- The Certificate Policy (CP) is a document which
- usually has legal effect
- A CP is usually publicly exposed by CAs, for
- example on a Web Site (VeriSign, etc.)
47Certificate Policy (CP)
48Policy Issues (CP)
- Repository Access Controls
- Confidentiality Requirements
- Registration Procedures
- - Uniqueness of Names
- - Authentication of Users/Organisations
- Suspension and Revocation (Online/CRL)
- Physical Security Controls
49Certificate Policy Statement (CPS)
- A document that sets out what happens in
practice - to support the policy statements made in the CP
- in a PKI
- The Certificate Practice Statement (CPS) is a
- document which may have legal effect in
limited - circumstances
50Certificate Policy Statement (CPS)
51IETF (PKIX) Standards
- X.509 Certificate and CRL Profiles
- PKI Management Protocols
- Certificate Request Formats
- CP/CPS Framework
- LDAP, OCSP, etc.
http//www.ietf.org/
52Identity is Not Enough Attribute Certificates
- IETF (PKIX WG) is also defining standards for
Attribute Certificates (ACs) - Visa Card (Attribute) vs. Passport (Identity)
- Attribute Certificates specify Attributes
associated - to an Identity
- Attribute Certificates dont contain a Public
key - but a link to an Identity Certificate