Public Key Infrastructure (X509 PKI)

Document Sample
Public Key Infrastructure (X509 PKI) Powered By Docstoc
					Public Key Infrastructure
       (X509 PKI)
           Marco Casassa Mont

Trusted E-Services Laboratory - HP Labs - Bristol



             Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
                            Outline
• Basic Problem of Confidence and Trust
• Background: Cryptography, Digital Signature,
               Digital Certificates
• (X509) Public Key Infrastructure (PKI)
• (X509) PKI: Trust and Legal Issues


               Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
Confidence and Trust
 Issues in the Digital
        World

     Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
                Basic Problem
                              Intranet
                              Extranet
                              Internet
    Bob                                                    Alice

Bob and Alice want to exchange data in a digital world.


There are Confidence and Trust Issues …
                 Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
          Confidence and Trust Issues
• In the Identity of an Individual or Application
   AUTHENTICATION
• That the information will be kept Private
   CONFIDENTIALITY                                                  Intranet
                                                                    Extranet
• That information cannot be Manipulated                            Internet
                                                                                 Alice
                                                        Bob
   INTEGRITY
• That information cannot be Disowned
   NON-REPUDIATION

                      Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
Starting Point:
Cryptography


  Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
             Starting Point: Cryptography
Cryptography
It is the science of making the cost of acquiring or altering
data greater than the potential value gained
Cryptosystem
It is a system that provides techniques for mangling a
message into an apparently intelligible form and than
recovering it from the mangled form

 Plaintext      Encryption       Ciphertext             Decryption         Plaintext
Hello World                      &$*£(“!273                                Hello World
                      Key                                      Key
                      Public Key Infrastructure (PKI)        HP Laboratories, Bristol, UK
             Cryptographic Algorithms
All cryptosystems are based only on three Cryptographic
Algorithms:
• MESSAGE DIGEST (MD2-4-5, SHA, SHA-1, …)
 Maps variable length plaintext into fixed length ciphertext
 No key usage, computationally infeasible to recover the plaintext

• SECRET KEY (Blowfish, DES, IDEA, RC2-4-5, Triple-DES, …)
 Encrypt and decrypt messages by using the same Secret Key

• PUBLIC KEY (DSA, RSA, …)
 Encrypt and decrypt messages by using two different Keys: Public Key,
 Private Key (coupled together)
                        Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
              Cryptographic Algorithms based
                      on Private Key
         Plaintext       Encryption         Ciphertext         Decryption       Plaintext

                                Private Key                           Private Key
Pros
   • Efficient and fast Algorithm
   • Simple model
     Provides Integrity, Confidentiality
Cons
• The same secret key must be shared by all the entities involved in the data exchange
• High risk
• It doesn’t scale (proliferation of secrets)
   No Authentication, Non-Repudiation


                             Public Key Infrastructure (PKI)           HP Laboratories, Bristol, UK
            Cryptographic Algorithms based
                    on Public Key
Pros
• Private key is only known by the owner: less risk
• The algorithm ensures Integrity and Confidentiality by encrypting with
  the Receiver’s Public key


                                       Intranet
                                       Extranet
                                       Internet
                   Bob                                       Alice


     Plaintext      Encryption       Ciphertext            Decryption        Plaintext

                          Alice’s Public Key                      Alice’s Private Key

                         Public Key Infrastructure (PKI)             HP Laboratories, Bristol, UK
               Cryptographic Algorithms based
                       on Public Key
Pros
 • The algorithm ensures Non-Repudiation by encrypting with
  the Sender’s Private key


                                     Intranet
                                     Extranet
                                     Internet
                  Bob                                         Alice



   Plaintext      Encryption       Ciphertext              Decryption         Plaintext

                        Bob’s Private Key                         Bob’s Public Key


                         Public Key Infrastructure (PKI)                HP Laboratories, Bristol, UK
            Cryptographic Algorithms based
                    on Public Key
Cons
 • Algorithms are 100 – 1000 times slower than secret key ones
       They are initially used in an initial phase of communication and then
       secrets keys are generated to deal with encryptions
 • How are Public keys made available to the other people?
 • There is still a problem of Authentication!!!
    Who ensures that the owner of a key pair is really the person whose
    real life name is “Alice”?

                                           Intranet
                                           Extranet
                                           Internet
                                                              Alice           Moving towards PKI …
                      Bob

                            Public Key Infrastructure (PKI)           HP Laboratories, Bristol, UK
Digital Signature


   Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
                       Digital Signature
A Digital Signature is a data item that vouches the origin
and the integrity of a Message
  • The originator of a message uses a signing key (Private Key) to sign the
   message and send the message and its digital signature to a recipient


  • The recipient uses a verification key (Public Key) to verify the origin of
   the message and that it has not been tampered with while in transit

                                          Intranet
                                          Extranet
                                          Internet
                     Bob                                     Alice

                           Public Key Infrastructure (PKI)           HP Laboratories, Bristol, UK
                          Digital Signature
               Message                                                   Message


 Digest                                                         Digest
              Hash Function                                                      Hash Function
 Algorithm                                                      Algorithm


                 Digest
                                                                Public Key


Private Key    Encryption                                       Decryption


                Signature                                       Expected                 Actual
                                                                Digest                   Digest


                  Signer                   Channel                             Receiver
                              Public Key Infrastructure (PKI)            HP Laboratories, Bristol, UK
              Digital Signature

     There is still a problem linked to the
         “Real Identity” of the Signer.

Why should I trust what the Sender claims to be?


                                                          Moving towards PKI …


                Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
Digital Certificate


    Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
                   Digital Certificate
A Digital Certificate is a binding between an entity’s
Public Key and one or more Attributes relating its Identity.

  • The entity can be a Person, an Hardware Component, a Service, etc.

  • A Digital Certificate is issued (and signed) by someone
    - Usually the issuer is a Trusted Third Party

  • A self-signed certificate usually is not very trustworthy

                          Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
                 Digital Certificate
                     CERTIFICATE


Issuer
Subject
Subject Public Key

Issuer
Digital
Signature
                     Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
             Digital Certificate
Problems
   • How are Digital Certificates Issued?
   • Who is issuing them?
   • Why should I Trust the Certificate Issuer?
   • How can I check if a Certificate is valid?
   • How can I revoke a Certificate?
   • Who is revoking Certificates?
                                                            Moving towards PKI …


                  Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
Public Key Infrastructure
         (PKI)



     Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
     Public Key Infrastructure
              (PKI)

A Public Key Infrastructure is an Infrastructure
to support and manage Public Key-based
Digital Certificates



               Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
       Public Key Infrastructure
                (PKI)
“A PKI is a set of agreed-upon standards, Certification
Authorities (CA), structure between multiple CAs,
methods to discover and validate Certification Paths,
Operational Protocols, Management Protocols,

Interoperable Tools and supporting Legislation”

“Digital Certificates” book – Jalal Feghhi, Jalil Feghhi, Peter Williams
                      Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
       Public Key Infrastructure
                (PKI)
Focus on:
• X509 PKI
• X509 Digital Certificates
 Standards defined by IETF, PKIX WG:
         http://www.ietf.org/

… even if X509 is not the only approach (e.g. SPKI)
                Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
       X509 PKI – Technical View
Basic Components:
• Certificate Authority (CA)
• Registration Authority (RA)                        “Provider” Side
• Certificate Distribution System


                                                     “Consumer” Side
• PKI enabled applications
                Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
              X509 PKI – Simple Model
                                                                         Certification
                                                         CA                 Entity

                Cert. Request
Application       Signed
                 Certificate
                                                         RA
 Service                            Internet
                                                                       Certs,    Directory
                                                                       CRLs


   Remote                                                Local
   Person                                                Person


                       Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
                 X509 PKI
        Certificate Authority (CA)
Basic Tasks:
• Key Generation
• Digital Certificate Generation
• Certificate Issuance and Distribution
• Revocation
• Key Backup and Recovery System
• Cross-Certification
                Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
               X509 PKI
      Registration Authority (RA)
Basic Tasks:
• Registration of Certificate Information
• Face-to-Face Registration
• Remote Registration
• Automatic Registration
• Revocation

                Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
               X509 PKI
    Certificate Distribution System
Provide Repository for:
• Digital Certificates
• Certificate Revocation Lists (CRLs)
Typically:
• Special Purposes Databases
• LDAP directories

                 Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
       Certificate Revocation List
                   Certificate Revocation List



Revoked Certificates
remain in CRL
until they expire




                       Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
     Certificate Revocation List (CRL)
• CRLs are published by CAs at well defined
  interval of time
• It is a responsibility of “Users” of certificates to
“download” a CRL and verify if a certificate has
 been revoked
• User application must deal with the revocation
  processes
                  Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
      Online Certificate Status Protocol
                   (OCSP)
• An alternative to CRLs
• IETF/PKIX standard for a real-time check if a
 certificate has been revoked/suspended


• Requires a high availability OCSP Server


                Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
                 CRL vs OCSP Server

                   Download CRL                            CRL
       User                                                          CA


                                           Directory                                   CRL
         Certificate IDs
         to be checked                                  Download
                                                                            CRL
User                               OCSP                 CRL
                                                                                     CA
         Answer about              Server
         Certificate States
                                                                   Directory
                                                                                        OCSP
                      Public Key Infrastructure (PKI)               HP Laboratories, Bristol, UK
               X509 PKI
        PKI-enabled Applications
Functionality Required:
• Cryptographic functionality
• Secure storage of Personal Information
• Digital Certificate Handling
• Directory Access
• Communication Facilities

                Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
      X509 PKI
Trust and Legal Issues


      Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
                X509 PKI
          Trust and Legal Issues

• Why should I Trust a CA?


• How can I determine the liability of a CA?



                Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
             X509 PKI
       Approaches to Trust and
           Legal Aspects
• Why should I Trust a CA?
        Certificate Hierarchies, Cross-Certification
• How can I determine the liability of a CA?
        Certificate Policies (CP) and Certificate Policy
        Statement (CPS)

                Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
     X509 PKI
  Approach to Trust

Certificate Hierarchies
          and
 Cross-Certification

     Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
      CA Technology Evolution
       CA    CA            CA                     CA         Directory     CA
                                                             Services



             RA            CA                     CA                       CA


                                                 Internet                  RA
                   RA             RA

                                             RA        RA                Internet
Try to reflect
Real world Trust Models
                                                                     LRA      LRA

               Public Key Infrastructure (PKI)              HP Laboratories, Bristol, UK
          Simple Certificate Hierarchy
          Root CA
                                      Each entity has its own certificate (and may
Sub-CAs
                                      have more than one). The root CA’s certificate
                                      is self signed and each sub-CA is signed by its
                                      parent CA.

                                      Each CA may also issue CRLs. In particular
                                      the lowest level CAs issue CRLs frequently.

      End Entities                    End entities need to “find” a certificate path to
                                      a CA that they trust.




                     Public Key Infrastructure (PKI)     HP Laboratories, Bristol, UK
Trusted
            Simple Certificate Path
Root                                  Alice trusts the root CA
                                      Bob sends a message to Alice

                                      Alice needs Bob’s certificate, the certificate of
                                      the CA that signed Bob’s certificate, and so on
                                      up to the root CA’s self signed certificate.

                                      Alice also needs each CRL for each CA.

              *                       Only then can Alice verify that Bob’s certificate
    Alice     Bob                     is valid and trusted and so verify the Bob’s
                                      signature.




                Public Key Infrastructure (PKI)        HP Laboratories, Bristol, UK
             Cross-Certification and
              Multiple Hierarchies
                                                      1
                                     2                      3



1. Multiple Roots
2. Simple cross-certificate
3. Complex cross-certificate
                    Public Key Infrastructure (PKI)       HP Laboratories, Bristol, UK
          X509 PKI
  Approach to Trust : Problems

Things are getting more and more
   complex if Hierarchies and
  Cross-Certifications are used

          Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
          Cross-Certification and
Trusted
             Path Discovery
                Trusted
                 Root
Root

                                                  3




                                  *

              Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
        X509 PKI
 Approach to Legal Aspects

      Certificate Policy
                       And
Certificate Practice Statement

        Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
        Certificate Policy (CP)
• A document that sets out the rights, duties and
  obligations of each party in a Public Key
  Infrastructure
• The Certificate Policy (CP) is a document which
  usually has legal effect
• A CP is usually publicly exposed by CAs, for
  example on a Web Site (VeriSign, etc.)
                 Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
  Certificate Policy (CP)
                                                  COMMUNITY &
            POLICY OUTLINE
                                                  APPLICABILITY


                                                                  RIGHTS, LIABILITIES
                                                                    & OBLIGATIONS
CERTIFICATE &
CRL PROFILES                          CP
                                                                   IDENTIFICATION &
                                                                    AUTHENTICATION


              TECHNICAL                            OPERATIONAL
           SECURITY CONTROL                       REQUIREMENTS



                Public Key Infrastructure (PKI)             HP Laboratories, Bristol, UK
           Policy Issues (CP)
• Liability Issues
• Repository Access Controls
• Confidentiality Requirements
• Registration Procedures
   - Uniqueness of Names
   - Authentication of Users/Organisations
• Certificate Acceptance
• Suspension and Revocation (Online/CRL)
• Physical Security Controls
              Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
    Certificate Policy Statement
                (CPS)
• A document that sets out what happens in practice
  to support the policy statements made in the CP
  in a PKI
• The Certificate Practice Statement (CPS) is a
  document which may have legal effect in limited
  circumstances

                Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
Certificate Policy Statement
            (CPS)
                                                   GENERAL
                   INTRODUCTION                   PROVISIONS


                                                               IDENTIFICATION &
    SPECIFICATION                                              AUTHENTICATION
   ADMINISTRATION


                                        CPS
   CERTIFICATE &                                                 OPERATIONAL
   CRL PROFILES                                                 REQUIREMENTS


                    TECHNICAL                      PHYSICAL,
                     SECURITY                    PROCEDURAL &
                    CONTROLS                      PERSONNEL


               Public Key Infrastructure (PKI)         HP Laboratories, Bristol, UK
IETF (PKIX) Standards
• X.509 Certificate and CRL Profiles
• PKI Management Protocols
• Certificate Request Formats
• CP/CPS Framework
• LDAP, OCSP, etc.
          http://www.ietf.org/

            Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK
         Identity is Not Enough:
          Attribute Certificates
IETF (PKIX WG) is also defining standards for Attribute
Certificates (ACs):
• Visa Card (Attribute) vs. Passport (Identity)
• Attribute Certificates specify Attributes associated
  to an Identity
• Attribute Certificates don’t contain a Public key
  but a link to an Identity Certificate


                 Public Key Infrastructure (PKI)   HP Laboratories, Bristol, UK