Certificates, Certification Authorities and Public-Key Infrastructures

Transcription

1 Certificati digitali Certificates, Certification Authorities and Public-Key Infrastructures La chiave pubblica con la quale stiamo cifrando deve appartenere realmente al destinatario del messaggio Si pone il problema dello scambio delle chiavi (man-in-themiddle attack) I certificati digitali vengono usati per evitare che qualcuno tenti di spacciarsi per un altra persona sostituendone la chiave pubblica Ozalp Babaoglu ALMA MATER STUDIORUM UNIVERSITA DI BOLOGNA Babaoglu Certificates in the physical world Digital Certificates Personal data Photograph In asymmetric cryptography, a digital certificate is the form in which public keys are communicated It is a binding between a public key and identity information about a subject It is signed by a certificate issuer Seals + Signature Functions much like a physical certificate Avoids man-in-the-middle attacks I certify that the data correspond to the person in the photo Babaoglu Sicurezza 2 Sicurezza 3 Babaoglu Sicurezza 4

2 X.509 Certificates X.509 Certificates X.509 is a standard that specifies digital certificates with the following fields: Subject: Distinguished Name, Public Key Issuer: Distinguished Name, Signature Validity: Not Before Date, Not After Date Administrative Info: Version, Serial Number Extended Info: Distinguished Name Fields as defined by X.509 Standard Common Name CN=Calisto Tanzi Organization or Company O=Parmalat Organizational Unit OU=Management City/Locality L=Parma State/Province ST=Emilia Romagna Country (ISO Code) C=IT 5 6 Distribuzione dei certificati Certificate servers Distribuzione manuale o di persona: passaporto, carta d identità Certificati sono generati e distribuiti da entità fidate Certificate servers Public Key Infrastructures (PKI) Database centralizzate disponibili su rete Possono essere replicate Permettono agli utenti di richiedere l inserimento del proprio certificato nel database richiedere il certificato di qualcuno 7 8

3 Certification Authority Public Key Infrastructure Certification Authority () is responsible for certification, validation and revocation of certificates Many different types of s exist: commercial, government, free, etc. Examples of s: VeriSign, Symantec, Thawte, Geotrust, Comodo, Visa, Actalis Collection of s and protocols for invoking their services by clients constitutes a Public Key Infrastructure (PKI) 9 10 PKI Certification PKI Certification Authorities When a subject requests a certificate for the first time, the subject must be authenticated In-band authentication: performed using the PKI itself possible only for certain types of identity information (e.g. addresses) Out-of-band authentication: performed using more traditional methods, such as mail, fax, over the telephone or physical meeting The certification process is based on trust Users trust the issuing authority to issue only certificates that correctly associate subjects to their public keys Only one for the entire world? No would be impractical Instead: Most PKI enable one to certify other s One is telling its users that they can trust what a second says in its certificates 11 12

4 PKI Certificate Chains PKI Certificate Chains DN X PubK X Sig X DN Y PubK Y Sig X DN Z PubK Z Sig Y DN Bob PubK Bob Sig Z Certificate chains can be of arbitrary length Each certificate in the chain validated by the preceding one Different certificates: Leaf certificates (end-user) Intermediate certificates Root certificates PKI Hierarchies Hierarchical Trust (X.509) s can be organized as a rooted tree (X.509) as a general graph (PGP) Based on chains of trust forming a rooted tree among entities that are reputed to be s The (blind) trust we place on root-level s must be acquired through reputation, experience, operational competence and other non-technical aspects Anyone claiming to be a must be a trusted entity and we must believe that it is secure and correct 15 16

5 Web of Trust (PGP) PKI Validation In PGP, any user can act as a and sign the public key of another user A public key is considered valid only if a sufficient number of trusted users have signed it As the system evolves, complex trust relations emerge as dynamic web Trust need not be symmetric or transitive (more on PGP later) Validation need to control that the certificate Is current within not before and not after dates, Is valid signed by a chain of s ending in a root, Has not been revoked Checking currency and validity can be done locally and offline by the certificate user Checking if the certificate has been revoked is more complicated PKI Revocation PKI Revocation Revocation the process of breaking the binding between a public key and a subject for various reasons subject s private key becomes compromised subject identifier information changes (e.g., name, address) On-line revocation problem becomes trivial Online Certificate Status Protocol (OCSP) of X.509 describes how to check validity and revoke certificates Off-line While the certificate is current, the revocation method is critical Clients check locally if a certificate has been revoked Certificate Revocation List (CRL) a list of revoked certificates id constructed, signed and periodically distributed by th user must check the latest CRL during validation to make sure that a certificate has not been revoked X.509 includes a CRL profile, describing the format of CRLs CRL Problems CRL time-granularity problem how often to issue CRLs? CRL size incremental versus bulk 19 20

6 Certificates in Practice: Firefox Certificates in Practice: Firefox Certificates in Practice: Firefox 23