Certificates. Noah Zani, Tim Strasser, Andrés Baumeler

Transcription

1 Certificates Noah Zani, Tim Strasser, Andrés Baumeler

2 Overview Motivation Introduction Public Key Infrastructure (PKI) Economic Aspects

3 Motivation Need for secure, trusted communication Growing certificate market Government surveillance

4 Introduction Symmetric/Asymmetric cryptography Why do we need certificates?

5 Symmetric Encryption

6 Asymmetric encryption (public-key encryption)

7 Why do we need Certificates?

8 Public Key Infrastructure PKI as defined in RFC 5280 and ITU-T X.509 Use Case: e-banking

9 Definition The infrastructure able to support the management of public keys able to support authentication, encryption, integrity or nonrepudiation services [1 ] The set of hardware, software, people, policies and procedures needed to create, manage, store, distribute, and revoke Public Key Certificates based on public-key cryptography. [ 2] [1]: ITU-T X.509 (10/2012) [2]: Xenitellis, Simos. (2000). The Open source PKI Book: A guide to PKIs and Open source Implementations (pp.107). Retrieved October, 2015 from

10 X.509 It was developed as part of the X.500 standard, which described the structure of a globally accessible directory service but was never fully implemented. Defines frameworks for Public Key Infrastructure Issued in 1988 by the ITU-T (The Telecommunication Standardization Sector of the International Telecommunication Union)

11 RFC 5280/6818 Profile for the Internet X.509 Public Key Certificate and Certificate Revocation List Published May 2008 by the Internet Engineering Task Force IETF Updated January 2013 by the RFC 6818

12 Components Components of a PKI Public Key Certificate Certification Authority (CA) Registration Authoritiy (RA) Certificate Revocation List (CRL) Directory Service Validation Authority (VA) Subscriber (Holder of certificate) and (participant trusting the certificates) Documentation, including policy and practice statement

13

14 Certificates Public-key of certificate holder Information about the validity of the certificate, about the certificate holder and certificate issuer (CA) Digital signature by the CA

15

16 Certificate/Certification Authority A CA is a Trusted Third Party that it issues digital certificates Trustworthiness is key

17 Certificate/Certification Authority Validates certificate requester Domain validation Organizational validation Extended validation Issues certificate signed with CAs private key Revokes invalid certificates

18 Hierarchical structure and certification path Root CA X.509 assumes a strict hierarchical tree structure of CAs Intermediate CA Intermediate CA Child CAs (subordinate CAs) are certified by their parent CAs The Root CA is trustworthy by agreement of all participants Issuing CA Issuing CA Issuing CA Issuing CA Trusted CAs are included with browsers Alternative concept: web of trust models

19 Cross Certification Company A PKI Corp. A Root CA Company B PKI Corp. A Subordinate CA Cross Certification Corp. B Root CA User 1 User 2 Corp. B Subordinate CA User 1 User 2

20

21 Registration Authority An optional system to which a CA delegates certain management functions Receives Certification Signing Requests (CRS) and verifies the authenticity of the certificate holder Forwards the request to the Certification Authority

22

23 Validation Authority An entity that provides services used to validate a certificate Certificate Revocation List (CRL) List of certificates that have been revoked, and therefore, entities presenting those (revoked) certificates should no longer be trusted Two states: revoked & hold Published and signed by the CA which issued the certificates, downloaded by browsers from a repository

24 Certificate Revocation List Advantages: CRLs can be distributed via untrusted communication Contains information about all certificates of one CA Disadvantages May grow large (several megabytes) Client has to download the whole list If download fails, by default certificate is accepted Client has to search the whole list Possible publishing periods of up to one week

25 Online Certificate Status Protocol Alternative to CRL June 1999, substituted in 2013 with RFC6990 Network protocol for checking validity of a certificate using its identifier Signed response from OCSP responder includes Certificate identifier Certificate status value ( good, revoked, unknown ) Response validity interval Advantages Possible real time check Request for only one certificate possible Fast response to certificate status (depending on underlying data)

26 Use Case: e-banking? You Bank How is the PKI used to ensure that you are really talking to the servers of your Bank?

27 Use Case: e-banking Certificate Authority issues verfies request and check Certificate TLS secured connection You Bank

28 Tranport Layer Security (TLS) 1. Negotiation Phase 2. Authentication and Pre- Master Secret 3. Decryption and Master Secret 4. Generate Session Keys 5. Encrypt with Session Key

29 Negotiation Phase Client requests a secure connection Provides highest supported TLS version Provides a list of supported cipher suites Server answers Indicates TLS verison he wants to use Chooses one of the cypher suites Sends his certificate

30 Authentication and Pre-Master Secret Client checks validity of the certificate Client checks the signature of the cerificate to authentificate the Bank Signature = hash value of the first part of the certificate Signature is encrypted with the CA s private key Check is done by decyphering the signature and comparing the value with the hash value created by the client The client generates a pre-master secret and encrypts it with the server s public key

31 Master Secret and Session Keys Server decrypts the pre-master secret Client and Server generate master secret from the premaster secret Client and Server use the master secret to generate session keys Session keys are used to secure the connection in a symmetrical fashion

32 How does a Certificate look like?

33 How does a Certificate look like?

34 How does a Certificate look like?

35 How does a Certificate look like?

36 Cypher Suites Cypher Suites are collections of authentication, encryption, message authentication and key exchange algorithms.

37 Economic Aspects Who issues certificates? What does it take to get a certificate?

38 Certificate Authorities Commercial CA Free CA Private CA

39 Commercial CA Build trust by undergoing audits, e.g. WebTrust Follow guidelines based on CA/Browser Forum Certificate types: Domain Certificate Multi-Domain Certificate Wildcard Certificate Extended Validation Certificate Limited Lifetime

40 Commercial CA Market Fragmented depending on use case: Digital signatures SSL Certificates W3Techs: Usage of SSL certificate authorities for websites from

41 Commercial CA Example SwissSign Pricing: Depending on certificate type Range from CHF to CHF Process to get a certificate Buy a certificate license Create User-Account Use license to order a certificate Send signed application form Send copy of passport of requesting person Send copy of passport of domain owner Optional: Send copy of passport of company owner / representative Optional: New companies (under 3 years): confirmation of the bank

42 Alternative: Free CAs CAcert.org "Let's encrypt"

43 Private CA + Cheaper + Faster to Install - Only for your Organization - You must protect your Private Key

44 Questions?

45 Discussion

46 Do you care about your trusted CA s?

47 Is it justified to pay for certificates?

48 Should the government be involved in digital certificates?

49 Where do you see security problems?