Certificati digitali Certificates, Certification Authorities and Public-Key Infrastructures Ozalp Babaoglu La chiave pubblica con la quale stiamo cifrando deve appartenere realmente al destinatario del messaggio Si pone il problema dello scambio delle chiavi (man-in-themiddle attack) I certificati digitali vengono usati per evitare che qualcuno tenti di spacciarsi per un altra persona sostituendone la chiave pubblica ALMA MATER STUDIORUM UNIVERSITA DI BOLOGNA Babaoglu 2001-2012 Sicurezza 2 PKI Certificates Physical Certificates A certificate is the form in which a PKI communicates public key information It is a binding between a public key and identity information about a subject Signed by a certificate issuer Functions much like a physical certificate Avoids man-in-the-middle attacks Fotograph + Personal data Seals = I certify that the photo corresponds to the personal data Babaoglu 2001-2012 Sicurezza 3 Babaoglu 2001-2012 Sicurezza 4
Distribuzione dei certificati Certificate servers Certificati generati, custoditi e distribuiti da entità fidate Certificate servers Public Key Infrastructures (PKI) Distribuzione manuale o di persona: passaporto, carta d identità Database disponibili su rete Permettono agli utenti di richiedere l inserimento del proprio certificato nel database richiedere il certificato di qualcuno Babaoglu 2001-2012 Sicurezza 5 Babaoglu 2001-2012 Sicurezza 6 Public Key Infrastructure PKI Registration Authority PKI is a collection of services and protocols for Registering Certifying (issuing) Validating Revoking certificates Public-key infrastructure (PKI) Registration Authority (RA) usually a physical person Certification Authority () usually software Invoked when a subject requests a certificate for the first time Subject requesting the certificate must be authenticated In-band authentication: performed using the PKI itself possible only for certain types of identity information (e.g. email address) Out-of-band authentication: performed using more traditional methods, such as mail, fax, over the telephone or physically meeting someone Babaoglu 2001-2012 Sicurezza 7 Babaoglu 2001-2012 Sicurezza 8
Public Key Infrastructure Public Key Infrastructure Is there an Internet PKI? Several proposal for an Internet PKI exist: PGP, PEM, PKIX, Secure DNS, SPKI and SDSI No single one has gained widespread use In the future: Several PKI operating and inter-operating in the Internet There are two basic operations common to all PKIs: Certification: process of binding a public-key value to subject: an individual, organization or other entity Validation: process of verifying that a certification is still valid Babaoglu 2001-2012 Sicurezza 9 Babaoglu 2001-2012 Sicurezza 10 PKI X.509 Certificates Distinguished Name Information X.509 Certificate Information Defined by X.509 Standard Subject:!Distinguished Name, Public Key Issuer:! Distinguished Name, Signature Validity: Not Before Date, Not After Date Administrative Info:! Version, Serial Number Extended Info:! Common Name CN=Calisto Tanzi Organization or Company O=Parmalat Organizational Unit! OU=Management City/Locality!!! L=Parma State/Province!! ST=Emilia Romagna Country (ISO Code)!! C=IT Babaoglu 2001-2012 Sicurezza 11 Babaoglu 2001-2012 Sicurezza 12
PKI Certificates PKI Certificate Authorities The certification process is based on trust users trust the issuing authority to issue only certificates that correctly associate subjects to their public keys The certificate issuer is commonly called a certificate authority () Only a for the entire world? Impractical Instead: most PKI enable one to certify another s one is telling its users that they can trust what a second says in its certificates Different certificates: Leaf certificates (end-user) Intermediate certificates Root certificates Babaoglu 2001-2012 Sicurezza 13 Babaoglu 2001-2012 Sicurezza 14 PKI Certificate Chains PKI Hierarchies DN X PK X Sig X s can be organized as a rooted tree (X.509) as a general graph (PGP) DN Y DN Z DN Bob PK Y PK Z PK Bob Sig X Sig Y Sig Z Babaoglu 2001-2012 Sicurezza 15 Babaoglu 2001-2012 Sicurezza 16
PKI Validation PKI Revocation Validation The information in a certificate can change over time Need to be sure that the information in the certificate is current and that the certificate is authentic Two basic methods of certificate validation: Off-line validation The can include a validity period in the certificate a range during which the information in the certificate can be considered valid On-line validation The user can ask the directly about a certificate s validity every time it is used Revocation the process of informing users when the information in a certificate becomes unexpectedly invalid subject s private key becomes compromised user information changes (e.g., email address, domain name of a server) Off-line Within the validity periods, certificate revocation method is critical On-line revocation problem becomes trivial Babaoglu 2001-2012 Sicurezza 17 Babaoglu 2001-2012 Sicurezza 18 PKI Revocation Certificates in Practice: Firefox Certificate Revocation List (CRL) a list of revoked certificates that is signed and periodically issued by a user must check the latest CRL during validation to make sure that a certificate has not been revoked CRL Problems CRL time-granularity problem how often CRLs must be issued? CRL size incremental CRL Babaoglu 2001-2012 Sicurezza 19 Babaoglu 2001-2012 Sicurezza 20
Certificates in Practice: Firefox Certificates in Practice: Firefox Babaoglu 2001-2012 Sicurezza 21 Babaoglu 2001-2012 Sicurezza 22