Certificates Noah Zani, Tim Strasser, Andrés Baumeler
Overview Motivation Introduction Public Key Infrastructure (PKI) Economic Aspects
Motivation Need for secure, trusted communication Growing certificate market Government surveillance
Introduction Symmetric/Asymmetric cryptography Why do we need certificates?
Symmetric Encryption https://i-msdn.sec.s-msft.com/dynimg/ic168364.gif
Asymmetric encryption (public-key encryption) https://i-msdn.sec.s-msft.com/dynimg/ic21919.gif
Why do we need Certificates?
Public Key Infrastructure PKI as defined in RFC 5280 and ITU-T X.509 Use Case: e-banking
Definition The infrastructure able to support the management of public keys able to support authentication, encryption, integrity or nonrepudiation services [1 ] The set of hardware, software, people, policies and procedures needed to create, manage, store, distribute, and revoke Public Key Certificates based on public-key cryptography. [ 2] [1]: ITU-T X.509 (10/2012) [2]: Xenitellis, Simos. (2000). The Open source PKI Book: A guide to PKIs and Open source Implementations (pp.107). Retrieved October, 2015 from http://sourceforge.net/projects/ospkibook/
X.509 It was developed as part of the X.500 standard, which described the structure of a globally accessible directory service but was never fully implemented. Defines frameworks for Public Key Infrastructure Issued in 1988 by the ITU-T (The Telecommunication Standardization Sector of the International Telecommunication Union)
RFC 5280/6818 Profile for the Internet X.509 Public Key Certificate and Certificate Revocation List Published May 2008 by the Internet Engineering Task Force IETF Updated January 2013 by the RFC 6818
Components Components of a PKI Public Key Certificate Certification Authority (CA) Registration Authoritiy (RA) Certificate Revocation List (CRL) Directory Service Validation Authority (VA) Subscriber (Holder of certificate) and (participant trusting the certificates) Documentation, including policy and practice statement
Certificates Public-key of certificate holder Information about the validity of the certificate, about the certificate holder and certificate issuer (CA) Digital signature by the CA
Certificate/Certification Authority A CA is a Trusted Third Party that it issues digital certificates Trustworthiness is key
Certificate/Certification Authority Validates certificate requester Domain validation Organizational validation Extended validation Issues certificate signed with CAs private key Revokes invalid certificates
Hierarchical structure and certification path Root CA X.509 assumes a strict hierarchical tree structure of CAs Intermediate CA Intermediate CA Child CAs (subordinate CAs) are certified by their parent CAs The Root CA is trustworthy by agreement of all participants Issuing CA Issuing CA Issuing CA Issuing CA Trusted CAs are included with browsers Alternative concept: web of trust models
Cross Certification Company A PKI Corp. A Root CA Company B PKI Corp. A Subordinate CA Cross Certification Corp. B Root CA User 1 User 2 Corp. B Subordinate CA User 1 User 2
Registration Authority An optional system to which a CA delegates certain management functions Receives Certification Signing Requests (CRS) and verifies the authenticity of the certificate holder Forwards the request to the Certification Authority
Validation Authority An entity that provides services used to validate a certificate Certificate Revocation List (CRL) List of certificates that have been revoked, and therefore, entities presenting those (revoked) certificates should no longer be trusted Two states: revoked & hold Published and signed by the CA which issued the certificates, downloaded by browsers from a repository
Certificate Revocation List Advantages: CRLs can be distributed via untrusted communication Contains information about all certificates of one CA Disadvantages May grow large (several megabytes) Client has to download the whole list If download fails, by default certificate is accepted Client has to search the whole list Possible publishing periods of up to one week
Online Certificate Status Protocol Alternative to CRL June 1999, substituted in 2013 with RFC6990 Network protocol for checking validity of a certificate using its identifier Signed response from OCSP responder includes Certificate identifier Certificate status value ( good, revoked, unknown ) Response validity interval Advantages Possible real time check Request for only one certificate possible Fast response to certificate status (depending on underlying data)
Use Case: e-banking? You Bank How is the PKI used to ensure that you are really talking to the servers of your Bank?
Use Case: e-banking Certificate Authority issues verfies request and check Certificate TLS secured connection You Bank
Tranport Layer Security (TLS) 1. Negotiation Phase 2. Authentication and Pre- Master Secret 3. Decryption and Master Secret 4. Generate Session Keys 5. Encrypt with Session Key
Negotiation Phase Client requests a secure connection Provides highest supported TLS version Provides a list of supported cipher suites Server answers Indicates TLS verison he wants to use Chooses one of the cypher suites Sends his certificate
Authentication and Pre-Master Secret Client checks validity of the certificate Client checks the signature of the cerificate to authentificate the Bank Signature = hash value of the first part of the certificate Signature is encrypted with the CA s private key Check is done by decyphering the signature and comparing the value with the hash value created by the client The client generates a pre-master secret and encrypts it with the server s public key
Master Secret and Session Keys Server decrypts the pre-master secret Client and Server generate master secret from the premaster secret Client and Server use the master secret to generate session keys Session keys are used to secure the connection in a symmetrical fashion
How does a Certificate look like? http://ipseclab.eit.lth.se/tiki-index.php?page=2.%20background
How does a Certificate look like? http://ipseclab.eit.lth.se/tiki-index.php?page=2.%20background
How does a Certificate look like? http://ipseclab.eit.lth.se/tiki-index.php?page=2.%20background
How does a Certificate look like?
Cypher Suites Cypher Suites are collections of authentication, encryption, message authentication and key exchange algorithms. https://www.openssl.org/docs/manmaster/apps/ciphers.html
Economic Aspects Who issues certificates? What does it take to get a certificate?
Certificate Authorities Commercial CA Free CA Private CA
Commercial CA Build trust by undergoing audits, e.g. WebTrust Follow guidelines based on CA/Browser Forum Certificate types: Domain Certificate Multi-Domain Certificate Wildcard Certificate Extended Validation Certificate Limited Lifetime
Commercial CA Market Fragmented depending on use case: Digital signatures SSL Certificates W3Techs: Usage of SSL certificate authorities for websites from http://w3techs.com/technologies/overview/ssl_certificate/all
Commercial CA Example SwissSign Pricing: Depending on certificate type Range from 160.- CHF to 750.- CHF Process to get a certificate Buy a certificate license Create User-Account Use license to order a certificate Send signed application form Send copy of passport of requesting person Send copy of passport of domain owner Optional: Send copy of passport of company owner / representative Optional: New companies (under 3 years): confirmation of the bank
Alternative: Free CAs CAcert.org "Let's encrypt"
Private CA + Cheaper + Faster to Install - Only for your Organization - You must protect your Private Key
Questions?
Discussion
Do you care about your trusted CA s?
Is it justified to pay for certificates?
Should the government be involved in digital certificates?
Where do you see security problems?