Public Key Infrastructure (PKI)

Similar documents
Purpose of PKI PUBLIC KEY INFRASTRUCTURE (PKI) Terminology in PKIs. Chain of Certificates

CSC/ECE 574 Computer and Network Security. What Is PKI. Certification Authorities (CA)

10/6/2015 PKI. What Is PKI. Certificates. Certification Authorities (CA) PKI Models. Certificates

How To Make A Trustless Certificate Authority Secure

Key Management and Distribution

Network Security: Public Key Infrastructure

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, Page 1

Public Key Infrastructure

Certificates. Noah Zani, Tim Strasser, Andrés Baumeler

An LDAP/X.500 based distributed PGP Keyserver

Key Management and Distribution

Standards and Products. Computer Security. Kerberos. Kerberos

Introduction to Network Security Key Management and Distribution

Asymmetric cryptosystems fundamental problem: authentication of public keys

Cryptography and Network Security Chapter 14. Key Distribution. Key Management and Distribution. Key Distribution Task 4/19/2010

APNIC Trial of Certification of IP Addresses and ASes

Cryptography and Network Security Chapter 14

CS 356 Lecture 28 Internet Authentication. Spring 2013

Key Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution.

CSE543 - Introduction to Computer and Network Security. Module: Public Key Infrastructure

Neutralus Certification Practices Statement

Ericsson Group Certificate Value Statement

Windows Server 2008 PKI and Certificate Security

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

Lecture VII : Public Key Infrastructure (PKI)

Certification Path Processing in the Tumbleweed Validation Authority Product Line Federal Bridge CA Meeting 10/14/2004

Part III-a. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

7 Key Management and PKIs

PKI and OpenSSL part 1 X.509 from the user s and the client software s point of view

Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 15.1

Certificate Path Validation

Public Key Infrastructure (PKI)

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

A PKI For IDR Public Key Infrastructure and Number Resource Certification

Public Key Infrastructure. A Brief Overview by Tim Sigmon

PUBLIC-KEY CERTIFICATES

associate professor BME Híradástechnikai Tanszék Lab of Cryptography and System Security (CrySyS)

TELSTRA RSS CA Subscriber Agreement (SA)

Certificate Policy for OCES Employee Certificates (Public Certificates for Electronic Services) Version 5

Certificate Policy for. SSL Client & S/MIME Certificates

SSL Protect your users, start with yourself

Lecture 13. Public Key Distribution (certification) PK-based Needham-Schroeder TTP. 3. [N a, A] PKb 6. [N a, N b ] PKa. 7.

CS Network Security: Public Key Infrastructure

A PKI case study: Implementing the Server-based Certificate Validation Protocol

Introduction to Cryptography

Certificates and network security

Network Automation 9.22 Features: RIM and PKI Authentication July 31, 2013

encryption keys, signing keys are not archived, reducing exposure to unauthorized access to the private key.

prefer to maintain their own Certification Authority (CA) system simply because they don t trust an external organization to

How To Understand And Understand The Security Of A Key Infrastructure

Optimized Certificates A New Proposal for Efficient Electronic Document Signature Validation

NIST Test Personal Identity Verification (PIV) Cards

Programme of Requirements part 3h: Certificate Policy Server certificates Private Services Domain (G3)

Introduction to Public Key Technology and the Federal PKI Infrastructure 26 February 2001

Authentication Applications

Certificate Policy for OCES personal certificates (Public Certificates for Electronic Services)

Certification Practice Statement

HKUST CA. Certification Practice Statement

Reducing Certificate Revocation Cost using NPKI

SBClient SSL. Ehab AbuShmais

Security Digital Certificate Manager

Security Digital Certificate Manager

Ciphermail S/MIME Setup Guide

UNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION

Public Key Infrastructure for a Higher Education Environment

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION

CERTIFICATION PRACTICE STATEMENT UPDATE

Concept of Electronic Approvals

Public-Key Infrastructure

Certificates, Certification Authorities and Public-Key Infrastructures

CALIFORNIA SOFTWARE LABS

1. Lifecycle of a certificate

Configuring Digital Certificates

Lecture 10 - Authentication

Single Sign-on Integration With PKI

X.509 Certification Practices Statement for the U.S. Government Printing Office Principal Certification Authority (GPO-PCA)

The basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.

ehealth Ontario PKI Certification Policy Manual

TeliaSonera Public Root CA. Certification Practice Statement. Revision Date: Version: Rev A. Published by: TeliaSonera Sverige AB

CMS Illinois Department of Central Management Services

Test Plan for Department of Defense (DoD) Public Key Infrastructure (PKI) Interagency/Partner Interoperability. Version 1.0.3

Class 3 Registration Authority Charter

CSC574 - Computer and Network Security Module: Public Key Infrastructure

Certipost Trust Services. Certificate Policy. for Lightweight Certificates for EUROCONTROL. Version 1.2. Effective date 03 May 2012

Authentication Applications

PKI - current and future

Digital Signatures in a PDF

Transcription:

Public Key Infrastructure (PKI) Reading Chapter 15 1

Distributing Public Keys Public key cryptosystems allow parties to share secrets over unprotected channels Extremely useful in an open network: Parties are not under a single manager Symmetric keys cannot be shared beforehand How to distribute public keys? Not a problem of secrecy (symmetric key) A problem of legitimacy (identity binding) 2

Certification Public keys must be certified, i.e., an authenticated statement like public key PA belongs to user A must be made by a trusted party. The Public Key Infrastructure defines: The set of trusted parties or a mechanism to infer trust An authentication/certification algorithm 3

What is a (Certificate based) PKI Structure and components to securely distribute public keys Repository for certificates Retrieving and delivering certificates to clients Methodology for registering clients, and revoking certificates Methodology for verifying a certificate (a trust chain) 4

Example Certificate Alice info & PK A [Alice, Charlie, info, PK A ] SK-C Charlie info Identity of the public key holder (Subject) The Encrypted Signature Identity of the Certifying Authority (Issuer) 5

Verifying a Certificate 1. Hash the certificate body with the appropriate hashing algorithm The body of the certificate is typically all the information except: The signature algorithm and heading before signature The signature 2. Use issuer s public key to decrypt signature 3. Verify decrypted signature in 2 with hash in 1. 6

Terminology If Alice signs a certificate for Bob, Alice is the issuer, Bob is the subject If Alice wants to find a trusted path to Bob s key, Bob s name is the target A verifier evaluates a certificate or a chain of certificates Anyone having a public key is a principal A trust anchor is a public key that the verifier has decided is trusted 7

PKI Trust Models Monopoly model Oligarchy model Anarchy model 8

Monopoly Model A central Certification Authority (CA) is: universally trusted its public key is known to all The central CA signs all public key certificates, or delegates its powers: to lower level CAs: Certificate chaining to registration authorities (RAs): check identities, obtain and vouch for public keys This is a flat trust model. 9

Problems with Monopoly Model Can there be a universally trusted organization? Key of the monopoly entity would be difficult to change as it would be embedded in many systems Problems of the monopoly entity being corrupt, excessive charges, etc. What is the mechanism for getting a certificate? How do I verify my identity How do I provide my public key 10

Oligarchy Model A number of root CAs known in advance Certificate chaining is supported Web browsers support oligarchic PKIs Come preconfigured with many trust anchors, trusted by the product vendor For Firefox, check Certificates by following Options- >Advanced->Encryption->View Certificates Similarly, you can check Certificates on IE More security problems than the monopoly model more points of failure The X.509 PKI is oligarchic 11

Anarchy Model Each user is fully responsible for deciding its trust anchors (roots). For example, PGP (Pretty Good Privacy) Practical for individual communication Put your public key in your e-mail signature or website Call user to verify PK fingerprint Impractical for automated trust inference How to decide that a certificate chain is trustworthy? web of trust versus hierarchical trust model 12

Assumptions: Constrained Naming PKIs X.509 and other oligarchic PKIs cannot handle a very complex world without becoming very complex themselves Many certification needs are inherently local Local certification and local naming uniqueness can be maintained with minimal effort Global naming conventions exist (e.g.: DNS) If public keys need global certification, then rely on relationships to infer trust 13

Top-Down Constrained Naming Similar to oligarchic/ monopoly model, but delegation takes place with domain name constraints: /.com.edu.uk.co.uk.microsoft.com.fsu.edu.amazon.co.uk 14

Bottom-Up Constrained Naming Each organization creates an independent PKI and then link to others: Top-down links: Parent certifies child Bottom-up links: Child attests parent Cross-links: A node certifies another node To certify a node N: 1. Start from your trust anchor: if it is also an ancestor to N, just verify the delegation chain 2. If (1) fails, query your trust anchor for a cross-link to an ancestor of N 3. Else repeat using the parent of your trust anchor. 15

Example.edu.com.edu/.fsu.com/.symantech.com/.apple.edu/.fsu/.math.edu/.fsu/.cs.com/.symantech/.nav.edu/.fsu/.cs/.diablo.edu/.fsu/.cs/.192.x 16

Advantages of Constrained Naming PKIs Simple and flexible Locally deployable Compartmentalized trust Easy to replace keys at local levels Lightweight and fast revocation Non-monopolistic, open architecture PKIX/X.509 (oligarchic) has recognized the advantages of constrained naming, and support it through the NameConstraints field. 17

Relative Names Aliases, shorthand forms or non-global names that are locally understood: Parent may refer to each child simply the part of the child s name that extends of its own name Child refers to parent simply as parent Think of how file systems work Cross links can use global names (absolute paths) or relative names SPKI certificates support relative names 18

Certificate Revocation As the trusted parties multiply, so does the possibility of having to revoke trust Private key of user compromised: Revocation of user certificate Publication of revoked certificates: Certificate revocation lists, or CRLs. Private key of trusted party compromised: Update of CA s public key Re-certification of existing certificates? Timestamping? 19

Certificate Revocation CRLs: Signed, time-stamped list of all revoked certificates Cost to generate and verify a CRL is proportional to the number of all revoked certificates CRLs: Publish only changes from a latest full CRL OLRS (On-line Revocation Server) Affirmation of valid certificates 20

Directories Other Issues A standardized mechanism for querying names is required for some PKIs (e.g. constrained names) E.g.: DNS directory service Should a certification record be stored with the issuer or subject of the certification? Certificate chaining: To certify Alice -- start with Alice s name and go up (forward building) or with our trust anchor and down (reverse building)? 21

X.509 Certificate Management Protocol (CMP: RFC 2510) Online Certificate Status Protocol (OCSP: RFC 2560) Certificate Management Request Format (CRMF: RFC 2511) Time-Stamp Protocol (RFC 3161) Certificate Management Messages over CMS (RFC 2797) Internet X.509 Public Key Infrastructure Time Stamp Protocols (RFC 3161) Use of FTP and HTTP for transport of PKI operations (RFC 2585) 22

X.509 PKIX Working Group (established 1995) Goal: develop Internet standards needed to support an X.509-based PKI: RFC 2459, profiled X.509 version 3 certificates and version 2 CRLs for use in the Internet. Profiles for the use of Attribute Certificates (RFC XXXX [pending]) LDAP v2 for certificate and CRL storage (RFC 2587) X.509 Public Key Infrastructure Qualified Certificates Profile (RFC 3039) Internet X.509 Public Key Infrastructure Certificate Policy and certification Practices Framework (RFC 2527 - Informational) 23

X.509 The IETF chose to use X.500 naming standards for certificates C=US, O=Sun, OU=Java, CN=java.sun.com Browsers know websites by DNS names, not X.500 names Initial browser implementations did not check CN. Today, DNS names are included either in CN or in SubjectAltName field Rationale: DNS does not support certificate lookup 24

X509 + PKIX Certificates Version SerialNumber Signature Issuer Validity Subject SubjectPublicKeyInfo IssuerUniqueIdentifier SubjectUniqueIdentifier AlgorithmIdentifier Encrypted Extensions AuthorityKeyIdentifier SubjectAltName SubjectKeyIdentifier KeyUsage CertificatePolicies PolicyMappings NameConstraints... 25

X.509 Certificate Version Serial Number Signature Issuer Validity Subject Subject Public Key Info Issuer Unique ID Subject Unique ID Extensions Certificate Version (e.g. X.509_v3) Unique Identifier for the Certificate ID of the Algorithm Used to Sign the Certificate Unique Name of the Certificate Issuer Time Period of Certificate Validity Unique Name of the Certificate Owner Public Key and Algorithm ID of the Owner Optional Unique ID of the Certificate Issuer Optional Unique ID of the Certificate Owner Optional Extensions 26

Reading Assignment Chapter 17 27

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information