Cunsheng Ding, HKUST
Lecture 06: Public-Key Infrastructure Main Topics of this Lecture 1. Digital certificate 2. Certificate authority (CA) 3. Public key infrastructure (PKI) Page 1
Part I: Digital Certificates Page 2
What is a Digital Certificate? Definition: Digital certificates authenticate that their holders are truly who and what they claim to be. Protect data exchanged online. They are tamper-proof and cannot be forged. Real world example: passport Page 3
Types of Digital Certificate? Server certificates, and personal certificates (e.g., containing a public key). Page 4
Client Certificates Also called personal or browser certificates Signing certificate: bound to key-pair used for digital signatures Encrypting certificate: bound to key-pair used for encryption. Remark: Extensive support found in SSL/TLS Question: Any standard on the format of digital certificates? Page 5
The X.509v3 Certificate Public Key of Subject: main payload of certificate Subject and Issuer Information: X.500 Distinguished Name (DN) Comprised of multiple Relative DNs (RDNs) C = country, ST = state, L = locale, O = organiz. OU = organization unit, CN = common name Digital Signature of the Certificate Authority: The message digest of the certificate encrypted with issuer s private key. Page 6
X.509v3 Format Version/Serial Number hashing algorithm Signature Algorithm Identifier Issuer C=US O=RSA Security OU=Secure Certificate Authority message digest Period of Validity Subject C=US ST=NY L=Albany O=OFT CN=John Doe Subject s Public Key Signature of Issuer Issuer s private key Page 7
X.509v3 Key Usage Extensions Definition: A key usage extension defines for which applications and under which policies a certificated public key can be used. Examples: Digital signature, nonrepudiation, key encryption, data encryption, key agreement, CA signature verification on certificates, CA signature verification on CRL. Usage extension: Any combination of the items above. Remark: CRL: Certificate Revocation List Page 8
Demonstration of Digital Certificates Go to: www.cs.ust.hkfaculty.php Click on some faculty s digital certificate and open the file. Page 9
Part II: Certificate Authority Page 10
Certificate Authority (1) It is a trusted third-party. It is responsible for verifying the identities of cryptographic key holders. (2) It issues digital certificates. Asserts that a public key is part of a key-pair held by an individual, organization, or other entity. (3) It publishes policy detailed in a Certification Practices Statement (CPS). Real World Example: HK Immigration Department. Page 11
Part III: Public Key Infrastructure Page 12
What is a Public Key Infrastructure Public-key infrastructure (PKI) is the combination of software, encryption technologies, and services that enables enterprises to protect the security of their communications and business transactions on the Internet. PKIs integrate digital certificates, public-key cryptography, and certificate authorities into a total, enterprise-wide network security architecture. Page 13
Elements of a Public Key Infrastructure Certificate Authority (CA): e.g., OpenSSL, Netscape, Verisign, Entrust, RSA Keon Public/Private Key Pairs - key management X.509 Identity Certificates - certificate management LDAP servers (LDAP: Lightweight Directory Access Protocol) Page 14
Why Do We Need Public Key Infrastructures (I) Authenticate identity: Digital certificates issued as part of your PKI allow individual users, organizations, and web site operators to confidently validate the identity of each party in an Internet transaction. Verify integrity: A digital certificate ensures that the message or document the certificate signs has not been changed or corrupted in transit online. Ensure privacy: Digital certificates protect information from interception during Internet transmission. Page 15
Why Do We Need Public Key Infrastructures (II) Authorize access: PKI digital certificates replace easily guessed and frequently lost user IDs and passwords to streamline intranet log-in security. Authorize transactions: With PKI solutions, your enterprises can control access privileges for specified online transactions. Support for nonrepudiation: Digital certificates validate their users identities, making it nearly impossible to later repudiate a digitally signed transaction, such as a purchase made on a web site Page 16
Issues Scalability: How many certificates can one CA manage? Administration: How to revoke already issued certificates? Trust: Why should I trust your CA? Page 17
Issues: PKI Scalability A large PKI requires distributed CAs Local, Reginal, National CAs International CAs Certificate Hierarchy Intermediate CA certificates are signed by the CA one-step up. End-user certificates are part of a certificate chain. Page 18
Certificate Hierarchy Root CA Intermediate CA Intermediate CA Local CA Local CA Local CA Local CA Certificate Page 19
Verifying Certificate Chains Entity accepting certificates must be able to verify CA in the chain. Should the entire chain be present during a handshake? Must distinguish types of certificates. Otherwise, end-users could sign bogus certificates. X.509v3 extensions indicate use of certificate. Page 20
Methods of Publishing Digital Certificates Without a 3rd party: Own web page, via FTP file With a 3rd party: Dedicated key server, directory Page 21
Why Distributed Digital Certificates on Server? Encrypt data for someone without prior contact. You do not have to store all keys yourself. Easier distribution of new keys and updates. Page 22
Directory as Key Server As a publishing medium for public keys and certificates. Users can put their public key certificate there. CAs may put their certificates there. The directory documents revocation of keys and/or certificates in the CRL. It documents status of a certificate at specific time. Page 23
Implementing PKIs PKI solutions, such as VeriSign OnSite, allow organizations to efficiently set up and maintain their own complete PKI, acting as a CA to issue certificates, while relying on expert services, technology, and practices for support. Before your organization can begin implementing PKI and acting as a CA in issuing certificates, you need to be able to issue certificates that contain company-specific identifying information, and you must be able to control who is issued a certificate. There are two main PKI options: open and closed PKI. Page 24
Open and Closed PKIs Closed PKI: With proprietary PKI software, you can issue digital certificates to a limited, controlled community of users. Applications - including those of extranet users and anyone else outside your enterprise with whom your employees need to communicate securely - need a special software interface from the PKI vendor to work with the certificates. Closed PKI systems require additional training, hardware, software, and maintenance. Open PKI: Applications interface seamlessly with certificates issued under an open PKI, the roots of which are already embedded. Open PKI systems allow enterprises to become their own CA, while taking advantage of the PKI vendor s service and support. Example, VeriSign OnSite. Page 25
Evaluating PKI Solutions (I) As the foundation for the security of your enterprise s Internet transactions, the success of your PKI will have a major impact on your business. Before implementing PKI solutions for your enterprise, there are six critical questions to ask: 1. How experienced is your PKI solution provider? Full PKI functionality can include a full range of services, including certificate issuance, administration, records retention, and key management. Can you rely on your provider for time-tested experience? 2. Will your PKI integrate with your existing applications? Some PKI solutions are based on proprietary desktop software, while others provide digital certificates that integrate with standard web browsers, email clients, and enterprise applications. Page 26
Evaluating PKI Solutions (II) 3. Can the PKI support all of your users? Information security is critical. Make sure your PKI will be available around the clock to employees, partners, and customers. Is it set up to handle disaster recovery? Hacker attacks? Unexpected peaks in demand? 4. Can your PKI grow with your business? As more and more users need digital certificates, can your PKI scale to accommodate demand? Page 27
Evaluating PKI Solutions (III) 5. How secure is the PKI s operating infrastructure? For most companies, operating a PKI presents a new and unique set of risk management challenges. CAs that support key applications use special cryptographic hardware to sign certificates. Is all of this hardware protected from theft? 6. Is your PKI ready for e-commerce? You may need your PKI to support an intranet at first, and then larger communities, such as an extranet for your suppliers and partners; VPNs for a worldwide network of offices, and even a world of e-commerce customers. Page 28