PKI CA CSH 6 Chapter 37 PKI Certificate
- Slides: 45
PKI & CA CSH 6 Chapter 37 “PKI & Certificate Authorities” Santosh Chokhani, Padgett Peterson, & Steven Lovaas 1 Copyright © 2020 M. E. Kabay. All rights reserved.
Topics Ø Introduction Ø Need for PKI Ø Public Key Certificate Ø Enterprise Public Key Infrastructure Ø Certificate Policy Ø Global PKI Ø Forms of Revocation Ø Rekey Ø Key Recovery Ø Privilege Management Ø Trusted Archival Services & Trusted Time Stamps Ø Cost of PKI 2 Copyright © 2020 M. E. Kabay. All rights reserved.
Introduction ØOverview ØSymmetric Key Cryptography ØPublic Key Cryptosystem ØAdvantages of PKC over SKC ØCombination of the Two 3 Copyright © 2020 M. E. Kabay. All rights reserved.
Overview Ø Early days of encryption across Internet q. Individuals q. Pretty Good Privacy (PGP) q. Web of trust Ø Today’s encryption much more complex q. Formalized q. Organizational q. Fundamentally concerned with trust relationships Ø Key applications include q. Data in flight (networking) q. Data at rest (storage) See CSH 6 Chapters 7: Encryption 32: VPNs & Secure Remote Access 4 Copyright © 2020 M. E. Kabay. All rights reserved.
Symmetric Key Cryptography 5 Copyright © 2020 M. E. Kabay. All rights reserved.
Public Key Cryptosystem 6 Copyright © 2020 M. E. Kabay. All rights reserved.
Advantages of PKC over SKC Ø PKC requires fewer keys to manage q. Total keys 2 n (Cf SKC with ½n(n-1) ≈ ½n 2) Ø Can focus on authenticating only public keys Ø No secret keys transmitted over networks q. Not susceptible to compromise even if public keys must be changed Ø Public keys can be used to encrypt temporary session keys for one-time use Ø Session keys allow PKC to encrypt message for multiple recipients easily 7 Copyright © 2020 M. E. Kabay. All rights reserved.
Combination of the Two Ø Usual implementation of PKC uses symmetric algorithm for session key q. Computationally less onerous q. Encrypt session key with asymmetric key Ø Digital signing uses similar method q. Encrypt secure hash of document q. Decrypt encrypted hash to verify data integrity and authenticity of text 8 Copyright © 2020 M. E. Kabay. All rights reserved.
Need for PKI Ø Everything in PKC depends on trustworthiness (authenticity) of the public key (certificate) q. If someone posts a public key in victim’s name, can üIntercept encrypted content intended for spoofed victim üIssue fraudulent content in victim’s name Ø Similar problems with Secure Sockets Layer (SSL) v 2 Ø Develop chain of trust for certificates (value signed by public keys) 9 Copyright © 2020 M. E. Kabay. All rights reserved.
Public Key Certificate (1) Ø Certification authority (CA) issues signatures for public keys Ø Standard is ANSI X. 509 (IETF RFC 5280) q. Described in Abstract Syntax Notation (ANS. 1) q. Often encoded in MIME (Multipurpose Internet Mail Extensions) to use only ASCII characters Ø Trust the root & you can trust the issued keys 10 Copyright © 2020 M. E. Kabay. All rights reserved.
Public Key Certificate (2) Every CA’s certificate has list of key info: Ø Version # Ø Certificate serial # Ø Algorithm Ø CA name Ø Validity period for certificate Ø Subscriber name Ø Subscriber public key, PK algorithm, parameters Ø CA unique ID (optional) Ø Extensions (optional) Ø CA’s digital signature 11 Copyright © 2020 M. E. Kabay. All rights reserved.
Certificate Revocation List Ø CRL is list of revoked certificates Ø Must check CRL before trusting public key Ø X. 509 v 2 CRL contains q Version # of CRL standards q Algorithm & parameters for CA signature q CA name q CRL issuance time q Next CRL issuance time (optional) q List of revoked certificates with each ü Certificate serial # ü Time CA notified of revocation ü Extensions (optional) q Extensions related to CRL (optional) q CA’s digital signature 12 Copyright © 2020 M. E. Kabay. All rights reserved.
Enterprise Public Key Infrastructure 13 Copyright © 2020 M. E. Kabay. All rights reserved.
Certificate Policy (1) Ø Private keys must be q. Kept confidential q. Used only by owners of keys Ø Trust anchors’ public key integrity must be assured Ø Initial authentication of subscriber q. Must be strong q. Must prevent identity theft at time of certificate creation Ø CA & RA (Registration Authority) computer systems must be protected against tampering Ø Requirements for level of trust must be defined 14 Copyright © 2020 M. E. Kabay. All rights reserved.
Certificate Policy (2) 15 Copyright © 2020 M. E. Kabay. All rights reserved.
Global PKI ØLevels of Trust ØProofing ØTrusted Paths ØChoosing a PKI Architecture ØCross-Certification ØPKI Interoperability 16 Copyright © 2020 M. E. Kabay. All rights reserved.
Levels of Trust Ø OMB M 04 -04 § 2. 1 basic levels of trust: q. Level 1: Little or no confidence in asserted identity’s validity q. Level 2: Some confidence q. Level 3: High confidence q. Level 4: Very high confidence 17 Copyright © 2020 M. E. Kabay. All rights reserved.
Proofing Ø Vetting (proofing) requires increasingly thorough background checking of identity 18 Copyright © 2020 M. E. Kabay. All rights reserved.
Trusted Paths 19 Copyright © 2020 M. E. Kabay. All rights reserved.
Choosing a PKI Architecture ØStrict Hierarchy ØBridge ØMultiple Trust Anchors ØMesh (Anarchy, Web) ØMaking a Choice 20 Copyright © 2020 M. E. Kabay. All rights reserved.
Strict Hierarchy 21 Copyright © 2020 M. E. Kabay. All rights reserved.
Hierarchy Ø Strict hierarchy requires public key of common ancestor as trust anchor q. Thus single root is trust anchor Ø Nonstrict hierarchy allows any CA to be trust anchor q. Usually local CA becomes trust anchor q. Local CA is CA that issued certificate to a relying party 22 Copyright © 2020 M. E. Kabay. All rights reserved.
Bridge 23 Copyright © 2020 M. E. Kabay. All rights reserved.
Multiple Trust Anchors Ø Relying party obtains public keys of many CAs q. Must use secure method q. Each key becomes a trust anchor Ø Helpful for situations where CAs cannot cross -certify each other 24 Copyright © 2020 M. E. Kabay. All rights reserved.
Mesh (Anarchy, Web) ØWeb of trust ØAny CA can trust any other ØOriginal concept underlying PGP ØNot scalable (WHY NOT? ) 25 Copyright © 2020 M. E. Kabay. All rights reserved.
Making a Choice Ø Factors q. Management culture q. Organizational politics q. Certification path size q. Subscriber population distribution q. Revocation information Ø Often end up with multiple CAs 26 Copyright © 2020 M. E. Kabay. All rights reserved.
Cross-Certification (1) Ø Simplest case: q. Two CAs grant the other a certificate Ø Problems q. Incompatible PKI products q. Incompatible certification policies üMust review policies üNeed equivalent, not identical policies q. Use name constraints extension in X. 509 v 3 certificates üTrust each others’ domain names 27 Copyright © 2020 M. E. Kabay. All rights reserved.
Cross-Certification (2) 28 Copyright © 2020 M. E. Kabay. All rights reserved.
Cross-Certification (3) 29 Copyright © 2020 M. E. Kabay. All rights reserved.
PKI Interoperability Factors Ø Trust Path Ø Cryptographic Algorithms Ø Certificate & CRL Formats Ø Certificate & CRL Dissemination Ø Certificate Policies Ø Names 30 Copyright © 2020 M. E. Kabay. All rights reserved.
Forms of Revocation Ø Types of Revocation-Notification Mechanisms Ø Certificate Revocation Lists & Variants Ø Server-Based Revocation Protocols Ø Summary of Recommendations 31 Copyright © 2020 M. E. Kabay. All rights reserved.
Types of Revocation-Notification Mechanisms Ø Concerns about CRLs have led to variations for checking validity of certificates Ø Online Certificate Status Protocol (OCSP) q. RFC 2560 Ø Directory-based verification & revocation Ø B-tree revocation lists 32 Copyright © 2020 M. E. Kabay. All rights reserved.
Certificate Revocation Lists & Variants Ø Most versatile, effective & recommended Ø Variations q. Full & complete CRL (rare) üAll certificates, revoked and valid üMost CRLs have only recent revocations q. Authority revocation list (ARL) – usually short üRevocations only for CAs üDon’t use X. 509 v 1 ARL – only X. 509 v 2, which distinguishes between CRL & ARL q. Distribution-point CRL: allows partitions for shorter lists q. Delta CRL: changes only since last CRL 33 Copyright © 2020 M. E. Kabay. All rights reserved.
Server-Based Revocation Protocols Ø Servers provide revocation info; e. g. , q On-Line Certificate Status Protocol (OCSP) q Simple Certificate Validation Protocol (SCVP) Ø Flaws q Need to secure channel to server q Computationally intensive digital signature generation makes system difficult to scale q Need trusted servers Ø Useful when need to q Have thinnest possible PKI clients q Generate revenue for CA services q Check changing credentials q Update changing credentials 34 Copyright © 2020 M. E. Kabay. All rights reserved.
Summary of Recommendations for CRLs Ø Use combination of Ø CRLs Ø Replication of CA directory entry for fast access Ø ARLs & their consolidation Ø Consolidation of reason-codes of key compromise in a domain q Use Distribution Point extension q Issue CRL frequently Ø Partition routine revocation info using Distribution Point CRLs if CRLs become too large Ø Store plaintext CRLs for fast searching Ø Eliminate private information to eliminate need for authentication when searching CRLs 35 Copyright © 2020 M. E. Kabay. All rights reserved.
Recommendations 36 Copyright © 2020 M. E. Kabay. All rights reserved.
Rekey Ø Public key certificates eventually expire q. Thus need new PK certificates Ø Don’t use PKs longer than estimated time for brute-force cryptanalysis q. Cryptanalysis threat period q. Shortens all the time as computational power increases Ø Current estimates q 1024 bit RSA key → 25 years in 2009 & 1. 5 now Why? q. Therefore worthwhile recertifying keys üReduce number of keys necessary to access or validate older files/messages 37 Copyright © 2020 M. E. Kabay. All rights reserved.
Estimating Brute-Force Cracking time 38 Copyright © 2020 M. E. Kabay. All rights reserved.
Key Recovery (1) Ø Distinguish between signing keys & data encryption keys q. Signing keys must never be subject to key recovery! q. Data encryption keys may be protected by key recovery Ø Key escrow q. Provide private decryption key to key recovery agent (KRA) Ø Key encapsulation q. Encrypt private decryption key using KRA’s public key 39 Copyright © 2020 M. E. Kabay. All rights reserved.
Key Recovery (2) Ø Avoiding giving KRA control Ø May not want KRA to have unfettered access to decryption key Ø So can q. Superencrypt üEncrypt using 2 keys üRequires collaboration to get key q. Split the key: Shamir’s n out of m rule üSend parts of key to m recipients üRequire at least n recipients to collaborate in restoring key 40 Copyright © 2020 M. E. Kabay. All rights reserved.
Privilege Management 41 Copyright © 2020 M. E. Kabay. All rights reserved.
Trusted Archival Services & Trusted Time Stamps Ø PKI does not prevent alteration or spoofing q. Merely detects them Ø Could also challenge digital signature after expiry of cryptanalysis threat period Ø But can use trusted archival services q. Need to provide storage of signed materials q. Trustworthy assurance of error-free transcription from medium to medium over time as media degrade & technologies change q. Can add functions of trusted time stamps 42 Copyright © 2020 M. E. Kabay. All rights reserved.
Cost of PKI Ø Compare costs of PKI with costs of not having PKI! q. Scalability is key factor: n vs n 2 keys Ø Consider consequences of untrusted digital communications q. Continued dependence on trust M. E. Kabay’s question sent in 2001 to Norwich University authorities who resisted digital signatures on documents sent by e-mail: How is depending on pigment smeared through a hole in the end of a stick onto compressed fibers from dead plants supposed to engender more trust in the authenticity and integrity of a document than cryptographically sound digital signatures? 43 Copyright © 2020 M. E. Kabay. All rights reserved.
Prof Kabay’s Notes on HR v IT for CA Ø IT q. Can support software for issuing and revoking certificates q. But have no information about new hires, changes of position, authorization as CAs, deauthorization or firing Ø HR q. Equipped to handle all employee-related issues q. Issuing/revoking certificates run by software q. Therefore appropriate CAs 44 Copyright © 2020 M. E. Kabay. All rights reserved.
Now go and study 45 Copyright © 2020 M. E. Kabay. All rights reserved.
Automatic key recovery agent
Cshcshcshksh
Chicago central referral system
Csh inspections
Csh
Nnc
Pki tutorial
Pki deployment
Pgp vs pki
Pki définition
Pki assessment guidelines
Pki advantages and disadvantages
Moore technologies
Pki sertifikat
Fonvalmed
Sip2sip
Pki architecture diagram
C[pki
Scott rea
Kerberos pki
Paulo magina
Bobintranet
Pki
Pemipin pembrontakan pki adalah....
Arquitectura pki
Node-forge
Rfc 2459
Pki-025
Pgp vs pki
E pki
Pki itu
Youth readiness course
Certificate of creditable tax withheld at source 2307 form
Paul harris fellow certificate template
Building valuation certificate
Tse/bse free meaning
Certificate of origin
Acute medicine sce pass mark
Work in a person centred way care certificate
Care certificate and code of conduct standards include
Safeguarding children care certificate
Care certificate privacy and dignity
Care certificate 13
Equality and diversity care certificate
Care certificate equality and diversity
Duty of care care certificate
