query certificate manager l.
Skip this Video
Loading SlideShow in 5 Seconds..
Query Certificate Manager PowerPoint Presentation
Download Presentation
Query Certificate Manager

Loading in 2 Seconds...

play fullscreen
1 / 33

Query Certificate Manager - PowerPoint PPT Presentation

  • Uploaded on

Query Certificate Manager. Carl A. Gunter Trevor Jim. cert. cert. cert. Using Certificates (Digital or Otherwise). Example: Area 1 parking stickers in Philadelphia. Example: mortgage pre-approval. Subscriber. query. Relying Party. cert. cert. cert. cert. Issuer. Issuer. Issuer.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

Query Certificate Manager

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
query certificate manager

Query Certificate Manager

Carl A. Gunter

Trevor Jim

using certificates digital or otherwise




Using Certificates (Digital or Otherwise)
  • Example: Area 1 parking stickers in Philadelphia.
  • Example: mortgage pre-approval.



Relying Party









basic application independent authorization architecture



Basic Application-Independent Authorization Architecture










domain specific languages for authorization policies
Domain Specific Languages for Authorization Policies
  • PolicyMaker.
  • Simple Distributed Security Infrastructure (SDSI).
  • Query Certificate Manager (QCM).
  • Simple Public Key Infrastructure (SPKI).
  • Keynote.

1996 M Blaze, J Feigenbaum, J Lacy

1997 B Lampson, R Rivest

1997 C Gunter and T Jim

1998 CM Ellison, B Frantz, B Lampson, R Rivest, BM Thomas, T Ylonen

1998 M Blaze, J Feigenbaum, J Ioannidis, AD Keromytis

retrieval challenge
Retrieval Challenge
  • Describing authorization policy isn’t the only problem.
  • How do the subscriber and relying party obtain the certificates relevant to the policy?
  • Examples
    • Entrust, Oscar (LDAP)
    • PGP (Key servers)
  • Problem: retrieval is not integrated with verification.
options for retrieval
Options for Retrieval
  • General mirroring by relying party. (Simple, but limited and inefficient.)
  • Individual short-term certificates. (Pressure on issuer’s server.)
  • Subscriber submits long-term certificates to relying party. (Revocation challenge.)
illustration qcm daemon for abone access control
Illustration: QCM Daemon for ABONE Access Control
  • ABONE is the active network testbed.
  • ACL’s at ABONE nodes were initialized by ANETD installation and then managed manually.
  • This was not convenient.
  • Now QCMD automatically synchronizes local ACL with SRI ACL, which provides access control policy for all nodes.

ANETD: 1997 L Ricciulli

QCMD: 1999 P Kakkar, M McDougall, CA Gunter, T Jim

requirements imposed on qcmd
Requirements Imposed on QCMD
  • No changes to ANETD.
  • No changes to keys: based on RSA Ref.
  • Scalability to 1000 nodes.
  • Simple implementation providing basic security.
  • Upgrade path to support additional functionality.
qcmd client options
QCMD Client Options
  • Pull: node periodically instigates update by sending a hash of its current ACL. This is compared to hash of SRI ACL; update occurs if they don’t match.
  • Push: node registers with SRI server.
    • Server updates node initially and whenever the server ACL changes.
    • Server periodically clears registry; clients periodically re-register.
implementation and deployment of qcmd
Implementation and Deployment of QCMD
  • Tests with mixed Penn clients and Aerospace server show 500 nodes are not a problem.
  • Deployed on Cairn and the ABONE.
limitations of qcmd
Limitations of QCMD
  • Limited integration with ANETD means limited capabilities.
  • Individual certificates are not supported.
  • Keys must be online.
  • Little local autonomy for authorization or retrieval policy.
query certificate manager qcm
Query Certificate Manager (QCM)
  • QCM is a superset of QCMD.
  • Uses domain-specific language and techniques from distributed databases.
  • Integrates authorization policy and the three primary retrieval mechanisms.
  • Key concepts:
    • Policy-directed certificate retrieval.
    • Dynamic channel discovery.
    • Chaining (transparent delegation).

1998 CA Gunter and T Jim

policy directed certificate retrieval
Policy-Directed Certificate Retrieval









Retrieval and


Retrieval and


qcm notation
QCM Notation
  • K$u --- pronounced “K’s u”.
    • K is a principal
    • u is a global name
  • {(x ,y) | x v, y K$u} --- set comprehension: “all pairs (x,y) such that x is in v and y is in K$u.”
  • A QCM policy is a list of bindings of global names to sets.
illustration web filtering in qcm
Illustration: Web Filtering in QCM


OK =

{ p | (p,"G") <- Ratings };

Ratings =

{ x | ("Alice",k) <- PKD,

x <- k$Ratings };

PKD = Keyserver$PKD;


challenge of long term certificates
Challenge of Long-Term Certificates
  • Premise: most principals are authorized for a substantial period of time.
  • Strategy: issue long-term certificates and revoke privileges for principals as necessary.
  • Relying parties must check to see if a certificate has been revoked.
  • Window of vulnerability created.
revocation is costly for retrieval
Revocation is Costly for Retrieval
  • A MITRE study to recommend a PKI for the U.S. Government noted:

Certificate revocation list distribution is by far the biggest cost driver associated with the operation of the PKI. Requiring that every request to the directory service for a certificate be accompanied by a similar request for the CRL on which that certificate may appear places an extremely heavy burden on the directory communications system... Other ways of dealing with the CRL's must be considered.

crl retrieval strategies
CRL Retrieval Strategies

A variety of ways to optimize CRL distribution have been explored.

  • Distribution points.
  • Delta CRL’s.
  • Indirect CRL’s.
  • Unreliable (push) CRL distribution.
revocation also introduces semantic challenges
Revocation Also Introduces Semantic Challenges
  • Three certificates.
    • Q says P is the public key of Alice.
    • R says P is the public key of Alice.
    • Q says R is the public key of Bob.
  • Three kinds of revocation.
    • P is not the public key of Alice. (3 not 2.)
    • Q no longer vouches for whether P is the public key of Alice. (2 and 3.)
    • The key of Q has been compromised. (2 not 3.)


1998 Fox and LaMacchia

challenge of integrating revocation with chaining
Challenge of Integrating Revocation with Chaining
  • Using “push” certificates entails working with partial information.
  • This must be integrated with chaining, where information is retrieved by the relying party.
  • QCM solves this problem with a monotonicity invariant. Responses are assumed to provide a lower approximation of the right answer.
  • Using long-term certificates entails working with revocation, which involves “negative information”.
  • Consider the following definitions:
    • School = Teachers  Administrators  Students
    • Employees = School – Students
  • Suppose Alice is given a certificate Alice  Students
  • And later the school revokes this with a certificate Alice  Students.
  • Alice uses the first to prove she is in the school and the second to prove she is an employee.
generalized certificate revocation for qcm
Generalized Certificate Revocation for QCM
  • General theory of negative data with model using sets.
  • Sound operational semantics.
  • Soundness enforced by typing rules assigning “polarities” to variables in an internal language.
  • General revocation policy obtained through compilation from an external language.

1999 CA Gunter, T Jim

external language online signing
External Language, Online Signing
  • Compromised keys are defined by the relying party.
  • The compiler replaces each expression e$u by {x | e  Compromised, x  e$u}.
  • Example
    • Read = {K1,K2}  Write
    • Write = {K3}  (Alice$Write)
    • Compromised = {K4}  Bureau$Compromised
external language offline signing
External Language,Offline Signing
  • Offline certificates may be revoked by the issuing party. Only certificates that require checks for revocation are issued.
  • A source policy is created. The compiler produces serial numbers and “revocable” certificates.
external language offline signing example
External Language, Offline Signing: Example
  • Source policy for principal K
    • OK = {K1,K2}
  • Target policy
    • OK  {K1 | n1  K$OKRevoked}
    • OK  {K2 | n2  K$OKRevoked}
  • K maintains OKRevoked. Relying parties whose QCM interpreters use these certificates will consult OKRevoked before making conclusions about membership in OK.
security model
Security Model
  • Positive variables are monotonic with respect to approximation. Negative variables are anti-monotonic with respect to approximation.
  • Thus positive variables must be under-estimated, while negative variables must be over-estimated.
  • These are the key theorems for the denotational semantics of the internal language.
  • The operational semantics (implementation) is shown to conform with the denotational.
internal language variables and constants
Internal LanguageVariables and Constants

Keys K  Key

Constants c  Key  Num  String  Bool

Comparables w ::= c | (w,…,w)

Positive variables x+

Negative variables x-

Variables x

Positive names u+

Negative names u-

Names u

Polarities  ::= 0 | + | -

internal language expressions
Internal LanguageExpressions

e ::= Variables x

Constants c

Qualified Names e$u

Enumerated Sets {e,…,e}

Tuples (e,…,e)

Set Unions Union(e)

Comprehensions {e | g,…,g}

Remote Evals e @ e

Co-finite Sets Compl{w,…w}

internal language the rest
Internal LanguageThe Rest

g ::= Generators p e

Guards e = e

e  e

e  e

p ::=Patterns x | (x,…,x)

d ::=Definitions u = e

P ::=Programs d,…,d

sample typing rules
Sample Typing Rules

e : 0

----- Subsumption

e : 

{e1 | g1,…,gn} :  x :  e2 : 


{e1 | x  e2, g1, …, gn} : 

Polarity for positive


{e1 | g1,…, gn} :  e3 : -


{e1 | e2  e3, g1, …, gn} : 

Polarity for positive


denotational semantics
Denotational Semantics
  • Denotational semantics in terms of a universal domain derived from a recursive domain equation.
  • Monotonicity Theorem:
    • Monotone in positive variables.
    • Anti-monotone in negative variables.
    • Related comparables are equal.
operational semantics
Operational Semantics
  • Operational semantics in terms of local and global operational rules.
  • Local Soundness Theorem: Denotational meaning is preserved by the local operational rules.
  • Soundness Theorem: Global operational rules provide approximations with proper polarity.
  • Policy-directed certificate retrieval is possible for long-term certificates with revocation.
  • Compilation architecture aids convenience, but decreases flexibility.
  • Precise model of security essential.