public key infrastructure x509 pki l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Public Key Infrastructure (X509 PKI) PowerPoint Presentation
Download Presentation
Public Key Infrastructure (X509 PKI)

Loading in 2 Seconds...

play fullscreen
1 / 52

Public Key Infrastructure (X509 PKI) - PowerPoint PPT Presentation


  • 252 Views
  • Uploaded on

Public Key Infrastructure (X509 PKI). Marco Casassa Mont. Trusted E-Services Laboratory - HP Labs - Bristol. Outline. Basic Problem of Confidence and Trust Background: Cryptography, Digital Signature, Digital Certificates (X509) Public Key Infrastructure (PKI)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Public Key Infrastructure (X509 PKI)' - issac


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
public key infrastructure x509 pki

Public Key Infrastructure (X509 PKI)

Marco Casassa Mont

Trusted E-Services Laboratory - HP Labs - Bristol

slide2

Outline

  • Basic Problem of Confidence and Trust
  • Background: Cryptography, Digital Signature,

Digital Certificates

  • (X509) Public Key Infrastructure (PKI)
  • (X509) PKI: Trust and Legal Issues
slide4

Intranet

Extranet

Internet

Bob

Alice

Basic Problem

Bob and Alice want to exchange data in a digital world.

There are Confidence and Trust Issues …

slide5

Intranet

Extranet

Internet

Alice

Bob

Confidence and Trust Issues

  • In the Identity of an Individual or Application

AUTHENTICATION

  • That the information will be kept Private

CONFIDENTIALITY

  • That information cannot be Manipulated

INTEGRITY

  • That information cannot be Disowned

NON-REPUDIATION

slide6

Starting Point:

Cryptography

slide7

Starting Point: Cryptography

Cryptography

It is the science of making the cost of acquiring or altering data greater than the potential value gained

Cryptosystem

It is a system that provides techniques for mangling a message into an apparently intelligible form and than recovering it from the mangled form

Plaintext

Encryption

Ciphertext

Decryption

Plaintext

&$*£(“!273

Hello World

Hello World

Key

Key

slide8

Cryptographic Algorithms

All cryptosystems are based only on three Cryptographic Algorithms:

MESSAGE DIGEST (MD2-4-5, SHA, SHA-1, …)

Maps variable length plaintext into fixed length ciphertext

No key usage, computationally infeasible to recover the plaintext

SECRET KEY (Blowfish, DES, IDEA, RC2-4-5, Triple-DES, …)

Encrypt and decrypt messages by using the same Secret Key

PUBLIC KEY (DSA, RSA, …)

Encrypt and decrypt messages by using two different Keys: Public Key, Private Key (coupled together)

slide9

Plaintext

Encryption

Ciphertext

Decryption

Plaintext

Private Key

Private Key

Cryptographic Algorithms based

on Private Key

Pros

  • Efficient and fast Algorithm
  • Simple model

 Provides Integrity, Confidentiality

Cons

  • The same secret key must be shared by all the entities involved in the data exchange
  • High risk
  • It doesn’t scale(proliferation of secrets)

 No Authentication,Non-Repudiation

slide10

Plaintext

Encryption

Ciphertext

Decryption

Plaintext

Intranet

Extranet

Internet

Alice’s Private Key

Alice’s Public Key

Alice

Bob

Cryptographic Algorithms based

on Public Key

Pros

  • Private key is only known by the owner: less risk
  • The algorithm ensures Integrity and Confidentiality by encrypting with

the Receiver’s Public key

slide11

Plaintext

Encryption

Ciphertext

Decryption

Plaintext

Intranet

Extranet

Internet

Bob’s Public Key

Bob’s Private Key

Alice

Bob

Cryptographic Algorithms based

on Public Key

Pros

  • The algorithm ensures Non-Repudiation by encrypting with

the Sender’s Private key

slide12

Intranet

Extranet

Internet

Alice

Bob

Cryptographic Algorithms based

on Public Key

Cons

  • Algorithms are 100 – 1000 times slower than secret key ones

They are initially used in an initial phase of communication and then

secrets keys are generated to deal with encryptions

  • How are Public keys made available to the other people?
  • There is still a problem of Authentication!!!

Who ensures that the owner of a key pair is really the person whose

real life name is “Alice”?

Moving towards PKI …

slide14

Digital Signature

A Digital Signature is a data item that vouches the origin

and the integrity of a Message

  • The originator of a message uses a signing key (Private Key) to sign the

message and send the message and its digital signature to a recipient

  • The recipient uses a verification key (Public Key) to verify the origin of

the message and that it has not been tampered with while in transit

Intranet

Extranet

Internet

Alice

Bob

slide15

Digital Signature

Message

Message

Digest

Algorithm

Digest

Algorithm

Hash Function

Hash Function

Digest

Public Key

Encryption

Decryption

Private Key

Expected

Digest

Actual

Digest

Signature

Signer

Receiver

Channel

slide16

Digital Signature

There is still a problem linked to the

“Real Identity” of the Signer.

Why should I trust what the Sender claims to be?

Moving towards PKI …

slide18

Digital Certificate

A Digital Certificate is a binding between an entity’s

Public Key and one or more Attributes relating its Identity.

The entity can be a Person, an Hardware Component, a Service, etc.

A Digital Certificate is issued (and signed) by someone

- Usually the issuer is a Trusted Third Party

A self-signed certificate usually is not very trustworthy

slide19

CERTIFICATE

Digital Certificate

Issuer

Subject

Subject Public Key

Issuer

Digital

Signature

slide20

Digital Certificate

Problems

  • How are Digital Certificates Issued?
  • Who is issuing them?
  • Why should I Trust the Certificate Issuer?
  • How can I check if a Certificate is valid?
  • How can I revoke a Certificate?
  • Who is revoking Certificates?

Moving towards PKI …

slide22

Public Key Infrastructure (PKI)

A Public Key Infrastructure is an Infrastructure

to support and manage Public Key-based

Digital Certificates

slide23

Public Key Infrastructure (PKI)

“A PKI is a set of agreed-upon standards, Certification

Authorities (CA), structure between multiple CAs,

methods to discover and validate Certification Paths,

Operational Protocols, Management Protocols,

Interoperable Tools and supporting Legislation”

“Digital Certificates” book – Jalal Feghhi, Jalil Feghhi, Peter Williams

slide24

Public Key Infrastructure (PKI)

Focus on:

  • X509 PKI
  • X509 Digital Certificates

 Standards defined by IETF, PKIX WG:

http://www.ietf.org/

… even if X509 is not the only approach (e.g. SPKI)

slide25

X509 PKI – Technical View

Basic Components:

  • Certificate Authority (CA)
  • Registration Authority (RA)
  • Certificate Distribution System
  • PKI enabled applications

“Provider” Side

“Consumer” Side

slide26

X509 PKI – Simple Model

Certification

Entity

CA

Cert. Request

RA

Application

Service

Signed Certificate

Internet

Certs,

CRLs

Directory

Remote

Person

Local

Person

slide27

X509 PKI

Certificate Authority (CA)

Basic Tasks:

  • Key Generation
  • Digital Certificate Generation
  • Certificate Issuance and Distribution
  • Revocation
  • Key Backup and Recovery System
  • Cross-Certification
slide28

X509 PKI

Registration Authority (RA)

Basic Tasks:

  • Registration of Certificate Information
  • Face-to-Face Registration
  • Remote Registration
  • Automatic Registration
  • Revocation
slide29

X509 PKI

Certificate Distribution System

Provide Repository for:

  • Digital Certificates
  • Certificate Revocation Lists (CRLs)

Typically:

  • Special Purposes Databases
  • LDAP directories
slide30

Certificate Revocation List

Certificate Revocation List

Revoked Certificates

remain in CRL

until they expire

slide31

Certificate Revocation List (CRL)

  • CRLs are published by CAs at well defined

interval of time

  • It is a responsibility of “Users” of certificates to

“download” a CRL and verify if a certificate has

been revoked

  • User application must deal with the revocation

processes

slide32

Online Certificate Status Protocol

(OCSP)

  • An alternative to CRLs
  • IETF/PKIX standard for a real-time check if a

certificate has been revoked/suspended

  • Requires a high availability OCSP Server
slide33

CRL vs OCSP Server

Download CRL

CRL

User

CA

CRL

Directory

Certificate IDs

to be checked

Download

CRL

CRL

User

OCSP

Server

CA

Answer about

Certificate States

Directory

OCSP

slide34

X509 PKI

PKI-enabled Applications

Functionality Required:

  • Cryptographic functionality
  • Secure storage of Personal Information
  • Digital Certificate Handling
  • Directory Access
  • Communication Facilities
slide35

X509 PKI

Trust and Legal Issues

slide36

X509 PKI

Trust and Legal Issues

  • Why should I Trust a CA?
  • How can I determine the liability of a CA?
slide37

X509 PKI

Approaches to Trust and

Legal Aspects

  • Why should I Trust a CA?
  • How can I determine the liability of a CA?

Certificate Hierarchies, Cross-Certification

Certificate Policies (CP) and Certificate Policy

Statement (CPS)

slide38

X509 PKI

Approach to Trust

Certificate Hierarchies

and

Cross-Certification

slide39

Directory

Services

LRA

CA

CA

CA

RA

RA

RA

CA

CA

RA

CA

CA

RA

RA

CA

LRA

Internet

Internet

CA Technology Evolution

Try to reflect

Real world Trust Models

slide40

Simple Certificate Hierarchy

Root CA

Each entity has its own certificate (and may have more than one). The root CA’s certificate is self signed and each sub-CA is signed by its parent CA.

Each CA may also issue CRLs. In particular the lowest level CAs issue CRLs frequently.

End entities need to “find” a certificate path to a CA that they trust.

Sub-CAs

End Entities

slide41

*

Alice

Bob

Simple Certificate Path

Trusted Root

Alice trusts the root CA

Bob sends a message to Alice

Alice needs Bob’s certificate, the certificate of the CA that signed Bob’s certificate, and so on up to the root CA’s self signed certificate.

Alice also needs each CRL for each CA.

Only then can Alice verify that Bob’s certificate is valid and trusted and so verify the Bob’s signature.

slide42

Cross-Certification and

Multiple Hierarchies

1

2

3

  • Multiple Roots
  • Simple cross-certificate
  • Complex cross-certificate
slide43

X509 PKI

Approach to Trust : Problems

Things are getting more and more

complex if Hierarchies and

Cross-Certifications are used

slide44

Cross-Certification and

Path Discovery

Trusted Root

Trusted Root

3

*

slide45

X509 PKI

Approach to Legal Aspects

Certificate Policy

And

Certificate Practice Statement

slide46

Certificate Policy (CP)

  • A document that sets out the rights, duties and

obligations of each party in a Public Key

Infrastructure

  • The Certificate Policy (CP) is a document which

usually has legal effect

  • A CP is usually publicly exposed by CAs, for

example on a Web Site (VeriSign, etc.)

slide47

COMMUNITY &

APPLICABILITY

POLICY OUTLINE

RIGHTS, LIABILITIES

& OBLIGATIONS

CP

CERTIFICATE &

CRL PROFILES

IDENTIFICATION &

AUTHENTICATION

TECHNICAL

SECURITY CONTROL

OPERATIONAL

REQUIREMENTS

Certificate Policy (CP)

slide48

Policy Issues (CP)

Liability Issues

  • Repository Access Controls
  • Confidentiality Requirements
  • Registration Procedures

- Uniqueness of Names

- Authentication of Users/Organisations

Certificate Acceptance

  • Suspension and Revocation (Online/CRL)
  • Physical Security Controls
slide49

Certificate Policy Statement (CPS)

  • A document that sets out what happens in practice

to support the policy statements made in the CP

in a PKI

  • The Certificate Practice Statement (CPS) is a

document which may have legal effect in limited

circumstances

slide50

GENERAL

PROVISIONS

INTRODUCTION

IDENTIFICATION &

AUTHENTICATION

SPECIFICATION

ADMINISTRATION

CPS

OPERATIONAL

REQUIREMENTS

CERTIFICATE &

CRL PROFILES

PHYSICAL,

PROCEDURAL &

PERSONNEL

TECHNICAL

SECURITY

CONTROLS

Certificate Policy Statement (CPS)

slide51

IETF (PKIX) Standards

X.509 Certificate and CRL Profiles

PKI Management Protocols

Certificate Request Formats

CP/CPS Framework

LDAP, OCSP, etc.

http://www.ietf.org/

slide52

Identity is Not Enough:

Attribute Certificates

IETF (PKIX WG) is also defining standards for Attribute Certificates (ACs):

  • Visa Card (Attribute) vs. Passport (Identity)
  • Attribute Certificates specify Attributes associated

to an Identity

  • Attribute Certificates don’t contain a Public key

but a link to an Identity Certificate