public key infrastructure (pki) - cs.stonybrook.eduise331/slides/l07-pki.pdf · l07-pki 3/5/2019 4...

L07-PKI 3/5/2019

1

PUBLIC KEY INFRASTRUCTURE(PKI)

Objectives• Understand the concepts underlying public key infrastructures

• Understand the roles of registration authorities, certificate authorities, and certificate repositories

• Understand the relationship between trust and certificate verification

• See digital certificates• Understand differences among various certificate authorities

© McGraw Hill & Robert F. Kelly, 2012-2019 ISE331 – Computer Security 2

Many of the processes described will be performed by user tools (e.g., browser, mail client)

L07-PKI 3/5/2019

2

Public Key Infrastructure (PKI)• Provides all the components necessary for different types of users and entities to be able to communicate securely7 and in a predictable manner

• Consists of hardware, applications, policies, services, programming interfaces, cryptographic algorithms, protocols, users, and utilities

• Manages the sharing of trust• Uses a third party to vouch for the trustworthiness of a credential document (certificate)

• Facilitates the use of public key cryptography, and symmetric keys for digital signatures, data encryption, and integrity.


PKI Technologies• Public key encryption• Digital signatures


A PKI includes the management and control of

public and private keys

L07-PKI 3/5/2019

3

Private Key Protection• The key size should provide the necessary level of protection.• The lifetime of the key should guard against a brute force attack

• The key should be • changed at end of lifetime• properly destroyed at end of lifetime• stored securely• transported securely

• The key should not be shared.• Authentication should be required before the key can be used


Threat Example - Man in the Middle Attack• Form of eavesdropping• Two parties believe they are privately communicating• Attacker is acting as a proxy, between the two parties• Attacker must impersonate each party


L07-PKI 3/5/2019

4

Man in the Middle Attack• Katie replaces John’s public key in the directory

• Diane extracts Katie’s key• Katie reads messages intended for John

• Katie encrypts the message intended for John, and send to John (encrypted with John’s public key)


Explanations with first names are often used in security

Basics of Public Key Infrastructures• PKI environments use registration authorities (RAs) and certificate authorities (CAs)

• PKIs work like the DMV or passport office• You prove you who you are by bringing the information they require

• If info is OK, you are issued an Identification card• When people ask you who you are, you show the ID• They now trust you are who you say you are

• PKI helps prevent a man-in-the-middle attack• Concept referred to as a third party trust model


L07-PKI 3/5/2019

5

PKI Components• Digital certificate – establishes an association between the subject’s identity and a public key

• Certificate authority (CA) - issues and verifies the digital certificates.

• Registration authority (RA) - verifies the identity of users requesting information from the CA

• Central directory - a secure location in which to store and index keys.

• Certificate management system• Certificate policy


Secure Communications with Certificates


Certificate is “signed” by the CA

Validation is based on trusting the

signer

L07-PKI 3/5/2019

6

Registration Authorities (RA)• A PKI component that

• accepts a request for a digital certificate and • performs the steps of registering and authenticating the person requesting the certificate

• The authentication requirements depend on the type of certificate being requested

• Most CAs offer a series of certificate categories (with increasing trust by class)


Certificate Authorities (CA)• Trusted authority that certifies identities (either through RA or by itself), and creates digital certificates

• Digital certificates establish an association between the subject’s identity and a public key

• Certificate service• Constructs the digital certificate, including the public key• Digitally signs with the CA’s private key• Issues certificate


L07-PKI 3/5/2019

7

Certification Practices Statement (CPS)• Published by a CA• Outlines how identities are verified


Certificate Categories (Classes)Class Typical Use

1 This is used to verify an individual’s identity through e-mail. A person who receives a Class 1 certificate can use his public/private key pair to digitally sign e-mail and encrypt message contents.

2 This is for software signing. A software vendor would register for this type of certificate so that it could digitally sign its software. This provides integrity for the software after it is developed and released, and it allows the receiver of the software to verify from where the software actually came.

3 This is for a company to set up its own CA, which will allow it to carry out its own identification verification and generate certificates internally.


L07-PKI 3/5/2019

8

Local Registration Authorities (LRA)• Performs the same functions as a RA• Usually implemented in companies that

• have their own internal PKI • have distributed sites

• Each site can have its own LRA.• Reduces traffic


Usually coordinates with a central CA

Certificate Repositories• A centralized directory of public keys and certificates that can be accessed by a subset of individuals.

• Usually uses Lightweight Directory Access Protocol (LDAP)

• Security not critical in a certificate directory• Certificate authorities you trust might be found in your browser’s list


L07-PKI 3/5/2019

9

Trust and Certificate Verification• Use a PKI if you do not automatically trust individuals you do not know

• A third party that is trusted by both the first and second party is needed.

• A user will trust a certificate authority and• download that CA’s digital certificate / public key• Have it included in the user’s tools (e.g., browser)


Software usually hides the operations on certificates

Certificates in Firefox• Select Options in the Firefox menu• In Advanced/Certificates, select “View Certificates”


L07-PKI 3/5/2019

10

Viewing a Certificate• Select View Certificate in Firefox


A typical RSA public key will be 1024 bits in length or longer,typical MD5 or SHA-1 fingerprints are only 128 or 160 bits in length

Steps for Verifying a Certificate


L07-PKI 3/5/2019

11

Validating a Certificate• Compare the CA that digitally signed the certificate with “trusted” CAs• Calculate a message digest for the certificate• Use the CA’s public key to decrypt the digital signature and recover what is claimed to be the original message digest embedded within the certificate (validating the digital signature)

• Compare the two resulting message digest values to ensure the integrity of the certificate

• Review identification information within the certificate, such as the e-mail address, validity dates, etc.

• Check a revocation list to see if the certificate has been revoked


Digital Certificate• Binds an individual’s identity to a public key• Contains all information a receiver needs to be assured of the identity of the public key owner

• X.509 standard - formatting basis for certificates (i.e., necessary fields and values of a certificate)

• Can be associated with a person, organization, or device


L07-PKI 3/5/2019

12

X.509 Standard• Outlines:

• Necessary fields of a digital certificate• Possible values for the fields

• X.509 v.3 is the current version


Fields Within a Digital Certificate


L07-PKI 3/5/2019

13

Certificate Types• End-entity certificates - issued by a CA to a specific subject.

• CA certificate - self-signed (in the case of a standalone or root CA), or issued by a superior CA within a hierarchy.• May be necessary when a company has multiple internal CAs

• Cross-certification certificate – These are used when independent CAs establish peer-to-peer trust relationships.


Public Certificate Authorities• Specialize in verifying individual identities and creating and maintaining their certificates

• Issue certificates that are not bound to specific companies or departments

• Examples • VeriSign• Entrust


L07-PKI 3/5/2019

14

In-House Certificate Authorities• Implemented, maintained, and controlled by the company that implemented it

• Used to create certificates for internal employees, devices, applications, partners, and customers.

• The company has complete control over• How individuals are identified• What certification classifications are created• Who can and cannot have access to the CA• How the certifications can be used


Internal CA Rationale• Lack of uniformity in certification and verification standards• Question of trust of an outside authority to generate and maintain their company’s certificates


How does an in-house CA coordinate with external CAs

L07-PKI 3/5/2019

15

Trust Model• Trust domain – construct of systems, personnel, applications, protocols, technologies, and policies that work together to provide a level of protection

• Some trust domains need to cooperate with other trust domains that might be less trusted


How would you compare the trust you have for an NYS driver’s

license with that of an out of state driver’s license?

Hierarchical Trust Model• This model is a basic hierarchical structure that contains a root CA, intermediate CAs, leaf CAs, and end-entities.

• The root CA is the ultimate trust anchor for all other entities in this infrastructure• It generates certificates for the intermediate CAs, • which in turn generate certificates for the leaf CAs, • and the leaf CAs generate certificates for the end-entities (users, network devices, and applications).

• No bi-directional trusts exist, it is all top down.


L07-PKI 3/5/2019

16

Hierarchical Trust Model


Root CA is the trust anchor

Higher level CAs sign the certificates of lower level CAs

Peer-to-Peer Model• One CA is not subordinate to another CA• No established trusted anchor between the CAs

• End-entities will look to their issuing CA as their trusted anchor

• Scalability concerns • Cross-certification models


L07-PKI 3/5/2019

17

Hybrid Trust Model• Companies have their own internal hierarchical models• Bridge CA approach

• Responsible for issuing cross-certificates

• The bridge generates and maintains the cross-certification


Certificate Extensions• Allow for further information to be inserted within the certificate

• More functionality in a PKI implementation• Can be standard or private• Standard - implemented for every PKI implementation• Private certificate extensions

• Defined for specific organizations• allows organizations to tailor certificates


L07-PKI 3/5/2019

18

Non-Repudiation Services• Third party notary

• Verify sender’s digital signature• Use a time stamp authority (TSA)• Sign

• Critical vs. non-critical


Digistamp.com is a TSA

Certificate Lifecycles• Validity period for a key or certificate• Forces the user to register for a new certificate or key after a certain amount of time

• Determining the proper length of these lifetimes:• Shorter lifetimes limit the ability of attackers to crack them• Longer lifetimes lower system overhead

• More-sophisticated PKI implementations perform automated and transparent key updates


L07-PKI 3/5/2019

19

Certificate Management• Certificate and key generation • Registration • Renewal • Revocation • CRL distribution • Certificate suspension• Key destruction


Certificate Generation and Registration• Key pair can be generated

• Locally, by an application and stored on a local key store on the user’s workstation

• Remotely, by a central key-generation server (keys are then securely transmitted)

• Registration• The RA sends a challenge value to Ted • Ted uses the private key to encrypt that value • Ted returns it to the RA • RA decrypts this value with the public key – if successful, the public key is registered


L07-PKI 3/5/2019

20

Renewal• Certificate lifetime can be different from the key pair’s lifetime.• Certificate’s lifetime is specified by the validity dates inserted into the digital certificate

• Certificate should not be used before the start date, nor after the end date

• Renewal - If the certificate has not been revoked, the original keys /certificate are used to provide authentication for renewal

• New certificate - If the certificate just expired, a new certificate can be generated with new validity dates.


Revocation• A certificate is invalidated before its actual expiration date is met

• Done when:• the private key has been compromised or• the holder of the certificate is no longer with the organization

• Once revoked, a certificate cannot be reinstated• Certificate Revocation List (CRL) – maintained by the CA

• Contains a list of serial numbers of certificates • Statement indicating why the individual certificates were revoked • Date when the revocation took place


L07-PKI 3/5/2019

21

Reasons for Revocation (X.509)


Reason Code

Reason

0 Unspecified1 All keys compromised; indicates compromise or suspected compromise2 CA compromise; used only to revoke CA keys3 Affiliation changed; indicates a change of affiliation on the certificate4 Superseded; the certificate has been replaced by a more current one5 Cessation; the certificate is no longer needed, but no reason exists to suspect it has

been compromised6 Certificate hold; indicates the certificate will not be issued at this point in time

7 Remove from CRL; used with delta CRL to indicate a CRL entry should be removed

The CA Digitally Signs the CRL


L07-PKI 3/5/2019

22

CRL Distribution• CRLs can be requested or distributed• CRLs can grow substantially in size• A certificate might have an extension that points the validating user to the necessary CRL distribution point

• Online service – User can communicate with an online service that will query the necessary CRLs available within the environment


Key Destruction• Key pairs and certificates have set lifetimes• Certificates and keys should be properly destroyed• Prevents potential malicious activity:

• An attacker might use the key to digitally sign or encrypt a message with the hopes of tricking someone else about his identity

• Might try to brute force attack the cryptosystem• Learning about key and certificate generation


L07-PKI 3/5/2019

23

Centralized and Decentralized Infrastructures• Centralized infrastructure - Keys are generated and stored on a central server, and keys are transmitted to individual systems as needed.• Workstations may not have processing power to produce keys• Easier backups and recovery procedures

• Decentralized infrastructure - Software on individual computers generates and stores cryptographic keys.• Avoids the difficulty of secure key distribution• Avoids single point of failure• Better to generate end-user keys on a local machine to eliminate doubt about who did the work and “owns” the keys


Hardware Storage Devices• PKIs can be constructed in software without special cryptographic hardware.• Suitable for most environments

• Software can be vulnerable to viruses, hackers, and hacking.

• If a company requires a higher level of protection, several hardware-based solutions are available


L07-PKI 3/5/2019

24

Multiple Key Pairs• One user may have multiple key pairs

• Data encryption• Digital signatures – work• Digital signatures – personal• Encryption and transmission of keys


Key Management• Key archiving is a way of

• Backing up keys and • Securely storing them in a repository

• Key recovery is the process of restoring lost keys to the users or the company

• Key archive services must be highly secure• Physical security• Dual access control - two people have to be present to carry out a specific task


L07-PKI 3/5/2019

25

Key Escrow• Process of giving keys to a “trusted” third party• Mainly of historical importance • Examples

• Government• Organization security department


Certificate-Based Threats• Much of the actual work is done without direct user involvement

• Can create a false sense of security• Attacks on message digests


L07-PKI 3/5/2019

26

Have You Achieved the Objectives• Understand the concepts underlying public key infrastructures

• Understand the roles of registration authorities, certificate authorities, and certificate repositories

• Understand the relationship between trust and certificate verification.

• See digital certificates.• Understand differences among various and certificate authorities


public key infrastructure (pki) - cs.stonybrook.eduise331/slides/l07-pki.pdf · l07-pki 3/5/2019 4...

Documents