technical overview of the microsoft pki active directory ... · pdf filetechnical overview of...
TRANSCRIPT
Technical overview of the
Microsoft PKI
Active Directory Certificate
Services 2008 R2
ESEC – European Security Expertise Center
Fabien DUCHENE http://www.car-online.fr/en/spaces/fabien_duchene/
Reviewers: Jonathan BOURGAIN, Jeremy RENARD, Rida BENBRAHIM
Technical overview of the
Microsoft PKI ADCS 2008 R2
1
Certificate Services
2011-01
v.1.02
ESEC – European Security Expertise Center
0. Table of content
1. Introduction… PKI?
2. MS PKI 2008 (R2)
foundations
3. Establishing & maintaining
4. Auditing
5. Beyond the MS PKI
6. References
Technical overview of the Microsoft PKI ADCS
2008 R2 2
ESEC – European Security Expertise Center
1. Introduction … PKI?
- Some PKI application scenarios
- Why setting up a PKI?
- asymmetric cryptography
- PKI – overview
- Certificate
- Certificate Authority
- Validation
- Revocation
Technical overview of the Microsoft PKI ADCS
2008 R2 3
ESEC – European Security Expertise Center
1.a. Some PKI application scenarios
Technical overview of the Microsoft PKI ADCS
2008 R2 4
Strong authentication
VPN Access Secure Wireless
Websites Terminal Services
Document encryption Email signing
Encrypted File System Application integrity Smart
Card
EAP-TLS SSL / TLS
802.1x IPSec
Network Access Control
PKI
Identity store Operating system
ESEC – European Security Expertise Center
1.b. Why setting up a PKI?
• Previous quoted applications + building TRUST
• Legal requirements (eg. EU privacy laws, CNIL, RGS)
• PKI alternatives:
Technical overview of the Microsoft PKI ADCS
2008 R2 5
Alternative Issues
Password, static keys, self-signed certificates
Management costs and security concerns (complexity, lifetime)
Purchased certificates Cost (as certificate applications proliferate)
Specific application functionalities
Compliance => common management
ESEC – European Security Expertise Center
1.c. Before setting up a PKI …
…you should consider…
• Organizational policies: auditing, procedures
• Ongoing Costs … like any other IT application ! – Scalability, high availability (revocation)
– (plus physical security)
• Complexity – Technical requirements: HW, netw, SW
– Training: End-Users, IT staff, Security team
• Legals: key length, used algorithm, data exchanges, PII…
Technical overview of the Microsoft PKI ADCS
2008 R2 6
ESEC – European Security Expertise Center
Common mistakes: mind the gap!
• There is no need for a PKI nor a CA to perform asymmetric cryptography. Eg: Web-Of-Trust (PGP), SSH
• In french: – Encryption/enciphering = chiffrer !!crypter!!
– Decryption/deciphering = déchiffrer
– Breaking an encrypted message = décrypter • => when the user does not have access to the private key
• Not trusting a PKI does not imply the communication is not encrypted! ( eg: https://esec.fr.sogeti.com )
Technical overview of the Microsoft PKI ADCS
2008 R2 7
ESEC – European Security Expertise Center
1.d.1. PKI - definition
• PKI: Public Key Infrastructure - Hardware, software, people, policies and procedures to manage the lifecycle of digital certificates (manage, distribute, use, store and revoke)
– It uses: asymmetric cryptography
• … and is ONE solution to associate certificates with identity = hierarchical model
• … other models exist: – local trust model (eg: SPKI)
– web of trust (eg: PGP)
Technical overview of the Microsoft PKI ADCS
2008 R2 8
X«C» X«A» Z«B»
V
W
X
C A B
Z
Y
U
TISO3960-94/d04
U«V»
V«U»
V«W»
W«V»
W«X»
X«W»
X«Z»
Y«Z»
Z«Y»
Z«X»
V«Y»
Y«V»
Figure 4 – CA hierarchy – A hypothetical example
ESEC – European Security Expertise Center
1.d.2. PKI - components
Technical overview of the Microsoft PKI ADCS
2008 R2 9
Keys and certificates management tools, auditing…
Certificate publication and revocation distribution points
(CRL, OCSP)
Certification Authority (CA)
Certificate(s) Requestors (computer, user)
URLs http:// file:// ldap://
Security policy
Certificate enrollment and Revocation policy
authentication
Identity Provider (ADDS)
Applications and services
.. able to interact with certificates
ESEC – European Security Expertise Center
1.e.1. asymmetric cryptography
• Assumptions: – hardness to of mathematical problem: primes factoring, discrete logarithm
– limited computational power... and time is this always true? Eg. Cloud, quantum comp.
• Basics:
– Two related keys: 1 public, 1 private – Two functions: Encrypt ; Decrypt : {message,key} -> {message}
– Properties:
• Decrypt(Encrypt(msg,E_pub),E_priv)=msg
• Decrypt(Encrypt(msg,E_priv),E_pub)=msg
• Knowing E_pub it is “computationally very hard” to find E_priv
Technical overview of the Microsoft PKI ADCS
2008 R2 10
Pictures from Wikipedia – Public Key Cryptography
ESEC – European Security Expertise Center
1.e.2. asymetric cryptography - applications
• Immediate applications:
… But also Diffie-Hellman key exchange
Technical overview of the Microsoft PKI ADCS
2008 R2 11
Encryption Signature
Pictures from Wikipedia – Public Key Cryptography
ESEC – European Security Expertise Center
1.e.2. asymmetric cryptography (cont.)
• Things we can guarantee: – Identity:
• Non-Repudiation (cannot deny it did perform it) -> [uses: signature]
• Authentication [signature and encryption]
– Communication: • Integrity (something has not been changed) [signature]
• Confidentiality (ensure only authorized entities ) [encryption]
• … assuming: – the previous mathematical assumptions
– the user private key is “well protected” (confidentiality)
Technical overview of the Microsoft PKI ADCS
2008 R2 12
ESEC – European Security Expertise Center
• Main format: X509 v1(88), v2(93), v3 (96)
• File *.crt containing: – Subject, issuer, validity window, … Subject Public Key
– …
• The information are signed by
the issuing CA
1.f. Certificate
Technical overview of the Microsoft PKI ADCS
2008 R2 13
ESEC – European Security Expertise Center
1.f. Certificate – X.509 v3
Technical overview of the Microsoft PKI ADCS
2008 R2 14
• v3 (96)
CDP: where to check if that certificate is revoked?
Picture from PKI and Certificate Security - Brian Komar, MS Press
ESEC – European Security Expertise Center
1.g. Certification Authority
• A trusted party (server), as part of a PKI:
– Verify the identity of a certificate requestor
– Issue certificates to requestors (users, comp) according to the issuance policy
– Manage certificate revocation*
Technical overview of the Microsoft PKI ADCS
2008 R2 15
*revocation: designing a certificate as no more
valid, even if its expiration date is future.
ESEC – European Security Expertise Center
1.h. Certificate insuance
• A Root CA self-signs its certificate
• The most common model: the requester generates the KeyPair
• Certificate template: set of parameters (key length, authentication requirements (1/2/3 factor(s)), permissions…
16
Authenticated Certificate request
(public key, validity, certificate template…) 3
2 KeyPair generation
(according to the
chosen certificate
template parameters)
0 Authentication
1
Certificate
Templates
fetching
Certificate 6
Verifications
(template
parameters)
4
Certificate issuance
(see next slide)
5
Identity Provider
Certification
Authority
Certificate
Template store
Client
Technical overview of the Microsoft PKI ADCS
2008 R2
Ensimag 4MMSR – Network Security – Fabien Duchene (2011)
ESEC – European Security Expertise Center
1.h.1. Cert. Validation - AIA
• Authority Information Access
– URLs where the CA certificate can be retrieved:
• Filesystem, ldap://, http://, smb://
– CA certificate:
• *.crt (certificate)
• OCSP extension
Technical overview of the Microsoft PKI ADCS
2008 R2 17
ESEC – European Security Expertise Center
Sheldon
Cooper
Kim Cameron
Issued certificate
GeekCompany
Root CA
1.g. The trust topology of the PKI model
Technical overview of the Microsoft PKI ADCS
2008 R2 18
• A hierarchical trust model:
– Users/computers trust the Root CA
– Transitive trust relation till the leafs
I trust that Root CA
… thus I also trust these CA
(issued cert. by the Root CA)
… thus I also trust
the identity of that
user/comp
(issued cert..)
ESEC – European Security Expertise Center
1.h.2. Cert. validation – chain of trust
• Trust hierarchy: trusting the Root CA
• Signing: each CA signs all issued certificates
• … including the child PKI ones!
Technical overview of the Microsoft PKI ADCS
2008 R2 19
ESEC – European Security Expertise Center
1.h.2.2. Chain of trust - signature
Technical overview of the Microsoft PKI ADCS
2008 R2 20
Clear text certificate information
Thumbprint computation
Thumbprint signed with the issuing CA private key
* hash: function that takes a block of data and returns a fixed
size bit string. (eg: MD5, SHA-1, SHA-512…)
Cert. Signature field
ESEC – European Security Expertise Center
1.h.2.3. How could the “chain of trust” be broken?
• For any certificate in that chain:
– Validity time: certificate expired?
– Subject name: the certificate information is different to what the application expects?
(eg: loading an https website by its IP, instead of FQDN)
– Revocation: has that certificate been revoked at the CDP?
– … and of course if the Root CA of that chain is not trusted!
Technical overview of the Microsoft PKI ADCS
2008 R2 21
ESEC – European Security Expertise Center
• CRL (Certificate Revocation List) – List of revocated certificates hashes periodically fetched
• OCSP (Online Certificate Status Protocol) – Real-Time web request
Certificate
hash
The certificate is not trusted
The certificate is trusted
yes
no Periodical CRL
download (HTTP, SMB, LDAP…)
1.i.1 Revocation - Overview
Technical overview of the Microsoft PKI ADCS
2008 R2 22
Certificate
hash
The certificate is not trusted
The certificate is trusted
yes
no
Is the
certificate
revoked?
OCSP
Request OCSP signed Reply
Is the hash
present in the
signed CRL?
(by the issuing CA)
ESEC – European Security Expertise Center
1.i.2.3. CRL – Publication & expiring intervals
• These parameters are set for the whole PKI
• Publication interval: how often are the CRL published?
Technical overview of the Microsoft PKI ADCS
2008 R2 23
ESEC – European Security Expertise Center
1.i.4. CDP
• CRL Distribution Point
– Filesystem (smb://, file://)
– Ldap://
– http://
Technical overview of the Microsoft PKI ADCS
2008 R2 24
ESEC – European Security Expertise Center
1.i.2.3. Revocation - CRL - problems
• Bandwidth, CRL filesize:
– the more certificates are issued, the more some are potentially revoked
• Latency: update & download frequency
• Mitigation solutions:
- Delta CRL=new revoked certificates since the last base CRL publication
– Separate base CRL & delta CRL publishing frequency
Technical overview of the Microsoft PKI ADCS
2008 R2 25
ESEC – European Security Expertise Center
1.j. Example
• Consider the following scenario:
Technical overview of the Microsoft PKI ADCS
2008 R2 26
Should I trust the
customer CA
certificate, knowing I
obtained the Root CA
cert from the AIA?
0. Get the AIA information periodically
(URL, download the Root CA public key)
3. Is the Root CA cert. revoked
or expired? CRL, OCSP
1. The Customer CA is
presenting us its certificate
(…and the related chain of
trust)
2. Do I trust the Root
CA certificate?
(“Trusted Root
Certification
Authorities”?)
4. Check the Ext. Pol. CA
certificate signature (parent CA)
5. 6. 7. 8. …
Picture from PKI and Certificate Security - Brian Komar, MS Press
ESEC – European Security Expertise Center
REMINDER: Active Directory – Security basics
• Domain, Forest
• SID, access control
• Kerberos authentication
• Trust relationships
Technical overview of the Microsoft PKI ADCS
2008 R2 27
ESEC – European Security Expertise Center
REMIND.a. Domain, forest
Technical overview of the Microsoft PKI ADCS
2008 R2 28
- AD Forest, domain:
In each domain: - Domain Controllers (DC) manage: - Kerberos authentication - LDAP directory - DNS resolution
corp.nintendo.com
jpn usa
Domain
Forest
Child domain
Root domain
ESEC – European Security Expertise Center
REMIND.b. Access control basics - SID
• SID (Security IDentifier): – Statistically unique worldwide
– AD Objects that owns a SID (and that are stored in the LDAP database)
• Computer: (when the computer joins the domain)
• Domain controllers: (same above)
• User/service account (when the account is created)
• Security group (a security group can contain security groups, users, and computers)
• Thus, each security principal (user, comps, sec. grp, DC):
• owns a SID: user account SID
• is member of several security groups: Group SIDs
Technical overview of the Microsoft PKI ADCS
2008 R2 29
ESEC – European Security Expertise Center
REMIND.b. – SID examples (continued)
Technical overview of the Microsoft PKI ADCS
2008 R2 30
…
• SID example: (eg. domain: CORP)
User account SID
Group SIDs
ESEC – European Security Expertise Center
REMIND.b. – Access control basics
• ACL (Access Control List): a list of ACE (E=entry):
Technical overview of the Microsoft PKI ADCS
2008 R2 31
• ACE: “right/privilege/permission given to a specific SID on a specific resource”
• Resource examples: – Shared folder
– LDAP object
– certificate template
ESEC – European Security Expertise Center
REMIND.c. Kerberos Authentication - overview
Technical overview of the Microsoft PKI ADCS
2008 R2 32
User /
computer
Identity provider,
Authentication Server
GC
Service Server
(eg: issuing CA)
Authentication protocols in a Microsoft environment :
LM, NTLMv1, NTLMv2, Kerberos
Ticket Grantig Service
TGS
1
“I am Mossen. I
need a Ticket to Get
Tickets” (TGT)
Key Distribution Center
Here is a TGT you will only
be able to decrypt if you know the shared secret (user/comp. pwd)
2 3
I want to access the
“Issuing CA” service. Here is a proof I decrypted the TGT
4
Here is a Service Ticket
containing your information for accessing the Issuing CA service
UserSID -------------------------
GroupMembershipsSIDs
Service
Ticket 5
6 Service communication
ESEC – European Security Expertise Center
REMIND.d. Trust relationships
• “one-way trust” A<-B: one way (transitive or not) relation meaning a domain A considers the identities provided by B as valid
• “two-way trust” A<->B = (A<-B) AND (B<-A)
Technical overview of the Microsoft PKI ADCS
2008 R2 33
Within a forest: 2-way trust
between child and parent domains
corp.nintendo.com
jpn usa
ms.google.biz
peru
Example of one-way forest trust:
corp.nintendo.com trusts
ms.google.biz forest
ESEC – European Security Expertise Center
2. MS PKI foundations
– Active Directory basics (authentication, ACL)
– Common criteria
– ADCS Roles
– Certification authorities (& cert. issuance)
– Certificate templates
– PKI objects: ADDS location
– Autoenrollment
– Revocation (OCSP)
– Key Recovery Agent, Enrollment Agent
– Hash and public key algorithms
– What’s new in 2008/2008R2?
Technical overview of the Microsoft PKI ADCS
2008 R2 34
ESEC – European Security Expertise Center
2.a. Common criteria certifications
• Common criteria: (!check that what is built is conform to the specifications)
– EAL4 - methodically designed, tested and reviewed • ALC_FLR.3 (Systematic Flaw Remediation)
– Windows Server 2003: • EAL 4+ ALC_FLR.3 (2005)
– Windows Server 2003 (ADCS): • CIMC Security Level 3 Protection
• EAL 4+ ALC_FLR.3 (2005)
– Win. Vista & 2008: • EAL 4+ ALC_FLR.3 (2009)
• => includes CNG (Windows Cryptographic API)
Technical overview of the Microsoft PKI ADCS
2008 R2 35
http://www.commoncriteriaportal.org/products/
ESEC – European Security Expertise Center
2.b.1. Windows Server - ACDS- Roles
• Windows Server role: Active Directory Certificate Services
• Sub-roles:
– Certification Authority
• Requires ADDS ; clients-CA communicate via DCOM
– CA Web Enrollment:
• Requires IIS, ASP ; communication: web-application
– CA Enrollment Web Service (CES)
– CA Enrollment Policy Web Service (CEP)
• Both require ADDS domain schema at level 2008_R2
• Communication via WS
Technical overview of the Microsoft PKI ADCS
2008 R2 36
2000
2003
2008
R2
ESEC – European Security Expertise Center
2.b.2. ADCS Roles - overview
Technical overview of the Microsoft PKI ADCS
2008 R2 37
Certification Authority (CA)
- issue, renew, revoke certs
Active Directory - Enrollment
objects - Certificate
templates - Users, computers
Online Responder - Certificate revocation info - Web proxy cache
Client - Enrollment - Renewal
Certificate Enrollment WS (CES)
Legacy Certificate enrollment
Enroll,
autoenroll
DCOM,
HTTP app. WS
Certificate Enrollment Policy WS
(CEP)
Legacy (LDAP, smb)
Cert.
templates
Revocation
check (OCSP)
Revocation
check (CRL)
ESEC – European Security Expertise Center
2.c.1. REMIND: Certification Authorities
• Servers aiming at 3 main goals:
– Verify the identity of a certificate requestor
• Active Directory, Kerberos authentication
– Issue certificates to requestors (users, comp) according to the issuance policy
• Root CA, Policy CA, Issuing CA
– Manage certificate revocation
• CDP, OCSP
Technical overview of the Microsoft PKI ADCS
2008 R2 38
ESEC – European Security Expertise Center
2.c.2. Certification Authorities - levels
• Root CA: 1 self-signed cert. (which is trusted by entities)
• Intermediate CA
• Policy CA: issues cert. to CAs
• Issuing CA: issues cert. to requestors (eg: Americas CA)
Technical overview of the Microsoft PKI ADCS
2008 R2 39
Picture from PKI and Certificate Security - Brian Komar, MS Press
ESEC – European Security Expertise Center
2.c.3. Certification autorities - types
• Two types of MS PKI CA:
– Standalone (eg: for Root CAs)
• Ideal for Offline CAs
– Enterprise (eg: policies or issuing CA)
• Integrate into an ADDS environment
• Certificate templates support
Technical overview of the Microsoft PKI ADCS
2008 R2 40
ESEC – European Security Expertise Center
2.c.4. Issuing CA Components
Technical overview of the Microsoft PKI ADCS
2008 R2 41
Active Directory
Clients Clients Clients
CA Service Certsrv.exe
Policy Module
Exit Module(s)
Certificate database
- Inspect cert. requests
- Issue them according
to permissions and
issuance policy
Writes to DB:
- certs
- information
Receive the
certificate matching
its keypair
Wait for the
information to be
written
Certificate
generation and signature
Cert request
(Pub. Key)
Authentication,
Template reading
ESEC – European Security Expertise Center
2.d. Certificate templates
• Certificate models:
– Validity, renewal (frequency, new key?), publication
– Request (prompt user, allow private key export…)
– Cryptography (min. key length, algo, CSP)
– Certificate information (email, FQDN …)
– Issuance policies (under which conditions…)
– Key usage (eg. Digital signature)
– Application policies
– Permissions (read, write, enroll, autoenroll)
Technical overview of the Microsoft PKI ADCS
2008 R2 42
ESEC – European Security Expertise Center
2.d. Certificate templates
Technical overview of the Microsoft PKI ADCS
2008 R2 43
ESEC – European Security Expertise Center
Enrollment services objects (one per CA)
- CA Name - CA Cert
- CA template list - Enrollment URL (CES)
2.d. The relation btwn CA & Cert. templates
Technical overview of the Microsoft PKI ADCS
2008 R2 44
CA 2 / CES
CA 1
Templates container (Forest wide) - Permissions
- Enrollment requirements - Cert content
- Renewal
AD objects
Clients Clients Clients
ESEC – European Security Expertise Center
2.e. PKI objects: ADDS location
Technical overview of the Microsoft PKI ADCS
2008 R2 45
Root & intermediate CA certs
Foreach issuing CA, where do they
publish their CRL?
Issuing CA certs
Templates
CA hierarchy (parent CA)
Key Recovery Agents (private key)
Object IDentifiers (MIB):
- newly created Cert Templates - newly created Application Policies - Issuance policies
Configuration Naming Context (Forest-wide replication)
Thus: Template permissions on Universal or Global security groups
ESEC – European Security Expertise Center
2.f. AutoEnrollment - overview
• One of the best features of the MS PKI (WS2003, x.509 v2 & v3)
Technical overview of the Microsoft PKI ADCS
2008 R2 46
CA 1
Client (user / comp.)
Template cont.
Enrollment cont.
GPO
CEP
URLS CEP,
ADDS container
ADDS ldap
or ADWS: https
CEP
CES (url2) CA 2
4. Enrollment Template / Policy Cache
Template 3: ? Template 19: ?
Template / Policy Cache Template 3: CA1(DCOM)
Template 19: CA1(DCOM), url2(CES)
LDAP
WS (https)
2. On which templates
is the entity allowed to autoenroll ? (ACE)
3. Which CA(s) can issue
that template(s)?
Foreach CA:
- The templates it issues
- Enrollment URL (CES)
Brian Komar, deploying a PKI solution with ADCS
ESEC – European Security Expertise Center
2.f. AutoEnrollment – zoom on the client store
Technical overview of the Microsoft PKI ADCS
2008 R2 47
Client (User / comp.)
Trusted Root CA
Intermediate CA
ESEC – European Security Expertise Center
2.g. Revocation (OCSP implementation)
• ~ HTTP proxy for CRL ; Fault-tolerance
Technical overview of the Microsoft PKI ADCS
2008 R2 48
RFC: http://www.ietf.org/rfc/rfc2560.txt?number=2560
DNS-
Round-
Robin
eventually
NLB
Clients
Online Revocation Array
Online resp. 1
ocspsvc.exe Network Service
Online Resp. 2
...
OCSP web proxy 1 ApplicationPool
--
Default IIS website: /ocsp
OCSP web proxy 2
OCSP web proxy
(request decoding,
response caching)
Certificate with application
policy: “OCSP signing”
OID 1.3.6.1.5.5.7.3.9
Signing
Auditing
Microsoft Online Responder
CA_1
CA_N
...
Revocation providers
CRL
ESEC – European Security Expertise Center
2.h. Key Recovery Agent
Technical overview of the Microsoft PKI ADCS
2008 R2 49
• Each private key issued could also be archived and accessible for one or several recovery agents
One or several CA
cert mgrs validate the request
The corresponding
issuing CA(s) are configured to archive future
issued keys with the KRA(s)
certificate(s)
Each time a new
certificate with Key Archival enabled is request, the user
private key is archived with the
KRA(s) public key(s)
A key recovery
agent certificate is
requested
ESEC – European Security Expertise Center
• Ability to recover a client private key
• Involves: Certificate Manager(s), Key recovery agent(s), issuers, CA
• CA Exchange template: automatically issued if available, for a short period of time (1 week validity, 1 day renewal)
2.h. Key Archival - KRA
50
Certsrv
Cert. DB
2 CA Exchange cert. request
AD
3 CA Exchange return
1 Authentication,
template reading
CRL, OCSP
4
Revocation
Check
(CA Exch.)
5 Keypair
generation
6
Cert request (Client pub. key), Client Priv. key encrypted by the
CA exchange pub key
Policy, issuance…
7
Cert storage + client private key each
time encrypted with 1
KRA public keys
=encrypted PKCS #7 BLOB
8
Clients Clients Clients
ESEC – European Security Expertise Center
2.i. Enrollment agent
• Enroll certificate on behalf of another user. – Trust in the application/person (potential private key access)
– Eg: FIM 2010 CM / CLM 2007:
Technical overview of the Microsoft PKI ADCS
2008 R2 51
Rida requests
An enrollment
agent certificate
Cert mgrs:
request validation
Alejandro’s
manager requests a
smart card for
Alejandro
Alejandro
Rida provisions a
smart card with a certificate for another user
and gives the SC to Alejandro
Alejandro
reinitates the SC user pin. And is now
able to use the SC.
ESEC – European Security Expertise Center
2.j. Microsoft CSP - Supported hash and public keys algorithms
• Since Windows Vista & Server 2008:
Technical overview of the Microsoft PKI ADCS
2008 R2 52
Hash algorithms
MD2
MD4
MD5
SHA1
SHA256
SHA384
SHA512
Public key algorithms
ECDH_P256
ECDH_P384
ECDH_P521
RSA (KSP max: 16384 bits)
ESEC – European Security Expertise Center
2.k. What’s new in ADCS 2008 & 2008 R2?
• ADCS 2008 – OCSP
– CNG support
– SCEP
• ADCS 2008 R2 – Certificate enrollment web service
– Cross forest enrollment
– CA support on Server Core
– "Database-less“ CA
Technical overview of the Microsoft PKI ADCS
2008 R2 53
ESEC – European Security Expertise Center
2.k.1 Cryptography Next Generation
• Replacement for CryptoAPI. Windows Vista.
• Auditing: KSP
• Certification & compliance
• Cryptographic agility: negotiation
• Kernel mode support (ex: IPSec, TLS)
• Key Storage
• Key isolation: not in application (eg: TPM)
Technical overview of the Microsoft PKI ADCS
2008 R2 54
ESEC – European Security Expertise Center
2.k.1.2. Windows cryptography system overview
• Vista
Technical overview of the Microsoft PKI ADCS
2008 R2 55
ESEC – European Security Expertise Center
2.k.1.3 – Private key storage
Technical overview of the Microsoft PKI ADCS
2008 R2 56
Key type CNG dir.
User private %appdata%\Microsoft\Crypto\Keys
Local system private %allusersprofile%\Application Data\Microsoft\Crypto\SystemKeys
NetworkSvc / LocalSvc private
%windir%\ServiceProfiles\ {LocalService,NetworkService}
Shared private %allusersprofile%\Application Data\Microsoft\Crypto\Keys
Private keys publishing
to the FileSystem
ESEC – European Security Expertise Center
2.k.2. ADCS Role: Network Device Enrollment Svc: Simple Cisco Enrollment Protocol
• WS 2003 (add-on) ; WS 2008 CS: integrated
• Application: deploy certificate on non-domain
joined computers (eg: Cisco switches, routers, Apple iPad!)
Technical overview of the Microsoft PKI ADCS
2008 R2 57
1 Keypair creation
Device Admin
Device
NDES
CA - ADCS
DC - ADDS
2.A Password request
2.B Permissions
check
3 Set password 5 RA request
4 Cert request
6 Issue cert
7 Return cert
ESEC – European Security Expertise Center
2.k.3. Certificate Web-Services: cross forest enrollment
• Why?
• Enrollment Web Service
• Cross-Forest enrollment
Technical overview of the Microsoft PKI ADCS
2008 R2 58
ESEC – European Security Expertise Center
2.k.3.1. Cert. WS - Why?
• Corporates merging:
• “how to extend PKI trust outside the AD forest?”
– Deploy the other Root CA cert. in the Trusted Root CA store
– Allow firewall flows: • revocation (SMB, LDAP, HTTP)
• enroll (.. DCOM!)
– Permissions: grant the other users the ability to enroll
– Problems: firewall traffic block, corporate: security=network
• Another solution: ADCS Cert. WS
Technical overview of the Microsoft PKI ADCS
2008 R2 59
ESEC – European Security Expertise Center
2.k.3.2. CA Enrollment WS –protocols
Technical overview of the Microsoft PKI ADCS
2008 R2 60
CES
Active Directory Certification Authority
User Computer
HTTPS with Kerberos authentication
LDAP
Get policy
Enrolment
WS
Policy
WS
DCOM
Request certs
ESEC – European Security Expertise Center
2.k.3.3 – Cross forest enrollment
• Ability to issue cert beyond the forest
• Requires: ADDS domain schema: 2008R2
Technical overview of the Microsoft PKI ADCS
2008 R2 61
Active Directory
Root CA
Active Directory
Domain level: 2008R2 Trust
relationship
ADCS WES, WEP
Ressource Forest Forest
Issue
certificates
ESEC – European Security Expertise Center
2.k.4. Database less CA
• Some issued certificates are not stored in the CA DB
• Why? Eg: Network Access Control for 90.000 computers with 15 min. IPSec cert. validity: = 90.000x(1/15)=6000 issued certs/min.
• => To Reduce the storage and processing overhead.
• Configurable for each v2 & v3 certificate template:
Technical overview of the Microsoft PKI ADCS
2008 R2 62
ESEC – European Security Expertise Center
3. Establishing a MS PKI … and maintaining it!
- Conception
- Deployment
- Maintaining in operational conditions
Technical overview of the Microsoft PKI ADCS
2008 R2 63
ESEC – European Security Expertise Center
3.a. Conception
• CA (hierarchy, geography, dimensioning, key escrow (HSM))
• Disaster recovery (key archival)
• Role separation
• Policies: security, certificate, CPS
• Identify: applications, ACL
• Revocation
• Training: IT administrators
Technical overview of the Microsoft PKI ADCS
2008 R2 64
ESEC – European Security Expertise Center
3.a.1. CAs infrastructure
• Tier: Two or Three? (Root, policy, issuing)
• Type: Standalone / Enterprise?
• Model examples:
Technical overview of the Microsoft PKI ADCS
2008 R2 65
Geographical
/ Network Business Unit Subscriber types Certificate use
Defense Banking … MADRID SYDNEY … Computers Users … WPA2 S/MIME …
Root
Policy
Brian Komar, deploying a PKI solution with ADCS
ESEC – European Security Expertise Center
3.a.1. CA infrastructure
• Dimensioning:
– Estimate the workload (cert. template: issuing, renewal
frequency, population, key length: keypair generation duration, network, other servers load (eg: authentication))
– CPU workload pic goal: 80% ; 90%
– RAM, Fast storage (SSD, iSCSCI, SCSI 10K RPM)
Technical overview of the Microsoft PKI ADCS
2008 R2 66
At least X secrets on Y to access the CA
private key, stored on the HSM
• Key escrow: HSM
http://blogs.technet.com/b/pki/archive/2010/01/12/windows-ca-performance-numbers.aspx
ESEC – European Security Expertise Center
3.a.1. CA infrastructure - dependencies
• ! A MS PKI relies on:
– Computer naming system: DNS
– Identity provider: ADDS
• => High availability of these services
• Key exchange:
– CSP, KSP: which Windows version?
Technical overview of the Microsoft PKI ADCS
2008 R2 67
ESEC – European Security Expertise Center
3.a.2. Role separation
• Common criteria roles CMIC L4: – CA administrator: assign CA roles, configure auditing, delete a
record, start/stop certsrv.exe, define CA admins
– Certificate manager: approve/deny cert. reqs, extract archived private keys, determine KRA
– Backup operator: CA config, DB, and keypair backup
– Auditor: review event log
• Enforce role separation:
!! If a person owns two or more roles: Certsrv.exe will not start !!
Technical overview of the Microsoft PKI ADCS
2008 R2 68
certutil -setreg CA\RoleSeparationEnabled 1
ESEC – European Security Expertise Center
3.a.3. Disaster Recovery (REMIND: KRA)
Technical overview of the Microsoft PKI ADCS
2008 R2 69
• Each private key issued could also be archived and accessible for one or several recovery agents
One or several CA
cert mgrs validate the request
The corresponding
issuing CA(s) are configured to archive future
issued keys with the KRA(s)
certificate(s)
Each time a new
keypair is generated, the new
private key is
archived with the KRA(s) public
key(s) A key recovery
agent certificate is
requested
ESEC – European Security Expertise Center
• Who will be the Cert. Mgrs? the KRA?
• On which Certificate Templates will we enable key archival?
Recovery process:
3.a.3. Disaster Recovery (Key Archival)
Technical overview of the Microsoft PKI ADCS
2008 R2 70
Cert. DB
!! This has to be decided and configured BEFORE
certificate issuance!!
Cert Mgr
KRA
The archived
user private key
associated with
the user
certificate encrypted PKCS
#7 BLOB
ESEC – European Security Expertise Center
3.a.4. Policies: security, certificate, CPS
Technical overview of the Microsoft PKI ADCS
2008 R2 71
Security policy
Certificate policy
Certification Practice Statement (CPS)
- RFC 3647: CERTIFICATE MANAGEMENT
- Regroup certificate templates in classes,
segregated by:
- identity validation
- allowed transactions/operations
- private key storage
- How to address the corporate risks?
- eg ISO 27002 measures
- RFC 3647: CA MANAGEMENT
- How CA are managed to ensure the assurance levels
defined in the certificate policy
=Public rules that govern a PKI
ESEC – European Security Expertise Center
3.a.5. Identity: applications, ACL
• Which applications will rely on the PKI?
– Which kind of Application Policy (OID)?
– Key usage
– Issuing requirements
– Related to the Certificate Policy!
• To whom will we issue such certificate?
– Template ACL
Technical overview of the Microsoft PKI ADCS
2008 R2 72
ESEC – European Security Expertise Center
3.a.6. Planning revocation
• Make revocation check accessible from outside the company! • BEFORE issuing certificates! • =>In case a smart card / valuable cert. is stolen/lost. • Conceive procedures, train the actors • Whom to alert?
– logical access team – user manager
• How fast to react? – It depends of the protected assets criticality
• How to react? – Revoke certificate – Force delta CRL publishing – [Eventually] force CRL refreshing on computers – [Eventually] recover the user encrypted documents, use KRA – Generate a new smart card & keypair, for the user
Technical overview of the Microsoft PKI ADCS
2008 R2 73
ESEC – European Security Expertise Center
3.a.7. Training: IT administrators
• What is a PKI?
• Which applications rely on the PKI?
• Who endorse which roles?
• How to manage the CA(s)?
• ! Revocation !
• Temporary SC: prevent end-user from using 2 SC!
Technical overview of the Microsoft PKI ADCS
2008 R2 74
ESEC – European Security Expertise Center
3.b. Deployment
• The Root Key Ceremony
• Training: end-users
• Issuing certificates
Technical overview of the Microsoft PKI ADCS
2008 R2 75
ESEC – European Security Expertise Center
3.b.1. The Root Key ceremony
• Depending on the Certificate Policy: – Notarization, legal representation, witnesses
– “Key holders”
• = start of the customer PKI!
• Issuing “policy CA” certificates
• Offline, physically secured (!VM)
Technical overview of the Microsoft PKI ADCS
2008 R2 76
The Root CA private key is generated, stored
into the HSM, and protected by a SPLIT secret.
At least X key holders on Y have to be present with
their secret to decrypt the private key.
(eg: Shamir’s polynomial ; Blake’s hyperplane)
ESEC – European Security Expertise Center
3.b.2. Training: end-users
• Legal stakes (eg: digital signature)
• (Technical basics … for usage!)
• Process: – Do not ignore certificate warning!
– Do not store the SC PIN with your SC!
– Tell quickly when you loose your SC!
– Do not use your temporary SC & your permanent one!
– Protect your private keys and do not store them on unencrypted media!
Technical overview of the Microsoft PKI ADCS
2008 R2 77
ESEC – European Security Expertise Center
3.b.3. Issuing certificates
• Client configuration:
– Enrollment policy locations: GPO
– Auto-Enrollment: GPO
• Communicating processes:
– CPS (link within issued cert.)
– eg: smart card issuance, smart card loose
• … Maintaining the infrastructure
Technical overview of the Microsoft PKI ADCS
2008 R2 78
ESEC – European Security Expertise Center
3.c. Maintaining
- Certificate renewal
- Events monitoring
- Disaster recovery (see 3.a.iii.)
- Revocating certificate (see 3.a.vi.)
Technical overview of the Microsoft PKI ADCS
2008 R2 79
ESEC – European Security Expertise Center
3.c.1. Certificate renewal – two problems
• A. Keypair renewal
– eg: OCSP response signing or IPSec communication
Technical overview of the Microsoft PKI ADCS
2008 R2 80
Validity Period
Renewal period
OCSP request,
with K1-public-key
encrypted nonce
OCSP response, with
… K2-private-key
encrypted nonce
Unable to
decrypt the
answer!
The problem:
CA – with OCSP
User willing to
check the revocation
of a cert.
• Some strategies: – closing the connection with the old keypair & reopening it with the new one – responding with the previous K1 keypair … until when? (expiration?) – using the same keypair when renewing
ESEC – European Security Expertise Center
3.c.1. Cert. Renewal – Lifetime expiration
Technical overview of the Microsoft PKI ADCS
2008 R2 81
• B. Lifetime expiration – Eg: issuing CA
– Issuing CA cert. validity period has to be greater than the longest validity period of the cert. templates issued by that CA
– Renewal period has to be shorter … but not too much! (potential load and errors increase)
• Why renewing? – Computational power increase => hash & private private key
subject to collision, brute-force attacks
• Parameters specific to each certificate template!
ESEC – European Security Expertise Center
3.c.2. Events monitoring
• Centralize, aggregate, and perform pro-active monitoring on PKI logs: – CA: issuing, revocation, template, permission, backup,
roles, recovery …
– Active Directory: authentication, DNS
– Client: key usage, missing private key
• Ideally integrate it into a SIEM. – Management packs do exists for SCOM 2007, 2010
• Useful for forensics
• Standard windows events. See 4.d. and http://technet.microsoft.com/en-us/library/cc731523(WS.10).aspx
Technical overview of the Microsoft PKI ADCS
2008 R2 82
ESEC – European Security Expertise Center
4. Auditing a PKI
- Why & when auditing a PKI?
- Useful documents
- Some threats (process, implementations, services,
operations, cryptography)
- Obtaining technical proofs
Technical overview of the Microsoft PKI ADCS
2008 R2 83
ESEC – European Security Expertise Center
4.a.1. WHY auditing a PKI?
• Justify the trust to the PKI: – For insurers, regulators: law compliance (EU Signature
Directive, EU Data Privacy Directive, France: CNIL, Payment: PCI DSS, SAS70)
– For superior CA: prove compliance
– For subscribers/customers/users: may request it
=> Show that operations are performed according to the CPS, and are done in accordance of the Certificate Policy
• Corporate image, marketing argument – ISO 27002 - compliancy, chapter 12
Technical overview of the Microsoft PKI ADCS
2008 R2 84
ESEC – European Security Expertise Center
4.a.2. WHEN auditing a PKI?
• During/straight after the Root Key Ceremony
• Periodically, according to the CP & CPS
• In case of a major change (CA mod, new solution)
• When a disaster happens
Technical overview of the Microsoft PKI ADCS
2008 R2 85
ESEC – European Security Expertise Center
4.b. Useful documents
• You should request the customer for:
– Threat & Risks Assessment
– The Root Key Generation process
– Certificate Policy
– Certification Practice Statement
• Interesting reading material:
– PAG, PKI Assessment Guidelines
– PKIX IETF Working group: RFCs
Technical overview of the Microsoft PKI ADCS
2008 R2 86
ESEC – European Security Expertise Center
4.c. Some threats
- Process
- Certificate implementations
- Services
- Operations
- Cryptography
Technical overview of the Microsoft PKI ADCS
2008 R2 87
ESEC – European Security Expertise Center
4.c.1. Threats - Process
• Private key protection: Root CA, each CA
– Physical security (virtual machine? Offline server?)
– How many people are needed to decrypt it? (HSM?)
• Role separation:
– Enabled? Administrator, Cert Mgrs, Backup, auditor +
• Key Recovery Manager: approval process
• Enrollment Agent: how is that account secured?
• Revocation: is it performed? (alert, execution, spreading)
• Training users: not to ignore cert. errors, if possible technical enforcement
Technical overview of the Microsoft PKI ADCS
2008 R2 88
ESEC – European Security Expertise Center
4.c.2. Threats – Certificate implementations
• ASN.1/DER parsing: certificates, CRL => fuzzing • PKCS #x API vulnerability? • Revocation implementation: reachable? Up to date?
• Templates design: (is the CP secured regarding the criticality of issued certs?) – Asymmetric algorithms + key length, signature algo – ACL
• Private keys: Key cloning, key encryption? (Backup, duplication)
• Client design & configuration: – does it respect the template? – does it check correctly the revocation? – what happens if there is a revocation error?
Technical overview of the Microsoft PKI ADCS
2008 R2 89
-Attacking Certificate infrastructures www.canola-jones.com/material/candj-rsa050218.pdf
ESEC – European Security Expertise Center
4.c.3. Threats – Certificate services
• Revocation:
– availability: OCSP, CRL
– integrity: • OCSP replay attack => nonce protection
• time attacks (cert. expiration date, revocation)
• Corrupted DNS: service location often relies on it!
• Dimensioning of issuing CAs: Computational & storage cost
• "classic" Windows Server security
• Client security: trusted Root CA store, private key storage
Technical overview of the Microsoft PKI ADCS
2008 R2 90
ESEC – European Security Expertise Center
4.c.3 Threats – Cert. operations
• Private key: – Theft: revocation speed, propagation, check?
– Storage: export, storing on unencrypted medium, valuable key protected by an easier to crack secret (eg: weak password policy)
• CA management: conform to CPS? – Backup, administration …
• Client management: encrypted FS, private key ACL, cache on FS storing smart card private key?
• Weak hash func. used: md5 collisions O(2 ) ; SHA-1: O(2 )
Technical overview of the Microsoft PKI ADCS
2008 R2 91
21 51
ESEC – European Security Expertise Center
4.c.4. Threats - Cryptography
• Assumption: “hardness of a specific mathematical problem” (eg: prime factoring, discrete logarithm…)
– Asymmetric crypto: what is the impact of • mathematical discoveries in computational number theory?
• the way of computing such problems? (eg: quantum comp.)
• Increase of computing power (cloud, botnet)
• Hash functions: similar fears – (eg: preimage attack, collision, second preimage attack)
• Random Number Generation: is the entropy good enough?
- time, temp. sensors, mouse …
Technical overview of the Microsoft PKI ADCS
2008 R2 92
Stephane Manuel, Classification and Generation of Disturbance Vectors for Collision Attacks against SHA-1
ESEC – European Security Expertise Center
4.d. Obtaining technical proofs
• Services: health, web bindings
• Windows events
Technical overview of the Microsoft PKI ADCS
2008 R2 93
ESEC – European Security Expertise Center
4.d.1.1. Services - Health
• Basic services configuration errors
• PKIView.msc
Technical overview of the Microsoft PKI ADCS
2008 R2 94
ESEC – European Security Expertise Center
4.d.1.2. Services / web bindings
Technical overview of the Microsoft PKI ADCS
2008 R2 95
Role Host Service / process
Default identity
Dependencies
ADCS service Certsrv.exe Local system NO/NO
OCSP service Ocspsvc.exe Network Svc NO/NO
Web enrollment
IIS default website
/certsrv ApplicationPoolIdentity
CEP IIS default website
/ADPolicyProvider_CEP_UsernamePassword
ApplicationPoolIdentity
CES IIS default website
/%CA_NAME%_CES_UsernamePassword
ApplicationPoolIdentity
• Default configuration:
ESEC – European Security Expertise Center
4.d.2.1. Proofs - events - graphically
• Eventvwr.msc
• Default custom view:
• Examples:
Technical overview of the Microsoft PKI ADCS
2008 R2 97
ESEC – European Security Expertise Center
4.d.2.2. Audit – events – under the hood
• Mainly stored in the "Application" log
• ADCS filter:
Technical overview of the Microsoft PKI ADCS
2008 R2 98
ESEC – European Security Expertise Center
4.d.2.2. Audit – events – under the hood 2
• Interesting logs: Applications, Security
• Required rights: Read permission on HKLM\SYSTEM\CurrentControlSet\services\eventlog\Applications
• Default permissions:
Technical overview of the Microsoft PKI ADCS
2008 R2 99
ESEC – European Security Expertise Center
4.d.2.3. Audit – Events – command line
• Advice: automate tasks with Powershell cmdlets
• Examples:
Technical overview of the Microsoft PKI ADCS
2008 R2 100
ESEC – European Security Expertise Center
• Examples (continued)
• Example using XML filter
4.d.2.3. Audit-Events – command line
Technical overview of the Microsoft PKI ADCS
2008 R2 101
ESEC – European Security Expertise Center
4.d.4. Auditing Key Storage Provider events
On a CA, as a local system administrator:
- Then restart ADCS
Technical overview of the Microsoft PKI ADCS
2008 R2 102
auditpol /set /subcategory:"other system events"
/success:enable /failure:enable
ESEC – European Security Expertise Center
5. Beyond the Microsoft PKI
• PKI challenges
• Other commonly used PKI
• Beyond the PKI model
Technical overview of the Microsoft PKI ADCS
2008 R2 103
ESEC – European Security Expertise Center
5.a. PKI challenges
• Education: user, trainer, IT Pro
• Legal, patents and national security (eg. BitLocker, US gov)
– Privacy compromises: PII, PKI & biometrics?
• Technical : – Revocation: CRL (bandwidth), OCSP (latency)
– private key protection (eg: single factor authentication mechanism, weak password…)
– intense computations
– assumptions: computational number theory, naming context, computational power!
• Management costs: … PKI as a service? (eg. Verisign)
Technical overview of the Microsoft PKI ADCS
2008 R2 104
ESEC – European Security Expertise Center
5.b. Other commonly used PKI
PKI systems • OpenSSL • OpenTrust • OpenCA • PGP Cert. server • Entrust • RSA • Digital trust • Cybertrust • Spyrus • Centrify (Mac OS X) • Red-Hat cert. systems • IBM (z/OS) • …
Technical overview of the Microsoft PKI ADCS
2008 R2 105
PKI services
• Verisign
• Globalsign
• Verizon
• …
ESEC – European Security Expertise Center
5.c. Beyond the PKI model?
• A major problem:
– “user click fatigue”: Too many Root CA + Difficulty to push them
… while “focus on the user and all else will follow”, Google
• X.509 v3 supports additional trust topologies:
– Bridges (trust the nodes which the peers I trust do trust)
(~ to social networks trust)
– Meshes (trust dynamically a selected subset of nodes): PGP
• Concept: An object (cert.) integrity is protected by a
separate object (signature): how to mix them in one?
Technical overview of the Microsoft PKI ADCS
2008 R2 106
ESEC – European Security Expertise Center
6. References
- Windows Server 2008, PKI and Certificate Security, Brian Komar, MS Press
- Technet: http://technet.microsoft.com
- Wikipedia
- MCTS 70-640, Active Directory, MS Press
- PKI Enhancements in Windows 7 and WS2008R2, John Morello
- PKI in practical use http://kenya.connect-soft.com/PKI%20in%20practical%20use.pdf
- http://www.verisign.com/authentication/information-center/authentication-resources/whitepaper-cost-effective-pki.pdf
- Attacking Certificate infrastructures www.canola-jones.com/material/candj-rsa050218.pdf
- http://blogs.technet.com/b/pki/archive/2010/01/12/windows-ca-performance-numbers.aspx
- PAG, PKI Assessment Guidelines,
Technical overview of the Microsoft PKI ADCS
2008 R2 107
Thanks for your attention!
ESEC – European Security Expertise Center
Technical overview of the
Microsoft PKI ADCS 2008 R2
108
http://esec.fr.sogeti.com