Download PUBLIC KEY INFRASTRUTURE

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Wireless security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Extensible Authentication Protocol wikipedia , lookup

Web of trust wikipedia , lookup

Transcript
PUBLIC KEY
INFRASTRUTURE
Don Sheehy
([email protected])
WHO HAS HEARD ABOUT
 Verisign
 EnTrust
 Baltimore
First – The Basics
 PKI
– A public-key infrastructure is a set of services for
managing public keys.
 Keys
– A key is a string of bits used to encrypt and/or decrypt
data. Encryption makes data unintelligible. Decryption
restores the data to its pre-encrypted form, making it
intelligible again.
 Cryptography
– Cryptography is the science and practice of encrypting
and decrypting. There are two kinds of cryptography in
common use: secret key and public key.
Basics - Encryption
 Secret Key Encryption
– Same key is used to encrypt and decrypt. Problem of
secure key distribution. - if you want to send me an
encrypted message, you have to securely send me the
secret key first. This creates a chicken-and-egg
dilemma: To set up a secure communication system,
you need a secure communication system.
 Public Key Encryption
– Uses key pairs – each having one public and one
private key. Data encrypted with one key in the pair is
decrypted using the other key. To send encrypted
message, you encrypt it with my public key – not a
secret. Decryp. requires private key, only I possess.
Certificates
 Certificates
– Public keys are usually combined with other
information in a certificate, a digital document
(i.e. a formatted file) attesting to the binding of
a public key to an individual, computer,
program, or other entity. A certificate verifies
that a specific public key does in fact belong to
a specific entity.
Contents
 Certificate Contents
– At a minimum, a certificate contains a public
key and a name. Typically, a certificate also
contains a serial number, an expiration date,
and the name of the Certification Authority
(CA) that issued the certificate. Also included
in the certificate is the digital signature of the
CA, proving the certificate really did originate
from that CA.
Digital Certificates
 Digital Signatures
– A digital signature is a block of data that has
been encrypted with the sender's private key.
The recipient decrypts the data with the sender's
public key, verifying the sender's identity in a
fashion that cannot be repudiated.
What is a CA?
 The Certification Authority is an org that provides
a level of assurance that the public key contained
in the dig certificate does indeed belong to the
entity named in the certificate.
 This document is digitally signed by a trusted
organization referred to as a Certification
Authority (CA). The basic premise is that the CA
is vouching for the link between an individual’s
identity and his or her public key.
What is an RA?
 A Registration Authority (RA) is an entity that is
responsible for the identification and
authentication of subscribers, but does not sign or
issue certificates.
 In some cases, the CA performs the subscriber
registration function internally. In other cases, the
CA might delegate the RA function to external
registration authorities that may or may not be part
of the same legal entity as the CA.
The Process
Registration function
(performed by CA
or separate RA)
Subscriber
RA
Provides proof
of identity
Verifies Subscriber’s
identity
May be housed
by CA or other
entity
Binds public key
to Subscriber
CA
Issues certificate
and posts in
repository
Repository
Relying
Party
Validates CA’s
signature on the
Subscriber’s
certificate
PKI Functions
 Key registration: The Registration Authority (RA)
issues a new certificate for a public key. The CA
signs the certificate, stamps it with an expiration
date, and either returns it to the requester or stores
it in a repository.
 Certificate revocation: Through an administrative
console, the security manager cancels a previously
issued certificate by placing it on a Certificate
Revocation List (CRL).
PKI Functions
 Storing
and retrieving certificates and
Certificate Revocation Lists (CRL): Upon
request, typically via a directory, the CA
provides a CRL and/or a particular entity's
certificate.
 Trust evaluation: The CA determines
whether a certificate is valid and what
operations it authorizes.
PKI Standards
 The main group developing standards for PKI
interoperability is the PKI working group of the
Internet Engineering Task Force (IETF), known as
the PKIX group (which stands for PKI for X.509
certificates).
 PKIX standards permit multiple PKIs to
interoperate, or multiple applications to interface
with a single PKI. There are also a number of
standards that assume PKI. Among the most
important are Secure Sockets Layer (SSL) and
Internet Protocol Security Protocol (IPSEC).
SSL
 Secure Sockets Layer (SSL)
– One common use of PKI today is within the
Secure Sockets Layer (SSL) protocol. SSL can
negotiate encryption keys and authenticate the
server before data is exchanged by the higherlevel application. The SSL protocol maintains
the security and integrity of the transmission
channel by using encryption, authentication and
message authentication codes.
– Optimized for HTTP
IPSEC
 The IETF Internet Protocol Security Protocol
(IPSEC) standard, which defines protocols for IP
encryption, is one of the main protocols used for
Virtual Private Networks (VPNs). IPSEC uses
keys for encryption and authentication.
 Ideally, PKI would provide end-to-end security
from client to client, including authentication of
the individuals using those client machines.
What is PKI Used For
 Most computers unable to secure private keys
properly
 Main use is for identifying non-client computers:
Web servers, messaging servers, routers, and VPN
gateways.
 Online banking, the bank's Web server may give
your browser a certificate proving that you have
accessed the correct server. However, you
probably use a username and password, not a
certificate, to prove your identity to the Web
server.
Secure E-Mail and Messaging
 Secure
e-mail, messaging and groupware
applications may encrypt messages and files and
use digital signatures, to ensure authentication,
privacy, and data integrity. EDI systems use PKI
for financial transactions.
 The IETF standard secure e-mail/messaging
protocol is Secure Multipurpose Internet Mail
Extensions (S/MIME), which extends the
Multipurpose Internet Mail Extensions (MIME)
standard. S/MIME typically uses a PKI to digitally
sign messages and to encrypt messages and
attachments.
High-Value Web Transactions
 Increasingly, Web applications such as e-
business and online stock trading, must
support high-value transactions. For such
applications, browsers, Webservers, and
commerce servers can use PKI for
authentication and confidentiality. As with
messaging, servers authenticate themselves
to clients using SSL, while clients are not
typically authenticated. Web servers also
use SSL to encrypt traffic.
Virtual Private Networks (VPNs)
 Encryption
and authentication convert
public Internet links into Virtual Private
Networks (VPNs), for site-to-site (router-torouter) or client-to-server links. VPNs also
use tunneling protocols that wrap, or
encapsulate, one protocol in another. IPSEC
is the emerging standard for site-to-site
tunneling.
Digitally Signed Code And Files
 Digital signatures can be used to verify the
source and the integrity of downloaded
content, preventing the spread of viruses.
Technologies like Microsoft's Authenticode
support PKI to make it possible to use this
approach on a mass scale.
Implementation Issues
 PKI-enabling
applications and training
personnel. Planning must encompass both
new technology and existing security
infrastructure and business practices.
Extensive staff may be needed for PKI tasks
 Interoperability and cross-validation of certs
 Legal Issues – who is liable for misuse
What are the Risks with CAs
 Unless they are subject to governmental licensing
and regulation, CAs may use different standards or
procedures to verify the identity of persons to
whom they issue certificates.
 Thus a digital signature is only as reliable as the
CA is trustworthy in performing its functions.
Consequently, a relying party needs some way to
gauge how much reliance it should place on a
digital signature supported by a certificate issued
by a particular CA.
Risks
 CA topology (for example, a hierarchical, cross-
certified, or a hybrid model) is a developing issue.
Which model is most appropriate depends on the
particular business circumstances.
 Although it is important that public keys be
certified, the issuance of nonstandard certificates
can be a concern. For example, if X.509 data
format standard is not used, subscribers and
relying parties may be unable to process such
certificates.
 Implementing the cross-certified CA model
(discussed above) would also be very difficult.
What We Can Do
 WebTrust for Certification Authorities
 Key Witnessing and Other
WebTrust for Certification Auth.
 Developed 2000
 Provides a new framework for reporting
activities of certification authorities
 Requires reporting on compliance with the
AICPA/CICA WebTrust Principles and
Criteria for Certification Authorities.
 Differs from SAS 70/ Handbook 5900
The Principles
 CA Business Practices Disclosure
 Service Integrity
 CA Environmental Controls
CA Business Practices Disclosure
 The Certification Authority discloses its key and
certificate life cycle management business and
information privacy practices and provides its
services in accordance with its disclosed practices
 The criteria were derived primarily from X.509
Public Key Infrastructure Certificate Policy and
Certification Practices FrameworkRequest For
Comments Draft (RFC 2527)
Service Integrity
 The
Certification Authority maintains
effective controls to provide reasonable
assurance that
– - Subscriber information was properly authenticated
(for the registration activities performed by ABC-CA).
– The integrity of keys and certificates it manages is
established and protected throughout their life cycles.
CA Environmental Controls
 -Subscriber and relying party information is
restricted to authorized individuals and protected
from uses not specified in the CA’s business
practices disclosure.
 -The continuity of key and certificate life cycle
management operations is maintained.
 -CA systems development, maintenance, and
operation are properly authorized and performed
to maintain CA systems integrity.
Microsoft
 The public keys of many common Root
CAs are pre-loaded into standard Web
browser software (for example, Netscape
Navigator or Microsoft Internet Explorer).
 This allows the relying party to verify the
issuing CA’s signature using the CA’s public
key to determine whether the certificate was
issued by a trusted CA.