Implementing Public-Key-Infrastructures

Implementing Public Key Infrastructures Dr. Oliver Pfaff Siemens AG KEMA Seminar "Utility Communications “ June 2003 , Amsterdam, Netherlands

Contents of this Presentation Setting-the-scene Introducing PKI Exploring PKI Lessons-learnt Conclusions Appendix: success stories

Setting-the-Scene How to Trust? Trust is fundamental in IT: RFC 2828 defines trust as: The extent to which someone who relies on a system can have confidence that the system meets its specifications. What is needed for trust in IT? Ability to determine the source of information as well as its integrity. This property is called authentication. The need for authentication is ubiquitous in IT: Literally all kinds of IT-systems do have some inherent understanding of authentication. Quite often this is as simple as: ... we believe anything coming across this interface to be authentic ... I.e. authentication might be defined by a condition that is always true.

Setting-the-Scene What are Authentication-Enabled Services? Authentication Encryption Thwart active attacks Single-Sign-On Transfer authentication Access control Determine authorization Non-repudiation Validate and interpret evidence Privacy Enforce policies Digital rights management Control content distribution

Setting-the-Scene How to Advance Authentication? Non-cryptographic Cryptographic Keyed checksums allow to verify the authenticity of data objects Shared secrets Allow origin authentication; do not bind exchanged information Classical codes Provide protection against transmission errors; not against intentional attacks Biometrics Can authenticate human beings; not IT-systems or data objects In-band Supplementary information via secondary channel Supplementary information attached with payload Out-of-band Used in various scenarios; not generic due to availability, cost, handling issues Our focus

Setting-the-Scene Is Cryptography the Final Answer? Good news: cryptography is a means to provide authentication... Bad news: ...supposed the keying associations between the peers are authentic Alice‘s signature key 10100101001010100111... Verification key for Alice 01010101001 010010... Alice Bob I love You! I love You! Check- sum I love You! Check- sum O K? Network Verification key for attacker 0000000000000000 ... Attacker‘s signature key 111111111111111 ... I hate You! I hate You! Check- sum Attacker Intercept, exchange message I hate You! Check- sum 000000000000000 ... Replace key value

Introducing PKI What is Public Key Cryptography? Public key cryptography employs pairs of related keys: Private keys Kept secret by their owners. Public keys Made widely available (without loss of security). Public key cryptography supports a variety of security services including: Authentication: Entity authentication Message / document authentication with signer identification Encryption Encryption pattern: Authentication pattern: Generate checksum Validate checksum Encrypt data Decrypt data Plain text Cipher text Plain text Private key Public key Check sum O K? Private key Public key Data object Data object

Introducing PKI What is Public Key Infrastructure? Unfortunately, the term Public Key Infrastructure (PKI) is interpreted in various ways throughout the community. This requires a working definition for this presentation: Motivation: The term PKI essentially comprises two parts, 'public key' and ‘infrastructure‘: Public key A concept in cryptography, denoting a key that may be made public. Infrastructure A notion denoting resources that are required for an activity. Working definition: PKI comprises techniques and services to safeguard the authenticity of public keys in distributed IT-systems .

Introducing PKI What Are Public Key Certificates? Thus, certificates are persistent carriers for public keys along with supplementary information. Public key Public key certificates explicitly bind supplementary information to public keys. This binding is usually lasting. Key holder, authorization s ... To be useful, public keys need to be augmented by supplementary information (e.g. about key holder, authorizations). Signature Its contents are protected by a cryptographic checksum for protection against manipulation.

Introducing PKI Which PKI Technologies Exist? Attribute/ authorization Attribute certificates: Bind entity IDs and attributes Represent attribute claims; proof via private-key-possession E.g. X.509, PKIX Attribute certificate Authorization-oriented PKI technologies: Authorization certificates Bind authorizations and public keys Represent authorization claims; proof via private-key-possession E.g. SPKI Authorization certificate Public key Entity ID Identity-oriented PKI technologies: Identity certificates: Bind entity IDs and public keys Represent identity claims; proof via private-key-possession E.g. X.509, PEM, PGP, PKIX Identity certificate

Exploring PKI Which Duties Does PKI Have? Certification request Process applications for public key certificates Certificate generation Issuance of public key certificates according given certification practices Certificate use Provisioning of public key certificates Provisioning of certificate status information Certificate revocation Exceptional premature termination Certificate termination According validity period or upon revocation event Certificate generation Certificate use Certificate termination Certificate revocation Certification request

Exploring PKI Which Entities Comprise a PKI? Infrastructure Applications End entity ( subscribing ) PKI stub End entity (relying) PKI stub Application entities – use PKI services: Subscribing party Owns and employs private keys Owns public key certificates Relying party Employs public keys (via certificate) RA Repository CA Infrastructure entities - supply PKI services: RA - Registration Authority Processes registration requests CA - Certification Authority Issues public key certificates Repository Supports certificate and CRL distribution

Exploring PKI How to Interface with Applications? New approach: Multi-tier: delegate the processing of public key certificates to XKMS / SCVP services. Lean PKI clients: simpler to PKI-enable applications. Easier to enforce uniform policies. Trusted certificates, policies RA Repository CA XKMS / SCVP service Path construction Path validation Status checking End entity (relying) XKMS / SCVP integration XKMS / SCVP configuration Traditional approach : 2-tier: end entities vs. PKI services Fat PKI clients: difficult and costly to PKI- enable applications. Hard to enforce uniform, domain-wide trust policies. End entity (relying) RA Repository CA Path construction Path validation Status checking Trusted certificates, policies

Exploring PKI How to Interface with Smart-Cards? Network Data object Generate checksum Validate checksum Data object Check- sum Data object Check- sum O K? Authentication Public key certificate Infrastructure Applications PKI RA Repository CA As above PKCS#11, MS-CAPI... Smart-Cards Keying association Keys Cert

Exploring PKI How to Interface with Identity Management? Identity management is concerned with the lifecycle of digital identity information for users. Identity-oriented PKI technologies such as PKIX bind entity identifiers and public keys: Inventing an own identity management for PKIs – from the scratch - should be avoided. Present identity management services and resources should be integrated with PKI services. distinguishedName org orgUnit surname givenName commonName serialNumber subjectAltName kerberosPrincipalName rfc822Name Identity management HR IT ... PKI RA Repository CA

Exploring PKI How to Cross Organization Boundaries? Hierarchical PKI domains Tree structure with dedicated CAs: single root CA, multiple subordinate CAs (employing intra-domain cross certification) Examples: PEM-PKI, PKIX-based enterprise PKIs Autonomic PKI domains Multiple independent and unrelated PKI hierarchies Example: PKIs for Web server authentication Federal PKI domains Multiple PKI hierarchies in cooperation Example: inter-domain cross-certified PKI hierarchies, bridge CA models User-centric PKI domains Non-hierarchical: each participant may certify public keys of others Example: PGP-PKI (Web-of-trust)

Lessons-Learnt How to Deploy PKIs? In-house PKI: Implement required infrastructure components (RA, CA, repository) yourself Maximal control; tailored services and assurances Significant fixed-cost expenditures for hardware, software, personnel, implementation, operations... Outsourced PKI: Obtain RA and CA services from provider (opt. repository services too) Limited control; standard services and assurances Expenditures correlate to the number of certificates issued Mixed models: E.g. implement RA, repository yourself; obtain CA services from provider Retains control of certificate issuance Reduced fixed-cost expenditures for integration with third-party CA plus costs correlating to the number of certificates issued

Lessons-Learnt What Happened Until Now? During its hype there was hope for ‘ubiquitous PKI‘. This has not happened yet: PKIs for large and diverse populations have not materialized until now PKIs for smaller or less diverse populations are emerging: Enterprise PKI, ID-card projects PKIs for dedicated purposes are well-established: PKIs for Web server authentication Reasons include: PKIs for large and diverse populations: User awareness and demand Compelling business cases PKIs for smaller or less diverse populations: PKI is somewhat invasive requiring a spread in employment and use Organizations need to think global, act local PKIs for dedicated purposes: Specific constraints ease introduction

Lessons-Learnt What Should Be On Your Checklist? Strategy / commitment PKI project mission / vision Management support Business processes alignment Target processes / applications Target community Technical implementation PKI technologies, services, key and certificate profiles... Technical integration PKI applications, security token technologies, other infrastructure Operations PKI processes Change management, new applications Human factors Training of providers and users PKI understanding Be also aware of pitfalls Misconceptions Certificates  signature Certificates are created using signatures (and vice versa) Certificates  authentication Certificates do not authenticate the claims they represent Negligence Certificates are not routinely checked or attributes ignored Signature protects contents of a certificate, but not the integrity of a set of certificates.

Lessons-Learnt What Can PKI Do For You? Support of signer identification Symmetric schemes do not support an unambiguous signer identification. Capability to support non-repudiation Digital signatures and underlying PKI support non-repudiation services by delivering evidence generation and validation. But they do not provide non-repudiation since they do not define evidence interpretation. Non-repudiation policies need to be established in addition to digital signatures and underlying PKI. Reducing third party trust Functional trust in third parties sufficient for asymmetric schemes. Symmetric schemes require unconditional trust in third parties. Sharing / distribution of credentials representing ‘entity ID and key’ bindings Symmetric schemes require secrecy of ‘entity ID and key’ bindings. Cost sharing for the management of such credentials Symmetric schemes prohibit large scale resource and cost sharing.

Conclusions Applications deploying public key cryptography need to assure the authenticity of public keys: PKI provides measures to achieve this goal. PKI is an enabling infrastructure for public key based IT-security services: It provides key management services for public keys. Its main value proposition are persistent document authentication services with support for non-repudiation. PKI credentials such as certificates may be widely employed allowing cost sharing for the management of such objects.

Author Information Dr. Oliver Pfaff ICN EN SNS TNA 4 Mail: oliver.pfaff@siemens.com Phone: +49.89.722.53227 Mobile: +49.172.8250805

Implementing Public-Key-Infrastructures

More Related Content

What's hot (20)

Similar to Implementing Public-Key-Infrastructures (20)

More from Oliver Pfaff (18)

Recently uploaded (20)

Implementing Public-Key-Infrastructures

Editor's Notes