1 / 69

Understanding Public-Key Infrastructure in Commercial Applications

Learn about public-key cryptography, electronic threats, and solutions for commercial use. Explore the basics, components, and challenges of deploying a PKI. Discover business drivers and opportunities in e-commerce solutions.

ernesti
Download Presentation

Understanding Public-Key Infrastructure in Commercial Applications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The PUBLIC-KEY Infrastructure Anish Bhimani June 1998 An SAIC Company Global Integrity Proprietary

  2. Overview • Motivating Factors • Electronic threats and solutions • Basics of public-key cryptography • Components of the infrastructure • Issues with Deploying the Public-Key Infrastructure • State of the Industry • Business Drivers and Opportunities Global Integrity Proprietary

  3. The Current Environment • The Internet is the next big commercial medium Global Integrity Proprietary

  4. Common Uses of Public-Key Cryptography • Secure E-mail and other communications • Secure electronic communications between individuals • S/MIME standard • Lotus Notes, Entrust, PGP • Secure WWW transactions • Consumer-merchant purchases • On-line banking • SSL, S-HTTP, SET • OFX, Integrion • Business-to-business transactions • Electronic Data Interchange • Electronic Trading • Other e-commerce solutions Global Integrity Proprietary

  5. Requirements for commercial applications • Confidentiality • Integrity • Authenticity • Non-repudiation Global Integrity Proprietary

  6. Confidentiality Integrity Authenticity Non-repudiation Availability Envelopes Signatures, Watermarks, Barcodes Notaries, strong ID, physical presence Signatures, receipts, confirmations Alternate routes, sites, etc. Traditional paper-based solutions Global Integrity Proprietary

  7. Electronic Threats • Confidentiality • Eavesdropping • Integrity • Modification of data, viruses • Authenticity • “Spoofing” • Availability • “SYN flooding” Global Integrity Proprietary

  8. Confidentiality Authenticity Integrity Non-Repudiation Availability Data Encryption Digital Signatures, Certificates, Digital Ids Hash Algorithms, Message Digests, Digital Signatures Digital Signatures, Audit Logs Redundant Systems, Automatic Failover Electronic Solutions Global Integrity Proprietary

  9. Adding Confidentiality • Symmetric Cryptography • Single key, shared secret • Problems: • key exchange in large environments • lifetime vs. length of key • “brute force attacks” Global Integrity Proprietary

  10. Adding Confidentiality • Asymmetric (public-key) cryptography • Two keys used: public key and private key • Either can be used for encryption/decryption • Problems: • Computationally intensive • Privacy and availability (more on this later) Global Integrity Proprietary

  11. Adding Confidentiality • Key exchange using asymmetric cryptography • Uses asymmetric keys to distribute bulk encryption keys • Allows rapid distribution of short-term keys Global Integrity Proprietary

  12. Adding Authenticity • Digital signatures • used to verify authenticity of origin Global Integrity Proprietary

  13. Adding Integrity and Non-Repudiation • Digital Signatures • Also add integrity of data • Non-repudiation of message origin and content • Digital “Shrink-wrap” • Code signing, Java applets, etc. Global Integrity Proprietary

  14. Requirements of Public-Key systems • SECRECY of the private key • Must be known only to owner • Key ownership = Identity • AVAILABILITY of the public key • Must be available to anyone • Requires a public directory Global Integrity Proprietary

  15. Public-Key Repository (X.500, DNS, etc.) name, public key public-key query acknowledgement signed message Retrieving Public Keys • Public keys stored in repositories • Keys can be retrieved on demand Global Integrity Proprietary

  16. Spoofing Attacks • Thus, we need to bind A to A’s public key Global Integrity Proprietary

  17. CA certificate Certificate Repository (X.500, DNS, etc.) certificate name, public-key certificate query signed message Certification Authorities (CAs) • Users send keys to a Certification Authority. CA then generates a certificate for the user, signed with the CA’s private key. Global Integrity Proprietary

  18. Sample certificate Global Integrity Proprietary

  19. Types of Certificates • Generic X.509 certificates • The wonderful thing about standards... • SSL certificates • SET certificates • S/MIME certificates • app-specific certificates Global Integrity Proprietary

  20. X.509 • ITU-T standard for certificates • v1 (1988): defined basic criteria • v2 (1992): added name flexibility • v3 (1993): added extensions • Extensions • allow for inclusion of extra information in a certificate • e.g., role & authorization information • can be marked “critical” or “non-critical” Global Integrity Proprietary

  21. Certificate Verification • To verify a certificate: • You need the issuer’s certificate and CRL: Name: Anish Bhimani Issuer: SAIC Serial: 0x0AF Key: a4653d73b95483jh Issuer’s Signature: F54673HGMABS8496FH3J Name: SAIC Issuer: California Dept. of Commerce CA Serial: 0x016a7f Key: b47326fh482faiwn83j523 Issuer’s Signature: F63GHDJ28F7CHL238CXN3DJ Name: SAIC Issuer’s Signature: F63GHDJ28F7CHL238CXN3DJ Revoked Certs: 0x0A3 (2/7/97), 0x087, (11/2/96) Global Integrity Proprietary

  22. CA Hierarchy Root CA CA CA CA CA Global Integrity Proprietary

  23. Attribute Certificates • X.509 certificates are for identity • What about authorization? • Access to systems • Purchasing powers • etc. • Attribute certificates convey that information • Short-lived • Frequently updated Global Integrity Proprietary

  24. Major Questions about PKI Deployment • What mechanisms do users have to trust each other? • How can users protect the uniqueness of their private key? • How can the privacy needs of individuals be balanced with the corporate need for information? • What components of the PKI can be outsourced? • Who is liable when problems occur? • How can multiple applications work with each other? Global Integrity Proprietary

  25. Components of the PKI • End Users • Certification Authorities • Registration Authorities • Certificate Directories • Root CA(s) • Certification Practice Statements (CPS) • Certificate Management Protocols & APIs • Personal Security Environments (PSE) Global Integrity Proprietary

  26. Major Issues with CAs and RAs • End Entity Registration • Trust models • Certification Practice Statement (CPS) • Key management • Certificate Revocation • Publishing Issues • Ownership and Maintenance • Liability Global Integrity Proprietary

  27. Registration • Registration Authority (RA) • verification of user info • policy enforcement • no liability • only handles registration, not re-issuance, revocation, etc. • works with CA • Registration can be local, or outsourced Global Integrity Proprietary

  28. Trust Models • Hierarchical model • Name subordination • Web of Trust • “Keyrings” • Transitivity • Cross-certification Global Integrity Proprietary

  29. Hierarchical Trust • First used by PEM • Difficult to bootstrap Global Integrity Proprietary

  30. Web of Trust • Originally used by PGP • Scalability problems Global Integrity Proprietary

  31. ABC Co. XYZ Co. MIT Sales Corporate Sloan London NYC H.R. LCS Research Marketing Cross-Certification • Allows transference of trust between hierarchies Global Integrity Proprietary

  32. Policy Issues • Verification of Identity • What is being certified? • Validity Periods of Certificates • CRL issuance / Certificate Revocation • Publishing • Re-issuance • Scope of clientele • All are presented in the Certification Practice Statement (CPS) Global Integrity Proprietary

  33. Certification Practice Statement • Outlines the CA’s practices with regard to: • certificate issuance and user registration • certificate lifetimes and revocation • trust model and vetting process • certificate publishing practices • Designed for a few purposes: • Awareness of customers • Limiting liability • Outlining procedures for personnel Global Integrity Proprietary

  34. Key management • Generation of key-pairs • CA, RA, end entity? • Storage of private keys at CA • smartcards, or on disk • Archival of keys Global Integrity Proprietary

  35. Certificate Revocation • What constitutes revocation? • Push/Pull model of CRLs • Publishing Issues • Real-time verification? • Are CRLs the right model? Global Integrity Proprietary

  36. Revocation Models • Certificate Revocation Lists (CRLs) • Traditional model • Supported by Entrust, Verisign, most CAs • Certificate Revocation Trees (CRTs) • On-line Certificate Status Protocol (OCSP) • CRL Distribution Points (CDPs) Global Integrity Proprietary

  37. New Revocation Models • On-line Certificate Status Protocol (OCSP) • IETF proposed protocol - introduced by VeriSign • real-time verification of certificates • OCSP responders - provide info to clients • acceptance suspended pending response • Certificate Revocation Trees (Valicert) • Offers service and product for real-time verification • CRL “trees” - contained within product or at server Global Integrity Proprietary

  38. Certificate Validation and Revocation • Currently not done by most applications • EntrustDirect - supports Web-based clients using CRLs • ValiCert - toolkit and server support validation • Entrust/Server - supports on-line check • VeriSign Web site - allows for real-time checks Global Integrity Proprietary

  39. Ownership Issues • Running a CA takes resources • startup costs, capital costs • administrative resources • Additional insurance • Three options for running the CA: • Leverage existing CAs • Run your own CA / In-source the CA • Outsource to a third party Global Integrity Proprietary

  40. Leverage Existing CAs • Users already have certificates • Your application accepts certs from other CAs • Can be accomplished through: • cross-certification from local CA • acceptance of multiple certs within application • “web of trust” model Global Integrity Proprietary

  41. Leverage Existing CAs • Plenty of CAs out there • Users may already have certificates • Can leverage existing certificates • User acceptance is higher • However, • interoperability issues abound • CPSs may not be in tune • Trust levels may be different • Different extensions in use Global Integrity Proprietary

  42. Existing Root CAs • VeriSign hierarchy (4 classes) • US Postal Service CA - pilot 1Q98 (?) • American Banking Association • Digital Signature Trust Company • Canada Post • CommerceNet • RSA CAs (numerous) • Keywitness • BelSign • Thawte CA Global Integrity Proprietary

  43. Run your own CA • Resource-intensive • Maintenance of CA system • Processing of registration info • Help-desk (24x7 or not?) • Directory maintenance • High-level of interaction among clients • Hard to manage large number of external users • Storage-intensive • Liability issues Global Integrity Proprietary

  44. Run your own CA • Consolidates internal applications • HR applications • Expense Voucher Systems • Benefits Applications • Existing apps can be migrated • Infrastructure in place for new applications Global Integrity Proprietary

  45. VeriSign Onsite Entrust/Server Entrust WebCA, Entrust/Direct Microsoft Certificate Server Netscape Certificate Server Entegrity WebAssure PGP Certificate Server CertCo Distributed Multi-Step Signing TradeWave TradeAuthority GTE Cybertrust Motorola CipherNet System Xcert Software Sentry Baltimore Technologies UniCert Existing CA products Global Integrity Proprietary

  46. Outsource the CA • Keep registration, outsource certification • Still have to do maintenance, lose power of signature • Will have to disclose client information to CA provider • Keep certification, outsource registration • Allows for widespread presence • Still maintain liability • Outsource both, maintain authority • Provider does all CA and RA maintenance • Applications are bound together by RA and sent to CA Global Integrity Proprietary

  47. CA Service Providers • VeriSign OnSite • GTE “Virtual CA” • IBM “World Registry” • Digital Signature Trust • Entrust “in-sourcing” • Tradewave “in-sourcing” • “In-sourcing” growing in popularity Global Integrity Proprietary

  48. Certificate Directories • Lightweight Directory Access Protocol (LDAP) • runs on TCP/IP, new life into X.500 • Gaining heavy industry support • Novell NDS • Microsoft, Netscape Directory Servers • Also included in client products • MSIE, Netscape Communicator • New Oak VPNs • etc. Global Integrity Proprietary

  49. Certificate Directories • Assume directory is untrusted • Certificates vouch for content • Transport can be over untrusted channel • X.500 Standard • iCL • ISOCOR • Control Data • X.500 fits X.509 certificates Global Integrity Proprietary

  50. DNS • Infrastructure is already there • DNSSEC (IETF Working group) • include public keys in the DNS (KEY record) • include signatures of DNS info (SIG record) • Doesn’t make use of X.509 certificates Global Integrity Proprietary

More Related