public key infrastruture don sheehy (dsheehy@grantthornton.ca)dsheehy@grantthornton.ca

PUBLIC KEY INFRASTRUTURE

Don Sheehy (dsheehy@grantthornton.ca)

WHO HAS HEARD ABOUT

Verisign EnTrust Baltimore

First – The Basics PKI

– A public-key infrastructure is a set of services for managing public keys.

Keys – A key is a string of bits used to encrypt and/or decrypt

data. Encryption makes data unintelligible. Decryption restores the data to its pre-encrypted form, making it intelligible again.

Cryptography– Cryptography is the science and practice of encrypting

and decrypting. There are two kinds of cryptography in common use: secret key and public key.

Basics - Encryption Secret Key Encryption

– Same key is used to encrypt and decrypt. Problem of secure key distribution. - if you want to send me an encrypted message, you have to securely send me the secret key first. This creates a chicken-and-egg dilemma: To set up a secure communication system, you need a secure communication system.

Public Key Encryption– Uses key pairs – each having one public and one private

key. Data encrypted with one key in the pair is decrypted using the other key. To send encrypted message, you encrypt it with my public key – not a secret. Decryp. requires private key, only I possess.

Certificates

Certificates– Public keys are usually combined with other

information in a certificate, a digital document (i.e. a formatted file) attesting to the binding of a public key to an individual, computer, program, or other entity. A certificate verifies that a specific public key does in fact belong to a specific entity.

Contents

Certificate Contents– At a minimum, a certificate contains a public

key and a name. Typically, a certificate also contains a serial number, an expiration date, and the name of the Certification Authority (CA) that issued the certificate. Also included in the certificate is the digital signature of the CA, proving the certificate really did originate from that CA.

Digital Certificates

Digital Signatures– A digital signature is a block of data that has

been encrypted with the sender's private key. The recipient decrypts the data with the sender's public key, verifying the sender's identity in a fashion that cannot be repudiated.

What is a CA?

The Certification Authority is an org that provides a level of assurance that the public key contained in the dig certificate does indeed belong to the entity named in the certificate.

This document is digitally signed by a trusted organization referred to as a Certification Authority (CA). The basic premise is that the CA is vouching for the link between an individual’s identity and his or her public key.

What is an RA?

A Registration Authority (RA) is an entity that is responsible for the identification and authentication of subscribers, but does not sign or issue certificates.

In some cases, the CA performs the subscriber registration function internally. In other cases, the CA might delegate the RA function to external registration authorities that may or may not be part of the same legal entity as the CA.

The Process

Subscriber CARA

Repository

RelyingParty

Provides proofof identity

Registration function(performed by CA

or separate RA)

Verifies Subscriber’sidentity

Issues certificateand posts inrepository

May be housedby CA or otherentity

Binds public keyto Subscriber

Validates CA’ssignature on theSubscriber’scertificate

PKI Functions Key registration: The Registration Authority (RA)

issues a new certificate for a public key. The CA signs the certificate, stamps it with an expiration date, and either returns it to the requester or stores it in a repository.

Certificate revocation: Through an administrative console, the security manager cancels a previously issued certificate by placing it on a Certificate Revocation List (CRL).

PKI Functions

Storing and retrieving certificates and Certificate Revocation Lists (CRL): Upon request, typically via a directory, the CA provides a CRL and/or a particular entity's certificate.

Trust evaluation: The CA determines whether a certificate is valid and what operations it authorizes.

PKI Standards The main group developing standards for PKI

interoperability is the PKI working group of the Internet Engineering Task Force (IETF), known as the PKIX group (which stands for PKI for X.509 certificates).

PKIX standards permit multiple PKIs to interoperate, or multiple applications to interface with a single PKI. There are also a number of standards that assume PKI. Among the most important are Secure Sockets Layer (SSL) and Internet Protocol Security Protocol (IPSEC).

SSL

Secure Sockets Layer (SSL)– One common use of PKI today is within the

Secure Sockets Layer (SSL) protocol. SSL can negotiate encryption keys and authenticate the server before data is exchanged by the higher-level application. The SSL protocol maintains the security and integrity of the transmission channel by using encryption, authentication and message authentication codes.

– Optimized for HTTP

IPSEC

The IETF Internet Protocol Security Protocol (IPSEC) standard, which defines protocols for IP encryption, is one of the main protocols used for Virtual Private Networks (VPNs). IPSEC uses keys for encryption and authentication.

Ideally, PKI would provide end-to-end security from client to client, including authentication of the individuals using those client machines.

What is PKI Used For Most computers unable to secure private keys

properly Main use is for identifying non-client computers:

Web servers, messaging servers, routers, and VPN gateways.

Online banking, the bank's Web server may give your browser a certificate proving that you have accessed the correct server. However, you probably use a username and password, not a certificate, to prove your identity to the Web server.

Secure E-Mail and Messaging Secure e-mail, messaging and groupware

applications may encrypt messages and files and use digital signatures, to ensure authentication, privacy, and data integrity. EDI systems use PKI for financial transactions.

The IETF standard secure e-mail/messaging protocol is Secure Multipurpose Internet Mail Extensions (S/MIME), which extends the Multipurpose Internet Mail Extensions (MIME) standard. S/MIME typically uses a PKI to digitally sign messages and to encrypt messages and attachments.

High-Value Web Transactions

Increasingly, Web applications such as e-business and online stock trading, must support high-value transactions. For such applications, browsers, Webservers, and commerce servers can use PKI for authentication and confidentiality. As with messaging, servers authenticate themselves to clients using SSL, while clients are not typically authenticated. Web servers also use SSL to encrypt traffic.

Virtual Private Networks (VPNs)

Encryption and authentication convert public Internet links into Virtual Private Networks (VPNs), for site-to-site (router-to-router) or client-to-server links. VPNs also use tunneling protocols that wrap, or encapsulate, one protocol in another. IPSEC is the emerging standard for site-to-site tunneling.

Digitally Signed Code And Files

Digital signatures can be used to verify the source and the integrity of downloaded content, preventing the spread of viruses. Technologies like Microsoft's Authenticode support PKI to make it possible to use this approach on a mass scale.

Implementation Issues

PKI-enabling applications and training personnel. Planning must encompass both new technology and existing security infrastructure and business practices. Extensive staff may be needed for PKI tasks

Interoperability and cross-validation of certs Legal Issues – who is liable for misuse

What are the Risks with CAs

Unless they are subject to governmental licensing and regulation, CAs may use different standards or procedures to verify the identity of persons to whom they issue certificates.

Thus a digital signature is only as reliable as the CA is trustworthy in performing its functions. Consequently, a relying party needs some way to gauge how much reliance it should place on a digital signature supported by a certificate issued by a particular CA.

Risks CA topology (for example, a hierarchical, cross-

certified, or a hybrid model) is a developing issue. Which model is most appropriate depends on the particular business circumstances.

Although it is important that public keys be certified, the issuance of nonstandard certificates can be a concern. For example, if X.509 data format standard is not used, subscribers and relying parties may be unable to process such certificates.

Implementing the cross-certified CA model (discussed above) would also be very difficult.

What We Can Do

WebTrust for Certification Authorities Key Witnessing and Other

WebTrust for Certification Auth.

Developed 2000 Provides a new framework for reporting

activities of certification authorities Requires reporting on compliance with the

AICPA/CICA WebTrust Principles and Criteria for Certification Authorities.

Differs from SAS 70/ Handbook 5900

The Principles

CA Business Practices Disclosure Service Integrity CA Environmental Controls

CA Business Practices Disclosure The Certification Authority discloses its key and

certificate life cycle management business and information privacy practices and provides its services in accordance with its disclosed practices

The criteria were derived primarily from X.509 Public Key Infrastructure Certificate Policy and Certification Practices FrameworkRequest For Comments Draft (RFC 2527)

Service Integrity

The Certification Authority maintains effective controls to provide reasonable assurance that– - Subscriber information was properly authenticated

(for the registration activities performed by ABC-CA).

– The integrity of keys and certificates it manages is established and protected throughout their life cycles.

CA Environmental Controls

-Subscriber and relying party information is restricted to authorized individuals and protected from uses not specified in the CA’s business practices disclosure.

The continuity of key and certificate life cycle management operations is maintained.

-CA systems development, maintenance, and operation are properly authorized and performed to maintain CA systems integrity.

Microsoft

The public keys of many common Root CAs are pre-loaded into standard Web browser software (for example, Netscape Navigator or Microsoft Internet Explorer).

This allows the relying party to verify the issuing CA’s signature using the CA’s public key to determine whether the certificate was issued by a trusted CA.