PKI: A Technology Whose Time Has Come in Higher Education

EDUCAUSE Western Regional Conference

March 4, 2004

Copyright Mark Franklin, 2004. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

2

Our Systems Are Under Constant Attack

• Trojan horses• Worms• Viruses• Spam• Hackers• Disgruntled

insiders• Script kiddies

3

Some of These Attacks Succeed Spectacularly• Loss of personal data• Outages• Potentially huge costs:

– Productivity loss(user and IT staff)

– Remediation– User notification– Bad publicity, loss of credibility– Lawsuits?

For real-life examples involving thousands of users see the excellent EDUCAUSE session entitled “Damage Control: When Your Security Incident Hits the 6 O’Clock News”

www.educause.edu/ir/library/ra/EDU0307.ram

4

IT Security Risks Escalate• More and more important information and

transactions are online:– Personal identity information – Financial transactions – Course enrollment, grades– Tests, quizzes administered online– Licensed materials– Confidential research data

• We must comply with increasingly strict regulations:– Health information - HIPAA: http://www.hhs.gov/ocr/hipaa

/– Educational records - FERPA: http://

www.ed.gov/policy/gen/guid/fpco/ferpa/index.html

5

Specific Example: Email• Spoofing email is trivial (simple setting in most

email clients)– Spoofed message from professor postponing a final– Inappropriate message seemingly from College President

to female student• Email is like a postcard written in pencil

– Others on network can see (or even modify) contents if not encrypted (really easy on wireless!)

– You may use SSL, but what about other hops between mail servers?

• Viruses or worms can forward random messages from email archives to random recipients in address book– HR employee forwarding salary data to random employees

6

Specific Example: Student Information System

• Provides online enrollment, schedule, grades• FERPA protected information• Available to hackers

Q: What if someone hacks your authentication system and potentially downloads grades from thousands of students?

A: You are probably obligated by law to notify every individual whose grades may have been exposed!

Problems With Centralized Passwords

8

Managing the Multitude of Passwords: User Perspective

• Users HATE username/passwords

• Too many for them to manage:– Re-use same password– Use weak (easy to remember) passwords– Rely on “remember my password” crutches

• Forgotten password help desk calls cost $25 - $200 each (IDC) and are far too common

• As we put more services online, it just gets worse…

9

Managing the Multitude: Admin Perspective

• Many different username/password schemes to learn, set up, and administer:– Backups, password resets, revoking

access, initial password values, etc.

• Multiple administrators have access to usernames/passwords – many points of failure

10

Ending the Madness

• Traditional approaches– Single password– Single sign-on, fewer sign-ons

• PKI– Local password management by end user– Two factor authentication

11

Single Password• Users like it, but…

• Requires synchronizing passwords (inherently problematic) – actually makes admin madness worse!

• Single username/password becomes single point of failure… Hack weakest application and get passwords to all applications!

• Costly to maintain and difficult to make work well.• Passwords databases exposed on network and to

administrators, as vulnerable as your weakest application.

12

Single Sign-on, Fewer Sign-ons

• More secure & provides some relief for users, but…

• Requires infrastructure (e.g. WebISO or Kerberos sidecar).

• Fewer sign-ons still has synchronization problems.• Kerberos sidecar has problems with address translation

and firewalls and is not widely supported.• Cookie-based SSO has vulnerabilities.• Password database still exposed on network and to

administrators.

13

Password Sharing

• Corrupts value of username/password for authentication and authorization.

• Users do share passwords: PKI Lab survey of 171 undergraduates revealed that 75% of them shared their password and fewer than half of those changed it after sharing.

• We need two factor authentication to address password sharing.

14

PKI’s Answer to Password Woes• Users manage their own (single or few)

passwords.

• Cost-effective two factor authentication.

• Widely supported alternative for authentication to all sorts of applications (both web-based and otherwise).

15

PKI Passwords Are Local to Client

• PKI eliminates user passwords on network servers.

• Password to PKI credentials is local to user’s computer, smartcard, or token.

• User manages the password and only has one per set of credentials (likely only one or two total).

• Still need process for forgotten password, but it is only one for many purposes and used frequently (so less likely to be forgotten).

16

Underlying Key Technology• Asymmetric encryption uses a pair of asymmetric keys, each is the only way to

decrypt data encrypted by the other.• One key is private and carefully protected by its holder. The other is public and freely

distributed.

• In authentication, the server challenges the client to encrypt or decrypt something with the private key. Its ability to do so proves its identity.

• Private key and password always stay in the user’s possession.

Plain Text Encrypted Text

Encrypt

Decrypt

(anyone with public key)

(possessor of private key only)

17

PKI Enables Single Passwordand Single Sign-on

• User maintains one password on their credentials.

• PKI credentials authenticate user to the various services they use via PKI standards.

• No need for password synchronization.• No additional infrastructure other than standard

PKI and simple, standard hooks for PKI authentication in applications.

• Typically less effort to enable PKI authentication than other SSO methods.

18

PKI Provides Two Factor Authentication

• Requires something the user has (credentials stored in the application or a smartcard or token) in addition to something a user knows (local password for the credentials).

• Significant security improvement, especially with smartcard or token (a post-it next to the screen is no longer a major security hole).

• Reduces risk of password sharing.

But Wait There’s More…Other Benefits of PKI

20

Digital Signatures

• Our computerized world still relies heavily on handwritten signatures.

• PKI allows digital signatures, recognized by Federal Government as legal signatures:– Reduce paperwork with electronic forms.– Much faster and more traceable business processes.– Improved assurance of electronic transactions (e.g. really

know who that email was from).

Federal digital signature information:http://museum.nist.gov/exhibits/timeline/item.cfm?itemId=78

21

Digital Signatures• Signer computes content digest, encrypts with their private

key.• Reader decrypts with signer’s public key.• Reader re-computes the content digest and verifies match

with original – guarantees no one has modified signed data.• Only signer has private key, so no one else can spoof their

digital signature.

Plain Text Encrypted Text

Compute digest, sign & date,encrypt

Verify signature, check digest

(possessor of private key only)

(anyone with public key)

22

Encryption

• Strong encryption with extensible number of bits in key.• Can use same PKI digital credentials as authentication

and digital signatures.• More leverage of the PK Infrastructure.• Easy to encrypt data for any individual without prior

exchange of information – simply look up their certificate which contains their public key.

23

Encryption• Asymmetric encryption prevents need for shared secrets.• Anyone encrypts with public key of recipient.• Only the recipient can decrypt with their private key.• Private key is secret and protected, so “bad guys” can’t

read encrypted data.

Plain Text Encrypted Text

Encrypt

Decrypt

(anyone with public key)

(possessor of private key only)

24

Benefit: User Convenience• Fewer passwords!

• Consistent mechanism for authentication that they only have to learn once. (UT Houston Medical Center users now request that all network services use PKI authentication.)

• Same user credentials for authentication, digital signatures, and encryption – lots of payback for user’s effort to acquire and manage the credentials.

25

Benefit: Coherent Enterprise-Wide Security Administration

• Centralized issuance and revocation of user credentials (goes hand in hand with identity management).

• Consistent identity checking when issuing certificates.

• Same authentication mechanism for all network services.

• Leverage investment in tokens or smart cards across many applications.

26

Interoperability With Other Institutions

• Inter-institution trust allows authentication, digital signatures, and encryption using credentials issued by a trusted collaborating institution:– Signed forms and documents for business process (e.g.

grant applications, financial aid forms, government reports)

– Signed and encrypted email from a colleague at another school

– Authentication to applications shared among consortiums of schools

– Peer to peer authentication for secure information sharing

27

Standards Based Solution• Standards provide interoperability among

multiple vendors and open source.

• Wide variety of implementations available and broad coverage of application space.

• Level playing field for open source and new vendors – promotes innovation and healthy competition.

28

Unequaled Client and Server Support• Windows, Macintosh, Linux, Solaris, UNIX• Software and hardware key storage• Commercial and open source• Development libraries, toolkits and applications• Certificate Authority, directory, escrow, revocation, and

other infrastructure tools• Apache, Oracle, IIS, SSL, Web Services, Shibboleth, etc.• Applications from: Microsoft, Sun, Cisco, IBM, BEA,

RSA, Verisign, DST, Entrust, AOL, Adobe, Infomosaic, Aladdin, Schlumberger, and many others

• For more about applications of PKI:www.dartmouth.edu/~deploypki/applications.html

29

Momentum Outside Higher Education

• Industry support for PKI

• Federal and State governments major adopters

• Microsoft, Johnson and Johnson, Disney, heavy industry adopters

• Major deployment in Europe

• China pushing WAPI wireless authentication that requires PKI

• Web Services (SAML uses PKI signed assertions)

30

Likely Federal Opportunities• FBCA, HEBCA bridge projects

• Proof of concept NIH EDUCAUSE project to demonstrate digitally signing documents for submission to the Federal government

• Possible DOE, NSF, NIH applications for Higher Education?

31

Dartmouth PKI Lab• R&D to make PKI a practical component of

campus networks• Multi-campus collaboration sponsored by the

Mellon Foundation• Dual objectives:

– Deploy existing PKI technology to improve network applications (both at Dartmouth and elsewhere).

– Improve the current state of the art.• Identify security issues in current products.

• Develop solutions to the problems.

32

Production PKI Applications at Dartmouth

• Dartmouth certificate authority– 665 end user certificates issued,

489 of them for students

• Authentication for:– Banner Student Information

System

– Library Electronic Journals

– Tuck School of Business Portal

– VPN Concentrator

• S/MIME email (Outlook, Mozilla, Thunderbird)

33

Second Wave of PKI Deployment at Dartmouth

Actively developing:• Authentication for:

– Blackboard Course Management System– Software downloads

• Hardware tokens– Required for VPN access to secured subnets

• Higher assurance certificates (picture ID check)• We plan to reach all Dartmouth users with PKI

through continued deployment of applications and increasing incentives and requirement for its use

34

Investigation and Research• Greenpass: pilot of delegation of PKI

authentication credentials for wireless 802.1x guest access– Supported by Cisco

• Wireless authentication– 802.1x authentication EAP-TLS (PKI) on Windows

and Macintosh – WEP or improved WPA encryption– These work well but requires up to date drivers (and

sometimes recent hardware/firmware for WPA)

35

“Open Source CA in a Box”• Hardened open source CA (based on OpenCA) bundle suitable for

trial and (initially) simple deployment.

• “Enforcer” TPM-hardened Linux (product of PKI Lab research)– Controversial TCPA technology turned to use for good and freedom

– Secures Linux boot process and provides much enhanced run-time protection against hackers

– Useful for any Linux server application – slashdot.org/article.pl?sid=03/09/10/0255245

• Packaging for easy installation

• Carefully chosen enhancements to OpenCA– Documentation

– Enhanced private key protection

– Added features

• We welcome feedback on requirements, contributions, testing, etc!

36

Deploying PKI• PKI is a significant undertaking and requires planning

and commitment.• Get buy in and support from management, legal, audit,

others – a little fear in today’s cyber world is healthy.• Architect carefully, follow examples of others.• Choose your initial applications carefully.• Deploy in phases, plan for future extensibility.• Remember, PKI ROI is excellent when leveraged

broadly, but probably not strong for individual applications - take a long term view.

• More detailed project plan and how to information for deploying PKI:

www.dartmouth.edu/~deploypki/deploying/

37

Outreach• Many presentations

– www.dartmouth.edu/~deploypki/events.html

• Planning a PKI Deployment Summit• Working with schools deploying PKI

– PKI’s inexpensive 2-factor authentication proving an attractive proposition

• Deployment partners:– University of Wisconsin– University of Minnesota– University of Texas– Others getting started (USC, Yale, Brown)

• March/April EDUCAUSE Review “New Horizons” article

38

Blatant Advertisement• Please check out our outreach web at:

www.dartmouth.edu/~deploypki (still growing, but already has a lot of useful information)

• We seek a few schools that we can assist as you deploy PKI credentials and applications for end users! An explicit part of our mission is to directly assist as you in the planning/justification, implementation, and deployment phases. Mark Franklin and others from the PKI Lab can work directly and extensively with your team.

39

For More Information• Outreach web:

www.dartmouth.edu/~deploypki

• Dartmouth PKI LabPKI Lab information: www.dartmouth.edu/~pkilabDartmouth user information, getting a certificate: www.dartmouth.edu/~pki

Mark.J.Franklin@dartmouth.eduI’ll happily send copies of these slides upon request.