1Computer SecurityCS 426Lecture 7Public Key Infrastructure (PKI)Elisa BertinoPurdue UniversityIN, [email protected] theoryCryptographic operations and protocolsSymmetric encryption, Asymmetric encryption, Message DigestDigital Signature, Message Authentication Code, key AgreementDigital certificates &Public Key InfrastructureSecure Transport ProtocolsSSL/TLS, SSH …Main points of previous class• What is entity authentication• How to perform entity authentication by using a Challenge-Response Protocol (CRP)• A Challenge Response Protocol (CRP) allows the claimant to prove (to the verifier) that she knows a secret, without sending the secret to the verifier• We saw how CRP can use symmetric OR asymmetric keys– In the first case the claimant and the verifier MUST share a secret key– In the second case (use of asymmetric key), the secret is the private key of the claimant4The problem to be solved• In CRP based on asymmetric keys, the verifier encrypts the challenge using the claimants’ public key:ÎHow can the verifier be sure that the public key is associated with the claimant?• In SSL we have the same problem:ÎHow can the SSL client be sure that the public key contained in the digital certificate is associated with the server?25Nonce challengeDkAliceBob, RBRB123Claimantpublic keyVerifierClaimant6Digital Certificate• The verifier can be sure that the claimant public key belongs to the claimant because the public key of the claimant is contained in a digital certificate issued and signed by a trusted Certification AuthorityPublic Key certificate essentialsSubject identificationinformationCA identificationinformationCA's private keySubjectpublic keyP}binds together an identity information, such as the name of a person or an organization, or other persons’ info such as address, age, and so forth, with a public key; andit has been digitally signed by its issuer• A digital certificate has a well defined lifetimeA public key certificate is a certificate which:X.509 certificate structure3• A X.509 certificate is issued by a Certification Authority (CA). It contains the following info: – version (1, 2, or 3) – serial number (unique within the CA) identifying the certificate – signature algorithm identifier – issuer X.500 name (CA) – period of validity (from - to dates) – subject X.500 name (distinguished name –DN -) • CN=Java Duke, OU=Java Software Division, O=Sun Microsystems Inc, C=US– subject public-key info (algorithm, parameters, key) – issuer unique identifier (v2+) – subject unique identifier (v2+) – extension fields (v3) – signature (of hash of all fields in certificate) X.509 certificate contentX.500 Distinguished Name11CA signed Digital Certificate• A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real:– Anyone can verify that what is asserted by the certificate (claims) is true Î the public key of the CA must be known12CRP using asymmetric keysDkAliceBob, RBRB123Claimant public key is contained in a digital certificate issued by a CAVerifierClaimantCA public key4Self-signed certificates• A self-signed certificate contains:– a public key, information about the owner of the certificate, and the owner's signature. – It has an associated private key, but it does not verify the origin of the certificate through a third-party certificate authority (CA)• When and how to use self-signed certificates?– It depends on security requirements – To achieve the highest level of authentication between critical software components, do not use self-signed certificates. • Self-signed certificates can be used to test an SSL configuration before creating and installing a signed certificate issued by a certificate authorityHow to securely create, store, distribute, use, destroy (revoke) public keys and digital certificates?Public Key InfrastructurePublic keys and digital certificates - issuesA Public Key Infrastructure is a (distributed) infrastructure providing the functionalities and the services needed to support the life-time of public key certificates and their use.Public key certificate life-cycleKey/certificatecreationKey/certificate useKey/certificate cancellationPKI – Main actorsCARelying party SubscriberIssuesTransactionsTransactionsIs the certificate valid?The Certification Authority (CA): the certificate issuerThe subscriber: the subject whose identity (or other attributes) the public key is bound toRelying party(ies): the other party(ies) which will use the certificate (for authentication purposes)5• The certificate issuer: the Certification Authority (CA)• The subject whose identity (or other attributes) the public key is bound to: the subject (may be referred to also as subscriber) • The other party(ies) which will use the certificate (for authentication purposes): the relying party(ies)• The subjects and the relying parties are referred to as end-entities PKI – Main actorsCertificate & CRL repositorySubscribersSubscribersRACACRL issuerOperational transactionsand management transactionsCAPublish certificatePublish CRLPublish certificatePublish CRLManagement transactionsPKI management entitiesPKI usersManagement transactionsRelying partyRelying partyCPA/CPSPKI - A more detailed picture…Registration AuthorityCertificateRevocation List• Certification: – the act of binding an identity information (as well as some other piece of information, such as a permission or a role) with a public key– i.e. issuance of a certificate• Certification Authority: the entity responsible of the certification• A CA operates under a Certification Practice Statement (CPS):– A CPS describes the operational procedures of a CA• A certificate might be issued to the end-entity in accordance with a Certificate Policy Agreement (CPA):– A CPA is a high-level statement of requirements/restrictions associated with the intended use of the certificates issued under that policyCertification Authority (CA)The issuance of the certificate by the CA is not enough. Relying parties need to find easilythe public key associated with different subscribers:– A Certificate Repository (CR) is needed. – A CR can be implemented in several ways: •LDAP•Web server • DNS• corporate database, etc.Certificate Repository6• Certificate revocation is the mechanism through which relying parties can be