Manifests (and Destiny?) Stephen Kent BBN Technologies.

Slides:

Advertisements

Similar presentations

An Alternative to Short Lived Certificates By Vipul Goyal Department of Computer Science & Engineering Institute of Technology Banaras Hindu University.

Advertisements

Local TA Management A TA is a public key and associated data used as the starting point for certificate path validation It need not be a self-signed certificate.

RPKI Certificate Policy Status Update Stephen Kent.

RPKI Certificate Policy Stephen Kent, Derrick Kong, Ronald Watro, Karen Seo July 21, 2010.

Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Certificates.

Overview of draft-ietf-sidr-roa-format-01.txt Matt Lepinski BBN Technologies.

Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.

Validation Algorithms for a Secure Internet Routing PKI David Montana Mark Reynolds BBN Technologies.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

RPKI Validation - Revisited draft-huston-rpki-validation-00.txt Geoff Huston George Michaelson APNIC.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,

Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 5 Network Security Protocols in Practice Part I

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Local TA Management In prior WG meetings I presented a model for local management of trust anchors for the RPKI In response to these presentations, a.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Trusted Archive Protocol (TAP) Carl Wallace

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

14 May 2002© TrueTrust Ltd1 Privilege Management in X.509(2000) David W Chadwick BSc PhD.

Status Update for Algorithm Transition for the RPKI (draft-ietf-sidr-algorithm-agility) Steve Kent Roque Gagliano Sean Turner.

A PKI for IP Address Space and AS Numbers Stephen Kent.

Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.

APNIC eLearning: Intro to RPKI 10 December :30 PM AEST Brisbane (UTC+10)

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

S/MIME and CMS Presentation for CSE712 By Yi Wen Instructor: Dr. Aidong Zhang.

Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District.

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.

Java Security Pingping Ma Nov 2 nd, Overview Platform Security Cryptography Authentication and Access Control Public Key Infrastructure (PKI)

SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.

NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.

IEEE MEDIA INDEPENDENT HANDOVER DCN: MuGM Title: TGd Message Signing Proposal Date Submitted: Presented at IEEE d session.

A Brief Overview of draft-ietf-sidr-cp-01.txt draft-ietf-sidr-cps-rirs-01.txt draft-ietf-sidr-cps-isp-00.txt Steve Kent BBN Technologies.

This tip sheet focuses on how to make client referrals and activate vouchers using SMART. Total Pages: 7 Client Consent and Referral Consent Referral Authorizations.

Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.

Updates to the RPKI Certificate Policy I-D Steve Kent BBN Technologies.

Regulatory Framework August 27, An allowance not a mandate !

26 July 2007IETF 69 PKIX1 Use of WebDAV for Certificate Publishing and Revocation

Electronic signature Validity Model 1. Shell model Certificate 1 Certificate 2 Certificate 3 Signed document Generate valid signature validCheck invalidCheck.

PKI Future Directions 29 November 2001 Russ Housley RSA Laboratories CS – Class of 1981.

Draft-huston-sidr-rfc6490-bis Geoff Huston Slide 1/6.

1 APNIC Trial of Certification of IP Addresses and ASes RIPE October 2005 Geoff Huston.

NECTEC-GOC CA The 3 rd APGrid PMA face-to-face meeting. June, Suriya U-ruekolan National Electronics and Computer Technology Center, Thailand.

Status Report SIDR and Origination Validation Geoff Huston SIDR WG, IETF 71 March 2008.

Overview of draft-ietf-sidr-roa-00.txt Steve Kent BBN Technologies.

Comments on draft-ietf-pkix-rfc3280bis-01.txt IETF PKIX Meeting Paris - August 2005 Denis Pinkas

1 Certification Issue : how do we confidently know the public key of a given user? Authentication : a process for confirming or refuting a claim of identity.

1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007.

MICS Authentication Profile Maintenance & Update Presented for review and discussion to the TAGPMA On 1May09 by Marg Murray.

Key Management and Distribution Anand Seetharam CST 312.

Key Rollover for the RPKI Steve Kent (Channeling Geoff Huston )

Chapter 5 Network Security Protocols in Practice Part I

Resource Certificate Profile

Digital Certificates and X.509

ROA Content Proposal November 2006 Geoff Huston.

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006

PKI (Public Key Infrastructure)

Presentation transcript:

Manifests (and Destiny?) Stephen Kent BBN Technologies

What’s a Manifest? A manifest is a signed object listing all of the signed objects issued by an authority responsible for a publication point in the repository system. The purpose of a manifest is to allow a relying party to detect and reject attacks that seek to delete entries from the repository, or to replace a current entry with an older, valid instances of an entry.

Repository Redux The RPKI repository system consists of a tree of publication points For most publication points, the entity managing the data at that point is a CA in the RPKI, although some publication points are managed by end entities At each publication point there will be a set of files, containing certificates, CRLs, ROAs, etc.

Publication Point Example 1 CA X CA Y CA Z

Publication Point Example 2 … … CA Y Publication Point CA X Publication Point

Manifests and Certificates A manifest is verified using an EE certificate issued under the CA that is the authority for the publication point for the manifest For an EE-managed publication point, the manifest is verified using an EE certificate issued by the immediately superior CA

Manifest EE Certificate The EE certificate used to verify the manifest –is carried in the CMS SignedData structure encapsulating the manifest; it is not published separately –uses the “inherit” flag in the RFC 3779 extension to reflect the resources inherited from the CA If the publication point is associated with a CA, the CA certificate contains a persistent URI for the manifest If the publication point is associated with a EE, that EE certificate contains a persistent URI for the manifest

Manifest Format A manifest is a CMS SignedData payload: Manifest ::= SEQUENCE { version [0] INTEGER DEFAULT 0, manifestNumber INTEGER, thisUpdate GeneralizedTime, nextUpdate GeneralizedTime, fileHashAlg OBJECT IDENTIFIER, fileList SEQUENCE OF (SIZE 0..MAX) FileAndHash} FileAndHash ::= SEQUENCE { file IA5String hash BIT STRING}

Manifest Data Elements manifestNumber: a serial number used to help a relying party detect gaps thisUpdate: the time/date at which this manifest was issued nextUpdate: the time/date at which the next manifest will be issued fileHashAlg: the one-way hash algorithm used to characterize the file contents fileList: a list of file names and hashes

CMS Wrapper A manifest is the payload of a CMS SignedData object The CMS wrapper carries the EE certificate needed to verify the manifest signature No CA certificates nor CRLS SHOULD be included in the CMS SignedData

Manifest & Certificate Lifetimes There are two models for managing the EE certificate used to verify a manifest –Single-use: the certificate has the same validity interval as the manifest, so the private key for the certificate is destroyed after the manifest is signed –Persistent: the certificate has a validity interval that covers several manifests If a manifest is issued prior to the next scheduled issue time, and a single-use EE certificate is employed, that EE certificate is revoked and a new EE certificate issued for the new manifest

Manifest Verification Criteria The manifest syntax is valid The signature is verified using the public key in the attached EE certificate The current time is no earlier than the thisUpdate time of the manifest and no later than the nextUpdate time of the manifest The EE certificate conforms to the profile as specified in [ID.SIDR-CERTPROFILE] The EE certificate used to verify the manifest signature is valid (not revoked nor expired)

The Best Case A manifest is present at a publication point It is current (i.e., the current time is bounded by the manifest validity interval) Its signature can be verified using the EE certificate in the CMS wrapper and that certificate can be validated All files found in the publication point are listed in the manifest, all files listed in the manifest are found in the publication point, and the hashes match

Manifest OK, but File Problems Exist If there are any files present at the publication point that are NOT listed in the manifest, ignore them and generate a warning If there any files for which the hash value does not match, ignore them and generate a warning If any listed files are missing, generate a warning, but use the extant, matching files

Manifest Signature is OK, but … If the EE certificate is expired, use the files (subject to the rules on the previous slide) but generate a warning If the EE certificate is revoked, ignore the manifest, generate a warning, and proceed as though the manifest was not present (see next slide)

Missing Manifest If no manifest is found for a publication point –If a prior manifest is available for the publication point, use it and generate a warning –If no prior manifest is available for the publication point, just accept and process the files at the publication point, and generate a warning

Cannot Verify Manifest Signature If a prior manifest is available for the publication point, use it and generate a warning If no prior manifest is available for the publication point, just accept and process the files at the publication point, and generate a warning

Manifest Present but Expired If the EE certificate is valid (current and not revoked), generate a warning and proceed If the EE certificate is expired, then generate a warning and proceed If the EE certificate is revoked but not expired, the manifest SHOULD be ignored. Generate a warning and proceed with processing as if no manifest is available (since the CA explicitly revoked the certificate for the manifest)

Questions? Q U E S T I O N S ?