Presentation is loading. Please wait.

Presentation is loading. Please wait.

An introduction to PKI and few deployment hints

Published byColin Norman Modified over 9 years ago

Similar presentations

Presentation on theme: "An introduction to PKI and few deployment hints"— Presentation transcript:

1 An introduction to PKI and few deployment hints
Alberto Pace PKI = Public Key Infrastructure

2 Objectives Explain the basics of Cryptography and PKI
Introduce commonly used terminology Identify aspects of PKI that require careful planning during deployment

3 Agenda Quick Summary on Cryptography Fundamentals of PKI
PKI Deployment

4 Agenda Quick Summary on Cryptography Fundamentals of PKI
PKI Deployment

5 What Does Cryptography Solve?
Confidentiality Ensure that nobody can get knowledge of what you transfer even if listening the whole conversation Integrity Ensure that message has not been modified during the transmission Authenticity You can verify that you are talking to the entity you think you are talking to Identity You can verify who is the specific individual behind that entity Non-repudiation The individual behind that asset cannot deny being associated with it

6 Same key (shared secret)
Symmetric Encryption Clear-text input Cipher-text Clear-text output “An intro to PKI and few deploy hints” “An intro to PKI and few deploy hints” DES DES Encryption Decryption Same key (shared secret)

7 Asymmetric Encryption
Clear-text Input Cipher-text Clear-text Output “An intro to PKI and few deploy hints” “An intro to PKI and few deploy hints” RSA RSA Encryption Decryption Different keys

8 Asymmetric Encryption
Things to remember The relation between the two keys is unknown and from one key you cannot gain knowledge of the other, even if you have access to clear-text and cipher-text The two keys are interchangeable. All algorithms make no difference between public and private key. When a key pair is generated, any of the two can be public or private Clear text g$5knvMd’rkvegMs” Encryption ?

9 Example: Confidentiality
Clear-text Input Cipher-text Clear-text Output “An intro to PKI and few deploy hints” “An intro to PKI and few deploy hints” Encryption Decryption public private Different keys Recipient’s public key Recipient’s private key

10 Example: Autenticity Sender’s private key Sender’s public key
Clear-text Input Cipher-text Clear-text Output “An intro to PKI and few deploy hints” “An intro to PKI and few deploy hints” Encryption Decryption public private Different keys Sender’s public key Sender’s private key

11 Example: SSL Ensures confidentiality
And integrity if digitally signed depending on how public key are exchanged Authenticity, Identity, Non-repudiation Clear text Clear text Decrypt Encrypt Cipher 1 pub pub Priv Cipher 1 Decrypt Encrypt Cipher 2 Priv pub pub Transmission over the public network Cipher 2

12 Real World: Hybrid Encryption (typical for encrypted file storage)
DOCUMENT Randomly-Generated symmetric “session” key Symmetrically Encrypted message Symmetric Encryption Clear-text message Digital Envelope Recipient’s public key Asymmetric Encryption of session key Repeat as necessary Digital Envelope Public key of other recipient or recovery agent Asymmetric Encryption of session key

13 Real World: Hybrid Decryption
ENCRYPTED DOCUMENT UNENCRYPTED DOCUMENT Symmetrically Encrypted message Clear-text message Symmetric Decryption Asymmetric decryption of session key Private key of the recipient Take the appropriate digital envelope containing the “session” key encrypted using recipient’s public key “session” key is decrypted using the recipient private key Digital Envelope Digital Envelope Digital Envelope

14 Agenda Quick Summary on Cryptography Fundamentals of PKI
PKI Deployment

15 PKI “Public Key Infrastructure provides the components and services that enable practical deployment and operation of a system that uses certificates.” A. Nash, “PKI”, RSA Press PKI is a group of solutions for key distribution problems and other issues: Key generation Certificate generation, revocation, validation Managing trust Web-of-Trust systems (e.g. PGP) is an alternate and compatible implementation of PKI

16 Is PKI relevant? Who uses this stuff?
Web’s HTTP and other protocols (SSL) VPN (PPTP, IPSec, L2TP…) (S/MIME, PGP, Exchange KMS) Files (PGP, W2K EFS, and many others) Web Services (WS-Security) Bad ID Smartcards (Certificates and private key store) Good ID Smartcards (Certificates and Challenge/Response) Executables (.NET Assemblies, Drivers, Authenticode) Copyright protection (DRM)

17 Public Key Distribution issue
We just showed that cryptography solves the problem of confidentiality, Integrity, (Authenticity, Identity, Non-repudiation) But… Michel creates a pair of keys (private/public) and tells everyone that the public key he generated belongs to Gianni People send confidential stuff to Gianni Gianni cannot read as he is missing the private key to decrypt … Michel reads Gianni’s messages

18 My definition of PKI “Public Key Infrastructure provides the technologies that enable practical distribution of public keys” Using CERTIFICATES

19 How to Verify a Public Key?
Two approaches: Before you use Gianni’s public key, call him or meet him and check that you have the right one Have the public key sent to you in a floppy using registered mail (if you trust registered mail) You can use the telephone (if you trust the telephone) Get someone you already trust to certify that the key really belongs to Gianni By checking for a trusted digital signature on the key That’s were certificates play a role

20 Trust Models Web-of-Trust Trusted Authority + Path of Trust (CAs)
Used by “Pretty Good Privacy” (PGP) Peer-to-peer model Individuals digitally sign each other keys You trust implicitly keys signed by some of your friends Trusted Authority + Path of Trust (CAs) Everyone trusts the root Certificate Authority (Verisign, Thawte, BT etc.) CA digitally signs keys of anyone having checked their credentials by traditional methods CA may even nominate others to be CAs – and you would trust them automatically, too

21 Trust Models Issues Web-of-trust Certification authorities
it is time-consuming, requires lots of work. end users have often difficulties to understand it Certification authorities are “big brothers” that everyone must trust but it is a simpler model, easier to deploy and manage

22 Creating a Digital Signature
Message or File Message Digest Digital Signature This is the document created by Gianni This is the document created by Gianni (Typically 128 bits) Py75c%bn 3kJfgf*£$& 3kJfgf*£$& RSA SHA, MD5 Asymmetric Encryption Generate Hash Signed Document Calculate a short message digest from even a long input using a one-way message digest function (hash) priv Signatory's private key

23 Verifying a Digital Signature
Py75c%bn Message Digest Generate Hash This is the document created by Gianni 3kJfgf*£$& Signed Document ? Compare ? Gianni's public key (from certificate) Asymmetric Decryption pub Digital Signature Py75c%bn RSA

24 Hash (Digest) Functions
MD5 and SHA Just a hash value of between 128 bits (MD5) and 512 bits of key (SHA512) Avoid using functions with less than 64 bits result

25 What is a Certificate ? The simplest certificate just contains:
A public key Information about the entity that is being certified to own that public key … and the whole is Digitally signed by someone trusted (like your friend or a CA) 2wsR46%frdEWWrswe(*^$G*^%#%#%DvtrsdFDfd3%.6,7 pub This public key belongs to Gianni Can be a person, a computer, a device, a file, some code, anything … Digital Signature Certificate

26 X.509 Certificate X.500 Subject Public Key X.500 issuer
Serial Number X.500 Subject Extensions X.500 issuer Expiration date Public Key CA Digital Signature Certificate Info Who is the owner, CN=Gianni,O=CERN,C=CH The public key or info about it Who is signing, O=CERN,C=CH See later why expiration date is important Additional arbitrary information … of the issuer, of course

27 Authentication with Certificates
Owning a Certificate of Gianni does not mean that you are Gianni Owning a Certificate does not imply you are authenticated How would you verify that the person who comes to you pretending to be Gianni and showing you a certificate of Gianni is really Gianni ? You have to challenge him ! Only the real Gianni has the private key that goes in pair with the public key in the certificate.

28 Authentication with Certificates
Denise gets Gianni’s certificate She verifies its digital signature She can trust that the public key really belongs to Gianni But is it Gianni standing if front of her, or is that Michel ? Denise challenges Gianni to encrypt for her a random phrase she generated (“I like green tables with flowers”) Gianni has (if he is the real Gianni) the private key that matches the certificate, so he responds Denise decrypts this with the public key she has in the certificate (which she trusts) and if it matches the phrase she just generated for the challenge then it must really be Gianni himself !

29 Authentication with Smartcards
A “bad” smartcard is only a dumb memory chip Containing the Certificate and the private key Both readable: You must trust the machine reading your smartcard Better than using a floppy disk A “good” smartcard is more than a memory chip Contains the Certificate, readable Contains the private key but not readable from outside. However it exposes a mechanism to challenge the knowledge of the private key by allowing the encryption of random strings using the private key A “very good” smartcard May request the user to know a PIN code to execute any encryption request (of course, now you have to protect the PIN code) May support biometric recognition and self-destruct Increased cost

30 Handling Certificates
Certificates are “safe to store” No need to protect them too much, as they are digitally signed Store anywhere, a file or a “dumb” memory-only smartcard Private keys that match the public key are strictly confidential Loosing the private key = Loosing the identity Must be very well protected Use “Protected Storage” on your OS or a “smart” smartcard that will have crypto functionality on board

31 Certification Hierarchy
You can use just one root key for signing certificates Dangerous, if that one key is compromised May not scale to large organisations Difficulty in managing responsibility Certificate Hierarchies Start with CA root cert Create more keys, sign with root key, mark as subordinate CAs Create more levels in your organisation (for departments etc.) Validating a certificate requires validating a path of trust For the size of a HEP lab, one CA root cert is enough If well managed, of course

32 Certificate Validation
Essentially, this is just checking the digital signature But you may have to “walk the path” of all subordinate authorities until you reach the root Unless you explicitly trust a subordinate CA “In Foobar We Trust” (installed root CA certificate) Public key Certificate This public key belongs to Gianni CERN Digital Signature Issued by: CERN Public key Certificate This public key belongs to CERN Foobar Digital Signature Issued by: Foobar Public key Certificate This public key belongs to Foobar Foobar Digital Signature Issued by: Foobar Check DS of CERN Check DS of Foobar

33 Certificate Revocation
(Private) keys get compromised, as a fact of life You or your CA issue a certificate revocation certificate Must be signed by the CA, of course And you do everything you can to let the world know that you issued it This is not easy Certificate Revocation Lists (CRL) are used They require that the process of cert validation actively checks the CRL and keep it up-to-date It is a non scalable process Many people disable this function This explains why Every certificate has an expiration date short expiration policies are important

34 Revoked certificates can be trusted
Gianni creates a document on March 29th He signs it and send it to Denise on April 8th On Mai 18th, he loses his private key and his certificate is revoked and published on the CRL Can Denise still trust the document as belonging to Gianni ? YES What if Denise would have received on June 29th the document dated March 29th, signed by Gianni? NO So … You can trust documents signed with revoked keys only if the date at which the document was signed is before the revocation date and it is certified by a trusted source (clearly not the revoked certificate entity)

35 Storing Certificates and Keys
Certificates need to be stored so that interested users can obtain them This is not an issue. Certificates are “public” Keys need to be stored for data recovery purposes This weakens the system, but is a necessity This is a function of most certificate servers offer Those servers are also responsible for issuing, revoking, signing etc. of certs But this requires the certificate server to generate the key pairs

36 User generates a key pair Certificate is sent to the user
Example (wrong) Public key is submitted to CA for certification User generates a key pair Certification Server pub DS Cert pub DS Cert Priv pub Certificate is sent to the user

37 This model allows key recovery
Example (Good) This model allows key recovery CA generates a key pair User request a certificate to CA Priv Priv pub CA generates certificate Certification Server pub DS Cert pub DS Cert Private Key and Certificate are sent to the user

38 Certificate Interchange
Two main routes: Server-based store to the user Protected local store or smartcard to the user Microsoft dedicates significant part of CryptoAPI to this function It works well and you may need to use it for custom apps PKCS #11 is an alternative interface used by Netscape Certs are normally packaged in a PKCS #11 (or #7) standard envelopes All PKCS #s are results of work by RSA Labs related to IETF as part of X.509 PKI group (PKIX)

39 Agenda Quick Summary on Cryptography Fundamentals of PKI
PKI Deployment

40 Certificate Authority Services
If you have a managed environment, you may want to discard the web-of-trust option If you decide to deploy a Certificate Authority, you need to make an important decision: Use a well known CA Your certs will be universally recognised but you are dependent on the trustworthiness of the CA You pay lot of $$ Establish your own CA No one except your explicitly nominated partners or clients will recognise your certs but you are in full control You may want to outsource CA services Not an economic viable option for large HEP labs

41 Understand by developing
Example On Windows CAPI (Crypto API, Cryptographic API) is the underlying API provided by the operating system Mature, Not too easy to use, Good functionality .NET Framework System.Security.Cryptography Newer, wraps CAPI functions Extremely easy to use function hashMD5 (s as string) as String dim oMD5 as New MD5CryptoServiceProvider dim byteHashInput, byteHashOutput as Byte() dim oEncode as New UnicodeEncoding byteHashInput = oEncode.GetBytes(s) byteHashOutput = oMD5.ComputeHash(byteHashInput) return (byteHashOutput.ToString) end function

42 On which grounds will you sign or not ? Will you sign every requests ?
And there is more … User request a certificate to CA CA generates a key pair Certification Server Priv pub pub DS Cert Priv On which grounds will you sign or not ? Will you sign every requests ?

43 Identity Management Process
Before signing, you need to verify what you are signing You need to authenticate users by something other than certificates Otherwise Michel can get a valid certificate for Gianni and its private key ! The strength of your verifications will define the class of the certificate you issue You may want an integrated solution with other identity management services (kerberos, verfication, …)

44 Social Problem Real-life “certificates” are well understood
What do you trust more: a US Govt passport or a membership card of the video club rental ? Digital certificates are a long way from public understanding Is Verisign Class 1 better or worse than Class 5 ? What about BT Class 2 versus Thawte Class 3? Easier if you just deploy internal PKI Use real-life names, like “passport”, “company id” etc. if possible

45 Example: Cert Classes A Class 2 digital certificate is designed for people who publish software as individuals Provides assurance as to the identity of the publisher A Class 3 digital certificate is designed for companies and other organizations that publish software Provides greater assurance about the identity of the publishing organization Class 3 digital certificates are designed to represent the level of assurance provided today by retail channels for software An applicant for a Class 3 digital certificate must also meet a minimum financial stability level based on ratings from Dun & Bradstreet Financial Services

46 Current Strength Recommendations
Your infrastructure should be ready to strengthen these at any time Minimum Recommended Symmetric Key 96 bits (avoid DES as it can do only 56, instead use AES-Rijndael or RC5) 256 bits (Rijndael, RC5 128bits, not DES) Asymmetric Key 1024 (RSA) 4096 (RSA) ECC Key 192 bits 256 bits Hash: SHA/MD5 128 bits (not 64 bits) 256 bits or more Cert Classes Class 2 Class 3 at least

47 How to chose a solution ? Look for systems
From well-know parties With published (not secret!) algorithms That generate a lot of interest That have been hacked for a few years That have been analysed mathematically Absolutely do not “improve” algorithms yourself Apply numerous security patches – this is still a “patchy” area The technology is secure, but not all people implementing it understand its complexity. This leads to bugs in the various implementations Make sure your sysadmin understand it (Employ someone to attempt a break-in)

48 Summary: Ensure that your solution …
Implements Certificate store, automated certificate generation and distribution Keys recovery as necessary for stored data Certificate expiration and revocation functionalities Offers Identity Management You need to verify users’ identity by something other than certificates The “standalone” certificate server project does not make sense Integrates smoothly with other identity management technologies (Kerberos, …) and directories If you integrate with Kerberos, you can also integrate MS-Passport You can support single sign-on and application from multiple vendor using different technologies. PKI becomes just “one of the many authentication mechanism supported” Example: Microsoft Windows server 2003 integrates active directory user management with PKI provisioning. Apache supports authentication based on Kerberos or PKI Certificates. IIS 6.0 supports authentication based on Kerberos, Passport (Kerberos) or PKI Certificates with automatic user mapping … This infrastructure allows you to move forward Trusted intranet applications, code signing, Antivirus, Secure , Secure Web, better spam fighting, anti flood mechanism, prevent DOS attacks, etc…

49 Credits and further Reading
A large fraction of the information in this presentation comes from Microsoft Tech’ed conference, in particular Rafal Lukawiecki talk SEC390 For more details, read: PKI, A. Nash et al., RSA Press, ISBN Applied Cryptography, B. Schneier, John Wiley & Sons, ISBN Foundations of Cryptography, O. Goldereich, Handbook of Applied Cryptography, A.J. Menezes, CRC Press, ISBN Cryptography in C and C++, M. Welschenbach, Apress, ISBN X (includes code samples CD)

Download ppt "An introduction to PKI and few deployment hints"

Similar presentations

Public Key Infrastructure – tell me in plain English AND THEN deep technical how PKI works Steve Lamb stephlam@microsoft.com http://blogs.technet.com/steve_lamb.

Public Key Infrastructure – tell me in plain English AND THEN deep technical how PKI works Steve Lamb
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
A-to-Z of Public Key Infrastructure (PKI)

A-to-Z of Public Key Infrastructure (PKI)
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
SEC390 A-to-Z of Public Key Infrastructure (PKI) Rafal Lukawiecki Strategic Consultant Project.

SEC390 A-to-Z of Public Key Infrastructure (PKI) Rafal Lukawiecki Strategic Consultant Project.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
An understanding of PKI and some deployment hints BY Charles Anakweze CIS532 PKI = Public Key Infrastructure.

An understanding of PKI and some deployment hints BY Charles Anakweze CIS532 PKI = Public Key Infrastructure.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

Similar presentations

Ads by Google