Presentation is loading. Please wait.

Presentation is loading. Please wait.

COEN 351 Certificates, PKI, X509 Standard. Certificates Key distribution Crucial for authentication, privacy, signing, … Public Key Technology can use.

Published byKatherine Dulcie Stafford Modified over 9 years ago

Similar presentations

Presentation on theme: "COEN 351 Certificates, PKI, X509 Standard. Certificates Key distribution Crucial for authentication, privacy, signing, … Public Key Technology can use."— Presentation transcript:

1 COEN 351 Certificates, PKI, X509 Standard

2 Certificates Key distribution Crucial for authentication, privacy, signing, … Public Key Technology can use Certificates Certificate Authority (CA) generates certificates: Certificate = (Name, Public Key) signed by CA All nodes need to be preconfigured with public key by CA.

3 Certificate Authority vs. Key Distribution Center CA in contrast to KDC: CA does not need to be online. CA not a distributed computing entity. Simpler, hence more secure. CA crash merely prevents setting up new users. Certificates are not security sensitive. They can be stored anywhere with universal read privileges. Deleting a certificate would disable the use of the public key. A compromised CA cannot read conversations, fake conversations, … However, it can issue bogus certificates. CA more secure, more convenient than KDC.

4 Certificate Revocation A certificate guarantees a public key. But public keys become unusable if the corresponding private key is stolen. Certificates should not be eternal They need an expiration date. CA needs to be able to revoke a public key.

5 Certificate Structure Certificate includes: User’s name User’s public key Expiration time Serial number of certificate CA name Issuing CA’s signature on the entire contents of the certificate.

6 Certificate Revocation Certificate Revocation List (CRL) Published periodically by each CA. Lists serial numbers of certificates that should not be honored. CRLs have issue time.

7 Certificate Revocation Push or Pull model Pull: Users access CRL remotely. Push: Broadcast CRL. Needs reliable distribution mechanism. Needs small CRL. US DoD Multi-level Information System Security Initiative (MISSI) developed a PKI for the Defense Messaging System. Used CRL broadcasting only for revocation caused by key compromises. Reliable access to all participants.

8 Certificate Revocation Make certificate revocation unnecessary by handing out only short-lived certificates.

9 Certificate Revocation Lists  CRLs CRLs can be very large. Publish mostly only a  -list.  -list can be very short, often empty. Users update their private copy of the CRL. From time to time, publish a full list, or give one only to new users.

10 Certificate Revocation Lists First Valid Certificate Goal: Allow to compress CRLs. Certificates have no expiration date. CRL contains a first valid certificate field. All certificates with a serial number lower than the valid certificate field are invalid.

11 Certificate Revocation Lists On-Line Revocation Service (OLRS) System can be queried over the net whether a certificate is invalid. If unavailable, Alice can choose to accept certificates on trust. OLRS certificates OLRS can issue a certificate stating: “Bob’s certificate is valid as of 6:05 GMT, January 20, 2005.”

12 Certificate Revocation Lists Good Lists vs. Bad Lists Good lists are much bigger. Good list publishes all licenses. Hence, good list contains hashes of certificates. Good lists solve one security problem: A CA employee can issue a bogus certificate off the books, possibly reusing a valid serial number. The bogus certificate cannot be put on the bad list, but the good list can be audited.

13 Certification Paths Alice wants to communicate with Bob: Bob has a certificate from Cristal. Alice does not know Cristal. Therefore, Alice needs a certificate of Crystal’s public key. Crystal has a certificate from Dan. Alice does not know Dan. Therefore Alice needs a certificate of Dan’s public key. …

14 Trust Anchors Alice needs to trust someone in the certificate chain. AliceBobCrystalDanEveFred Microsoft

15 Certificate Authorities Organization might have its own Certificate Authority. Independent Certificate Authorities are like notaries: Trusted. Disinterested. Attesting to designated facts.

16 Public Key Infrastructure PKI consists of the components necessary to securely distribute public keys. Certification Authorities Repository for retrieving certificates Method of revoking certificates Method of evaluation a chain of certificates

17 Public Key Infrastructure Issuer: signs certificate with name and key. Subject: name contained in a certificate. Target: The name in the name-key association that someone wants to trust. Verifier / Relying Party: Evaluator of a chain of certificates. Principal: Anyone with a public key. Trust Anchor: public key that someone has decided to always trust.

18 PKI Trust Models Monopoly: There is one single CA in the world. Vatican, US government, UN, Microsoft, Sun, Verisign, Chief rabbinate, … The key of the universal trust anchor could never be changed without causing mayhem. CA needs to verify every-one.

19 PKI Trust Model Monopoly + Registration Authorities (RA) Monopolistic CA chooses RAs all over the world. RA authenticate and issue certificates accordingly. RA receive a certificate signed by the CA. In principle, a CA could check on what a RA does, but in general, they just rubber-stamp.

20 PKI Trust Model Monopoly + Delegated CA Monopolistic CA issues certificates to other CAs. Vouching for keys and vouching for trustworthiness. CAs issue their own certificates.

21 PKI Trust Model Oligarchy Allow for some / many root CAs Used in web browsers. Any wrongdoing at any of these CAs can cause serious trouble.

22 PKI Trust Model Verisign once certified Microsoft fraudulently.

23 PKI Trust Model Anarchy Used by PGP Users configure trust anchors, use rules on when to trust, … Everyone can issue certificates.

24 PKI Trust Model Name constraints Use internet name space. CA only trusted within a certain domain. SCU CA to be trusted with certifying SCU students, but not to be trusted with gwbush@whitehouse.com.

25 PKI Trust Model Top-Down with name constraints Monopolistic: there is one root key. CAs responsible for their namespace. root.com.gov.edu.fr.uk.de.ucsc.edu.scu.edu.coen

26 PKI Trust Model Bottom up with name constraints SCU can set up their own CA. So can UCSC. Eventually, they want to cross-link. Business opportunity to provide cross- link certification service, but business subject to competition.

27 Certificate Policies Certificates can spell policies that limit the use of the certificate.

28 Certification Storage With Issuer With Subject In a certificate repository. Choice depends on the PKI model.

29 Certificate Generation Creation of public / private key. Subject authentication

30 Certificate Distribution Certificate can Accompany signature Distributed via web services

31 X.509 Certificate Format X.509 Version Number Serial Number Signature Algorithm Identifier Issuer (X.500 Name) Validity Period (Start – Expiration dates / times) Subject (X.500 Name) Subject Public Key Information: Algorithm Identifier, Public Key Value Issuer Unique Identifier Subject Unique Identifier CA Digital Signature

32 X.500 Names X.500 Name in Adobe Acrobat Digital Signature

33 X.500 Names Root USA CA = US Santa Clara University O = Santa Clara University Department of Computer Engineering OU = Department of Computer Engineering Thomas Schwarz, S.J. CN = Thomas Schwarz, S.J. Attributes: Telephon = 551-6064 email = tjschwarz @scu.edu title = Associate Professor DN = {C=US, O=Santa Clara University, OU = Department of Computer Engineering, CN = Thomas Schwarz, S.J.}

34 X.500 Names X.500 directory consists of a set of entries. Each entry is associated with one real-world object. Person Device Organization Each object has a distinguished name (DN). Entry also has a set of attributes.

35 X.500 Names Entries logically organized in a directory tree. Directory Information Tree (DIT) Entries have attributes. Each link in the directory tree is labeled by an attribute type and a relative distinguished name (RDN). C ~ Country O ~ Organization OU ~ Organizational Unit CN ~ Common Name Distinguished names are formed by concatenating the labels on the way from root to the object.

36 X.500 Names Root USA CA = US Santa Clara University O = Santa Clara University Department of Computer Engineering OU = Department of Computer Engineering Thomas Schwarz, S.J. CN = Thomas Schwarz, S.J. Attributes: Telephon = 551-6064 email = tjschwarz @scu.edu title = Associate Professor DN = {C=US, O=Santa Clara University, OU = Department of Computer Engineering, CN = Thomas Schwarz, S.J.}

37 X.500 Names X.500 names are unique, but can be reused. I leave SCU, and ten years later they hire another Thomas Schwarz, S.J. Unlikely in my case, more likely for John Smith. This can be resolved by using two attributes as labels: CN = Thomas Schwarz, S.J. EN = 000023812 This is the reason why X.509 uses unique identifiers. Even though they are difficult to administer.

38 X.509 Certificate Format X.509 Version Number Serial Number Signature Algorithm Identifier Issuer (X.500 Name) Validity Period (Start – Expiration dates / times) Subject (X.500 Name) Subject Public Key Information: Algorithm Identifier, Public Key Value Issuer Unique Identifier Subject Unique Identifier CA Digital Signature

39 X.509 Certificate Format X.509 uses identifiers for the methods used to form Issuer signature, Certified public key. These methods are objects that need to be registered. Objects have unique names, based on the Abstract Syntax Notation 1 Standard.

40 ASN.1 Based on hierarchical structure. Top level uses integer values: 0 ITU-use 1 ISO use 2 joint ITU-ISO use. Second level depends on first level for different standards administered by the unit. Under 2, 16 specifies country. Under 2, 16, 840 specifies US.

41 ASN.1 Based on hierarchical structure. Top level uses integer values: 0 ITU-use 1 ISO use 2 joint ITU-ISO use. Second level depends on first level for different standards administered by the unit. Under 2, 16 specifies country. Under 2, 16, 840 specifies US.

42 ASN.1 012012 16 (country) 840 (USA) 1 (Organization) 1589932 SCU 35 COEN 1 Algorithms 1 SuperSchwarz1 Object-Identifier: {joint-iso-itu-t (2) country (16) us (840) organization (1) SCU (1589932) COEN (35) Algorithms (1) SuperSchwarz1 (1) }

43 ASN.1 It can happen that the same object gets different names. The lower ranks of the tree are not administered centrally.

44 X.509 Certificate Format Naming is a problem. S/MIME uses X.509 certificates. Needs to associate certificates with email addresses. Insists that the name contains a component email=tjschwarz@scu.edu. Only reads this component. Later versions require to put email address under SUBJECTALTNAME.

45 X.509 Certificate Format Naming is a problem. SSL has a similar problem. URLs use the DNS system, not X.500 Some browsers give up, just check whether the certificate is validly signed! Others insist that CN portion contains the DNS name.

46 X.509 Certificate Format Naming is a problem. X.509 directory service largely non- existent. DNS exists.

47 X.509 Certificate Format X.509 Version 3: Single subject needs various public keys and hence various certificates. Application-specific naming Certificates have different levels of security, hence different levels of trust.

48 X.509 Certificate Format X.509 Version 3: Adds an extension field. Extension field can contain various entries.

49 X.509 v.3 Certificate Format X.509 Version Number = 3 Serial Number Signature Algorithm Identifier Issuer (X.500 Name) Validity Period (Start – Expiration dates / times) Subject (X.500 Name) Subject Public Key Information: Algorithm Identifier, Public Key Value Issuer Unique Identifier Subject Unique Identifier Extensions CA Digital Signature Extension Type Criticality Extension Field Value

50 X.509 v.3 Certificate Format Naming no longer restricted to X.500 naming system.

51 X.509 v.3 Certificate Format New set of standard extensions. Key information. Policy information. Subject and issuer attributes. Certification path constraints. Extensions related to CRLs.

52 PKIX Working group established by IETF in 1994. PKIX recommended extensions: AuthorityKeyIdentifier SubjectKeyIdentifier KeyUsage PrivateKeyUsagePeriod CertificatePolicies PolicyMappings SubjectAltName

53 PKIX PKIX recommended extensions: IssuerAltName SubjectDirectoryAttribute BasicConstraints NameConstraints PolicyConstraints ExtendedKeyUsage CRLDistributionPoints InhibitAnyPolicy FreshestCRL AuthorityInfoAccess SubjectInfoAccess

54 PKIX CRL CRL entry contains Signature Issuer ThisUpdate (time CRL was issued.) NextUpdate UserCertificate RevocationDate CRLEntryExtensions CRLExtensions AlgorithmIdentifier Encrypted Repeats for each entry.

55 PKIX Online Certification Status Protocol Implements online status checking for certificates. Real-time status checks. But data is valid for a validity window.

56 Other Standards PBP standard WAP WTLS Replaces ASN.1 names with simpler ones. DNSSEC A type of a certificate for DNS environment only. SPKI (Simple PKI) RFC 2693,

Download ppt "COEN 351 Certificates, PKI, X509 Standard. Certificates Key distribution Crucial for authentication, privacy, signing, … Public Key Technology can use."

Similar presentations

DIGITAL CERTIFICATES Prof. Ravi Sandhu. 2 © Ravi Sandhu PUBLIC-KEY CERTIFICATES reliable distribution of public-keys public-key encryption sender needs.

DIGITAL CERTIFICATES Prof. Ravi Sandhu. 2 © Ravi Sandhu PUBLIC-KEY CERTIFICATES reliable distribution of public-keys public-key encryption sender needs.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.4 Public Key Infrastructure (PKI) Acknowledgment: Slides revised from.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.4 Public Key Infrastructure (PKI) Acknowledgment: Slides revised from.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Cryptography and Network Security Chapter 14

Cryptography and Network Security Chapter 14
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Certificates Last Updated: Aug 29, 2013. A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.

Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
1 Lecture 13: Public Key Infrastructure terms PKI trust models –monopoly with registration authorities with delegated certificate authorities –oligarchy.

1 Lecture 13: Public Key Infrastructure terms PKI trust models –monopoly with registration authorities with delegated certificate authorities –oligarchy.
COEN 350 Public Key Infrastructure. PKI Task: Securely distribute public keys. Certificates. Repository for retrieving certificates. Method for revoking.

COEN 350 Public Key Infrastructure. PKI Task: Securely distribute public keys. Certificates. Repository for retrieving certificates. Method for revoking.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
1 ISA 562 Information Systems Theory and Practice 10. Digital Certificates.

1 ISA 562 Information Systems Theory and Practice 10. Digital Certificates.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
Report on Attribute Certificates By Ganesh Godavari.

Report on Attribute Certificates By Ganesh Godavari.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.

Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Slide 1 Many slides from Vitaly Shmatikov, UT Austin Public-Key Infrastructure CNS F2006.

Slide 1 Many slides from Vitaly Shmatikov, UT Austin Public-Key Infrastructure CNS F2006.

Similar presentations

Ads by Google