Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Implementing Public Key Infrastructures Dr. Oliver Pfaff Siemens AG KEMA Seminar "Utility Communications “ June 2003 ...
Contents of this Presentation  <ul><li>Setting-the-scene  </li></ul><ul><li>Introducing PKI  </li></ul><ul><li>Exploring P...
Setting-the-Scene How to Trust? <ul><li>Trust is fundamental in IT: </li></ul><ul><ul><li>RFC 2828 defines trust as:  The ...
Setting-the-Scene  What are Authentication-Enabled Services? Authentication Encryption Thwart active attacks Single-Sign-O...
Setting-the-Scene  How to Advance Authentication? Non-cryptographic Cryptographic Keyed checksums allow to verify the auth...
Setting-the-Scene  Is Cryptography the Final Answer? <ul><li>Good news: cryptography is a means to provide authentication....
Introducing PKI  What is Public Key Cryptography? <ul><li>Public key cryptography employs pairs of related keys: </li></ul...
Introducing PKI  What is Public Key Infrastructure? <ul><li>Unfortunately, the term Public Key Infrastructure (PKI) is int...
Introducing PKI What Are Public Key Certificates? <ul><li>Thus, certificates are persistent carriers for public keys along...
Introducing PKI  Which PKI Technologies Exist? Attribute/ authorization <ul><li>Attribute certificates:  </li></ul><ul><ul...
Exploring   PKI Which Duties Does PKI Have? <ul><li>Certification request </li></ul><ul><ul><li>Process applications for p...
Exploring   PKI  Which Entities Comprise a PKI?  Infrastructure Applications End entity ( subscribing ) PKI stub End entit...
Exploring PKI  How to Interface with Applications?  <ul><li>New approach: </li></ul><ul><ul><li>Multi-tier: delegate the p...
Exploring PKI How to Interface with Smart-Cards? Network Data object Generate checksum Validate checksum Data object Check...
Exploring PKI How to Interface with Identity Management? <ul><li>Identity management is concerned with the lifecycle of di...
Exploring PKI How to Cross Organization Boundaries? <ul><li>Hierarchical PKI domains </li></ul><ul><ul><li>Tree structure ...
Lessons-Learnt  How to Deploy PKIs? <ul><li>In-house PKI: </li></ul><ul><ul><li>Implement required infrastructure componen...
Lessons-Learnt What Happened Until Now? <ul><li>During its hype there was hope for ‘ubiquitous PKI‘. This has not happened...
Lessons-Learnt  What Should Be On Your Checklist?  <ul><li>Strategy / commitment </li></ul><ul><ul><li>PKI project mission...
Lessons-Learnt   What Can PKI Do For You? <ul><li>Support of signer identification  </li></ul><ul><ul><li>Symmetric scheme...
Conclusions <ul><li>Applications deploying public key cryptography need to assure the authenticity of public keys: </li></...
Author Information <ul><li>Dr. Oliver Pfaff </li></ul><ul><li>ICN EN SNS TNA 4 </li></ul><ul><li>Mail: oliver.pfaff@siemen...
Upcoming SlideShare
Loading in …5
×

Implementing Public-Key-Infrastructures

1,676 views

Published on

Published in: Technology, Education
  • Be the first to comment

Implementing Public-Key-Infrastructures

  1. 1. Implementing Public Key Infrastructures Dr. Oliver Pfaff Siemens AG KEMA Seminar &quot;Utility Communications “ June 2003 , Amsterdam, Netherlands
  2. 2. Contents of this Presentation <ul><li>Setting-the-scene </li></ul><ul><li>Introducing PKI </li></ul><ul><li>Exploring PKI </li></ul><ul><li>Lessons-learnt </li></ul><ul><li>Conclusions </li></ul><ul><li>Appendix: success stories </li></ul>
  3. 3. Setting-the-Scene How to Trust? <ul><li>Trust is fundamental in IT: </li></ul><ul><ul><li>RFC 2828 defines trust as: The extent to which someone who relies on a system can have confidence that the system meets its specifications. </li></ul></ul><ul><li>What is needed for trust in IT? </li></ul><ul><ul><li>Ability to determine the source of information as well as its integrity. </li></ul></ul><ul><ul><li>This property is called authentication. </li></ul></ul><ul><li>The need for authentication is ubiquitous in IT: </li></ul><ul><ul><li>Literally all kinds of IT-systems do have some inherent understanding of authentication. </li></ul></ul><ul><ul><li>Quite often this is as simple as: </li></ul></ul><ul><ul><ul><li>... we believe anything coming across this interface to be authentic ... </li></ul></ul></ul><ul><ul><ul><li>I.e. authentication might be defined by a condition that is always true. </li></ul></ul></ul>
  4. 4. Setting-the-Scene What are Authentication-Enabled Services? Authentication Encryption Thwart active attacks Single-Sign-On Transfer authentication Access control Determine authorization Non-repudiation Validate and interpret evidence Privacy Enforce policies Digital rights management Control content distribution
  5. 5. Setting-the-Scene How to Advance Authentication? Non-cryptographic Cryptographic Keyed checksums allow to verify the authenticity of data objects Shared secrets Allow origin authentication; do not bind exchanged information Classical codes Provide protection against transmission errors; not against intentional attacks Biometrics Can authenticate human beings; not IT-systems or data objects In-band Supplementary information via secondary channel Supplementary information attached with payload Out-of-band Used in various scenarios; not generic due to availability, cost, handling issues Our focus
  6. 6. Setting-the-Scene Is Cryptography the Final Answer? <ul><li>Good news: cryptography is a means to provide authentication... </li></ul><ul><li>Bad news: ...supposed the keying associations between the peers are authentic </li></ul>Alice‘s signature key 10100101001010100111... Verification key for Alice 01010101001 010010... Alice Bob I love You! I love You! Check- sum I love You! Check- sum O K? Network Verification key for attacker 0000000000000000 ... Attacker‘s signature key 111111111111111 ... I hate You! I hate You! Check- sum Attacker Intercept, exchange message I hate You! Check- sum 000000000000000 ... Replace key value
  7. 7. Introducing PKI What is Public Key Cryptography? <ul><li>Public key cryptography employs pairs of related keys: </li></ul><ul><ul><li>Private keys Kept secret by their owners. </li></ul></ul><ul><ul><li>Public keys Made widely available (without loss of security). </li></ul></ul><ul><li>Public key cryptography supports a variety of security services including: </li></ul><ul><ul><li>Authentication: </li></ul></ul><ul><ul><ul><li>Entity authentication </li></ul></ul></ul><ul><ul><ul><li>Message / document authentication with signer identification </li></ul></ul></ul><ul><ul><li>Encryption </li></ul></ul>Encryption pattern: Authentication pattern: Generate checksum Validate checksum Encrypt data Decrypt data Plain text Cipher text Plain text Private key Public key Check sum O K? Private key Public key Data object Data object
  8. 8. Introducing PKI What is Public Key Infrastructure? <ul><li>Unfortunately, the term Public Key Infrastructure (PKI) is interpreted in various ways throughout the community. This requires a working definition for this presentation: </li></ul><ul><ul><li>Motivation: The term PKI essentially comprises two parts, 'public key' and ‘infrastructure‘: </li></ul></ul><ul><ul><ul><li>Public key </li></ul></ul></ul><ul><ul><ul><ul><li>A concept in cryptography, denoting a key that may be made public. </li></ul></ul></ul></ul><ul><ul><ul><li>Infrastructure </li></ul></ul></ul><ul><ul><ul><ul><li>A notion denoting resources that are required for an activity. </li></ul></ul></ul></ul><ul><ul><li>Working definition: PKI comprises techniques and services to safeguard the authenticity of public keys in distributed IT-systems . </li></ul></ul>
  9. 9. Introducing PKI What Are Public Key Certificates? <ul><li>Thus, certificates are persistent carriers for public keys along with supplementary information. </li></ul>Public key <ul><li>Public key certificates explicitly bind supplementary information to public keys. This binding is usually lasting. </li></ul>Key holder, authorization s ... <ul><li>To be useful, public keys need to be augmented by supplementary information (e.g. about key holder, authorizations). </li></ul>Signature <ul><li>Its contents are protected by a cryptographic checksum for protection against manipulation. </li></ul>
  10. 10. Introducing PKI Which PKI Technologies Exist? Attribute/ authorization <ul><li>Attribute certificates: </li></ul><ul><ul><li>Bind entity IDs and attributes </li></ul></ul><ul><ul><li>Represent attribute claims; proof via private-key-possession </li></ul></ul><ul><ul><li>E.g. X.509, PKIX </li></ul></ul>Attribute certificate <ul><li>Authorization-oriented PKI technologies: </li></ul><ul><li>Authorization certificates </li></ul><ul><ul><li>Bind authorizations and public keys </li></ul></ul><ul><ul><li>Represent authorization claims; proof via private-key-possession </li></ul></ul><ul><ul><li>E.g. SPKI </li></ul></ul>Authorization certificate Public key Entity ID <ul><li>Identity-oriented PKI technologies: </li></ul><ul><li>Identity certificates: </li></ul><ul><ul><li>Bind entity IDs and public keys </li></ul></ul><ul><ul><li>Represent identity claims; proof via private-key-possession </li></ul></ul><ul><ul><li>E.g. X.509, PEM, PGP, PKIX </li></ul></ul>Identity certificate
  11. 11. Exploring PKI Which Duties Does PKI Have? <ul><li>Certification request </li></ul><ul><ul><li>Process applications for public key certificates </li></ul></ul><ul><li>Certificate generation </li></ul><ul><ul><li>Issuance of public key certificates according given certification practices </li></ul></ul><ul><li>Certificate use </li></ul><ul><ul><li>Provisioning of public key certificates </li></ul></ul><ul><ul><li>Provisioning of certificate status information </li></ul></ul><ul><li>Certificate revocation </li></ul><ul><ul><li>Exceptional premature termination </li></ul></ul><ul><li>Certificate termination </li></ul><ul><ul><li>According validity period or upon revocation event </li></ul></ul>Certificate generation Certificate use Certificate termination Certificate revocation Certification request
  12. 12. Exploring PKI Which Entities Comprise a PKI? Infrastructure Applications End entity ( subscribing ) PKI stub End entity (relying) PKI stub <ul><li>Application entities – use PKI services: </li></ul><ul><ul><li>Subscribing party </li></ul></ul><ul><ul><ul><li>Owns and employs private keys </li></ul></ul></ul><ul><ul><ul><li>Owns public key certificates </li></ul></ul></ul><ul><ul><li>Relying party </li></ul></ul><ul><ul><ul><li>Employs public keys (via certificate) </li></ul></ul></ul>RA Repository CA <ul><li>Infrastructure entities - supply PKI services: </li></ul><ul><ul><li>RA - Registration Authority </li></ul></ul><ul><ul><ul><li>Processes registration requests </li></ul></ul></ul><ul><ul><li>CA - Certification Authority </li></ul></ul><ul><ul><ul><li>Issues public key certificates </li></ul></ul></ul><ul><ul><li>Repository </li></ul></ul><ul><ul><ul><li>Supports certificate and CRL distribution </li></ul></ul></ul>
  13. 13. Exploring PKI How to Interface with Applications? <ul><li>New approach: </li></ul><ul><ul><li>Multi-tier: delegate the processing of public key certificates to XKMS / SCVP services. </li></ul></ul><ul><ul><li>Lean PKI clients: simpler to PKI-enable applications. </li></ul></ul><ul><ul><li>Easier to enforce uniform policies. </li></ul></ul>Trusted certificates, policies RA Repository CA XKMS / SCVP service Path construction Path validation Status checking End entity (relying) XKMS / SCVP integration XKMS / SCVP configuration <ul><li>Traditional approach : </li></ul><ul><ul><li>2-tier: end entities vs. PKI services </li></ul></ul><ul><ul><li>Fat PKI clients: difficult and costly to PKI- enable applications. </li></ul></ul><ul><ul><li>Hard to enforce uniform, domain-wide trust policies. </li></ul></ul>End entity (relying) RA Repository CA Path construction Path validation Status checking Trusted certificates, policies
  14. 14. Exploring PKI How to Interface with Smart-Cards? Network Data object Generate checksum Validate checksum Data object Check- sum Data object Check- sum O K? Authentication Public key certificate Infrastructure Applications PKI RA Repository CA As above PKCS#11, MS-CAPI... Smart-Cards Keying association Keys Cert
  15. 15. Exploring PKI How to Interface with Identity Management? <ul><li>Identity management is concerned with the lifecycle of digital identity information for users. </li></ul><ul><li>Identity-oriented PKI technologies such as PKIX bind entity identifiers and public keys: </li></ul><ul><ul><li>Inventing an own identity management for PKIs – from the scratch - should be avoided. </li></ul></ul><ul><ul><li>Present identity management services and resources should be integrated with PKI services. </li></ul></ul><ul><li>distinguishedName </li></ul><ul><li>org </li></ul><ul><li>orgUnit </li></ul><ul><li>surname </li></ul><ul><li>givenName </li></ul><ul><li>commonName </li></ul><ul><li>serialNumber </li></ul><ul><li>subjectAltName </li></ul><ul><li>kerberosPrincipalName </li></ul><ul><li>rfc822Name </li></ul>Identity management HR IT ... PKI RA Repository CA
  16. 16. Exploring PKI How to Cross Organization Boundaries? <ul><li>Hierarchical PKI domains </li></ul><ul><ul><li>Tree structure with dedicated CAs: single root CA, multiple subordinate CAs (employing intra-domain cross certification) </li></ul></ul><ul><ul><li>Examples: PEM-PKI, PKIX-based enterprise PKIs </li></ul></ul><ul><li>Autonomic PKI domains </li></ul><ul><ul><li>Multiple independent and unrelated PKI hierarchies </li></ul></ul><ul><ul><li>Example: PKIs for Web server authentication </li></ul></ul><ul><li>Federal PKI domains </li></ul><ul><ul><li>Multiple PKI hierarchies in cooperation </li></ul></ul><ul><ul><li>Example: inter-domain cross-certified PKI hierarchies, bridge CA models </li></ul></ul><ul><li>User-centric PKI domains </li></ul><ul><ul><li>Non-hierarchical: each participant may certify public keys of others </li></ul></ul><ul><ul><li>Example: PGP-PKI (Web-of-trust) </li></ul></ul>
  17. 17. Lessons-Learnt How to Deploy PKIs? <ul><li>In-house PKI: </li></ul><ul><ul><li>Implement required infrastructure components (RA, CA, repository) yourself </li></ul></ul><ul><ul><li>Maximal control; tailored services and assurances </li></ul></ul><ul><ul><li>Significant fixed-cost expenditures for hardware, software, personnel, implementation, operations... </li></ul></ul><ul><li>Outsourced PKI: </li></ul><ul><ul><li>Obtain RA and CA services from provider (opt. repository services too) </li></ul></ul><ul><ul><li>Limited control; standard services and assurances </li></ul></ul><ul><ul><li>Expenditures correlate to the number of certificates issued </li></ul></ul><ul><li>Mixed models: </li></ul><ul><ul><li>E.g. implement RA, repository yourself; obtain CA services from provider </li></ul></ul><ul><ul><li>Retains control of certificate issuance </li></ul></ul><ul><ul><li>Reduced fixed-cost expenditures for integration with third-party CA plus costs correlating to the number of certificates issued </li></ul></ul>
  18. 18. Lessons-Learnt What Happened Until Now? <ul><li>During its hype there was hope for ‘ubiquitous PKI‘. This has not happened yet: </li></ul><ul><ul><li>PKIs for large and diverse populations have not materialized until now </li></ul></ul><ul><ul><li>PKIs for smaller or less diverse populations are emerging: </li></ul></ul><ul><ul><ul><li>Enterprise PKI, ID-card projects </li></ul></ul></ul><ul><ul><li>PKIs for dedicated purposes are well-established: </li></ul></ul><ul><ul><ul><li>PKIs for Web server authentication </li></ul></ul></ul><ul><li>Reasons include: </li></ul><ul><ul><li>PKIs for large and diverse populations: </li></ul></ul><ul><ul><ul><li>User awareness and demand </li></ul></ul></ul><ul><ul><ul><li>Compelling business cases </li></ul></ul></ul><ul><ul><li>PKIs for smaller or less diverse populations: </li></ul></ul><ul><ul><ul><li>PKI is somewhat invasive requiring a spread in employment and use </li></ul></ul></ul><ul><ul><ul><li>Organizations need to think global, act local </li></ul></ul></ul><ul><ul><li>PKIs for dedicated purposes: </li></ul></ul><ul><ul><ul><li>Specific constraints ease introduction </li></ul></ul></ul>
  19. 19. Lessons-Learnt What Should Be On Your Checklist? <ul><li>Strategy / commitment </li></ul><ul><ul><li>PKI project mission / vision </li></ul></ul><ul><ul><li>Management support </li></ul></ul><ul><li>Business processes alignment </li></ul><ul><ul><li>Target processes / applications </li></ul></ul><ul><ul><li>Target community </li></ul></ul><ul><li>Technical implementation </li></ul><ul><ul><li>PKI technologies, services, key and certificate profiles... </li></ul></ul><ul><li>Technical integration </li></ul><ul><ul><li>PKI applications, security token technologies, other infrastructure </li></ul></ul><ul><li>Operations </li></ul><ul><ul><li>PKI processes </li></ul></ul><ul><ul><li>Change management, new applications </li></ul></ul><ul><li>Human factors </li></ul><ul><ul><li>Training of providers and users </li></ul></ul><ul><ul><li>PKI understanding </li></ul></ul><ul><li>Be also aware of pitfalls </li></ul><ul><ul><li>Misconceptions </li></ul></ul><ul><ul><ul><li>Certificates  signature </li></ul></ul></ul><ul><ul><ul><li>Certificates are created using signatures (and vice versa) </li></ul></ul></ul><ul><ul><ul><li>Certificates  authentication </li></ul></ul></ul><ul><ul><ul><li>Certificates do not authenticate the claims they represent </li></ul></ul></ul><ul><ul><li>Negligence </li></ul></ul><ul><ul><ul><li>Certificates are not routinely checked or attributes ignored </li></ul></ul></ul><ul><ul><ul><li>Signature protects contents of a certificate, but not the integrity of a set of certificates. </li></ul></ul></ul>
  20. 20. Lessons-Learnt What Can PKI Do For You? <ul><li>Support of signer identification </li></ul><ul><ul><li>Symmetric schemes do not support an unambiguous signer identification. </li></ul></ul><ul><li>Capability to support non-repudiation </li></ul><ul><ul><li>Digital signatures and underlying PKI support non-repudiation services by delivering evidence generation and validation. </li></ul></ul><ul><ul><li>But they do not provide non-repudiation since they do not define evidence interpretation. Non-repudiation policies need to be established in addition to digital signatures and underlying PKI. </li></ul></ul><ul><li>Reducing third party trust </li></ul><ul><ul><li>Functional trust in third parties sufficient for asymmetric schemes. </li></ul></ul><ul><ul><li>Symmetric schemes require unconditional trust in third parties. </li></ul></ul><ul><li>Sharing / distribution of credentials representing ‘entity ID and key’ bindings </li></ul><ul><ul><li>Symmetric schemes require secrecy of ‘entity ID and key’ bindings. </li></ul></ul><ul><li>Cost sharing for the management of such credentials </li></ul><ul><ul><li>Symmetric schemes prohibit large scale resource and cost sharing. </li></ul></ul>
  21. 21. Conclusions <ul><li>Applications deploying public key cryptography need to assure the authenticity of public keys: </li></ul><ul><ul><li>PKI provides measures to achieve this goal. </li></ul></ul><ul><ul><li>PKI is an enabling infrastructure for public key based IT-security services: </li></ul></ul><ul><ul><ul><li>It provides key management services for public keys. </li></ul></ul></ul><ul><ul><ul><li>Its main value proposition are persistent document authentication services with support for non-repudiation. </li></ul></ul></ul><ul><ul><li>PKI credentials such as certificates may be widely employed allowing cost sharing for the management of such objects. </li></ul></ul>
  22. 22. Author Information <ul><li>Dr. Oliver Pfaff </li></ul><ul><li>ICN EN SNS TNA 4 </li></ul><ul><li>Mail: oliver.pfaff@siemens.com </li></ul><ul><li>Phone: +49.89.722.53227 </li></ul><ul><li>Mobile: +49.172.8250805 </li></ul>

×