Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Security Services in Information Systems
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Digital Certificates
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez What is a Digital Certificate? Electronic counterparts to driver licenses,passports. Enable individuals and organizations to secure business and personal transactions across communication networks.
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez How do they secure the data? Authentication Integrity Encryption Token verification
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez What certificates are typically used for Secure channel TLS / SSL for web servers Sign s Authentication Code signing Encrypt files (EFS in Windows/2000) IPsec (encrypt network layer)
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Certificates and PKI qA public key certificate consists of some payload and a digital signature over this data. qThe certificate payload consists of a public key and some additional data (e.g. subject and issuer information, validity period, privileges, attributes etc.). qThe digital signature binds these additional data to the public key. qIt is the responsibility of a PKI (Public Key Infrastructure) to generate, distribute, and manage certificates. Signature Public key Additional data: attributes, privileges, etc. Digitally signed hash value
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Certificates Certified Entity CA Verifier FJRRH
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Real World Analogies Is a certificate an “electronic identity”? Concerns –a certificate is a binding between an identity and a key, not a binding between an identity and a real person –one must submit its certificate to identify itself, but submission is not sufficient, the key must be used in a protocol –anyone can submit someone else’s certificate
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Real World Analogies Result: Certificates are not picture IDs So, what is the real world analogy for certificates? –Endorsed document/card that serves as a binding between the identity and signature
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Issues Related Certificates TRUST –verifiers must trust CAs –CAs need not trust the certified entities –certified entity need not trust its CA, unless it is not the verifier What is “trust” in certification systems? –Answer to the question: “How correct is the certificate information?” –related to certification policies
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Issues Related Certificates Certificate Revocation –certificates have lifetimes, but they may be revoked before the expiration time –Reasons: certificate holder key compromise/lost CA key compromise end of contract (e.g. certificates for employees) –Certificate Revocation Lists (CRLs) hold the list of certificates that are not expired but revoked each CA periodically issues such a list with digital signature on it
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Digital Certificate - Lifecycle Key Pair Generated Certificate Issued Certificate valid and in use Private Key compromised Certificate Expires Recertify Certificate Revoked Keypair Expired
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez X.509 ITU-T standard (recommendation) –ISO is the equivalent ISO standard part of X.500 family for “directory services” –distributed set of servers that store user information an utopia that has never been carried out –X.509 defines the authentication services and the pubic-key certificate structure (certificates are to be stored in the directory) –so that the directory would contain public keys of the users
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez X.509 Defines identity certificates –attribute (authorization) certificates are added in 4 th edition (2000) Defines certificate structure, not PKI Supports both hierarchical model and cross certificates End users cannot be CAs
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez X.509 Certificate Format
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez X.509v3 Extensions Not enough flexibility in X.509 v1 and v2 –mostly due to “directory” specific fields –real-world security needs are different /URL names should be included in a certificate key identification was missing (so should be included) policy details should indicate under which conditions a certificate can be used (was not the case in v1 and v2) avoidance of blind trust was not possible in v1 and v2 Rather than explicitly naming new fields a general extension method is defined –extensions consist of extension identifier, value and criticality indicator
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Key and policy information –subject & issuer key identifiers –indicators of certificate policies supported by the cert –key usage (list of purposes like signature, encryption, etc) Alternative names, in alternative formats for certificate subject and issuer Certificate path constraints (for CA to CA certs) –to restrict certificate issuance based on path length (restricting number of subordinate CAs) policy identifiers names Verifier could exercise its own restrictions during verification as well –No blind trust to CAs X.509v3 Extensions
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Main parts of a digital certificate system Request and issue certificates (different categories) with verification of identity Storage of certificate (including the private key) Publishing of certificates (public part) to anyone (LDAP, HTTP) Pre-install root certificates in a trusted environment Support by platform, applications and services to use certificates Maintain database of issued certificates (no private keys!) Helpdesk (information, lost + compromised private keys) Publishing of CRLs (and enforce apps to do revocation checking)
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez X.509 Certificate Format
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Certification Authority
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Certification Authority(CA) Trusted entity which issue and manage certificates for a population of public-private key-pair holders. A digital certificate is issued by a CA and is signed with CA’s private key.
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez CA X Y CRL Verifica certificado ? ? 1235 Verifica CRL
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez CA Policies CA certification policies (Certificate Practice Statement) –how reliable is the CA? –certification policies describe the methodology of certificate issuance –ID-control practices loose control: only address tight control: apply in person and submit picture IDs and/or hard documentation
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Arquitectura típica de una AC Certificate Distribution
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez VeriSign Certificates Several companies provide CA services: Nortel, GTE, U.S. Postal Service and VeriSign among others. Of those, the most widely used is the latter. Over 35K commercial WEB sites were using VeriSign digital certificates as early as Over a million consumer digital certificates had been issued to users of Netscape and Microsoft browsers. VeriSign Class1 certificate cost: U.S. $14.95 per year, or free 60-day trial edition
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez VeriSign Certificates There are three classes of VeriSign certificates: a)Class 1. VeriSign confirms the user’s address by sending a PIN and Digital ID pick-up to the address provided in the application. b)Class 2. VeriSign uses a consumer database in addition to performing the checkings of class 1. Confirmation is sent to the specific postal address alerting the customer that his/her certificate is ready for pick-up. c)Class 3. VeriSign requires a higher level of identity assurance. An individual must prove his/her identity by providing notarized credentials and/or applying in person.
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Public Key Infrastructure
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Organization-wide PKI Local PKI for organizations –may have global connections, but the registration facilities remain local –generally to solve local problems local secure access to resources
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez PKI Business Practice: Issue certificates and make money –several CAs Several CAs are also necessary due to political, geographical and trust reasons 3 interconnection models –hierarchical –cross certificates –hybrid
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Public Key Infrastructure (PKI) PKI is a complete system and well-defined mechanisms for certificates –certificate issuance –certificate revocation –certificate storage –certificate distribution
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez CAs End users Upper level CAs Root CA Hierarchical PKI Example
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez CAs End users Cross certificates Cross Certificate Based PKI Example
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Hybrid PKI example
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Certificate Paths
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Verifier must know public key of the first CA Other public keys are found out one by one All CAs on the path must be trusted by the verifier Certificate Paths
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Reverse certificates Certificate Paths with Reverse Certificates
Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Hosted vs. Standalone PKI Hosted PKI –PKI vendor acts as CA –PKI owner is the RA Standalone PKI –PKI owner is both RA and CA