Certificate Revocation: What Is It And What Should It Be
-
Upload
john-iliadis -
Category
Technology
-
view
391 -
download
5
description
Transcript of Certificate Revocation: What Is It And What Should It Be
![Page 1: Certificate Revocation: What Is It And What Should It Be](https://reader034.fdocuments.in/reader034/viewer/2022051513/54789764b4af9fa5158b45a1/html5/thumbnails/1.jpg)
Certificate Revocation: What Is It and What
Should It Be
1Department of Information and Communication Systems Engineering University of the Aegean E-mail: {jiliad,sgritz}@aegean.gr
2Department of Informatics Technological Educational Institute of Athens E-mail: [email protected]
University of the Aegean De Facto Joint Research Group
John Iliadis1,2, Stefanos Gritzalis1
![Page 2: Certificate Revocation: What Is It And What Should It Be](https://reader034.fdocuments.in/reader034/viewer/2022051513/54789764b4af9fa5158b45a1/html5/thumbnails/2.jpg)
John Iliadis, Stefanos GritzalisUniversity of the Aegean, IPICS 2002Copyright © 2002
Slide 2 out of 21
Overview➢ Introduction➢ What is Certificate Revocation ?➢ Proposed mechanisms for Certificate Status
Information➢ Evaluation criteria for CSI mechanisms➢ The need for an alternative mechanism➢ Alternative Dissemination of CSI (ADoCSI)➢ Problems to be solved in ADoCSI
![Page 3: Certificate Revocation: What Is It And What Should It Be](https://reader034.fdocuments.in/reader034/viewer/2022051513/54789764b4af9fa5158b45a1/html5/thumbnails/3.jpg)
John Iliadis, Stefanos GritzalisUniversity of the Aegean, IPICS 2002Copyright © 2002
Slide 3 out of 21
Introduction1. Is PKI a new era for Network
Security?2. Certificate Revocation? What
Certificate Revocation?3. Certificate Status Information
Mechanisms4. EU Directive: “secure and prompt
revocation service”
![Page 4: Certificate Revocation: What Is It And What Should It Be](https://reader034.fdocuments.in/reader034/viewer/2022051513/54789764b4af9fa5158b45a1/html5/thumbnails/4.jpg)
John Iliadis, Stefanos GritzalisUniversity of the Aegean, IPICS 2002Copyright © 2002
Slide 4 out of 21
Certificate Revocation
CA1
AuthenticatingentityAE
Dependent entityDE
SignerSR
CSIrepository
CA2
CSIrepository
CA3
CSIrepository
![Page 5: Certificate Revocation: What Is It And What Should It Be](https://reader034.fdocuments.in/reader034/viewer/2022051513/54789764b4af9fa5158b45a1/html5/thumbnails/5.jpg)
John Iliadis, Stefanos GritzalisUniversity of the Aegean, IPICS 2002Copyright © 2002
Slide 5 out of 21
CSI Mechanisms:CRLs
➢ Certificate Revocation Lists➢ Compare to Black lists: Banks, Cell phone
Operators. Dependent entities: merchants (online POS), Banks, other Cell phone operators
➢ CRL: Signed list containing serial numbers of revoked (/suspended?) certificates, the revocation dates and (optional) reasons
![Page 6: Certificate Revocation: What Is It And What Should It Be](https://reader034.fdocuments.in/reader034/viewer/2022051513/54789764b4af9fa5158b45a1/html5/thumbnails/6.jpg)
John Iliadis, Stefanos GritzalisUniversity of the Aegean, IPICS 2002Copyright © 2002
Slide 6 out of 21
CSI Mechanisms:CRLs (cont.)
➢ Delta-Certificate Revocation Lists➢ Distribution Points➢ Fresh Revocation Information
(DeltaCRLs on top of DP CRLs)➢ Redirect CRL (dynamic re-partitioning
of large DP CRLs)
![Page 7: Certificate Revocation: What Is It And What Should It Be](https://reader034.fdocuments.in/reader034/viewer/2022051513/54789764b4af9fa5158b45a1/html5/thumbnails/7.jpg)
John Iliadis, Stefanos GritzalisUniversity of the Aegean, IPICS 2002Copyright © 2002
Slide 7 out of 21
CSI Mechanisms:(cont.)
➢ Enhanced CRL Distribution Options➢ Separate location and validation
functions.➢ Positive CSI
➢ CRLs are all wrong… CSI should contain positive, not negative info. Dependent entity should set ad hoc freshness requirements and certificate holder should provide ad hoc CSI.
![Page 8: Certificate Revocation: What Is It And What Should It Be](https://reader034.fdocuments.in/reader034/viewer/2022051513/54789764b4af9fa5158b45a1/html5/thumbnails/8.jpg)
John Iliadis, Stefanos GritzalisUniversity of the Aegean, IPICS 2002Copyright © 2002
Slide 8 out of 21
CSI Mechanisms:(cont.)
Online Certificate Status Protocol– Server returning signed CSI corresponding to
CSI requests by dependent entities. Possible OCSP Responses:
1. “Good”, meaning certificate has not been revoked,
2. “Revoked”, meaning certificate has been revoked or suspended,
3. “Unknown”, OCSP is not aware of that certificate
![Page 9: Certificate Revocation: What Is It And What Should It Be](https://reader034.fdocuments.in/reader034/viewer/2022051513/54789764b4af9fa5158b45a1/html5/thumbnails/9.jpg)
John Iliadis, Stefanos GritzalisUniversity of the Aegean, IPICS 2002Copyright © 2002
Slide 9 out of 21
CSI: Freshness-constrained
Revocation Authority
➢ Repositories of CSI need not be trusted
➢ Separation of Certification Authority and Authority that issues CSI (Revocation Authority, RevA)
➢ Dependent entity requires fresh enough CSI from certificate holder
![Page 10: Certificate Revocation: What Is It And What Should It Be](https://reader034.fdocuments.in/reader034/viewer/2022051513/54789764b4af9fa5158b45a1/html5/thumbnails/10.jpg)
John Iliadis, Stefanos GritzalisUniversity of the Aegean, IPICS 2002Copyright © 2002
Slide 10 out of 21
Evaluation Criteria: Type of Mechanism
➢ M1: Transparency,➢ M2: Offline revocation,➢ M3: Delegation of revocation,➢ M4: Delegation of CSI dissemination,➢ M5: Delegation of certificate path validation,➢ M6: Referral capability,➢ M7: Revocation reasons.
![Page 11: Certificate Revocation: What Is It And What Should It Be](https://reader034.fdocuments.in/reader034/viewer/2022051513/54789764b4af9fa5158b45a1/html5/thumbnails/11.jpg)
John Iliadis, Stefanos GritzalisUniversity of the Aegean, IPICS 2002Copyright © 2002
Slide 11 out of 21
Evaluation Criteria: Efficiency
➢ E1: Timeliness of CSI,➢ E2: Freshness of CSI,➢ E3: Bounded revocation,➢ E4: Emergency CSI capability,➢ E5: Economy,➢ E6: Scalability,➢ E7: Adjustability.
![Page 12: Certificate Revocation: What Is It And What Should It Be](https://reader034.fdocuments.in/reader034/viewer/2022051513/54789764b4af9fa5158b45a1/html5/thumbnails/12.jpg)
John Iliadis, Stefanos GritzalisUniversity of the Aegean, IPICS 2002Copyright © 2002
Slide 12 out of 21
Evaluation Criteria: Security
➢ S1: CSI disseminator authentication,➢ S2: CSI integrity,➢ S3: CA compromise➢ S4: RevA compromise,➢ S5: Contained functionality,➢ S6: Availability.
![Page 13: Certificate Revocation: What Is It And What Should It Be](https://reader034.fdocuments.in/reader034/viewer/2022051513/54789764b4af9fa5158b45a1/html5/thumbnails/13.jpg)
John Iliadis, Stefanos GritzalisUniversity of the Aegean, IPICS 2002Copyright © 2002
Slide 13 out of 21
The need for an alternative CSI
mechanism➢ Dependent entities and certificate
holders are not necessarily experienced computer-users, nor are they security aware,
➢ PKI security-related procedures have to be made more transparent, as in the credit card system.
![Page 14: Certificate Revocation: What Is It And What Should It Be](https://reader034.fdocuments.in/reader034/viewer/2022051513/54789764b4af9fa5158b45a1/html5/thumbnails/14.jpg)
John Iliadis, Stefanos GritzalisUniversity of the Aegean, IPICS 2002Copyright © 2002
Slide 14 out of 21
An Agent-based mechanism
➢ The transparency criterion has to be met: location, retrieval and validation of CSI has to be made transparent to the dependent entity.
➢ An Agent-based mechanism could do that, using the aforementioned CSI mechanisms and providing an indirection layer between dependent entity and CSI mechanisms
![Page 15: Certificate Revocation: What Is It And What Should It Be](https://reader034.fdocuments.in/reader034/viewer/2022051513/54789764b4af9fa5158b45a1/html5/thumbnails/15.jpg)
John Iliadis, Stefanos GritzalisUniversity of the Aegean, IPICS 2002Copyright © 2002
Slide 15 out of 21
ADoCSI: Alternative Dissemination of Certificate
Status Information
The agents ADoCSI needs must be able to:
1. Suspend execution and resume it at another execution environment,
2. Retain their state, when transporting themselves to other execution environments,
3. Create child agents and deploy them,4. Select a network location, out of a list of locations, with
the least network congestion,5. Communicate the retrieved information back to their
owner or to their owner’s application that spawned the agent.
![Page 16: Certificate Revocation: What Is It And What Should It Be](https://reader034.fdocuments.in/reader034/viewer/2022051513/54789764b4af9fa5158b45a1/html5/thumbnails/16.jpg)
John Iliadis, Stefanos GritzalisUniversity of the Aegean, IPICS 2002Copyright © 2002
Slide 16 out of 21
ADoCSI
CA2
CA1
CA3
CSIAMP1
AuthenticatingentityAE
Dependent entityDE
Interface Agent
CSIAMP2
SignerSR
User-CSIAgent
CA-CSI Agent
CA-CSI Agent
referral
CA-CSI Agent
CA-CSI Agent
![Page 17: Certificate Revocation: What Is It And What Should It Be](https://reader034.fdocuments.in/reader034/viewer/2022051513/54789764b4af9fa5158b45a1/html5/thumbnails/17.jpg)
John Iliadis, Stefanos GritzalisUniversity of the Aegean, IPICS 2002Copyright © 2002
Slide 17 out of 21
ADoCSI (2)1. Agent Meeting Places (AMP) (also called
Agent Platforms)2. Dependent entity,3. Authenticating Entity or Signer,4. Certification Authority Certificate Status
Information (CA-CSI) Agent,5. User Certificate Status Information (User-
CSI) Agent,6. Interface Agent.
![Page 18: Certificate Revocation: What Is It And What Should It Be](https://reader034.fdocuments.in/reader034/viewer/2022051513/54789764b4af9fa5158b45a1/html5/thumbnails/18.jpg)
John Iliadis, Stefanos GritzalisUniversity of the Aegean, IPICS 2002Copyright © 2002
Slide 18 out of 21
ADoCSI: Problems seeking solutions
ADOCSI researchers must find solutions to a series of problems that emerge from using Agents in CSI, namely :
2. How can the location function be implemented transparently ?
3. How can dependent entities retrieve and validate CSI transparently ?
4. How is a certificate path validated ?
5. What is the way this mechanism interacts with dependent entities ?
6. How are Agents protected from unauthorised modification or replacement ?
7. How can CSI carried by Agents be protected ?
8. How can an Agent tell a fraudulent Agent Meeting Place ?
![Page 19: Certificate Revocation: What Is It And What Should It Be](https://reader034.fdocuments.in/reader034/viewer/2022051513/54789764b4af9fa5158b45a1/html5/thumbnails/19.jpg)
John Iliadis, Stefanos GritzalisUniversity of the Aegean, IPICS 2002Copyright © 2002
Slide 19 out of 21
ADoCSI: Problems seeking solutions (2)
1. How can AMPs be protected from DoS attacks ?2. How can dependent entities be protected against
User-CSI Agent replay attacks ?3. How are the Agent Meeting Places protected from
malicious Agents ?4. How can an Agent retrieve CSI for a dependent
entity, without letting the AMP know which certificate did it retrieve CSI for ?
A first paper commenting on these issues will soon appear.
![Page 20: Certificate Revocation: What Is It And What Should It Be](https://reader034.fdocuments.in/reader034/viewer/2022051513/54789764b4af9fa5158b45a1/html5/thumbnails/20.jpg)
John Iliadis, Stefanos GritzalisUniversity of the Aegean, IPICS 2002Copyright © 2002
Slide 20 out of 21
References➢ References of general interest (PKI
mostly)➢ References to certificate revocation
resources➢ References to papers on securing
Software Agents
![Page 21: Certificate Revocation: What Is It And What Should It Be](https://reader034.fdocuments.in/reader034/viewer/2022051513/54789764b4af9fa5158b45a1/html5/thumbnails/21.jpg)
John Iliadis, Stefanos GritzalisUniversity of the Aegean, IPICS 2002Copyright © 2002
Slide 21 out of 21
References (2)➢ References of general interest (PKI
mostly)➢ References to certificate revocation
resources➢ References to papers on securing
Software Agents