Certificates, Certification Authorities and Public-Key Infrastructures
Transcript of Certificates, Certification Authorities and Public-Key Infrastructures
-
ALMA MATER STUDIORUM UNIVERSITA DI BOLOGNA
Certificates, Certification Authorities and
Public-Key Infrastructures
Ozalp Babaoglu
-
Babaoglu 2001-2014 Sicurezza 2
Certificati digitali
La chiave pubblica con la quale stiamo cifrando deve appartenere realmente al destinatario del messaggio
Si pone il problema dello scambio delle chiavi (man-in-the-middle attack)
I certificati digitali vengono usati per evitare che qualcuno tenti di spacciarsi per unaltra persona sostituendone la chiave pubblica
-
Babaoglu 2001-2014 Sicurezza 3
Physical Certificates
Photograph +
Personal data
Seals =
I certify that the photo
corresponds to the personal data
-
Babaoglu 2001-2014 Sicurezza 4
PKI Certificates
A certificate is the form in which a PKI communicates public key information
It is a binding between a public key and identity information about a subject
Signed by a certificate issuer Functions much like a physical certificate Avoids man-in-the-middle attacks
-
Babaoglu 2001-2014 Sicurezza 5
PKI X.509 Certificates
X.509 Certificate Information
Subject: Distinguished Name, Public KeyIssuer: Distinguished Name, Signature Validity: Not Before Date, Not After DateAdministrative Info: Version, Serial Number Extended Info:
-
Babaoglu 2001-2014 Sicurezza 6
Distinguished Name Information
Defined by X.509 Standard
Common Name CN=Calisto TanziOrganization or Company O=ParmalatOrganizational Unit OU=Management City/Locality L=Parma State/Province ST=Emilia Romagna Country (ISO Code) C=IT
-
Babaoglu 2001-2014 Sicurezza 7
Distribuzione dei certificati
Distribuzione manuale o di persona: passaporto, carta didentit
Certificati generati, custoditi e distribuiti da entit fidate Certificate servers Public Key Infrastructures (PKI)
-
Babaoglu 2001-2014 Sicurezza 8
Certificate servers
Database disponibili su rete Permettono agli utenti di
richiedere linserimento del proprio certificato nel database richiedere il certificato di qualcuno
-
Babaoglu 2001-2014 Sicurezza 9
Public Key Infrastructure
PKI is a collection of services and protocols for Registering Certifying (issuing) Validating Revoking certificates
Public-key infrastructure (PKI) Registration Authority (RA) usually a physical person Certification Authority (CA) usually software
-
Babaoglu 2001-2014 Sicurezza 10
PKI Registration Authority
Invoked when a subject requests a certificate for the first time
Subject requesting the certificate must be authenticated In-band authentication:
performed using the PKI itself possible only for certain types of identity information (e.g. email
address) Out-of-band authentication:
performed using more traditional methods, such as mail, fax, over the telephone or physically meeting someone
-
Babaoglu 2001-2014 Sicurezza
PKI Certification Authority
Certification Authorities (CAs) are responsible for issuing, validating and revoking certificates
Many different types of CAs exist: commercial, government, free, etc.
Examples of CAs: VeriSign, Symantec, Thawte, Geotrust, Comodo, Visa
11
-
Babaoglu 2001-2014 Sicurezza 12
Public Key Infrastructure
Is there an Internet PKI? Several proposal for an Internet PKI exist: PGP, PEM, PKIX,
Secure DNS, SPKI and SDSI No single one has gained widespread use
In the future: Several PKI operating and inter-operating in the Internet
-
Babaoglu 2001-2014 Sicurezza 13
Public Key Infrastructure
There are two basic operations common to all PKIs: Certification: process of binding a public-key value to subject:
an individual, organization or other entity Validation: process of verifying that a certification is still valid
-
Babaoglu 2001-2014 Sicurezza 14
PKI Certification Authorities
The certification process is based on trust users trust the issuing authority to issue only certificates that
correctly associate subjects to their public keys Only one CA for the entire world?
Impractical Instead:
most PKI enable one CA to certify other CAs one CA is telling its users that they can trust what a second CA
says in its certificates
-
Babaoglu 2001-2014 Sicurezza 15
PKI Certificate Chains
DN BobPK BobSig CA Z
DN CA YPK CA YSig CA X
DN CA ZPK CA ZSig CA Y
Sig CA XPK CA XDN CA X
-
Babaoglu 2001-2014 Sicurezza
PKI Certificate Chains
Certificate chains can be of arbitrary length Each certificate in the chain validated by the one
preceding it Different certificates:
Leaf certificates (end-user) Intermediate certificates Root certificates
16
-
Babaoglu 2001-2014 Sicurezza 17
PKI CA Hierarchies
CAs can be organized as a rooted tree (X.509) as a general graph (PGP)
CA
CA CACA
CA
CA CA
-
Babaoglu 2001-2014 Sicurezza
Hierarchical Trust (X.509)
Based on chains of trust forming a rooted tree among entities that are reputed to be CAs
The (blind) trust we place on root-level CAs must be acquired through reputation, experience, operational competence and other non-technical aspects
Anyone claiming to be a CA must be a trusted entity and we must believe that it is secure and correct
18
-
Babaoglu 2001-2014 Sicurezza
Web of Trust (PGP)
In PGP, any user can act as a CA and sign the public key of another user
A public key is considered valid only if a sufficient number of trusted users have signed it
As the system evolves, complex trust relations emerge as dynamic web
Trust need not be symmetric or transitive (more on PGP later)
19
-
Babaoglu 2001-2014 Sicurezza 20
PKI Validation
Validation The information in a certificate can change over time Need to be sure that the information in the certificate is current
and that the certificate is authentic Two basic methods of certificate validation:
Off-line validation The CA can include a validity period in the certificate a range during which the information in the certificate can be considered valid
On-line validation The user can ask the CA directly about a certificates validity every time it is used
-
Babaoglu 2001-2014 Sicurezza 21
PKI Revocation
Revocation the process of informing users when the information in a
certificate becomes unexpectedly invalid subjects private key becomes compromised user information changes (e.g., email address, domain name of a server)
On-line revocation problem becomes trivial Online Certificate Status Protocol (OCSP) of X.509 describes
how to check validity and revoke certificates Off-line
Within the validity periods, certificate revocation method is critical Clients check locally if a certificate has been revoked
-
Babaoglu 2001-2014 Sicurezza 22
PKI Revocation
Certificate Revocation List (CRL) a list of revoked certificates that is signed and periodically issued
by a CA user must check the latest CRL during validation to make sure
that a certificate has not been revoked X.509 includes a CRL profile, describing the format of CRLs
CRL Problems CRL time-granularity problem
how often CRLs must be issued? CRL size
incremental CRL
-
Babaoglu 2001-2014 Sicurezza 23
Certificates in Practice: Firefox
-
Babaoglu 2001-2014 Sicurezza 24
Certificates in Practice: Firefox
-
Babaoglu 2001-2014 Sicurezza 25
Certificates in Practice: Firefox