Certificates, Certification Authorities and Public-Key Infrastructures

ALMA MATER STUDIORUM UNIVERSITA DI BOLOGNA

Certificates, Certification Authorities and

Public-Key Infrastructures

Ozalp Babaoglu

Babaoglu 2001-2014 Sicurezza 2

Certificati digitali

La chiave pubblica con la quale stiamo cifrando deve appartenere realmente al destinatario del messaggio

Si pone il problema dello scambio delle chiavi (man-in-the-middle attack)

I certificati digitali vengono usati per evitare che qualcuno tenti di spacciarsi per unaltra persona sostituendone la chiave pubblica


Physical Certificates

Photograph +

Personal data

Seals =

I certify that the photo

corresponds to the personal data


PKI Certificates

A certificate is the form in which a PKI communicates public key information

It is a binding between a public key and identity information about a subject

Signed by a certificate issuer Functions much like a physical certificate Avoids man-in-the-middle attacks


PKI X.509 Certificates

X.509 Certificate Information

Subject: Distinguished Name, Public KeyIssuer: Distinguished Name, Signature Validity: Not Before Date, Not After DateAdministrative Info: Version, Serial Number Extended Info:


Distinguished Name Information

Defined by X.509 Standard

Common Name CN=Calisto TanziOrganization or Company O=ParmalatOrganizational Unit OU=Management City/Locality L=Parma State/Province ST=Emilia Romagna Country (ISO Code) C=IT


Distribuzione dei certificati

Distribuzione manuale o di persona: passaporto, carta didentit

Certificati generati, custoditi e distribuiti da entit fidate Certificate servers Public Key Infrastructures (PKI)


Certificate servers

Database disponibili su rete Permettono agli utenti di

richiedere linserimento del proprio certificato nel database richiedere il certificato di qualcuno


Public Key Infrastructure

PKI is a collection of services and protocols for Registering Certifying (issuing) Validating Revoking certificates

Public-key infrastructure (PKI) Registration Authority (RA) usually a physical person Certification Authority (CA) usually software


PKI Registration Authority

Invoked when a subject requests a certificate for the first time

Subject requesting the certificate must be authenticated In-band authentication:

performed using the PKI itself possible only for certain types of identity information (e.g. email

address) Out-of-band authentication:

performed using more traditional methods, such as mail, fax, over the telephone or physically meeting someone

Babaoglu 2001-2014 Sicurezza

PKI Certification Authority

Certification Authorities (CAs) are responsible for issuing, validating and revoking certificates

Many different types of CAs exist: commercial, government, free, etc.

Examples of CAs: VeriSign, Symantec, Thawte, Geotrust, Comodo, Visa

11



Is there an Internet PKI? Several proposal for an Internet PKI exist: PGP, PEM, PKIX,

Secure DNS, SPKI and SDSI No single one has gained widespread use

In the future: Several PKI operating and inter-operating in the Internet



There are two basic operations common to all PKIs: Certification: process of binding a public-key value to subject:

an individual, organization or other entity Validation: process of verifying that a certification is still valid


PKI Certification Authorities

The certification process is based on trust users trust the issuing authority to issue only certificates that

correctly associate subjects to their public keys Only one CA for the entire world?

Impractical Instead:

most PKI enable one CA to certify other CAs one CA is telling its users that they can trust what a second CA

says in its certificates


PKI Certificate Chains

DN BobPK BobSig CA Z

DN CA YPK CA YSig CA X

DN CA ZPK CA ZSig CA Y

Sig CA XPK CA XDN CA X


PKI Certificate Chains

Certificate chains can be of arbitrary length Each certificate in the chain validated by the one

preceding it Different certificates:

Leaf certificates (end-user) Intermediate certificates Root certificates

16


PKI CA Hierarchies

CAs can be organized as a rooted tree (X.509) as a general graph (PGP)

CA

CA CACA

CA

CA CA


Hierarchical Trust (X.509)

Based on chains of trust forming a rooted tree among entities that are reputed to be CAs

The (blind) trust we place on root-level CAs must be acquired through reputation, experience, operational competence and other non-technical aspects

Anyone claiming to be a CA must be a trusted entity and we must believe that it is secure and correct

18


Web of Trust (PGP)

In PGP, any user can act as a CA and sign the public key of another user

A public key is considered valid only if a sufficient number of trusted users have signed it

As the system evolves, complex trust relations emerge as dynamic web

Trust need not be symmetric or transitive (more on PGP later)

19


PKI Validation

Validation The information in a certificate can change over time Need to be sure that the information in the certificate is current

and that the certificate is authentic Two basic methods of certificate validation:

Off-line validation The CA can include a validity period in the certificate a range during which the information in the certificate can be considered valid

On-line validation The user can ask the CA directly about a certificates validity every time it is used


PKI Revocation

Revocation the process of informing users when the information in a

certificate becomes unexpectedly invalid subjects private key becomes compromised user information changes (e.g., email address, domain name of a server)

On-line revocation problem becomes trivial Online Certificate Status Protocol (OCSP) of X.509 describes

how to check validity and revoke certificates Off-line

Within the validity periods, certificate revocation method is critical Clients check locally if a certificate has been revoked


PKI Revocation

Certificate Revocation List (CRL) a list of revoked certificates that is signed and periodically issued

by a CA user must check the latest CRL during validation to make sure

that a certificate has not been revoked X.509 includes a CRL profile, describing the format of CRLs

CRL Problems CRL time-granularity problem

how often CRLs must be issued? CRL size

incremental CRL


Certificates in Practice: Firefox

Certificates, Certification Authorities and Public-Key Infrastructures

Documents

Transcript of Certificates, Certification Authorities and Public-Key Infrastructures