Certificates, Certification Authorities and Public-Key Infrastructures

(1)

ALMA MATER STUDIORUM – UNIVERSITA’ DI BOLOGNA

Certificates, Certification

Authorities and

Public-Key Infrastructures

Ozalp Babaoglu

Certificati digitali

■

Problema:

■

la chiave pubblica con la quale stiamo cifrando deve

appartenere realmente al destinatario del messaggio

■

Si pone il problema dello scambio delle chiavi

(man-in-the-middle attack)

■

I certificati digitali vengono usati per evitare che qualcuno

tenti di “spacciarsi” per un’altra persona sostituendone la

chiave pubblica

PKI – Certificates

■

Certificate is the form in which a PKI communicates public

key information

■

It is a binding between a public key and identity

information about a subject

■

Signed by a certificate issuer

■

Functions much like a physical certificate

■

Avoids man-in-the-middle attacks

Physical Certificates

Fotograph + Personal data Seals = I certify that the photo corresponds to the personal data

(2)

Distribuzione dei certificati

■

Certificati generati, custoditi e distribuiti da entità fidate

● Certificate servers

● Public Key Infrastructures (PKI)

■

Distribuzione manuale o di persona: passaporto o carta

d’identità

Certificate servers

■

Database disponibili su rete

■

Permettono agli utenti di

● richiedere l’inserimento del proprio certificato nel database

● richiedere il certificato di qualcuno

Public Key Infrastructure

■

PKI is a collection of services and protocols for

● Registering

● Certifying (issuing)

● Validating

● Revoking certificates

■

Public-key infrastructure (PKI)

● Registration Authority (RA) usually a physical person

● Certification Authority (CA) usually software

PKI – Registration Authority

■

Invoked when a subject requests a certificate for the first

time

■

Subject requesting the certificate must be authenticated

■

In-band authentication:

● performed using the PKI itself

● possible only for certain types of identity information (e.g. email address)

■

Out-of-band authentication:

● performed using more traditional methods, such as mail, fax, over the telephone or physically meeting someone

(3)

Public Key Infrastructure

■

Is there an “Internet PKI”?

● Several proposal for an Internet PKI exist: PGP, PEM, PKIX, Secure DNS, SPKI and SDSI

● No single one has gained widespread use

■

In the future:

● Several PKI operating and inter-operating in the Internet

Public Key Infrastructure

■

There are two basic operations common to all PKIs:

● Certification: process of binding a public-key value to subject:

an individual, organization or other entity

● Validation: process of verifying that a certification is still valid

PKI – X.509 Certificates

X.509 Certificate Information

Subject:!Distinguished Name, Public Key

Issuer:! Distinguished Name, Signature

Validity: Not Before Date, Not After Date

Administrative Info:! Version, Serial Number

Extended Info:!

…

Distinguished Name Information

Defined by X.509 Standard

Common Name CN=Calisto Tanzi Organization or Company O=Parmalat

Organizational Unit! OU=Management City/Locality!! ! L=Parma

State/Province! ! ST=Emilia Romagna Country (ISO Code)!! C=IT

(4)

■

The certification process is based on trust

● users trust the issuing authority to issue only certificates that correctly associate subjects to their public keys

■

The certificate issuer is commonly called a certificate

authority (CA)

PKI – Certificates

PKI – Certificate Authorities

■

Only a CA for the entire world?

● Impractical

■

Instead:

● most PKI enable one CA to certify another CA’s

● one CA is telling its users that they can trust what a second CA says in its certificates

■

Different certificates:

● “Leaf” certificates (end-user)

● “Intermediate” certificates

● “Root” certificates

PKI – Certificate Chains

DN of BOB PK Bob Sig CA Z DN of CA Y PK CA Y Sig CA X DN of CA Z PK CA Z Sig CA Y DN CA X PK CA X Sig CA X

PKI – CA Hierarchies

■

CAs can be organized

● as a rooted tree (X.509) ● as a general graph (PGP) CA CA CA CA CA CA CA

(5)

Certificates in Practice: Firefox

PKI – Validation

■

Validation

● The information in a certificate can change over time

● Need to be sure that the information in the certificate is current and that the certificate is authentic

■

Two basic methods of certificate validation:

● Off-line validation

The CA can include a validity period in the certificate — a range during which the information in the certificate can be considered valid

● On-line validation

The user can ask the CA directly about a certificate’s validity every time it is used

(6)

PKI – Revocation

■

Revocation

● the process of informing users when the information in a certificate becomes unexpectedly invalid

▴ subject’s private key becomes compromised

▴ user information changes (e.g., email address, domain name of a server)

■

Off-line

● Within the validity periods, certificate revocation method is critical

■

On-line

● revocation problem becomes trivial

PKI – Revocation

■

Certificate Revocation List (CRL)

● a list of revoked certificates that is signed and periodically issued by a CA

● user must check the latest CRL during validation to make sure that a certificate has not been revoked

■

CRL Problems

● CRL time-granularity problem

▴ how often CRLs must be issued? ● CRL size