ALMA MATER STUDIORUM – UNIVERSITA’ DI BOLOGNA
Certificates, Certification
Authorities and
Public-Key Infrastructures
Ozalp Babaoglu
© Babaoglu 2001-2011 Sicurezza 2Certificati digitali
■
Problema:
■
la chiave pubblica con la quale stiamo cifrando deve
appartenere realmente al destinatario del messaggio
■
Si pone il problema dello scambio delle chiavi
(man-in-the-middle attack)
■
I certificati digitali vengono usati per evitare che qualcuno
tenti di “spacciarsi” per un’altra persona sostituendone la
chiave pubblica
PKI – Certificates
■
Certificate is the form in which a PKI communicates public
key information
■
It is a binding between a public key and identity
information about a subject
■
Signed by a certificate issuer
■
Functions much like a physical certificate
■
Avoids man-in-the-middle attacks
Physical Certificates
Fotograph + Personal data Seals = I certify that the photo corresponds to the personal data© Babaoglu 2001-2011 Sicurezza 5
Distribuzione dei certificati
■
Certificati generati, custoditi e distribuiti da entità fidate
● Certificate servers● Public Key Infrastructures (PKI)
■
Distribuzione manuale o di persona: passaporto o carta
d’identità
© Babaoglu 2001-2011 Sicurezza 6
Certificate servers
■
Database disponibili su rete
■
Permettono agli utenti di
● richiedere l’inserimento del proprio certificato nel database
● richiedere il certificato di qualcuno
Public Key Infrastructure
■
PKI is a collection of services and protocols for
● Registering● Certifying (issuing)
● Validating
● Revoking certificates
■
Public-key infrastructure (PKI)
● Registration Authority (RA) usually a physical person
● Certification Authority (CA) usually software
PKI – Registration Authority
■
Invoked when a subject requests a certificate for the first
time
■
Subject requesting the certificate must be authenticated
■
In-band authentication:
● performed using the PKI itself
● possible only for certain types of identity information (e.g. email address)
■
Out-of-band authentication:
● performed using more traditional methods, such as mail, fax, over the telephone or physically meeting someone
© Babaoglu 2001-2011 Sicurezza 9
Public Key Infrastructure
■
Is there an “Internet PKI”?
● Several proposal for an Internet PKI exist: PGP, PEM, PKIX, Secure DNS, SPKI and SDSI
● No single one has gained widespread use
■
In the future:
● Several PKI operating and inter-operating in the Internet
© Babaoglu 2001-2011 Sicurezza 10
Public Key Infrastructure
■
There are two basic operations common to all PKIs:
● Certification: process of binding a public-key value to subject:
an individual, organization or other entity
● Validation: process of verifying that a certification is still valid
PKI – X.509 Certificates
X.509 Certificate Information
Subject:!Distinguished Name, Public Key
Issuer:! Distinguished Name, Signature
Validity: Not Before Date, Not After Date
Administrative Info:! Version, Serial Number
Extended Info:!
…
Distinguished Name Information
Defined by X.509 Standard
Common Name CN=Calisto Tanzi Organization or Company O=Parmalat
Organizational Unit! OU=Management City/Locality!! ! L=Parma
State/Province! ! ST=Emilia Romagna Country (ISO Code)!! C=IT
© Babaoglu 2001-2011 Sicurezza 13
■
The certification process is based on trust
● users trust the issuing authority to issue only certificates that correctly associate subjects to their public keys
■
The certificate issuer is commonly called a certificate
authority (CA)
PKI – Certificates
© Babaoglu 2001-2011 Sicurezza 14
PKI – Certificate Authorities
■
Only a CA for the entire world?
● Impractical■
Instead:
● most PKI enable one CA to certify another CA’s
● one CA is telling its users that they can trust what a second CA says in its certificates
■
Different certificates:
● “Leaf” certificates (end-user)● “Intermediate” certificates
● “Root” certificates
PKI – Certificate Chains
DN of BOB PK Bob Sig CA Z DN of CA Y PK CA Y Sig CA X DN of CA Z PK CA Z Sig CA Y DN CA X PK CA X Sig CA X
PKI – CA Hierarchies
■
CAs can be organized
● as a rooted tree (X.509) ● as a general graph (PGP) CA CA CA CA CA CA CA© Babaoglu 2001-2011 Sicurezza 17
Certificates in Practice: Firefox
© Babaoglu 2001-2011 Sicurezza 18
Certificates in Practice: Firefox
Certificates in Practice: Firefox
PKI – Validation
■
Validation
● The information in a certificate can change over time
● Need to be sure that the information in the certificate is current and that the certificate is authentic
■
Two basic methods of certificate validation:
● Off-line validation
The CA can include a validity period in the certificate — a range during which the information in the certificate can be considered valid
● On-line validation
The user can ask the CA directly about a certificate’s validity every time it is used
© Babaoglu 2001-2011 Sicurezza 21
PKI – Revocation
■
Revocation
● the process of informing users when the information in a certificate becomes unexpectedly invalid
▴ subject’s private key becomes compromised
▴ user information changes (e.g., email address, domain name of a server)
■
Off-line
● Within the validity periods, certificate revocation method is critical
■
On-line
● revocation problem becomes trivial
© Babaoglu 2001-2011 Sicurezza 22
PKI – Revocation
■
Certificate Revocation List (CRL)
● a list of revoked certificates that is signed and periodically issued by a CA
● user must check the latest CRL during validation to make sure that a certificate has not been revoked
■
CRL Problems
● CRL time-granularity problem
▴ how often CRLs must be issued? ● CRL size