Wes Hubert Information Services The University of Kansas
PKI: Public Key Infrastructure
What is it, and why should I care?
Conference on Higher Education Computing in Kansas
June 3, 2004
Why?
PKI adoption will continue growing to support highly sensitive or regulated
business processes. However, the dream of using it for general-purpose
authentication and ubiquitous digital signatures is still several years in the
future and not a certainty.
Public Key Infrastructure: Making Progress, But Many Challenges Remain Dan Blum and Gerry Gebel, Burton Group
March 2003 ECAR report
PKI adoption hurdles are lower than ever, and the benefits are greater than ever.
The time has come to stop studying and testing and take the plunge.
EDUCAUSE Review March/April 2004
PKI: A Technology Whose Time Has Come in Higher Education Mark Franklin, Larry Levine, Denise Anthony, and Robert Brentrup Dartmouth College
You should know enough about PKI to determine which view applies to your
current situation.
Benefits
Strong authentication
HIPAA, FERPA, etc.
Protection from “sniffing” attacks
S/MIME secure email
Signing, encryption
Work with other PKI developments
Inter-university use of PKI Kansas government PKI use Grant signing requirements
Hurdles
Certification Authority Issues
Outsource, Buy, or Build?
Key/Certificate Management Policy Development
Registration of users (vetting) Finding compatible applications User key management
Common PKI Use
Establishing SSL Connections
Authenticates web server to browser Uses CA root built into browser
University buys certificates from CA
Protection is only for data transfer
Does not authenticate user
Does not authenticate a specific service
User-level: Individual CA Certs/Keys
Non-PKI Keys/Certificates
Argus Server Authentication
Certificates for server-to-server authentication
Locally generated keys and certs No direct user involvement
Argus User Authentication
NOT certificate-based
User-level: PGP, GPG, SSH
Higher Education Organizations for PKI
NMI-EDIT
NSF Middleware Initiative Enterprise and Desktop Integration Technologies Members
EDUCAUSE Internet 2
SURA (SE Univ Research Assoc)
HEPKI-TAG
Coordinates many PKI developments
Higher Education Initiatives
USHER
US Higher Education Root Follow-on to CREN as CA
InCommon
Shibboleth Federation
CA Signs Institutional Shib Certs
HEBCA
Higher Education Bridge Certification Authority
USHER Certificates
Low
Few constraints on campus operations Suitable for many campus needs
Good for learning
Basic
CP places more constraints on use HEBCA peering
Both will issue only institutional certs
HEBCA Trust
HEBCA
HECP
InCommon
Campus Campus
HECA
FBCA
Fd Root CA
Agency CA Agency CA
Kansas Government PKI
Distributed across several agencies
Information Technology Executive Council (ITEC)
Responsible for Kansas Certificate Policy
Office of Secretary of State (SOS)
Responsible for CA services contract
Information Network of Kansas (INK)
Responsible for KS Info Consortium contract KIC manages official state web site
www.accesskansas.org
Kansas Government PKI
Distributed across several agencies
General state PKI information online at:
http://da.state.ks.us/itab/PKIMain.htm Agencies using service act as Local Registration Authority
Current end-entity certs $40/year
Kansas Government PKI
Agencies using PKI
State Treasurer’s Office
“The Vault” Extranet Department of Revenue
E-Lein
Department of Transportation
Kansas Government PKI
Identity Management Security Levels
Level 1
Virtual Vetting (no physical presence) Level 2
Physical Vetting; LRA Level 3, 4
Not yet issuing
Kansas Statutes
Chapter 16. Contracts and Promises Article 16. Electronic Transactions Electronic Signature [16-1602(i)]
Digital Signature [16-1602(e)]
If a law requires a signature, an electronic signature satisfies the law. [16-1607(d)]
http://www.kslegislature.org/cgi-bin/
statutes/index.cgi/
Electronic Signature
... an electronic sound, symbol or process attached to or logically associated with a record and executed or adopted by a
person with the intent to sign the record.
Digital Signature
... a type of electronic signature consisting of a transformation of an electronic message
using an asymmetric crypto system such that a person having the initial message and the signer's public key can accurately determine whether:
! ! ! (1) ! The transformation was created using the private key that corresponds to the
signer's public key; and
! ! ! (2) ! the initial message has not been
altered since the transformation was made.
Given a choice between security and convenience,
users will choose convenience.
A system of CAs (and, optionally, RAs and other supporting servers and
agents) that perform some set of certificate management, archive management, key management, and
token management functions for a
community of users in an application of asymmetric cryptography.
Public Key Infrastructure
(RFC2828 Definition)
Traditional Cryptography
Symmetric
Same key that encrypts, decrypts Key is always secret
Problems
Exchanging key with trusted parties Same key gives everyone access
Access includes ability to modify
Traditional Cryptography
DES (Data Encryption Standard)
IBM, NIST, NSA 1970s 56-bit key
Triple DES, 112-bit effective key size
AES (Advanced Encryption Standard)
Rijndael
128/192/256-bit key sizes
Public Key Cryptography
Diffie-Hellman 1976 Asymmetric
Two keys: one private, one public Each decrypts what other encrypts
Problems
Much slower than symmetric Key management
Public Keys Provide
Confidentiality
Protection again unauthorized access
Integrity
Protection against unauthorized changes
Authentication
Verification of an identity
Nonrepudiation
Cannot deny private key was used
Key Management
Generating Keys
Authenticating Public Keys Distributing Keys
Generating Keys
Keys are generated in pairs
Private/Public
Keeping private keys secret
Ideally no one but owner ever has key Problems
convenience escrow
recovery
Authenticating Public Keys
X.509 Certificates
Bind public keys to identity information Contents Include
Version Number Public Key
Owner’s Name
Initial / Final Dates Valid ... other information ...
Signed by issuing CA
Digital Credentials
Private Key
For exclusive use of owner MUST be kept secure
Public Key Certificate
Available to everyone
Links key with owner’s identity
Trust must be established somehow
Distributing Credentials
PKCS#12
Standard for secure transportation of user identity information
Wraps data in password-protected object Content can include
Keys
Certificates Passwords
PKCS#12 Package
X.509 Certificate Public Key
Identity Info
Other Info
CA Signature Private Key
Credential Package
Certificate Management
Distribution
User to user (e.g. email) LDAP directories
Revoking Certificates
Certificate Revocation Lists (CRL) Online Cert Status Protocol (OCSP)
Keys and Certificates are not the same
Certificates not used for private keys
Credential Generation
Key Generation
Private Key Public Key ID Information
Certificate Signing Request
Public Key Certificate
CA Private Key
CA Signing
PKCS#12 Generation
PKCS#12 Object Package
Public Key Infrastructure
Solves some problems of public keys
Establishing owner’s identity Defining validity dates, uses
Based on trusted third party
Signing may be through multiple levels CA cert may sign other CA certs
Must end at trusted root CA
Certification Authority Functions
Register Users
Directly or through Registration Authority
Issue Public Key Certificates Revoke Certificates
Publish revocation information
Archive Key and Certificate Data
Retrieve archives when appropriate
May or may not ever have user private key
Policies and Procedures
Certificate Policy Statement
Broad specification of policy objectives
Accepted by CA & relying party
Certification Practices Statement
Detailed practices for issuing certificates
Certificate lifetime, revocation, etc.
KU as Certification Authority
Strong authentication for campus services
Registration already done via Registrar & Human Resources
A natural extension of current I/A/A activity
KU Online ID, AMS, Argus, LDAP
Policy framework: EDUCAUSE, I2 Build on open source foundation
KU Root CA
KU Intermediate CA
KU Institutional CA
User Certificates KU Personal CA
User Certificates
Other potential uses
KU Certificate Hierarchy
KU Root Certificate
Available on web at:
https://www.ku.edu/kuca
Currently root/anchor certificate
Must be installed into client system Plan USHER-based path in future
Corresponding private key:
Used only to sign Intermediate CA Cert Now stored only on encrypted CD
KU Digital Credential Process
Action Initiated by Location
Test Request User Web
Approval CA Server
ID Request User Web
Generation CA Offline CA
Notification CA Email
Retrieval User Web
Installation User User’s PC
Use User Application
S/Mime Email
Normal Email is like a postcard Message encryption seals the envelope
Digital signature adds unique
“sealing wax” stamp
Message
Message Digest Compute
Transmitted Message (Original message encrypted digest
Sender!s Private Key
Encrypted Message Digest Encrypt
Sender!s Cert (Public Key)
(Optional-- may be obtained by other means)
optional sender cert)
Signing Process
Message
(with encrypted digest) (optional public key cert)
Message Digest Compute
Encrypted Message Digest (Extract)
Sender!s Cert (Public Key)
Verify through CA Root Cert
Decrypt
Message Digest
Compare
The message digests match only if
1) Sender!s private key signed the message 2) The message has not been altered
Signature Verification
Message Generate (Random)
Symmetric Key
Encrypted Message
Encrypt (Key) (Data)
Encrypt
Recipient!s Cert (Public Key)
Encrypted Symmetric Key
(One for each recipient) (Key)
(Data)
Transmitted Message (Encrypted message Encrypted key)
Encryption Process
Transmitted Message (Encrypted message Encrypted key)
Recipient!s Private Key
Symmetric Key Decrypt Encrypted
Symmetric Key
(Key) (Data)
Extract
Encrypted Message
Message Decrypt
(Key) (Data)
Decryption Process