Public Key Infrastructure • A system to securely distribute & manage public keys. • Important for wide-area trust management (for Public Key Infrastructure e-government, e-commerce, e-mail, etc.) • Ideally consists of – a certification authority – certificate repositories B İL 448/548 – a certificate revocation mechanism (CRLs, etc.) Internet Security Protocols • Many models possible: monopoly, oligarchy, Ali Ayd ı n Selçuk anarchy, etc. Bil448, A.A.Selçuk PKI 1 Bil448, A.A.Selçuk PKI 2 Monopoly Model Monopoly with Registration Authorities • Single organization is the CA for everyone • Shortcomings: • CA trusts other organizations (RAs) to check – no such universally-trusted organization identities, do the initial authentication – requires everyone to authenticate physically with the same CA • Solves the problem of physically meeting the – compromise recovery is difficult (due to single CA. Other problems remain. embedded public key) – once established, CA can abuse its position • RAs can be incorporated into other models too (excessive pricing, etc.) – requires perfect security at CA Bil448, A.A.Selçuk PKI 3 Bil448, A.A.Selçuk PKI 4 1
Delegated CAs Oligarchy • Root CA certifies lower-level CAs to certify • Many root CAs exists trusted by verifiers others • The model of web security • All verifiers trust the root CA & verify certificate • Solves the problems of single authority (e.g., chains beginning at the root (i.e., the root CA is excessive pricing) the trust anchor of all verifiers) • Disadvantages: • E.g., a national PKI, where a root CA certifies – n security-sensitive sites instead of one. Compromise institutions, ISPs, universities who in turn certify of any one compromises the whole system their members – users can easily be tricked into trusting fake CAs. • Limitations are similar to monopoly with RAs (depending on implementation) Bil448, A.A.Selçuk PKI 5 Bil448, A.A.Selçuk PKI 6 Anarchy Revocation • Each user decides whom to trust & how to • Mechanisms to cancel certificates compromised authenticate their public keys before expiration • Certificate Revocation List (CRL): list of revoked certificates, published periodically by the CA • Certificates issued by arbitrary parties can be • Delta CRLs: Only the changes since the last stored in public databases, which can be searched to find a path of trust to a desired party issue are published • Online Revocation Servers: No CRL is published. Verifier queries a central server to • Works well for informal, not-so-sensitive check if a certificate has been revoked. applications (e.g., PGP) Bil448, A.A.Selçuk PKI 7 Bil448, A.A.Selçuk PKI 8 2
Finding Certificate Chains X.509 Certificates • Common standard for certificate format • PKIX: Internet standard for X.509-based PKI • Can be sent by the subject sending its public • Fields (X.509 v3): key to the verifier (e.g., SSL) – version – serial number – signature algorithm identifier • A directory naming structure can be followed – issuer (e.g., LDAP, DNSsec) – validity period – subject – subject public key information – signature – standard extensions (key usage limitation, etc.) – other extensions (application & CA specific) Bil448, A.A.Selçuk PKI 9 Bil448, A.A.Selçuk PKI 10 3
Recommend
More recommend
