Public key infrastructure

Download Report

Transcript Public key infrastructure

NETWORK
SECURITY
06
APPLYING CRYPTOGRAPHY
Contents
6.1
6.2
6.3
6.4
Digital Certificates
Pubic Key Infrastructure
Key Management
Cryptographic Transport Protocols
06 APPLYING CRYPTOGRAPHY
2
6.1 Digital Certificates
• Alice receives a package containing an
encrypted document from Bob. It is secure
as it was encrypted.
• Yet how can she know that it came from
Bob? Because Alice’s asymmetric public
key is widely available, anyone could use
it to encrypt the document.
• The answer is to use a digital signature.
06 APPLYING CRYPTOGRAPHY
3
6.1 Digital Certificates
06 APPLYING CRYTOGRAPHY
4
6.1 Digital Certificates
06 APPLYING CRYTOGRAPHY
5
6.1 Digital Certificates
6.1.1
Defining Digital Certificates
– Digital certificates can be used to associate
or “bind” a user’s identity to a public key.
– A digital certificate is the user’s public key
that has itself been “digitally signed” by a
reputable source entrusted to sign it.
06 APPLYING CRYPTOGRAPHY
6
6.1 Digital Certificates
– Digital certificates prevent a man-in-themiddle attack that impersonates the owner of
the public key.
– Digital certificates can also be used to identify
objects other than users, such as servers and
applications.
06 APPLYING CRYPTOGRAPHY
7
6.1 Digital Certificates
– A digital certificate typically contains the
following information:
•
•
•
•
•
•
Owner’s name or alias
Owner’s public key
Name of the issuer
Digital signature of the issuer
Serial number of the digital certificate
Expiration date of the public key
06 APPLYING CRYPTOGRAPHY
8
6.1 Digital Certificates
6.1.2
Authorizing, Storing and
Revoking
• Several entities and technologies are used
for authorizing, storing, and revoking
digital certificates.
• These include the Certificate Authority
(CA) and Registration Authority (RA), a
Certificate Repository (CR), and a
Certificate Revocation List (CRL).
06 APPLYING CRYPTOGRAPHY
9
6.1 Digital Certificates
Authority (CA) & Registration (RA)
• Instead of a user verifying his own identity,
a third-party person or agency is used.
• An entity that issues digital certificates for
others is known as a Certificate Authority
(CA).
06 APPLYING CRYPTOGRAPHY
10
6.1 Digital Certificates
• A user provides information to a CA that
verifies her identity.
• Also, the user generates public and private
keys and sends the public key to the CA
(or in some instances the CA may create
the keys).
• The CA inserts this public key into the
certificate.
06 APPLYING CRYPTOGRAPHY
11
6.1 Digital Certificates
• A CA can be external to the organization,
or it can be a CA internal to the
organization.
• Some organizations set up a subordinate
entity, called a Registration Authority
(RA), to handle some CA tasks such as
processing certificate requests and
authenticating users.
06 APPLYING CRYPTOGRAPHY
12
6.1 Digital Certificates
Certificate Revocation List (CRL)
• Digital certificates normally have an
expiration date.
• Expired digital certificates should then be
revoked.
• Revoked digital certificates are listed in a
Certificate Revocation List (CRL), which
can be accessed to check the certificate
status of other users.
06 APPLYING CRYPTOGRAPHY
13
6.1 Digital Certificates
Certificate Repository (CR)
• It is important that the CA publishes the
certificates and CRLs to a directory.
• This directory can be managed locally or
in a publicly accessible directory, which is
called a Certificate Repository (CR).
06 APPLYING CRYPTOGRAPHY
14
6.1 Digital Certificates
6.1.3
Types of Digital Certificates
• There are different types of digital
certificates.
• In addition, some digital certificates are
single-side while others can be dual-sided.
• Also, standards exist for digital certificates.
06 APPLYING CRYPTOGRAPHY
15
6.1 Digital Certificates
• In addition to being used to verify the
sender’s identity, digital certificates can
also be used to:
– Encrypt channels to provide secure
communication between clients and servers
– Encrypt messages for secure Internet e-mail
communication
– Verify the identity of clients and servers on the
Web
06 APPLYING CRYPTOGRAPHY
16
6.1 Digital Certificates
– Verify the source and integrity of signed
executable code
• There are three basic categories of digital
certificates:
– personal digital certificates,
– Server digital certificates, and
– software publisher digital certificates.
06 APPLYING CRYPTOGRAPHY
17
6.1 Digital Certificates
Personal Digital Certificates
• Personal digital certificates are issued by a
CA or RA directly to individuals.
• Personal digital certificates are typically
used to secure e-mail transmissions.
• Digital certificates can also be used to
authenticate the authors of documents.
06 APPLYING CRYPTOGRAPHY
18
6.1 Digital Certificates
Server Digital Certificates
• Server digital certificates are often issued
from a Web server to a client.
• Typically perform two functions.
– First, they can ensure the authenticity of the
Web server.
– Second, server certificates can ensure the
authenticity of the cryptographic connection to
the Web server.
06 APPLYING CRYPTOGRAPHY
19
6.1 Digital Certificates
06 APPLYING CRYPTOGRAPHY
20
6.1 Digital Certificates
• Most server digital certificates combine
both server authentication and secure
communication between clients and
servers on the Web.
06 APPLYING CRYPTOGRAPHY
21
6.1 Digital Certificates
• Software Publisher Digital Certificates
• Software publisher digital certificates are
provided by software publishers.
• The purpose of these certificates is to
verify that their programs are secure and
have not been tampered with.
06 APPLYING CRYPTOGRAPHY
22
6.1 Digital Certificates
Single Side and Dual Side
• Digital certificates can be either singlesided or dual-sided.
• When Bob sends one digital certificate to
Alice along with his message, that is
known as a single-sided certificate.
06 APPLYING CRYPTOGRAPHY
23
6.1 Digital Certificates
• Dual-sided certificates are certificates in
which the functionality is split between two
certificates.
– The signing certificate is used to sign a
message to prove that that sender is
authentic.
– The encryption certificate is used for the
actual encryption of the message.
06 APPLYING CRYPTOGRAPHY
24
6.1 Digital Certificates
• Dual-sided certificates have two
advantages.
– First, dual-sided certificates reduce the need
for storing multiple copies of the signing
certificate.
– Second, dual-sided certificates facilitate
certificate handling in organizations.
06 APPLYING CRYPTOGRAPHY
25
6.1 Digital Certificates
X.509 Digital Certificates
• The most widely accepted format for
digital certificates is defined by the
International Telecommunication Union
(ITU) X.509 international standard.
• X.509 V1 first appeared in 1988. X.509 V2
supported new issuer and subject identifier
fields that were absent from Version 1.
06 APPLYING CRYPTOGRAPHY
26
6.1 Digital Certificates
• The current version, X.509 V3, was
defined in 1996, and introduced the
extension field.
06 APPLYING CRYPTOGRAPHY
27
6.1 Digital Certificates
06 APPLYING CRYPTOGRAPHY
28
6.2 Public Key Infrastructure
• One of the important management tools
for the use of digital certificates and
asymmetric cryptography is public key
infrastructure.
• Public key infrastructure involves publickey cryptography standards, trust models,
and key management.
06 APPLYING CRYPTOGRAPHY
29
6.2 Public Key Infrastructure
6.2.1
What is Public Key
Infrastructure
• In an organization where multiple users have
multiple digital certificates, it quickly can
become overwhelming to manage all of these
entities.
• In short, there needs to be a consistent
means to manage digital certificates.
• Public key infrastructure (PKI) is just that.
06 APPLYING CRYPTOGRAPHY
30
6.2 Public Key Infrastructure
• It is a framework for all of the entities
involved in digital certificates—including
hardware, software, people, policies and
procedures—to create, store, distribute,
and revoke digital certificates.
• In short, PKI is digital certificate
management.
06 APPLYING CRYPTOGRAPHY
31
6.2 Public Key Infrastructure
• PKI is often erroneously applied to a
broader range of cryptography topics
beyond managing digital certificates.
• It is sometimes defined as that which
supports “other public key-enabled
security services” or “certifying users of a
security application.”
06 APPLYING CRYPTOGRAPHY
32
6.2 Public Key Infrastructure
6.2.2
Public-Key Cryptographic
Standards (PKCS)
• Public-key cryptography standards
(PKCS) is a numbered set of PKI
standards that have been defined by the
RSA Corporation.
• These standards are based on the RSA
public-key algorithm.
06 APPLYING CRYPTOGRAPHY
33
6.2 Public Key Infrastructure
06 APPLYING CRYPTOGRAPHY
34
6.2 Public Key Infrastructure
06 APPLYING CRYPTOGRAPHY
35
6.2 Public Key Infrastructure
06 APPLYING CRYPTOGRAPHY
36
6.2 Public Key Infrastructure
• Applications and products that are
developed by vendors may choose to
support the PKCS standards.
• For example, Microsoft Windows Vista
provides native support for exporting
digital certificates based on PKCS #7 and
#12.
06 APPLYING CRYPTOGRAPHY
37
6.2 Public Key Infrastructure
6.2.3
Trust Model
• Trust may be defined as confidence in or
reliance on another person or entity.
• A trust model refers to the type of trusting
relationship that can exist between
individuals or entities.
06 APPLYING CRYPTOGRAPHY
38
6.2 Public Key Infrastructure
• In one type of trust model, direct trust, a
relationship exists between two individuals
because one person knows the other
person.
• Direct trust is not feasible when dealing
with multiple users who each have digital
certificates.
06 APPLYING CRYPTOGRAPHY
39
6.2 Public Key Infrastructure
• A third party trust refers to a situation in
which two individuals trust each other
because each trusts a third party.
• This is the role that a CA plays: for
example, it verifies Mary, Amanda, and
Javier to Alice.
06 APPLYING CRYPTOGRAPHY
40
6.2 Public Key Infrastructure
• There are essentially three PKI trust
models that use a CA. These are
– the hierarchical trust model,
– the distributed trust model, and
– the bridge trust model.
06 APPLYING CRYPTOGRAPHY
41
6.2 Public Key Infrastructure
Hierarchical Trust Model
• The hierarchical trust model assigns a
single hierarchy with one master CA called
the root.
• This root signs all digital certificate
authorities with a single key.
• A hierarchical trust model can be used in
an organization where one CA or RA is
responsible.
06 APPLYING CRYPTOGRAPHY
42
6.2 Public Key Infrastructure
06 APPLYING CRYPTOGRAPHY
43
6.2 Public Key Infrastructure
Distributed Trust Model
• Instead of having a single CA as in the
hierarchical trust model, the distributed
trust model has multiple CAs that sign
digital certificates.
• The distributed trust model is the basis for
digital certificates issued by Internet users.
06 APPLYING CRYPTOGRAPHY
44
6.2 Public Key Infrastructure
06 APPLYING CRYPTOGRAPHY
45
6.2 Public Key Infrastructure
Bridge Trust Model
•The bridge trust model is similar to the
distributed trust model in that there is no
single CA that signs digital certificates.
•However, with the bridge trust model there
is one CA that acts as a “facilitator” to
interconnect all other CAs.
06 APPLYING CRYPTOGRAPHY
46
6.2 Public Key Infrastructure
06 APPLYING CRYPTOGRAPHY
47
6.3 Key Management
• Keys form the very foundation of PKI
systems
– it is important to be carefully managed.
• A quick look at Certificate Life Cycle of PKI:
– Creation: the certificate is created and issued to
the user.
– Suspension: if the certificate’s validity must be
temporarily suspended.
– Revocation: the certificate is no longer valid.
– Expiration: the certificate can no longer be used.
06 APPLYING CRYPTOGRAPHY
48
6.3 Key Management
• Key Storage
– The means of storing keys in a PKI system is
important.
– Public keys can be stored by embedding them
within digital certificates.
– Private keys can be stored on the user’s local
system.
– Drawback to software-based storage: may
leave keys open to attacks:
• vulnerabilities in the client OS may expose keys to
attackers.
06 APPLYING CRYPTOGRAPHY
49
6.3 Key Management
• Key Usage
– If more security is needed than a single set of
public and private keys, multiple pairs of dual
keys can be created.
– One pair of keys may be used to encrypt
information and the public key could be backed
up to another location.
– Second pair would be used only for digital signatures and the public key in that pair would
never be backed up.
– In the event that the public encryption key was
stolen, the attacker would still not be able to
digitally sign the document.
06 APPLYING CRYPTOGRAPHY
50
6.3 Key Management
• Key Handling
• Procedures in key handling:
– Escrow – refers to a situation in which keys are
managed by a third party, such as a trusted CA.
– Expiration – Keys have expiration dates.
• Some systems set keys to expire after a set period of time by
default.
– Renewal – an existing key can be renewed, no need
to generate new keys.
– Revocation – all keys should expire after a set period
of time, a key may need to be revoked prior to its
expiration date.
• revoked keys cannot be reinstated.
06 APPLYING CRYPTOGRAPHY
51
6.3 Key Management
• Key Handling
• Procedures in key handling (cont’d):
– Recovery – What happens if an employee is hospitalized
for an extended period, yet the organization needs to
transact business using her keys?
• Different techniques may be used.
– Suspension – the revocation of a key is permanent; key
suspension is for a set period of time.
• A suspended key can be later reinstated.
– Destruction – key destruction removes all private and
public keys along with the user’s identification information
in the CA.
• When a key is revoked or expires, the user’s information
remains on the CA for audit purposes.
06 APPLYING CRYPTOGRAPHY
52
6.4 Cryptographic Transport
Protocols
• File Transfer Protocol
– does not use encryption
– usernames, passwords, and files are
transferred are in clear-text.
– very vulnerable to MITM attacks
– one way to secure it is using SFTP
06 APPLYING CRYPTOGRAPHY
53
6.4 Cryptographic Transport
Protocols
• Secure Socket Layer (SSL)/Transport
Layer Security (TLS)
– SSL uses a public key to encrypt data that is
transferred over the SSL connection.
– TLS a protocol that guarantees privacy and data
integrity
– TLS is an extension of SSL
– Often referred as SSL/TLS
• SSL/TLS
– TLS Handshake Protocol  authentication
– TLS Record Protocol  encryption
06 APPLYING CRYPTOGRAPHY
54
6.4 Cryptographic Transport
Protocols
• Secure Shell (SSH)
– a UNIX-based command interface and
protocol for securely accessing a remote
computer.
06 APPLYING CRYPTOGRAPHY
55
6.4 Cryptographic Transport
Protocols
• Web Protocols
– originally insecure, port 80
– to secure it:
• HTTP over SSL/TLS  HTTPS, port 443
• SHTTP  not widely used
06 APPLYING CRYPTOGRAPHY
56
6.4 Cryptographic Transport
Protocols
• VPN Protocols (Tunneling)
– securing the communication channel
– there are many tunneling protocols:
•
•
•
•
•
PPTP
L2TP
L3TP
IPSec
etc (combination L2TP/IPSec, L3TP/IPSec).
06 APPLYING CRYPTOGRAPHY
57
6.4 Cryptographic Transport
Protocols
• PPTP
– most widely used (a part of Windows OS)
– IP traffic in encrypted and then sent over
public network
06 APPLYING CRYPTOGRAPHY
58
6.4 Cryptographic Transport
Protocols
• IPSec
– a set of protocols to
securely exchange
packets
• Applications – no need to
modify to run under IPsec.
• Users – do not need to be
trained on specific security
procedures.
• Software – no changes
needed at local client, as
IPsec is implemented in a
device
06 APPLYING CRYPTOGRAPHY
59
6.4 Cryptographic Transport
Protocols
• E-mail Transport Protocol
– S/MIME uses digital certificates to protect the
e-mail messages.
– S/MIME functionality is built into the vast
majority of modern e-mail software and
interoperates between them.
06 APPLYING CRYPTOGRAPHY
60