Public Key Infrastructure

(X509 PKI)
 Outline
• Basic Problem of Confidence and Trust
• Background: Cryptography, Digital Signature,
Digital Certificates
• (X509) Public Key Infrastructure (PKI)
• (X509) PKI: Trust and Legal Issues
Confidence and Trust
Issues in the Digital
World
 Basic Problem
Intranet
Extranet
Internet
Bob Alice

Bob and Alice want to exchange data in a digital world.

There are Confidence and Trust Issues …

 Confidence and Trust Issues
• In the Identity of an Individual or Application
AUTHENTICATION
• That the information will be kept Private
CONFIDENTIALITY Intranet
Extranet
• That information cannot be Manipulated Internet
Alice
Bob
INTEGRITY
• That information cannot be Disowned
NON-REPUDIATION
Starting Point:
Cryptography
 Starting Point: Cryptography
Cryptography
It is the science of making the cost of acquiring or altering
data greater than the potential value gained
Cryptosystem
It is a system that provides techniques for mangling a
message into an apparently intelligible form and than
recovering it from the mangled form

Plaintext Encryption Ciphertext Decryption Plaintext

Hello World &$*£(“!273 Hello World
Key Key
 Cryptographic Algorithms
All cryptosystems are based only on three Cryptographic
Algorithms:
• MESSAGE DIGEST (MD2-4-5, SHA, SHA-1, …)
Maps variable length plaintext into fixed length ciphertext
No key usage, computationally infeasible to recover the plaintext

• SECRET KEY (Blowfish, DES, IDEA, RC2-4-5, Triple-DES, …)

Encrypt and decrypt messages by using the same Secret Key

• PUBLIC KEY (DSA, RSA, …)

Encrypt and decrypt messages by using two different Keys: Public Key,
Private Key (coupled together)
 Cryptographic Algorithms based
on Private Key
Plaintext Encryption Ciphertext Decryption Plaintext

Pros Private Key Private Key

• Efficient and fast Algorithm

• Simple model
 Provides Integrity, Confidentiality
Cons
• The same secret key must be shared by all the entities involved in the data exchange
• High risk
• It doesn’t scale (proliferation of secrets)
 No Authentication, Non-Repudiation
 Cryptographic Algorithms based
on Public Key
Pros
• Private key is only known by the owner: less risk
• The algorithm ensures Integrity and Confidentiality by encrypting with
the Receiver’s Public key

Intranet
Extranet
Internet
Bob Alice

Plaintext Encryption Ciphertext Decryption Plaintext

Alice’s Public Key Alice’s Private Key

 Cryptographic Algorithms based
on Public Key
Pros
• The algorithm ensures Non-Repudiation by encrypting with
the Sender’s Private key

Intranet
Extranet
Internet
Bob Alice

Plaintext Encryption Ciphertext Decryption Plaintext

Bob’s Private Key Bob’s Public Key

 Cryptographic Algorithms based
on Public Key
Cons
• Algorithms are 100 – 1000 times slower than secret key ones
They are initially used in an initial phase of communication and then
secrets keys are generated to deal with encryptions
• How are Public keys made available to the other people?
• There is still a problem of Authentication!!!
Who ensures that the owner of a key pair is really the person whose
real life name is “Alice”?

Intranet
Extranet
Internet Moving towards PKI …
Bob Alice
Digital Signature
 Digital Signature
A Digital Signature is a data item that vouches the origin
and the integrity of a Message
• The originator of a message uses a signing key (Private Key) to sign the
message and send the message and its digital signature to a recipient

• The recipient uses a verification key (Public Key) to verify the origin of
the message and that it has not been tampered with while in transit

Intranet
Extranet
Internet
Bob Alice
 Digital Signature
Message Message

Digest Digest
Hash Function Hash Function
Algorithm Algorithm

Digest
Public Key

Private Key Encryption Decryption

Signature Expected Actual

Digest Digest

Signer Channel Receiver

 Digital Signature

There is still a problem linked to the

“Real Identity” of the Signer.

Why should I trust what the Sender claims to be?

Moving towards PKI …

Digital Certificate
 Digital Certificate
A Digital Certificate is a binding between an entity’s
Public Key and one or more Attributes relating its Identity.

• The entity can be a Person, an Hardware Component, a Service, etc.

• A Digital Certificate is issued (and signed) by someone

- Usually the issuer is a Trusted Third Party

• A self-signed certificate usually is not very trustworthy

 Digital Certificate
CERTIFICATE

Issuer
Subject

Subject Public Key

Issuer
Digital
Signature
 Digital Certificate
Problems
• How are Digital Certificates Issued?
• Who is issuing them?
• Why should I Trust the Certificate Issuer?
• How can I check if a Certificate is valid?
• How can I revoke a Certificate?
• Who is revoking Certificates?
Moving towards PKI …
Public Key Infrastructure
(PKI)
 Public Key Infrastructure
(PKI)

 A Public Key Infrastructure is an Infrastructure

to support and manage Public Key-based Digital
Certificates
 Public Key Infrastructure
(PKI)
“A PKI is a set of agreed-upon standards, Certification
Authorities (CA), structure between multiple CAs,
methods to discover and validate Certification Paths,
Operational Protocols, Management Protocols,

Interoperable Tools and supporting Legislation”

 Public Key Infrastructure
(PKI)
Focus on:
• X509 PKI
• X509 Digital Certificates
 Standards defined by IETF, PKIX WG:
[Link]

… even if X509 is not the only approach (e.g. SPKI)

 X509 PKI – Technical View
Basic Components:
• Certificate Authority (CA)
• Registration Authority (RA) “Provider” Side

• Certificate Distribution System

“Consumer” Side
• PKI enabled applications
 X509 PKI – Simple Model
Certification
CA Entity

Cert. Request
Application Signed
Certificate
RA
Service Internet
Certs, Directory
CRLs

Remote Local
Person Person
 X509 PKI
Certificate Authority (CA)
Basic Tasks:
• Key Generation
• Digital Certificate Generation
• Certificate Issuance and Distribution
• Revocation
• Key Backup and Recovery System
• Cross-Certification
 X509 PKI
Registration Authority (RA)
Basic Tasks:
• Registration of Certificate Information
• Face-to-Face Registration
• Remote Registration
• Automatic Registration
• Revocation
 X509 PKI
Certificate Distribution System
Provide Repository for:
• Digital Certificates
• Certificate Revocation Lists (CRLs)
Typically:
• Special Purposes Databases
• LDAP directories
 Certificate Revocation List
Certificate Revocation List

Revoked Certificates
remain in CRL
until they expire
 Certificate Revocation List (CRL)
• CRLs are published by CAs at well defined
interval of time
• It is a responsibility of “Users” of certificates to
“download” a CRL and verify if a certificate has
been revoked
• User application must deal with the revocation
processes
 Online Certificate Status Protocol
(OCSP)
• An alternative to CRLs
• IETF/PKIX standard for a real-time check if a
certificate has been revoked/suspended

• Requires a high availability OCSP Server

 CRL vs OCSP Server

Download CRL CRL

User CA

Directory CRL
Certificate IDs
to be checked Download
CRL
User OCSP CRL
CA
Answer about Server
Certificate States
Directory
OCSP
 X509 PKI
PKI-enabled Applications
Functionality Required:
• Cryptographic functionality
• Secure storage of Personal Information
• Digital Certificate Handling
• Directory Access
• Communication Facilities
 X509 PKI
Trust and Legal Issues
 X509 PKI
Trust and Legal Issues

• Why should I Trust a CA?

• How can I determine the liability of a CA?

 X509 PKI
Approaches to Trust and
Legal Aspects
• Why should I Trust a CA?
Certificate Hierarchies, Cross-Certification
• How can I determine the liability of a CA?
Certificate Policies (CP) and Certificate Policy
Statement (CPS)
 X509 PKI
Approach to Trust

Certificate Hierarchies
and
Cross-Certification
 CA Technology Evolution
CA CA CA CA Directory CA
Services

RA CA CA CA

RA RA Internet RA

RA RA Internet

Try to reflect
Real world Trust Models
LRA LRA