Pki
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Pki as PDF for free.
More details
- Words: 1,665
- Pages: 5
Public Key Infrastructure Jim Hurst
Public Key Infrastructure Introduction Secure communications is an essential requirement for any modern organization. In practical terms, this often means sending encrypted information across the Internet— through electronic mails, file transfers, secure web transactions, or telephony. Public key infrastructure, or PKI, addresses the problem of managing encryption and decryption keys for groups of users to assure the confidentiality of information. PKI also provides for the use of digital signatures, which allows for verification of the integrity of digital information. A final benefit of PKI is non-repudiation, which verifies that a particular author sent a given message. PKI is based upon three principle technologies: public key cryptography, digital signatures, and digital certificates. These key components are discussed in the next sections. This is followed by an explanation of how PKI is implemented in the enterprise, and the problems that it must address.
Public Key Cryptography Any discussion of public key infrastructure must begin with public key cryptography. Public key cryptography, also known as asymmetric cryptography, allows users to communicate secretly without having a shared secret key. The trick is that each user has both a public and a private key. Anyone can access the public key, but only the user has access to the private key. The true magic of public key systems is that when a particular public key is used to encrypt information, only the corresponding private key can decrypt it (because the keys are mathematically related). To send you a secret message, I use your public key to encrypt my message. I can then send you the message via public means, because no one can read the message without your private key. Mathematicians Whitfield Diffie and Martin Hellman developed the first published practical application of public key cryptography in 1976 (although classified systems were probably already in use at this time). Their method of jointly establishing a secret key is now known as Diffie-Hellman key exchange. In 1978, the team of Rivest, Shapiro, and Adelman published a method of using two large primes for encryption and decryption that combined public key encryption and digital signatures. The method, still used today, is known as RSA, and it is based on the computational difficulty of factoring large prime integers. Other well known public key algorithms include El Gamal, which is based on discrete logarithms, and ECC (elliptic curve cryptography), which is based on the algebraic structure of elliptic curves over finite fields.
Digital Signatures A second crucial application of public key cryptography is digital signing. A digital signature allows verification that a given private key signed a particular message, which provides the benefits of integrity and non-repudiation. An author can sign a document by
creating an electronic fingerprint of the document (a hash), and then encrypting the hash with the author’s private key. The recipient of the document decrypts the hash with the author’s public key and tests it against a current hash of the document. Because the author’s private key is required to generate the original hash, the author must have generated the signed document. If the two hashes do not match, the document has been modified since the original hash was made. If the two hashes match, this verifies that the document has not been modified. Therefore, it was signed with the author’s private key, which makes the author responsible for the document. This ability to verify that a given sender did indeed send a particular message is known as non-repudiation.
Digital Certificates Current implementations of PKI depend on digital certificates, also known as public key certificates or identity certificates. This is a certificate that uses a digital signature to bind a user identity to a public key. The user identity can include arbitrary fields, usually including name, organization, and address. A certificate authority (CA) creates and maintains the digital signatures. Certificate authorities function as trusted third parties, validating the identities of all user certificates they create. Governments and large organizations can have their own CAs. There are numerous commercial CAs, and a certificate authority and the tools to use it are integral parts of any PKI. The most common digital certificate standard is the ITU-T X.509. X.509 provides standard formats for certificates and a set of procedures to determine is a given certificate is valid. An X.509 certificate has a start date and an expiration date defined when it is created. The CA might also have revoked the certificate. X.509 certificates use a Certificate Revocation List to keep track of certificates that have been voided. A common use of X.509 certificates is for one CA (the root CA or root authority) to endorse a second tier CA, which then generates user certificates. Validating the user certificates means validating the parent CA that issued them, which in turn requires validating the root CA that endorsed the issuing CA. The most common application of digital certificates is the secure sockets layer (SSL) used in web commerce. SSL is not a true PKI system, because the server is validated, although the client is not.
Implementations Consider a simple example of a PKI system at work. Alice, an employee of Atlas Amalgamated, needs to send a secret bid to Bob at Better Business. Alice uses her normal email client, but flags the message as encrypted. The corporate PKI system must authenticate Alice’s identity, then contact Bob’s CA, retrieve his public key, and use this key to encrypt the message. It also digitally signs the email with Alice’s private key, and then sends it to Bob across the Internet. When Bob receives the message, his PKI system authenticates his identity, notes that the email is signed, and contacts Alice’s certificate authority to retrieve her public key. The system uses Alice’s public key to decrypt the hash. It then generates a new hash to verify that Alice sent the message and it has not been modified. The PKI next decrypts the message using Bob’s private key and delivers the plaintext into Bob’s inbox.
This is one of the simplest applications of a PKI, which highlights the challenges that PKI systems face. Different organizations might use different certificate authorities. Does Alice’s organization trust Bob’s CA? How does her PKI system know where to find Bob’s public key? PKI offers huge benefits, but real-world experience has proven that a workable implementation is non-trivial. An effective PKI system must be seamless, meaning that it works with existing enterprise applications and existing organizational workflows. It must be secure, so that access to private keys is tightly controlled. Users should not be able to copy or extract private keys. The PKI must provide means to publish public keys, validate certificates, and revoke certificates. Deploying a PKI represents a serious commitment of resources. To date, its use has largely been restricted to governments and large enterprises. In the 1990s, vendors sensed a large market for PKI and began delivering products, although both technical issues and operational problems slowed uptake in the enterprise. Besides the technical issues illustrated in the example above, PKI systems must fit into an organization’s operating procedures, which means that they must integrate into the many and various workflows of a complex organization and gain acceptance from the work force. Early vendor offerings tended to lack the flexibility required for easy integration. The simple public key infrastructure (SPKI) promised an alternative to the “heavyweight” PKI described above. SPKI grew out of multiple independent efforts to simplify the use of digital certificates. SPKI binds users directly to keys with a local trust model. PKI offerings have found a market, although it has grown more slowly than anticipated. Enterprise PKI schemes are often integrated into a directory structure, such as LDAP, tying a public key embedded in a certificate to personal information. Current PKI offerings are often integrated with smartcards, so that users can carry both public and private keys with them with little risk of keys being compromised. The largest deployment of PKI to date is the United States government’s Defense Information System Agency’s Common Access Card program. Because PKI systems are intended to interoperate, they require well defined standards. The Internet Engineering Task Force (IETF) PKIx working group develops most of the standards for PKI systems.
PKI’s Security PKI systems are large, complex systems that use public key cryptography, which is neither more nor less secure than symmetric cryptography. There is always a risk that as a system grows more complex, unexpected interactions between components will introduce vulnerabilities. PKI systems are rigorously designed and tested to avoid such vulnerabilities. Ideally, these systems introduce seamless, well engineered security to digital information. However, they remain subject to improper configuration, human error, and social engineering.
Summary - The Future PKI fills an essential function; therefore, its role will continue to grow. The integration of
smartcards and PKI systems is growing in popularity. The market for a cheap and effective PKI is huge, although the complexity of the problem PKI addresses means that implementing a PKI requires a major commitment. In turn, commercial offerings will remain relatively expensive to deploy and maintain. Because of the expense, large organizations will continue to dominate PKI uptake in the near term.
References: Bellare, M., and P. Rogaway. The exact security of digital signatures---how to sign with RSA and Rabin. In U. Maurer, editor, Advances in Cryptology, Proc. of Eurocrypt '96, pages 399–416. Springer-Verlag, 1996. Zaragoza, Spain, May 11–16. http://citeseer.ist.psu.edu/bellare96exact.html “Public Key Infrastructure” Wikipedia, http://en.wikipedia.org/wiki/Pki. Rivest, R. L., Shamir, A., Adleman, L. A.: A method for obtaining digital signatures and public-key cryptosystems; Communications of the ACM, Vol.21, Nr.2, 1978, S.120-126. http://citeseer.ist.psu.edu/rivest78method.html. Rivest, R. L. and B. Lampson. SDSI—A Simple Distributed Security Infrastructure. Version 1.1, at http://theory. lcs.mit.edu/rivest/sdsi11.html, October 2, 1996. Shoup, V. On Formal Models for Secure Key Exchange. Theory of Cryptography Library Record 99–12, http://philby.ucsd.edu/cryptolib/ and invited talk at ACM Computer and Communications Security conference, 1999. http://citeseer.ist.psu.edu/article/shoup99formal.html “Ten Risks of PKI: What You're Not Being Told About Public Key Infrastructure,” C. Ellison and B. Schneier, http://www.schneier.com/paper-pki.html. “What is a PKI?” Entrust Corporation, http://www.entrust.com/pki.htm.
Public Key Infrastructure Introduction Secure communications is an essential requirement for any modern organization. In practical terms, this often means sending encrypted information across the Internet— through electronic mails, file transfers, secure web transactions, or telephony. Public key infrastructure, or PKI, addresses the problem of managing encryption and decryption keys for groups of users to assure the confidentiality of information. PKI also provides for the use of digital signatures, which allows for verification of the integrity of digital information. A final benefit of PKI is non-repudiation, which verifies that a particular author sent a given message. PKI is based upon three principle technologies: public key cryptography, digital signatures, and digital certificates. These key components are discussed in the next sections. This is followed by an explanation of how PKI is implemented in the enterprise, and the problems that it must address.
Public Key Cryptography Any discussion of public key infrastructure must begin with public key cryptography. Public key cryptography, also known as asymmetric cryptography, allows users to communicate secretly without having a shared secret key. The trick is that each user has both a public and a private key. Anyone can access the public key, but only the user has access to the private key. The true magic of public key systems is that when a particular public key is used to encrypt information, only the corresponding private key can decrypt it (because the keys are mathematically related). To send you a secret message, I use your public key to encrypt my message. I can then send you the message via public means, because no one can read the message without your private key. Mathematicians Whitfield Diffie and Martin Hellman developed the first published practical application of public key cryptography in 1976 (although classified systems were probably already in use at this time). Their method of jointly establishing a secret key is now known as Diffie-Hellman key exchange. In 1978, the team of Rivest, Shapiro, and Adelman published a method of using two large primes for encryption and decryption that combined public key encryption and digital signatures. The method, still used today, is known as RSA, and it is based on the computational difficulty of factoring large prime integers. Other well known public key algorithms include El Gamal, which is based on discrete logarithms, and ECC (elliptic curve cryptography), which is based on the algebraic structure of elliptic curves over finite fields.
Digital Signatures A second crucial application of public key cryptography is digital signing. A digital signature allows verification that a given private key signed a particular message, which provides the benefits of integrity and non-repudiation. An author can sign a document by
creating an electronic fingerprint of the document (a hash), and then encrypting the hash with the author’s private key. The recipient of the document decrypts the hash with the author’s public key and tests it against a current hash of the document. Because the author’s private key is required to generate the original hash, the author must have generated the signed document. If the two hashes do not match, the document has been modified since the original hash was made. If the two hashes match, this verifies that the document has not been modified. Therefore, it was signed with the author’s private key, which makes the author responsible for the document. This ability to verify that a given sender did indeed send a particular message is known as non-repudiation.
Digital Certificates Current implementations of PKI depend on digital certificates, also known as public key certificates or identity certificates. This is a certificate that uses a digital signature to bind a user identity to a public key. The user identity can include arbitrary fields, usually including name, organization, and address. A certificate authority (CA) creates and maintains the digital signatures. Certificate authorities function as trusted third parties, validating the identities of all user certificates they create. Governments and large organizations can have their own CAs. There are numerous commercial CAs, and a certificate authority and the tools to use it are integral parts of any PKI. The most common digital certificate standard is the ITU-T X.509. X.509 provides standard formats for certificates and a set of procedures to determine is a given certificate is valid. An X.509 certificate has a start date and an expiration date defined when it is created. The CA might also have revoked the certificate. X.509 certificates use a Certificate Revocation List to keep track of certificates that have been voided. A common use of X.509 certificates is for one CA (the root CA or root authority) to endorse a second tier CA, which then generates user certificates. Validating the user certificates means validating the parent CA that issued them, which in turn requires validating the root CA that endorsed the issuing CA. The most common application of digital certificates is the secure sockets layer (SSL) used in web commerce. SSL is not a true PKI system, because the server is validated, although the client is not.
Implementations Consider a simple example of a PKI system at work. Alice, an employee of Atlas Amalgamated, needs to send a secret bid to Bob at Better Business. Alice uses her normal email client, but flags the message as encrypted. The corporate PKI system must authenticate Alice’s identity, then contact Bob’s CA, retrieve his public key, and use this key to encrypt the message. It also digitally signs the email with Alice’s private key, and then sends it to Bob across the Internet. When Bob receives the message, his PKI system authenticates his identity, notes that the email is signed, and contacts Alice’s certificate authority to retrieve her public key. The system uses Alice’s public key to decrypt the hash. It then generates a new hash to verify that Alice sent the message and it has not been modified. The PKI next decrypts the message using Bob’s private key and delivers the plaintext into Bob’s inbox.
This is one of the simplest applications of a PKI, which highlights the challenges that PKI systems face. Different organizations might use different certificate authorities. Does Alice’s organization trust Bob’s CA? How does her PKI system know where to find Bob’s public key? PKI offers huge benefits, but real-world experience has proven that a workable implementation is non-trivial. An effective PKI system must be seamless, meaning that it works with existing enterprise applications and existing organizational workflows. It must be secure, so that access to private keys is tightly controlled. Users should not be able to copy or extract private keys. The PKI must provide means to publish public keys, validate certificates, and revoke certificates. Deploying a PKI represents a serious commitment of resources. To date, its use has largely been restricted to governments and large enterprises. In the 1990s, vendors sensed a large market for PKI and began delivering products, although both technical issues and operational problems slowed uptake in the enterprise. Besides the technical issues illustrated in the example above, PKI systems must fit into an organization’s operating procedures, which means that they must integrate into the many and various workflows of a complex organization and gain acceptance from the work force. Early vendor offerings tended to lack the flexibility required for easy integration. The simple public key infrastructure (SPKI) promised an alternative to the “heavyweight” PKI described above. SPKI grew out of multiple independent efforts to simplify the use of digital certificates. SPKI binds users directly to keys with a local trust model. PKI offerings have found a market, although it has grown more slowly than anticipated. Enterprise PKI schemes are often integrated into a directory structure, such as LDAP, tying a public key embedded in a certificate to personal information. Current PKI offerings are often integrated with smartcards, so that users can carry both public and private keys with them with little risk of keys being compromised. The largest deployment of PKI to date is the United States government’s Defense Information System Agency’s Common Access Card program. Because PKI systems are intended to interoperate, they require well defined standards. The Internet Engineering Task Force (IETF) PKIx working group develops most of the standards for PKI systems.
PKI’s Security PKI systems are large, complex systems that use public key cryptography, which is neither more nor less secure than symmetric cryptography. There is always a risk that as a system grows more complex, unexpected interactions between components will introduce vulnerabilities. PKI systems are rigorously designed and tested to avoid such vulnerabilities. Ideally, these systems introduce seamless, well engineered security to digital information. However, they remain subject to improper configuration, human error, and social engineering.
Summary - The Future PKI fills an essential function; therefore, its role will continue to grow. The integration of
smartcards and PKI systems is growing in popularity. The market for a cheap and effective PKI is huge, although the complexity of the problem PKI addresses means that implementing a PKI requires a major commitment. In turn, commercial offerings will remain relatively expensive to deploy and maintain. Because of the expense, large organizations will continue to dominate PKI uptake in the near term.
References: Bellare, M., and P. Rogaway. The exact security of digital signatures---how to sign with RSA and Rabin. In U. Maurer, editor, Advances in Cryptology, Proc. of Eurocrypt '96, pages 399–416. Springer-Verlag, 1996. Zaragoza, Spain, May 11–16. http://citeseer.ist.psu.edu/bellare96exact.html “Public Key Infrastructure” Wikipedia, http://en.wikipedia.org/wiki/Pki. Rivest, R. L., Shamir, A., Adleman, L. A.: A method for obtaining digital signatures and public-key cryptosystems; Communications of the ACM, Vol.21, Nr.2, 1978, S.120-126. http://citeseer.ist.psu.edu/rivest78method.html. Rivest, R. L. and B. Lampson. SDSI—A Simple Distributed Security Infrastructure. Version 1.1, at http://theory. lcs.mit.edu/rivest/sdsi11.html, October 2, 1996. Shoup, V. On Formal Models for Secure Key Exchange. Theory of Cryptography Library Record 99–12, http://philby.ucsd.edu/cryptolib/ and invited talk at ACM Computer and Communications Security conference, 1999. http://citeseer.ist.psu.edu/article/shoup99formal.html “Ten Risks of PKI: What You're Not Being Told About Public Key Infrastructure,” C. Ellison and B. Schneier, http://www.schneier.com/paper-pki.html. “What is a PKI?” Entrust Corporation, http://www.entrust.com/pki.htm.
Related Documents
Pki
April 2020 35
Pki
April 2020 35
Integration Cakeon Ad Pki
May 2020 30
Technologies Vpn Ipsec & Pki
May 2020 14
Pki Training V1.5
May 2020 17
Artikel Pki Fix.docx
October 2019 28More Documents from "AINA"
Pki
April 2020 35
Comptia Security Review
April 2020 28
Erd Notation
April 2020 36
Itil V3 - Function And Process
May 2020 17
Des
April 2020 33