ISA 562 Information Systems Theory and Practice

1

ISA 562Information Systems Theory and Practice

ISA 562Information Systems Theory and Practice

10. Digital Certificates10. Digital Certificates

2

PUBLIC-KEY CERTIFICATES-1

• What is a certificate?: – A statement claiming some binding of attribute values

• Why do we need them?– Identifying entities outside of domain– Distributed access control

• What do they do?– Propagates claims:

• Certifier makes a claim that can be checked for authenticity and accepted if the recipient believe the claimant to be truthful

– Manages trust – distributed trust management

3

X.509v1 CERTIFICATE

VERSION

SERIAL NUMBER

SIGNATURE ALGORIT

ISSUER

VALIDITY

SUBJECT

SUBJECT PUB KEY INFO

SIGNATURE

1

1234567891011121314

RSA+MD5, 512

C=US, S=VA, O=GMU, OU=ISE

9/9/99-1/1/1C=US, S=VA, O=GMU, OU=ISE, CN=Alice

RSA, 1024, xxxxxx

SIGNATURE

4

PUBLIC-KEY CERTIFICATES

• For public-key based encryption

– sender needs public key of receiver

• For public-key digital signatures

– receiver needs public key of sender

• To establish an agreement

– both need each other’s public keys

5

CERTIFICATE TRUST

• Acquisition of public key of the issuer to verify the signature– Go to through a certificate chain

• Whether or not to trust certificates signed by the issuer for this subject

6

PEM CERTIFICATION GRAPHInternet Policy Registration Authority

Policy Certification Authorities (PCAs)

HIGHASSURANCE

MID-LEVELASSURANCE

RESIDENTIAL PERSONA

CertificationAuthorities

(CAs)

Abrams

Grover

SubjectsGrover

LEO

IPRA

MITRE GMU

CS

Virginia

Fairfax

Anonymous

7

PUBLIC-KEY CERTIFICATES• What is a certificate?:

– A statement claiming some binding of attribute values

• Why do we need them?– Identifying entities outside of domain

– Distributed access control

• What do they do?– Propagate claims:

• Certifier makes a claim that can be checked for authenticity and accepted if the recipient believe the claimant to be truthful

– Manages trust – distributed trust management

8

SECURE ELECTRONIC TRANSACTIONS (SET) CA HIERARCHY

Root

Brand BrandBrand

Geo-Political

Bank Acquirer

Customer Merchant

9

Certificate Revocation

• Sometimes, the issuer need to recant certificate– The subject’s attributes have changed– The subject misused the certificate– There are forged certificates

• Published in a certificate revocation list

10

CRL FORMAT

SIGNATURE ALGORITHM

ISSUER

LAST UPDATE

NEXT UPDATE

REVOKED CERTIFICATES

SIGNATURE

SERIAL NUMBER

REVOCATION DATE

11

X.509 CERTIFICATES

• X.509v1– basic

• X.509v2– adds unique identifiers to prevent against reuse of

X.500 names

• X.509v3– adds many extensions– can be further extended

12

X.509v3 CERTIFICATE INNOVATIONS

• distinguish various certificates– signature, encryption, key-agreement

• identification info in addition to X.500 name– internet names: email addresses, host names, URLs

• issuer can state policy and usage– good enough for casual email but not for signing checks

• limits on use of signature keys for further certification• extensible

– proprietary extensions can be defined and registered

• attribute certificates– ongoing work

13

X.509v2 CRL INNOVATIONS

• CRL distribution points• indirect CRLs• delta CRLs• revocation reason• push CRLs

14

HIERARCHICAL STRUCTURE

Z

X

Q

A

Y

R S T

C E G I K M O

a b c d e f g h i j k l m n o p

15

HIERARCHICAL STRUCTURE WITH ADDED LINKS

Z

X

Q

A

Y

R S T

C E G I K M O


16

TOP-DOWN HIERARCHICAL STRUCTURE

Z

X

Q

A

Y

R S T

C E G I K M O


17

FORREST OF HIERARCHIES

18

MULTIPLE ROOT CA’s + INTERMEDIATE CA’s MODEL

X

Q

A

R

S T

C E G I K M O


19

THE CERTIFICATE TRIANGLE

user

attribute public-key

X.509identity

certificate

X.509attribute

certificate

SPKIcertificate

20

2-WAY SSL HANDSHAKE WITH RSA

Client Server ClientHello --------> ServerHello Certificate CertificateRequest <-------- ServerHelloDone Certificate ClientKeyExchange CertificateVerify [ChangeCipherSpec] Finished --------> [ChangeCipherSpec] <-------- Finished Application Data <-------> Application Data

RecordProtocol

HandshakeProtocol

21

SINGLE ROOT CA MODEL

RootCA


RootCA

User

22

SINGLE ROOT CAMULTIPLE RA’s MODEL

RootCA


RootCA

User RA

User RA

User RA

23

MULTIPLE ROOT CA’s MODEL

RootCA


RootCAUser

RootCA

RootCA

RootCAUser

RootCAUser

24

ROOT CA + INTERMEDIATE CA’s MODEL

Z

X

Q

A

Y

R S T

C E G I K M O


25

MULTIPLE ROOT CA’s PLUS INTERMEDIATE CA’s MODEL

X

Q

A

R

S T

C E G I K M O


26


X

Q

A

R

S T

C E G I K M O


27


X

Q

A

R

S T

C E G I K M O


28

MULTIPLE ROOT CA’s + INTERMEDIATE CA’s MODEL

• Essentially the model on the web today

• Deployed in server-side SSL mode

• Client-side SSL mode yet to happen

29

SERVER-SIDE MASQUERADING

BobWeb browser

www.host.comWeb serverServer-side SSL

UltratrustSecurityServices

www.host.com

30


BobWeb browser

www.host.comWeb server

Server-side SSL UltratrustSecurityServices

www.host.comMallory’sWeb server

BIMMCorporation

www.host.com

Server-side SSL

31


BobWeb browser


Server-side SSL UltratrustSecurityServices

www.host.comMallory’sWeb server

Server-side SSL

BIMMCorporation


www.host.com

32

MAN IN THE MIDDLEMASQUERADING PREVENTED

BobWeb browser


Client-side SSL


www.host.com

Mallory’sWeb server

BIMMCorporation

Client-side SSL


www.host.com

Client Side SSLend-to-endUltratrust

SecurityServices

Bob

BIMMCorporation


Bob

33

ATTRIBUTE-BASED CLIENT SIDE MASQUERADING

Joe@anywhereWeb browser

BIMM.comWeb serverClient-side SSL


BIMM.com


Joe@anywhere

34


Alice@SRPCWeb browser



BIMM.com

SRPC

Alice@SRPC

35


Bob@PPCWeb browser



BIMM.com

PPC

Bob@PPC

36


Alice@SRPCWeb browser



BIMM.com

SRPC

PPC

Bob@PPC

ISA 562 Information Systems Theory and Practice

Documents

public key of senderto

certificate chainwhether

binding of attribute

host names

nameinternet names

email addresses

casual email

forged certificatespublished