PUBLIC KEY INFRASTRUCTURE
The Internet is well on the way to becoming the primary platform for global commerce and communications. (PKI Canada) The very openness that encouraged the Internet’s explosive growth makes it difficult to ensure that Internet transactions are secure. Businesses and individuals require and demand tools that guarantee integrity information transmitted over the Internet and simultaneously provide the same level of trust as paper-based transactions. (PKI Canada)
Public key infrastructure (PKI) is the encryption technology that makes a digital signature valid. The primary purpose of a PKI is to create trust among Internet users-particularly in legal, commercial, official, and confidential transactions. (Compnetworking). The main element of PKI are Certificate Authorities, Digital Certificates, and electronic keys. (PKI Canada). As the world increasingly turns to electronic business, electronic credentials that prove identity are becoming a critical necessity. (Rothman). Much like a passport proves identity in the offline world, PKI delivers a way to prove identity in the online world. (Rothman).
In cyberspace, real trust must be established through virtual transmissions. (Compnetworking) There are only two basic ways: (1) through real world contacts that serve as a foundation for real world trust that can then serve as the basis for virtual transactions, or (Compnetworking) (2) through reliance on a trusted third party who has conducted a real world identification, authentication or real world entities and can provide digital certification of that identification and authentication in the virtual world. (Compnetworking) PKI is fast becoming the cornerstone of information security technology for a large number of companies. (Rothman)
PKI ensures that people are who they say they are and also proves that documents haven’t been tampered with, with is critical when conducting online transactions, such a placing orders or transferring money. (Rothman) Before committing their sensitive communications to the Internet users require specific assurances. They want their electronic transactions to be confidential and protected from tampering. (SmartForce) The answer is PKI. Based on the use of public key cryptography and digital signatures, a PKI is a framework of policies, services, and encryption software that provides the assurances users need before they can confidently transmit sensitive information over the Internet and other networks. (PKI Canada) Like any security technology, digital signatures used in PKI are not perfect. If the certificate authority’s root key is stolen, then anyone would be able to create digital certificates that would make all certificate from that Certification Authority (CA) invalid. (Rothman) PKI has the following features (PKI Canada)
PKI encryption technology occurs through the use of extremely long prime numbers, called keys. (Rothman) Two keys are involved – a private key, which only you have access to, and a public key, which can be accessed by anyone. (Rothman) The keys are generated using a mathematical algorithm to encrypt and decrypt the data. (PKI Canada) The two keys work together, so a message encrypted with the private key can only be unscrambled with the public key and vice versa. (Rothman) The more digits in these keys, the more secure the encryption process. (Rothman) Your digital signature is then used to prove your identity online just as you prove your identity through a handwritten signature offline. (Rothman)
The following example clarifies how PKI is used to verify a digital signature and an authentic document. The data, a document for instance, is processed by a complicated mathematical formula to generate a single large number. (Rothman) This large number is called a hash. The original data and the hash are bound together. If either the data or the hash is changed, the hash won’t match and the data cannot be decoded. (Rothman) In order to digitally sign the document, a hash is taken of the document and then signed with a user’s private key. (Rothman) Data that is encrypted (scrambled) with this private key, can then only be unscrambled with the corresponding public key. (Rothman) Anyone can then verify the authenticity of the document by unscrambling the hash with the public key and checking that against another hash computed from the received data. If the hashes match, the data was not altered or otherwise tampered with and it has a digital signature on it. (Rothman)
Private and public key pairs must be securely transferred by moving the private key to the key pair holder's system and then giving a copy of the public key to a trusted CA for certificate generation. (SmartForce) Key pairs can either be generated in your own system or you can have it generated in a central system. It is better to generate key pairs used for digital signatures in your own system, which means that the private key never leaves its original environment and meets requirements of nonrepudiation. (SmartForce)
Generating your digital signature key pair in your own system and ensuring it never leaves is a requirement in the ANSI X9.57 standard. (SmartForce) Typically CAs have better resources and tighter controls which in turn generate higher quality key pairs. An added advantage is that this central system can perform the backup and archiving of key pairs and the central system is better suited to encryption key pairs. (SmartForce) However, when a key pair is generated in a central system you must ensure that the private key is securely transported to your system. If your private key is compromised the validity of the certificate is also compromised. (SmartForce)
Private keys can be stored in a tamper-resistant hardware module or token such as a smart card or a PCMCIA card or in an encrypted data file on a computer (called a digital wallet). (SmartForce) PCMCIA and smart cards, although more expensive, are a more secure way of storing private keys. As well as storing your private key securely, additional authentication mechanisms for its protection should be used such as (SmartForce):
• a PIN
• a password
• a physical token
• some kind of biometric check
Regular updating the key pair reduces the risk of cryptoanalysis attacks that might successfully compromise the key pair so you shouldn’t wait for a key compromise to do so. (SmartForce) Key pairs for digital signatures and encryption service should always be kept separate. A private key of a digital signature key pair must be generated, used, and destroyed all in one secure module. (SmartForce) The private encryption key pair needs to be backed up or archived to ensure that all encrypted data is not lost, because of equipment failure for example. These two requirements are in conflict. (SmartForce)
A private key of a digital signature key pair should never be backed up or archived. If the value is disclosed, it could be used to forge digital signatures on old documents. A public key of a digital signature key pair or its certificate should be backed up or archived. (SmartForce) This lets you verify or help verify old signatures after the private key of the key pair has been destroyed, revoked, or expired. Since the rules for encryption and digital signature key pairs greatly differ, it is impractical to use the same key pair for both purposes. (SmartForce)
USING PUBLIC KEY CERTIFICATES
It is critical that you know that the public key you use is the correct public key or your intended recipient, and not a substitute or forgery. (SmartForce) There are two main kinds of trust: (1) direct relationship trust and (2) hierarchical trust. (SmartForce) With the possibility of intruders on the Internet it is unwise to take someone’s word on who they are—especially if you intend to communicate sensitive information such as bank account or credit card numbers. (SmartForce) Certificates are a method of verifying a person or server is who they say they are and therefore bind a person or server to their public key. (SmartForce) The combination of a user’s public key and the signature of the certificate authority makes the digital certificate complete. (Rothman) Digital certificates are tamper proof and cannot be forged, thereby helping ensure the security of PKI. (PKI Canada)
An organization called a certificate authority (CA) issues certificates to people and servers. (SmartForce) The CA is a main component of PKI. The CA is a trusted third party responsible for issuing digital certificates and manages them throughout their lifetime and work on the hierarchical trust model. (PKI Canada) It isn’t practical for one CA to issue and manage all certificates and it is also unlikely that everyone is prepared to trust a single CA, so there are many CAs. (SmartForce) It is technically possible for an organization to act as a CA for itself, but the logistics of this may not be feasible and may prove very expensive. For example, if you want to issue 10,000 certificates to your internal employees, it may be more practical to employ a large external CA, such as VeriSign, to perform this task. (SmartForce)
X.509 CERTIFICATES
Digital certificates are electronic files containing the user’s public key and specific identifying information about the user. (PKI Canada) The X.509 standard is the most widely recognized certificate format and it has evolved through three versions. (SmartForce). The basic format of a digital certificate contains the following: (PKI Canada) (SmartForce)
• the value of the public key
• an identifier of the algorithm with which the public key is to be used
The information in X.500 directories is made up of a set of entries. Each entry is associated with one object, such as a person, an organization, or a country. (SmartForce) This unambiguous name is called a distinguished name. An X.500 directory entry comprises a set of attributes regarding an object. Common attributes are (SmartForce):
|
Attribute |
Abbreviation |
Example |
|
Common Name |
CN |
CN=Mike Anderson |
|
Organization |
O |
O=Lowes Inc. |
|
Organizational Unit |
OU |
OU=Sales |
|
City or Locality |
L |
L=Chicago |
|
State or Province |
SP |
SP=Illinois |
|
Country |
C |
C=US |
To distinguish a name, other attributes such as an e-mail address, a phone number,
or a title may also be specified.
Because each entry must be distinct, X.500 entries are organized logically in a tree structure called the Directory Information Tree. (SmartForce) This Tree is made up of one root and many branches. Branches can be subordinate to the root or to another branch. Some objects require registration. (SmartForce) The algorithm identifiers used for the CA's signature and the algorithm to be used for the public key in an X.509 certificate must be registered. Other objects that may require registration include certificate extension types and name forms. The object identifier mechanism is used to register objects and is specified in international standards supported by a set of national object registration authorities. (PKI Canada)
CERTIFICATE PRACTICES AND POLICIES
Its start and expiry dates and a part of the issuing CA’s policy delimit a certificate’s lifetime . The date can range from months to years, yet the certificate is expected to be valid throughout its lifetime. (SmartForce) Under certain circumstances, such as the following, you should stop relying on a certificate before it expires (SmartForce):
• key compromise
• subscriber name change
• change of relationship between the subscriber and the CA
When the certificate becomes unreliable, the CA revokes the certificate. So the operational period of the certificate is more often than not shorter than its intended validity period. When a user considers their certificate to be unreliable it their responsibility to request revocation. (SmartForce) However, in some cases such as when an employee leaves a firm, another person, in this case the employer, may be authorized to revoke the certificate. In addition, the CA itself can revoke a certificate if a subscriber breaches a policy or practice. Normally, a CA handles a revocation request but when a local registration authority is involved, it typically receives and approves revocation requests. (SmartForce)
The validity period of an encryption public key is usually shorter than the corresponding private key. The private key used for decrypting messages is normally used for a longer time - for example, to decrypt old messages. Sometimes you may require historic validation and other times you may need real-time validation. If you want to achieve nonrepudiation then you would only be concerned that the certificate was valid at the time of signing. In this case the certificate's validity period need not extend beyond the operational period of the private key. This is historic validation.
If you needed a certificate to be valid up to the time of signature verification even though the signature may have occurred a long time in the past - for example, as a company
signs a piece of software, then validity period of the certificate is longer than the operational period of the signing private key. This would be real-time validation.
CAs often need to perform both historic and real-time validation. The X.509 Version 3 format certificate has an added Extensions field that allows the CA to indicate the usage period for private keys. (SmartForce) This Extension field in the Version 3 is an invaluable way of indicating the period of use of a private key that is shown. The certificate’s validity period is governed not only by its stated validity period, but also by the validity period of the CA's public key certificate that is used to validate the CA’s digital signature. (SmartForce) A CA should always ensure that the validity period of its own public key certificate extends past the validity period of the certificate it's signing.
When a certificate is revoked, the CA must make all other certificate users aware of the revocation. The most common way of doing this is by publishing a certificate revocation list (CRL). (SmartForce) A CRL is a time-stamped list of revoked certificates digitally signed by the CA. A revoked certificate is identified in a CRL by its serial number. When a certificate-using system checks a certificate's signature and validity, it must also acquire a recent CRL. (SmartForce) It then checks the CRL to ensure the certificate is not on it. The CA issues a new CRL each period even if no new revocations have occurred. This assures certificate-using systems that they acquired the most recent CRL. CRLs, like certificates, do not need to be distributed by secure communications or stored on trusted servers. (SmartForce)
One limitation of periodic CRLs is their time period. A revocation requested now is not reported until the next CRL is issued which could be more than a month. It is possible for a CA to publish a new CRL immediately a revocation is requested which is referred to as an off-cycle CRLs. (SmartForce) A problem with periodic CRLs is the interim period when a certificate has been revoked but the next CRL has not been published. A system may trust a revoked certificate because it has no knowledge of its revocation. Real-time revocation or online status checking is a method by which certificate-using systems are made aware of revoked certificates. (SmartForce) This system is very costly to implement on a large scale but there are other ways to achieve immediate notification:
• removal of the certificate from a repository
• removal of the certificate from a trusted server or directory
• fine-granularity periodic CRLs
(Fine-granularity periodic CRLs are published every minute or hour
instead or every week or month.) (SmartForce)
SUMMARY
PKI is the long-term solution for Internet requirements for information integrity and digital signature to certify legal, commercial, official, and confidential transactions. PKI ensures confidentiality, data integrity, authentication, and non-repudiation. PKI uses digital certificates that contain both a public and a private key. Public keys are available to everyone, while private keys need to be securely maintained. Companies called Certification Authorities (CA’s) issue digital certificates. The digital certificates are encrypted into long prime numbers referred to as keys. Two keys are involved – a private key, which only you have access to, and a public key, which can be accessed by anyone. The keys are generated using a mathematical algorithm to encrypt and decrypt the data. You can generate you own keys, but CAs have better resources and tighter controls that can generate higher-quality key pairs in a central system and can perform the backup and archiving of key pairs. The X.509 is the most widely recognized standard certificate format. Certificates have a start and expiration date that is part of the CA’s policy, yet certain circumstances can cause the CA to revoke the certificate prematurely. When a certificate is revoked, the CA published this information on a Certificate Revocation Listing (CRL). These CRLs are normally published periodically at regular intervals, but can be published as needed (off-cycle) or can be maintained on-line.
Bibliography: