Public Key Infrastructure (PKI)
NIST: “… key management environment for public key information of a public key cryptographic system”
Must consider:
- Key lifecycle: generation, distribution, storage and destruction
- Trusted legal/business entities:
- Registration Authorities (RAs): vouch for the identify of a user
- Validation Authorities (VAs): verify identities
- Certification Authorities (CAs): issue digital certificates (certifying public key TODO?)
Digital Certificates
How do you confirm the relationship between the public key and the claimed owner of that key? Through the use of digital certificates:
- Contain public key and owner identity
- Metadata such as signature algorithm, validity period
Certificates are signed by a certification authority (that should be trusted by the certificate verifier).
Certification Authority
A CA creates, issues and revokes certificates for subscribers and other CAs.
A CA has a certification practice statement (CPS) which covers processes such as checks before issuing certificates, physical/procedural security controls, revocation processes.
X.509 Certificate
Now RFC 5280, currently on version 3.
Important fields:
- Version number
- Serial number
- Signature algorithm identifier
- Issuer name (CA name)
- Subject name (user to which the certificate is issued)
- Public key information
- Validity period
- Digital signature (generated by CA)
Verification:
- Check CA signature is valid
- Requires user to have public key of the CA
- Check any conditions set in the certificate (e.g. validity period) are correct
Certification paths: CAs can issue certificates to other CAs. Hence, as long as there is a chain of CAs leading to a trusted root CA, the last CA can be trusted and hence the certificate can be validated.
Phishing: attacker can make URL and interface similar to a genuine site
Extended validation certificates: certificate issued by only some CAs after they have validated the entity’s legal identity. Different icon in browsers, but mostly ignored by users.
Revocation:
- Certificate marked as invalid even if its validity period is current
- User must check which certificates have been revoked
- Certificate Revocation List (CRL): each CA issues list of revoked certificates that must be downloaded by clients
- Online Certificate Status Protocol (OCSP): server responds to requests about specific certificates
Public Key Pinning:
- Depreciated feature that allowed websites to tell browsers to fix the public key used to verify certificates
- If CA was compromised, attacker can issue another certificate for the website but the browser would continue to use the pinned key for some time period
PKI Examples
Hierarchical PKI:
R Root
/ \
/ Y Intermediate
A \ CAs
Z
/ \
B C Users
CA certifies public key of entity below. If non-hierarchical, certification can be done between any CAs.
Browser PKI:
- Multiple hierarchies with preloaded public keys as root CAs
- Intermediate CAs can be added
- Users can add their own certificates
- Most servers send their public key and certificate through TLS
OpenPGP PKI:
- Used in PGP emails
- Certificate includes ID, public key, validity period, self-signature
- NO certification authorities
- Various key servers store public keys
- Web of trust: users can attest to association between public key and username