Issuer Name. 14.2 Digital Certificates. Digital Certificate. Subject Name : Atul
Kahate. Public Key :
Dept. of Computer Engineering
Information Security Lab.
PART III Network Security Application CHAPTER 14 Authentication Application 14.2 X.509 Authentication Service: Digital Certificates
348/374 348/374
Dept. of Computer Engineering
Information Security Lab.
14.2 Digital Certificates 1 introduction Ø
The problem of key agreement or key exchange → DH key Exchange (man-in-the-middle attack) → Public-key cryptography → unsolved issues : “how do the sender/receiver exchange their public keys with each other” → a revolutionary idea of using Digital Certificates.
Ø
Digital certificate conceptually is identical to passport/ driving licenses z z z z
Full name Nationality Date and place of birth Photograph and signature 349/374 349/374
1
Dept. of Computer Engineering
Information Security Lab.
14.2 Digital Certificates 2 The Concept of Digital Certificates
Note: A digital certificate is simply a small computer file Ø A digital certificate would actually be a computer file with the file name such as “abc.cer”. Ø A digital certificate signifies the association between a user and her public key. Digital Digital Certificate Certificate I Iofficially officially approve the approve the relation between relation between the holder of this the holder of this certificate (the certificate (the user) and this user) and this particular public particular public key. key.
Fig. 5.1 Conceptual view of digital certificate 350/374 350/374
Dept. of Computer Engineering
Information Security Lab.
14.2 Digital Certificates 2 The Concept of Digital Certificates Ø
Who is officially approving the association between a user and the user’s digital certificate. (CA) Digital certificates must be issued by some trusted entity. Otherwise we will not trust anybody’s digital certificate.
Ø
Digital certificate contains the following simple but core information: z z z
Subject Name, Public key Serial Number
z
Other data Valid From Valid To Issuer Name
z z z
Digital DigitalCertificate Certificate Subject SubjectName Name : :Atul AtulKahate Kahate Public PublicKey Key : : Serial SerialNumber Number: :1029101 1029101 Other Otherdata data : :Email Email… … Valid ValidFrom From : :11Jan Jan2001 2001 Issuer IssuerName Name : :VeriSign VeriSign … … 351/374 351/374
2
Dept. of Computer Engineering
Information Security Lab.
14.2 Digital Certificates 3 Certification Authority (CA) Note: A Certification Authority (CA) is a trusted agency that can issue digital certificates. Ø Who can be a CA? z The authority of acting as a CA has to be with someone who everybody trusts. z The governments in the various countries decide who can and who cannot be a CA z A CA is a reputed organization, such as a post office, financial institution, software company, etc. z Two of the world’s most famous CAs are VeriSign and Entrust. 352/374 352/374
Dept. of Computer Engineering
Information Security Lab.
14.2 Digital Certificates 4 Technical Details of Digital Certificate Ø
A standard (X.509) defines the structure of a digital certificate. The International Telecommunication Union (ITU) came up with this standard in 1988. X.500
Ø
Since then, X.509 was revised twice(1993, 1995). The current version of the standard is version 3, called as X.509V3.
Ø
The Internet Engineering Task Force (IETF) published the RFC2459 for the X.509 standard in 1999. 353/374 353/374
3
Dept. of Computer Engineering
Information Security Lab.
14.2 Digital Certificates 4 Technical Details of Digital Certificate Version
Validity (Not Before/Not After) Subject Name Subject Public Key Information Issuer Unique Identifier
Versions 3
Issuer Name
Versions 2
Signature Algorithm Identifier
Versions 1
Certificate Serial Number
Subject Unique Identifier Extensions Certification Authority’s Digital Signature
All versions
Fig. 5.3 Contents of a digital certificate 354/374 354/374
Dept. of Computer Engineering
Information Security Lab.
14.2 Digital Certificates 5 Digital Certificate Creation (1) Parties involved Ø Who are the parties involved in creating a digital certificates ? z
Ø
The subject (end user), the issuer (CA), Registration Authority (RA).
The CA can delegate some of its tasks to this third party, called as a Registration Authority (RA). RA is an intermediate entity between the end users and the CA, which assist the CA in its day-to-day activities
355/374 355/374
4
Dept. of Computer Engineering
Information Security Lab.
14.2 Digital Certificates 5 Digital Certificate Creation (1) Parties involved End user Registration Authority (RA)
End user
Certification Authority (CA)
End user Fig. 5.4 Registration Authority (RA) Ø
The RA commonly provides the following services Accepting and verifying registration information about new user z Generating keys on behalf of the end users z Accepting and authorizing requests for key backups and recovery z Accepting and authorizing the requests for certificate revocation z
356/374 356/374
Dept. of Computer Engineering
Information Security Lab.
14.2 Digital Certificates 5 Digital Certificate Creation (2) Certificate creation steps Ø The creation of a digital certificate consists of several steps Key generation Registration Verification Certificate creation Fig. 5.5 Digital certificate creation steps 357/374 357/374
5
Dept. of Computer Engineering
Information Security Lab.
14.2 Digital Certificates (2) Certificate creation steps Step 1: Key Generation (a) The subject can create a private and public key pair Key generation
Subject
This would be sent to the RA
Keep this secret
Public key
Private key
Fig. 5.6 Subject generating its own key pair 358/374 358/374
Dept. of Computer Engineering
Information Security Lab.
14.2 Digital Certificates (2) Certificate creation steps Step 1: Key Generation (b) The RA can create a key pair on the subjext’s behalf. Registration Authority (RA)
For For User User XX
Key generation
Private key for user X
Public key for user X
Fig. 5.7 RA generating a key pair on behalf of the subject 359/374 359/374
6
Dept. of Computer Engineering
Information Security Lab.
14.2 Digital Certificates (2) Certificate creation steps Step 2: Registration Public key Registration Authority (RA)
Subject Private key
Other registration information and evidences
Fig. 5.8 Subject sends public key and evidences to the RA Ø
The format for the certificate requests has been standardized, called as Certificate Signing Request (CSR), or PKCS#10; Fig. 5.9 and Fig. 5.10 360/374 360/374
Dept. of Computer Engineering
Information Security Lab.
14.2 Digital Certificates (2) Certificate creation steps Step 3: Verification Ø
After the registration process is complete, the RA has to verify the user’s credentials. (a) The RA needs to verify the user’s credentials such as the evidences provides, and ensure that they are acceptable. (b) The second check is to ensure that the user who is requesting for the certificate does indeed posses the private key corresponding to the public key that is sent as a part of the certificate request to the RA. This check is called as checking the Proof Of Possession (POP) of the private key. 361/374 361/374
7
Dept. of Computer Engineering
Information Security Lab.
14.2 Digital Certificates (2) Certificate creation steps Step 4: Certificate creation Ø The CA does its own verification and creates a digital certificate for the user. There are programs for creating certificates in the X.509 standard format. Ø
The CA’s copy of the certificate is maintained in a certificate directory.
Ø
The directory clients can request for and access information from the central repository using a directory access protocol, such as the Lightweight Directory Access Protocol (LDAP). 362/374 362/374
Dept. of Computer Engineering
Information Security Lab.
14.2 Digital Certificates 6 Why should We Trust Digital Certificates? (1) Introduction Ø
A CA always signs a digital certificate with its private key
Note: I have signed this certificate to guarantee that this user possesses the specified public key. Trust me! (2) How does the CA sign a digital certificate? Digital DigitalCertificate Certificate Subject SubjectName Name: :… … Public PublicKey Key: :… … … …
To verify this certificate, we need to de-sign it using the CA’s public key. If we can de-sign the certificate, we can safely assume that the certificate is valid.
CA’s Digital Signature
Fig. 5.15 CA signs a certificate 363/374 363/374
8
Dept. of Computer Engineering
Information Security Lab.
14.2 Digital Certificates (2) How does the CA sign a digital certificate? Version Certificate Serial Number Signature Algorithm Identifier Issuer Name Validity (Not Before/Not After) Subject Name Subject Public Key Information Issuer Unique Identifier Subject Unique Identifier Extensions
Message Digest Algorithm A message digest (hash) of all but the last fields of the digital certificate is created.
Certification Authority’s Digital Signature
Message Digest Digital Signature Algorithm
Certificate Authority’s Private key
Digital Signature
This digital signature of the CA is stored as the last field of the digital certificate.
Fig. 5.16 Creation of the CA signature on a certificate 364/374 364/374
Dept. of Computer Engineering
Information Security Lab.
14.2 Digital Certificates (3) How can we verify a digital certificate? Version Certificate Serial Number Signature Algorithm Identifier Issuer Name Validity (Not Before/Not After) Subject Name Subject Public Key Information Issuer Unique Identifier Subject Unique Identifier Extensions
Message Digest Algorithm A message digest (hash) of all but the last fields of the digital certificate is created.
Step 6
Certification Authority’s Digital Signature
Step 3 Digital Signature
Step 4
Message Digest (MD1)
Step 1
Step 2
Is MD1 = MD2 ?
CA’s Public key De-Signing Algorithm (Decryption)
Step 5
Message Digest (MD2)
Certificate Certificate is valid. is invalid. Accept it. Reject it.
Fig. 5.17 Verification of the CA signature on a certificate 365/374 365/374
9
Dept. of Computer Engineering
Information Security Lab.
14.2 Digital Certificates 7 Certificate Hierarchies and Self-signed Digital Certificates Ø
Assume Alice and Bob have obtained their certificates from the different CA. How can Alice obtain the public key of the CA ? Root CA
Second Level CA
Third Level CA
Second Level CA
Third Level CA
…
…
Second Level CA
Third Level CA
Third Level CA
…
Fig. 5.18 CA hierarchy
366/374 366/374
Dept. of Computer Engineering
Information Security Lab.
14.2 Digital Certificates 7 Certificate Hierarchies and Self-signed Digital Certificates Ø
Certification Authority hierarchy : begins with the root CA Root CA Second Level CA (A1)
Second Level CA (A2)
Third Level CA Third Level CA (B2) (B1)
Alice
…
Second Level CA (A3)
… Third Level CA (B10)
…
Third Level CA (B11)
Bob
Fig. 5.19 Users belonging to different CAs under the same root CA 367/374 367/374
10
Dept. of Computer Engineering
Information Security Lab.
14.2 Digital Certificates 7 Certificate Hierarchies and Self-signed Digital Certificates Ø
Certification Authority hierarchy
Digital DigitalCertificate Certificate … … Issuer IssuerName: Name:B11 B11 Subject Bob SubjectName: Name: Bob …
Digital DigitalCertificate Certificate … … Issuer Name: Issuer Name:A3 A3 Subject SubjectName: Name:B11 B11
Digital DigitalCertificate Certificate … … Issuer IssuerName: Name:Root Root Subject SubjectName: Name:A3 A3 … …
Digital DigitalCertificate Certificate … … Issuer IssuerName: Name: ??? Subject SubjectName: Name:Root Root … …
… …
…
Fig. 5.20 Certificate hierarchy and the problem of the verification of a root CA 368/374 368/374
Dept. of Computer Engineering
Information Security Lab.
14.2 Digital Certificates 7 Certificate Hierarchies and Self-signed Digital Certificates ¾
Self-signed certificate
Digital DigitalCertificate Certificate … … Issuer IssuerName: Name:Root Root Subject SubjectName: Name:Root Root … …
Fig. 5.21 Self-signed certificate 369/374 369/374
11
Dept. of Computer Engineering
Information Security Lab.
14.2 Digital Certificates 7 Certificate Hierarchies and Self-signed Digital Certificates ¾
Process of verifying the chain of certificate Alice
Step 2: Need B11’s certificate to validate your certificate.
Bob Bob’s Bob’s Digital Digital Certificate Certificate Step 1: Here is proof of public key – my digital certificate.
Step 4: Need A3’s certificate to validate B11’s certificate.
Step 6: A3’s CA is the root CA, in which I already have trust. This is good enough for me.
B11’s B11’s Digital Digital Certificate Certificate
A3’s A3’s Digital Digital Certificate Certificate
Step 3: Here is B11’s certificate.
Step 5: Here is A3’s certificate.
Fig. 5.22 Verification of a certificate 370/374 370/374
Dept. of Computer Engineering
Information Security Lab.
14.2 Digital Certificates 8 Cross-certification Ø
Cross-certification z
Allows CAs and end users from different PKI domains to interact Root CA of Japan
Cross-certified
Root CA of the US
Second Level CA (A1)
Second Level CA (P1)
Third Level CA Third Level CA (B1) (B2)
Third Level CA Third Level CA (Q2) (Q1)
Alice
…
…
Bob
Fig. 5.23 Cross-certification of CAs 371/374 371/374
12
Dept. of Computer Engineering
Information Security Lab.
14.2 Digital Certificates 9 Certificate Revocation (1) Introduction Ø Alice wants to use Bob’s certificate z z
Does this certificate really belong to Bob? Is this certificate valid, or is it revoked? Digital certificate Revocation checks Offline revocation Status checks Certificate Revocation List (CRL)
Online revocation Status checks Online Certificate Validation Protocol (OCSP)
Simple Certificate Validation Protocol (SCVP)
Fig. 5.24 Certificate revocation status mechanisms 372/374 372/374
Dept. of Computer Engineering
Information Security Lab.
14.2 Digital Certificates Ø
How to trust Bob’s certificate Alice
Version Certificate Serial Number Signature Algorithm Identifier Issuer Name Validity (Not Before/Not After) Subject Name Subject Public Key Information Issuer Unique Identifier Subject Unique Identifier Extensions Certification Authority’s Digital Signature
Bob’s digital certificate
CA : XYZ Certificate Revocation List (CRL) This CRL : 1 Jan 2002, 10:00 am Next CRL : 12 Jan 2002, 10:00 am Serial Number Date Reason 1234567 30-Dec-01 Private key compromised 2819281 30-Dec-01 Changed job … … …
Check 3: I must be sure that this serial number does not appear in the latest CRL published by Bob’s CA Check 1: I must be sure that the certificate has not expired Check 2: I must be able to verify the entire chain of certificates/signers
Fig. 5.26 Validating a certificate and CRL’s role in the validation process 373/374 373/374
13
Dept. of Computer Engineering
Information Security Lab.
14.2 Digital Certificates 10 Certificate Types Ø Ø
Not all digital certificates have the same status and cost The certificate types can be classified as follows: z z z z
Email certificates : include the user’s email id. Server-side SSL certificates: useful for merchants. Client-side SSL certificates : allows a merchant to verify a client. Code-signing certificates : useful for signing client-side codes (Java applets or ActiveX control)
374/374 374/374
14
