网络安全-PKIX509

Chapter9:PublicKeyInfrastructuresPublicKeyInfrastructures(PKIs)Certificates:theessenceofPKICommonformsofPKIHierarchicalPKIsFormwithouthierarchy:WebsofTrustCurrentlydeployedPKIsX.509X.509forthe:PublicKeyInfrastructuresCertificateRevocationNewapproachestorevocationRevocation:lessonslearnedProposalstoenhanceX.509Pinning(TOFU)EnhancingtheX.509EcosystemPubliclogschemesChapter9:PublicKeyInfrastructures9-2Chapter9:PublicKeyInfrastructuresPublicKeyInfrastructures(PKIs)Certificates:theessenceofPKICommonformsofPKIHierarchicalPKIsFormwithouthierarchy:WebsofTrustCurrentlydeployedPKIsX.509X.509forthe(PKIs)YoualreadyknowwhyPKIsareneeded.Next:•HowcanPKIsbeorganised?•WherearePKIsusedinpractice?•Howaretheydeployed?•PracticalproblemsindeploymentChapter9:PublicKeyInfrastructures–PublicKeyInfrastructures(PKIs)9-4Certificates:theessenceofPKIDefinitionofacertificateAcertificateisacryptographicbindingbetweenanidentifierandapublickeythatistobeassociatedtothatidentifier.Semanticsofthebinding•Theidentifieroftenreferstoaperson,business,etc.Whilemuchlesscommon,theidentifiermayalsoindicatesomeattributewithwhichthekeyisassociated(e.g.,accessright).•Alwaysnecessary:Verificationthatidentifierandcorrespondingkeybelongto-gether.•Iftheidentifierisaname:verifythattheentitybehindthenameistheentityitclaimstobe.Chapter9:PublicKeyInfrastructures–PublicKeyInfrastructures(PKIs)9-5CertificatecreationPKIsarecreatedbyissuingcertificatesbetweenentities•Entityresponsibleforcreatingacertificate:theissuerI.•Ihasapublickey,KI-pub,andprivatekey,KI-priv.•Xisanidentifiertobeboundtoapublickey,KX-pub.•LetIcreateasignature:SigKI-priv(X|KX-pub)•Thetuple(X,KX-pub,SigKI-priv(X|KX-pub)isthenacertificate.•Inpractice,weadd(much)moreinformation.Chainscanbeestablished:I1maycertifyI2,whocertifiesX:I1æI2æX.Eacharrowmeansacertificateisissuedfromleftsidetorightside.Chapter9:PublicKeyInfrastructures–PublicKeyInfrastructures(PKIs)9-6CommonformsofPKIWecannowclassifyPKIsbylookingat:•Whoaretheissuers?•Whichissuersmustbetrusted=whichTTPsexist?•HowdoissuersverifythatXandKX-pubbelongtogether,orthatXisreallyX?Someterminology•DependingonthePKI,differentwordsforissuer•OfteninhierarchicalPKIs:“CertificationAuthority”(CA)•Innon-hierarchicalPKIssometimes:“endorser”•Thesewordsoftenhintattherole(power)oftheissuersChapter9:PublicKeyInfrastructures–PublicKeyInfrastructures(PKIs)9-7HierarchicalPKIsNaiveformGlobalCACertifiedentitiesChapter9:PublicKeyInfrastructures–PublicKeyInfrastructures(PKIs)9-8HierarchicalPKIsGlobalCACertifiedentitiesThisisaveryimpracticalform.•Why?Chapter9:PublicKeyInfrastructures–PublicKeyInfrastructures(PKIs)9-9HierarchicalPKIsGlobalCACertifiedentitiesThisisaninfeasibleform.•Whodecideswhichglobalauthorityistrustworthyforthejob?•Whataretheagreedverificationsteps?•Namespaceisglobal—uniqueglobalidentifiersneeded•This,andthehighloadontheCA,maymakeiteasiertotricktheCAintomisissuingacertificateto,e.g.,wrongentity(XÕ)•Hardtoimagineanygovernmentwouldrelyonanauthorityoutsideitslegalreach.Chapter9:PublicKeyInfrastructures–PublicKeyInfrastructures(PKIs)9-10HierarchicalPKIsImproved(butstillsimpleform)IntroduceintermediateentitieshelpingtheCARAGlobalCARARACertifiedentitiesChapter9:PublicKeyInfrastructures–PublicKeyInfrastructures(PKIs)9-11HierarchicalPKIsRegistrationAuthorities(RAs)RAGlobalCARARACertifiedentitiesRoleofRAs•Dotheverificationstep:identifyX,verifyithasKX-priv•Verificationmaybeaccordingtolocallaw•RAsdonotissuecertificates—theyaremereproxies•Problemofsingletrustedauthorityremains•ThenamespaceremainsglobalChapter9:PublicKeyInfrastructures–PublicKeyInfrastructures(PKIs)9-12HierarchicalPKIs‘Practical’solutionstotheproblemManyglobalCAs•OneglobalCAisinfeasible,evenwithRAs•UsemanyCAs,indifferentlegislations,acceptthemallequally•Thereareseriousweaknessesinthismodel•Whichones?DefiningCAsastrusted•ACAmustbetrustedbyparticipantsinordertobeuseful•HowshouldparticipantsdecidewhichCAstotrust?•‘Solution’:operatingsystemsandsoftwarelikebrowserscomepreconfiguredwithasetoftrustedCAsChapter9:PublicKeyInfrastructures–PublicKeyInfrastructures(PKIs)9-13Formwithouthierarchy:WebsofTrustEveryparticipantmayissuecertificatesAliceBobCharlieDanielEmileFrankGeorgeHenryIvanJaneKarlaLauraNatePaulQuentinsignsChapter9:PublicKeyInfrastructures–PublicKeyInfrastructures(PKIs)9-14WebsofTrustAliceBobCharlieDanielEmileFrankGeorgeHenryIvanJaneKarlaLauraNatePaulQuentinsignsWebsofTrustmayalsotakemanyforms:•Trustmetricstoautomaticallyreasonaboutauthenticityofbindingsbetweenentityandkey•E.g.introduceruleshowmanydelegationsareallowed,storeexplicittrustvalues,etc.•Namespacemaybeglobalorlocal(æPGPvs.SPKI,later)•CAsmayactas‘special’participantsChapter9:PublicKeyInfrastructures–PublicKeyInfrastructures(PKIs)9-15Chapter9:PublicKeyInfrastructuresPublicKeyInfrastructures(PKIs)CurrentlydeployedPKIsX.509X.509forthe