6.4 Given a scenario, implement public key infrastructure.

Question 1

Components

Answer 1

The term public key infrastructure comes from the fact that there is an entire infrastructure of components that help create this environment in which to manage and use public and private keys.

Question 2

Components - CA (Certificate Authority)

Answer 2

Public CA
A public CA is used to identify CAs that are in the business of selling certificates to other businesses so those certificates can be used in applications. The benefit of a public CA is that most applications (such as Internet Explorer) trust certificates that come from common public CAs, such as Entrust, Verisign, and GoDaddy.

Private CA
When an organization decides to create its own PKI, it is a private CA. This allows an organization to create its own CA and use it to generate certificates for the organization. The benefit of using a private CA is that the organization does not have to pay for each certificate that is created.

Question 3

Components - Intermediate CA (Subordinate CAs)

Answer 3

Depending on the size of the organization, you can create one or more subordinate CAs, also known as intermediate CAs. These CAs have their own certificate—issued and digitally signed by the root CA that they will use to digitally sign any certificates that they create. You might use subordinate CAs so that each office location has its own CA to issue certificates for that location, for example. And then take the root CA offline for the sake of security.

Question 4

Components - CRL

Answer 4

As noted, your certificate can be revoked by the CA at any time if the CA determines that you were fraudulent in obtaining the certificate or there has been a security compromise related to your certificate.

The CA is responsible for creating the certificate revocation list (CRL), which is a list of certificates that have been revoked. The CRL is published to a web site at regular intervals, and applications download the CRL to verify that a certificate has not been revoked before using the certificate.

Question 5

Components - OCSP

Answer 5

Another method that systems and applications can use to verify whether a certificate has been revoked relies on the Online Certificate Status Protocol (OCSP). OCSP is an Internet protocol that uses HTTP to communicate with the CA and check the status of a certificate. OCSP is designed as an alternative to the CRL.
***
It should be noted that when using OCSP, the revocation status can be communicated to clients using a feature called stapling.

With stapling, the web site that contains the certificate polls the CA at regular intervals to check to see if the certificate has been revoked. The status of the certificate is then sent from the web server to any clients visiting the web site during the initial handshake. This prevents the clients from bogging down the CA to check the status of the certificate.
***

Question 6

Components - CSR

Answer 6

When configuring SSL on a web site, or applying certificates to any application, there are four major steps:
1. Create the request
The first step is to create the certificate request, also known as the certificate signing request (CSR). You typically navigate to the web site of the CA to fill out a web form to create the request or create the request from the actual application. For example, Microsoft’s IIS and Exchange Server have wizards to create the certificate request. Once the request is made, it is stored in a text file. You can also create a certificate request from the Certificates snap-in within MMC.

2. Submit the request
3. Download the certificate
4. Install the certificate

Question 7

Components - Certificate

Answer 7

A certificate is an electronic file that is used to store the public key (and sometimes the private key) and associates the public key with an entity such as a person or company.

For example, if you are hosting a web site and wish to secure the communication, you need to configure the web server with a public key. You obtain a certificate (which contains the public key) and assign it to the web server in order to encrypt the communication.

As mentioned, the certificate stores the public key and also contains information about the owner of the public key. For this reason, the certificate is also considered an electronic file that binds the public key to its owner.

Attributes of a certificate:
Public key
The public key of the person who owns the certificate

Algorithm
The asymmetric algorithm used by the certificate

Serial number
A unique serial number assigned to the certificate

Subject
The name of the organization or person to whom the certificate is assigned
**
Take special notice that the Subject attribute is set to www.certworld.loc. This is sometimes referred to as the common name of the certificate, and it should match the URL that users access for the application that uses the certificate
**

Issuer
The organization or entity that created the certificate

Valid from
The start date of the period for which the certificate is
valid

Valid to
The end date of the period for which the certificate is valid

Thumbprint algorithm
The algorithm used to create a hash of the certificate to ensure it is not altered

Thumbprint
The hash value of the certificate

Question 8

Components - Public Key

Answer 8

The public key gets its name from the fact that it is available to any parties in the infrastructure

Question 9

Components - Private Key

Answer 9

The private key is to be kept private to the user.

Question 10

Components - Object Identifiers (OID)

Answer 10

a PKI is made up of a hierarchy of CAs. The root CA has a self-signed certificate. Also note that all objects in a PKI use object identifiers, or OIDs. An OID is a globally unique name assigned to each object.

Question 11

Concepts

Answer 11

.

Question 12

Concepts - Online vs. Offline CA

Answer 12

One of the reasons to have subordinate CAs, or intermediate CAs, is so that you can take the root CA offline. Taking the root CA offline means that you are disconnecting it from the network so that it cannot be hacked. Within a PKI, if there is a security compromise with a CA, whether it be a root CA or a subordinate CA, then every certificate below that point should be considered compromised. If the root CA were hacked, the entire PKI would be considered compromised because everything falls under the root CA. To prevent needing to re-create all certificates and subordinate CAs, you typically take the root CA offline once you have subordinate CAs to generate certificates for the rest of the company.

Once a subordinate CA has been created for each of the locations, you should then power off the root CA so that it is not compromised. If a security compromise occurs, anything from that point in the hierarchy down is considered compromised and invalid. Taking the root CA offline ensures the root level is not compromised.

Question 13

Concepts - Stapling

Answer 13

With stapling, the web site that contains the certificate polls the CA at regular intervals to check to see if the certificate has been revoked. The status of the certificate is then sent from the web server to any clients visiting the web site during the initial handshake. This prevents the clients from bogging down the CA to check the status of the certificate.

Question 14

Concepts - Pinning

Answer 14

Another term to be familiar with as it relates to revoked certificates or certificate fraud is HTTP Public Key Pinning, or HPKP. Pinning allows web sites to publish a list of public key hashes that it potentially will use to secure the communication. When clients connect to the web server, the hashes are communicated to the client so that the client knows which public keys it can trust. This helps in scenarios where the hacker compromises a CA and creates its own certificates.

Question 15

Concepts - Trust Model

Answer 15

PKI Trust Models: Whom do you trust?
STI Graduate Student Research
by Blaine Hein - July 28, 2015

There has been a substantial amount of attention in the media recently regarding Public Key Infrastructures (PKI). Most often, secure web server exploits and signed malware have generated this attention and have led to the erosion of trust in PKI. Despite this negative media attention, there has been very little detailed discussion of the topic of PKI Trust proliferation and control. PKI is an integral part of our daily lives even though, for the most part, we never notice it. Europe is several years ahead of North America in the ubiquitous deployment of PKI to its citizens, but North America has begun to catch up. This paper covers four major areas including the definition of trust and trust models, implementation of trust, auditing of trust, and managing trust. The paper provides proof of concept tools to allow administrators to understand their current level of PKI trust and techniques manage trust.

Trust anchors are a core concept within public key infrastructures. They are certificates that we believe in without needing to find further evidence (Housley, Ashmore, & Wallace, 2010). To use a building analogy, they are the cornerstone. Every other stone comes after the corner stone. Compromising the integrity of the cornerstone
can cause a building collapse.
***

More info on this:
https://www.sans.org/reading-room/whitepapers/vpns/paper/36112

Question 16

Concepts - Key Escrow

Answer 16

Key escrow is the process of handing cryptography keys over to a third party who can use the cryptography keys to decrypt information within your organization at any point in time. For example, you may be required to give cryptography keys to a government agency or to law enforcement for an investigation.

The concept of key escrow is a controversial topic due to the obvious security risks of having keys that can decrypt information within your organization located outside the organization.

Question 17

Concepts - Certificate Chaining

Answer 17

Unlike buildings, which start from the bottom up, building PKI certificates is a top-down process. First, the self-signed Root CA certificate is established. Next, the Root CA signs a subordinate CA certificate. This subordinate CA may, in turn, create an additional subordinate CA. The lowest layers of subordinate CAs issue certificates to people, applications, or devices. The minimum number of Certificate Authorities to establish a chain is one. While there is no theoretical maximum, the average certificate chains have between two and three CAs in the hierarchy.

More on this:
https://www.sans.org/reading-room/whitepapers/vpns/paper/36112

Question 18

Types of Certificates

Answer 18

There are a number of different types of certificates. Each certificate type is used in a specific situation. For example, a code-signing certificate would be
used to digitally sign application code created by your company, while an email certificate would be used to encrypt your e-mail messages.

Question 19

Types of Certificates - Wildcard

Answer 19

Certificates are assigned a common name when created, and the common name matches the URL of the site or entity using the certificate. A wildcard certificate is a special certificate that can be applied to many URLs within the domain.

For example, I could have a wildcard certificate of

*.gleneclarke.com

and it could be used on servers such as www.gleneclarke.com, mail.gleneclarke.com, and
login.gleneclarke.com.

Question 20

Types of Certificates - SAN

Answer 20

A subject alternative name (SAN) certificate is a certificate that can have multiple common names associated with the certificate. This is useful when the server runs multiple services and therefore will use multiple names.

For example, I could have a SAN certificate for my Exchange server that holds the names mail.gleneclarke.com and autodiscover.gleneclarke.com. Without the use of a SAN certificate, I would need to purchase multiple single common name certificates.

Question 21

Types of Certificates - Code Signing

Answer 21

A code-signing certificate would be used to digitally sign application code that you create. When you sign the application code, you are digitally stamping the code to indicate where the code came from. Digitally signing the code also includes in the signature a message digest that is used to detect if someone alters the code.

Question 22

Types of Certificates - Self-singed

Answer 22

A self-signed certificate is used by the root CA. Each entity within the PKI needs a certificate. The root CA creates its own certificate (which is why it is called self-signed), while all other systems and users will obtain a certificate from the CA.

Question 23

Types of Certificates - Machine/Computer

Answer 23

A company may want to encrypt the communication between computers on the network.

For example, a company may want to encrypt communication between its servers. In order to do this, each computer needs a machine (aka computer) certificate applied to it.

Question 24

Types of Certificates - Email

Answer 24

An e-mail certificate is used to encrypt e-mail messages with the S/MIME protocol. The e-mail client software would need to be configured to use the certificate so that the e-mail messages are encrypted.

Question 25

Types of Certificates - User

Answer 25

Just as a machine certificate is used by the computer, a user certificate is used by the user of the system to encrypt different types of information. For example, a user certificate can be used to encrypt data on disk with Microsoft’s Encrypting File System (EFS).

Question 26

Types of Certificates - Root

Answer 26

When a PKI is created, the first certificate authority installed is known as the root CA. The root CA has a self-signed certificate that it uses to digitally sign every other certificate the CA creates. The certificate used by the root CA is known as the root certificate.

Question 27

Types of Certificates - Domain Validation

Answer 27

A domain validation certificate, also known as a domain validated certificate, is a certificate used for SSL/TLS where the request for the certificate is validated against the registered domain information.

As part of the validation process, when you (as the administrator) request the certificate from the CA, the CA sends an email message to the administrator e-mail address associated with the domain. By replying to the e-mail from the CA, you prove you are the administrator of the domain and can receive the certificate.

Question 28

Types of Certificates - Extended Validation

Answer 28

An extended validation certificate builds off the domain validation certificate by not only verifying the domain but also checking the organization information filled in with the certificate request (this part of the validation is actually called organization validation). The extended validation does all that, plus it also validates that the organization is a legal entity.

Question 29

Certificate Formats

Answer 29

Just as there are many different file formats for graphics files, such as JPG, GIF, and PNG, there are also different file formats for certificates. There are different file formats because of the way the information is stored in the certificate. The following identifies common file formats for certificates

1. DER/CER (.der, .cer)
2. PEM (.pem, .crt, .cer, .key)
3. PFX/P12 (.pfx, .p12)
4. P7B (.p7b, .p7c)

Question 30

Certificate Formats - DER

Answer 30

Distinguished Encoding Rules (DER) and Canonical Encoding Rules (CER) are binary file formats used to store information in the certificate file. DER-formatted files can have a .der or a .cer file extension.

Question 31

Certificate Formats - PEM

Answer 31

PEM Privacy-enhanced Electronic Mail (PEM) is an ASCII file format that can have a file extension of .pem, .crt, .cer, or .key. PEM files are very common and start with
–—BEGIN CERTIFICATE–—

and end with

–—END CERTIFICATE–—.

Question 32

Certificate Formats - PFX

Answer 32

PFX/P12 The Personal Information Exchange (PFX) format, also known as the P12 or PKCS#12 format, is a binary file format that is common with Microsoft environments for importing and exporting certificates. PFX formatted files have an extension of .pfx or .p12.

Question 33

Certificate Formats - CER

Answer 33

Distinguished Encoding Rules (DER) and Canonical Encoding Rules (CER) are binary file formats used to store information in the certificate file. DER-formatted files can have a .der or a .cer file extension.

Question 34

Certificate Formats - P12

Answer 34

PFX/P12 The Personal Information Exchange (PFX) format, also known as the P12 or PKCS#12 format, is a binary file format that is common with Microsoft environments for importing and exporting certificates. PFX formatted files have an extension of .pfx or .p12.

Question 35

Certificate Formats - P7B

Answer 35

The P7B format, also known as PKCS#7, is another ASCII file format used to store certificate information. If you open the ASCII file, you will see that
it begins with the text

–—BEGIN PKCS7–—

and ends with

–—END PKCS7–—.

P7B files can have an extension of .p7b or .p7c.

Question 36

Bonus - Registration Authority (RA)
(A small company may combine the roles of the RA and the CA, but would still ensure that the request is validated before creating the certificate.)

Answer 36

The registration authority (RA) is an important part of a PKI, as it is responsible for accepting certificate requests from clients and then validating the entity requesting the certificate.

The RA will follow the process determined by the security policy to validate any employee or device requesting a certificate. This typically involves the employee filling out an application for a certificate and then presenting identification and a reason for the request. Once the RA validates the request, it is passed to the CA to create the certificate.

Question 37

Bonus - Repository

Answer 37

The repository is the database that stores the certificates and public keys. The repository should be available to all participants in the PKI structure so that they can obtain the public keys when needed.

The repository is usually an LDAP-compliant directory, which allows you to query the directory through LDAP. The database should be backed up on a regular basis.

Question 38

Bonus - Certificate Life Cycle

Answer 38

1. Request
2. Certificate
3. Renewal
4. Suspension and Revocation
5. Destruction

Question 39

Bonus - Certificate Life Cycle - 1. Request

Answer 39

The certificate life cycle starts when someone sends a request to the Registration Authority (RA) or the Certificate Authority (CA) for a certificate. For example, suppose you wish to secure traffic to your intranet server, so you need a certificate. You send
a request to the RA, who then validates the request. This is normally done by connecting to a web site that is set up to accept certificate requests.

Question 40

Bonus - Certificate Life Cycle - 2. Certificate

Answer 40

Once the RA validates the request, it then passes the request over to the CA so that the CA can create the certificate. When the CA creates the certificate, it digitally signs the certificate so that applications know where the certificate came from, and it also assigns the certificate a validation period (typically one or two years).

Question 41

Bonus - Certificate Life Cycle - 3. Renewal

Answer 41

Before your certificate expires, you can have it renewed so that you can use the certificate for a longer period. Certificates are typically renewed for one- or two-year periods. If you do not renew a certificate and the validation period passes, then the certificate is unusable by applications, because they check this validation period setting before using a certificate.

Question 42

Bonus - Certificate Life Cycle - 4. Suspension and Revocation

Answer 42

If at any point the CA determines that you have been fraudulent in your request for or use of a certificate, the CA may decide to suspend or even revoke your certificate. A suspended certificate is no longer usable, but it can be placed back into an active state easily. A revoked certificate is permanently unusable.

Question 43

Bonus - Certificate Life Cycle - 5. Destruction

Answer 43

As part of the certificate life cycle, you need to determine how the certificates and related keys will be destroyed after their validation time has expired. You want to ensure that hackers do not get their hands on any of the keys used in the PKI structure so that they cannot attempt to reuse them and impersonate a user or device.