Lesson 5: Implementing Public Key Infrastructure Flashcards
public key infrastructure (PKI)
- digital certificates and public key infrastructure (PKI) are critical to manage identification, authentication, and data confidentiality across most private and public networks
- basic building blocks of PKI include digital certificates and certificate authorities
- aims to prove that owners of public keys are who they say they are
- under PKI, anyone issuing public keys should obtain a digital certificate
- validity of certificate is guaranteed by a certificate authority (CA)
- validity of CA can be established using various models
digital certificate
- essentially a wrapper for a subject’s public key
contains:
- public key
- info about the subject and the certificate’s issuer or guarantor
object identifiers (OIDs)
certificate fields
public certificates
- use standard extensions
private certificates
- use private, proprietary, or custom extensions, but may need dedicated or adapted client and server software to interpret them correctly
key usage
- one of the most standard extensions
- extension defines purpose for which a certificate was issued, such as signing documents or key exchange
Extended Key Usage (EKU)
- typical values used include Server Authentication, Client Authentication, Code Signing, or Email Protection
- more flexible than the Key Usage Field
T or F. An extension can be tagged as critical.
True.
- this means that application processing certificate must be able to interpret extension correctly; otherwise the certificate should be rejected
Distinguished Encoding Rules (DER)
all certificates use this as an encoding scheme to create a binary representation of information in the certificate
certificate authority
person or body responsible for issuing and guaranteeing certificates
functions:
- provide range of certificate services useful to community of users serviced by CA
- ensure validity of certificates and identity of those applying for them (registration)
- establish trust in CA by users and government and regulatory authorities and enterprises, such as financial institutions
- manage servers (repositories) that store and administer the certificates
- perform key and certificate lifecycle management
registration
process by which end users create an account with the CA and become authorized to request certificates
Certificate Signing Request (CSR)
when a subject wants obtain a certificate, it completes a CSR, and submits it to the CA
registration authorities (RAs)
registration function may be delegated by CA to one or more RAs
certificate policies
define different uses of certificate types issued by CA
server certificate
guarantees the identity of e-commerce sites or any sort of website to which users submit data that should be kept confidential
Domain Validation (DV)
- proving the ownership of a particular domain
Extended Validation (EV)
- subjecting to a process that requires more rigorous checks on the subject’s legal identity and control over the domain or software being signed
Subject Alternative Name (SAN)
- subdomains are listed as extensions
- if a new subdomain is added, a new certificate must be issued
Wildcard domain
- certificate is issued to the parent domain and will be accepted as valid for all subdomains (to a single level)
- wildcard certificates cannot be issued with Extended Validation (EV)
T or F. It might be necessary to issue certificates to machines (servers, PCs, smartphones, and tablets), regardless of function.
True
email certificate
- can be used to sign and encrypt email messages, typically using S/MIME or PGP
user certifcate
- on a directory-based local network, such as Windows Active Directory, there may be need for a wider range of user certificate types
- example:
- standard users
- administrators
- smart card logon/users
- recovery agent users
- Exchange mail users (with separate templates for signature and encryption)
code signing certificate
issued to software publisher following some sort of identity check and validation process by the CA
root certificate
- one that identifies CA itself
- self-signed
self-signed certificate
- any machine, web server, or program code can be deployed with a self-signed certificate
- self-signed certificates will be marked as untrusted by the operating system or browser, but an administrative user can choose to override this
to install a CA hierarchy
- set up root CA or contract with third-party vendor to provide root CA services
- create and issue a self-signed root certificate from the root CA
- install subordinate CAs
- sign all necessary subordinate CA certificates using the root certificate
- secure the root by CA by taking it offline
- install further levels of issuing CAs according to your trust model design plan
key management
refers to the operations at various stages in a lifecycle
key’s lifecycle stages
- key generation:
- creating a secure key pair of the required strength, using the chosen cipher
- certificate generation:
- to identify the public part of a key pair as belong to a subject (user or computer), the subject submits it for signing by the CA as a digital certificate with the appropriate key usage
- storage:
- user must take steps to store the private key securely, ensuring that unauthorized access and use is prevented
- revocation:
- if private key is compromised, it can be revoked before it expires
- expiration and renewal:
- a key pair that has not been revoked expires after a certain period
T or F. Certificate and key management can represent a critical vulnerability if not managed properly.
True
If an attacker can obtain a private key…
…it puts both data confidentiality and identification/authentication systems at risk
If an attacker gains the ability to create signed certificates that appear to be valid…
…it will be easy to harvest huge amounts of information from network as user and computer accounts he or she sets up will be automatically trusted
If a key used for encryption is accidentally destroyed…
…the data encrypted using that key will be inaccessible, unless there is a backup or key recovery mechanism
hardware security module (HSM)
the process of generating integers that are sufficiently random (not a trivial task) is CPU-intensive, meaning that it often must be undertaken on dedicated hardware
T or F. An email user may require multiple key pairs represented by multiple certificates
True
repository
- once generated, an asymmetric private key or symmetric secret key must be store somewhere safe
- can be either software- or hardware-based
- software-based storage
- key is stored on server
- hardware-based storage and distribution
- implemented using removable media, a smart card, or at the higher end, a dedicated key storage hardware security module (HSM)
- example:
- smart card
- USB device
- subscriber identity module (SIM) card (used with smartphones)
- another option:
- Trusted Platform Module (TPM) chip in a PC or a laptop to generate, store, and protect key material
M-of-N control
- means that N number of administrators permitted to access the system, M must be present for access to be granted
- M must be greater than 1, and N must be greater than M
- example:
- when m=2 and n=4, any two of four administrators must be present
Key Recovery
defines a secure process for backing up keys and/or recovering data encrypted with a lost key
escrow
- something is held independently
- in terms of key management, this refers to archiving a key (or keys) with a third party
revoked
- a key (or more typically, a digital certificate) may be revoked or suspended
suspended
- a suspended key can be re-enabled
certificate revocation list (CRL)
- CA maintain CRL of all revoked and suspended certificates, which can be distributed throughout hierarchy
- CRL attributes:
- publish period - date and time on which CRL is published
- distribution point(s) - location(s) to which the CRL is published
- validity period - period during which the CRL is considered authoritative
- signature - CRL is signed by CA to verify its authenticity
Online Certificate Status Protocol (OCSP) or OCSP responder
- another means of providing up-to-date information is to check certificate’s status on OCSP or OCSP responder
- communicates status of requested certificate
OCSP stapling
- OCSP responder issue:
- privacy issue as the OCSP responder could be used to monitor and record client browser requests
- OCSP stapling resolves these issues by having the SSL/TLS web server periodically obtain a time-stamped OCSP response from the CA
trust model
- critical concept in PKI
- trust model shows how users and different CAs are able to trust one another
single CA
- in this simple model, a single CA issues certificates to users; users trust certificates issued by that CA and no other
- problem:
- single CA server is very exposed
- if it is compromised, the whole PKI collapses
hierarchical (intermediate CA)
- in this model, a single CA (called the root) issues certificates to several intermediate CAs
- issues certificates to subjects (leaf or end entities)
- each leaf certificate can be traced back to the root CA along the certification path (also referred to as certificate chaining or a chain of trust)
- root’s certificate is self-signed
- problems:
- single point of failure (if the root is damaged or compromised, the whole structure collapses)
^^ to mitigate against this, however, the root server can be taken offline as most of the regular CA activities are handled by the intermediate CA servers - limited opportunity for cross-certification
- advantage:
- different intermediate CAs can be set up with different certificate policies, enabling users to perceive clearly what a particular certificate is designed for
online CA
- one that is available to accept and process certificate signing requests, publish certification revocation lists, and perform other certificate management tasks
offline CA
- because of the high risk posed by compromising the root CA, a secure configuration involves making the root an offline CA
- offline CA means that it is disconnected from any network and usually kept in a powered-down state
certificate pinning
refers to several techniques to ensure that when a client inspects the certificate presented by a server or a code-signed application, it is inspecting the proper certificate
Pretty Good Privacy (PGP)
- popular open standard for email communications and which can also be used for file and disk encryption
- exists in two versions:
- PGP Corporation develops a commercial product
- OpenPGP open and broadly compatible
revoke certificates
steps:
- revoke certificate itself
- publish CRL if your CA relies on it
- destroy revoked certificate if it has been stored as a file. If the certificate was stored on a smart card or other portable storage device, destroy or securely wipe the device
