Wes HubertInformation Services
The University of Kansas
PKI: Public Key Infrastructure
What is it, and why should I care?
Conference on Higher EducationComputing in KansasJune 3, 2004
Why?
PKI adoption will continue growing to support highly sensitive or regulated
business processes. However, the dream of using it for general-purpose
authentication and ubiquitous digital signatures is still several years in the
future and not a certainty.
Public Key Infrastructure: Making Progress, But Many Challenges RemainDan Blum and Gerry Gebel, Burton GroupMarch 2003 ECAR report
PKI adoption hurdles are lower than ever, and the benefits are greater than ever.
The time has come to stop studying and testing and take the plunge.
EDUCAUSE Review March/April 2004
PKI: A Technology Whose Time Has Come in Higher EducationMark Franklin, Larry Levine, Denise Anthony, and Robert BrentrupDartmouth College
You should know enough about PKI to determine which view applies to your
current situation.
BenefitsStrong authentication
HIPAA, FERPA, etc.
Protection from “sniffing” attacks
S/MIME secure email
Signing, encryption
Work with other PKI developments
Inter-university use of PKI
Kansas government PKI use
Grant signing requirements
Hurdles
Certification Authority Issues
Outsource, Buy, or Build?
Key/Certificate Management
Policy Development
Registration of users (vetting)
Finding compatible applications
User key management
Common PKI UseEstablishing SSL Connections
Authenticates web server to browser
Uses CA root built into browser
University buys certificates from CA
Protection is only for data transfer
Does not authenticate user
Does not authenticate a specific service
User-level: Individual CA Certs/Keys
Non-PKI Keys/Certificates
Argus Server Authentication
Certificates for server-to-server authentication
Locally generated keys and certs
No direct user involvement
Argus User Authentication
NOT certificate-based
User-level: PGP, GPG, SSH
Higher Education Organizations for PKINMI-EDIT
NSF Middleware Initiative Enterprise and Desktop Integration Technologies
Members
EDUCAUSE
Internet 2
SURA (SE Univ Research Assoc)
HEPKI-TAG
Coordinates many PKI developments
Higher Education Initiatives
USHER
US Higher Education Root
Follow-on to CREN as CA
InCommon
Shibboleth Federation
CA Signs Institutional Shib Certs
HEBCA
Higher Education Bridge Certification Authority
USHER Certificates
Low
Few constraints on campus operations
Suitable for many campus needs
Good for learning
Basic
CP places more constraints on use
HEBCA peering
Both will issue only institutional certs
HEBCA Trust
HEBCA
HECPInCommon
Campus Campus
HECA
FBCA
Fd Root CA
Agency CAAgency CA
Kansas Government PKIDistributed across several agencies
Information Technology Executive Council (ITEC)
Responsible for Kansas Certificate Policy
Office of Secretary of State (SOS)
Responsible for CA services contract
Information Network of Kansas (INK)
Responsible for KS Info Consortium contract
KIC manages official state web site
www.accesskansas.org
Kansas Government PKIDistributed across several agencies
General state PKI information online at: http://da.state.ks.us/itab/PKIMain.htm
Agencies using service act as Local Registration Authority
Current end-entity certs $40/year
Kansas Government PKI
Agencies using PKI
State Treasurer’s Office
“The Vault” Extranet
Department of Revenue
E-Lein
Department of Transportation
Kansas Government PKI
Identity Management Security Levels
Level 1
Virtual Vetting (no physical presence)
Level 2
Physical Vetting; LRA
Level 3, 4
Not yet issuing
Kansas Statutes
Chapter 16. Contracts and PromisesArticle 16. Electronic Transactions
Electronic Signature [16-1602(i)]
Digital Signature [16-1602(e)]
If a law requires a signature, an electronic signature satisfies the law. [16-1607(d)]
http://www.kslegislature.org/cgi-bin/statutes/index.cgi/
Electronic Signature
... an electronic sound, symbol or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record.
Digital Signature
... a type of electronic signature consisting of a transformation of an electronic message using an asymmetric crypto system such that a person having the initial message and the signer's public key can accurately determine whether: ! ! ! (1) ! The transformation was created using the private key that corresponds to the signer's public key; and ! ! ! (2) ! the initial message has not been altered since the transformation was made.
Given a choice between security and convenience,
users will choose convenience.
A system of CAs (and, optionally, RAs and other supporting servers and agents) that perform some set of certificate management, archive
management, key management, and token management functions for a
community of users in an application of asymmetric cryptography.
Public Key Infrastructure
(RFC2828 Definition)
Traditional Cryptography
Symmetric
Same key that encrypts, decrypts
Key is always secret
Problems
Exchanging key with trusted parties
Same key gives everyone access
Access includes ability to modify
Traditional Cryptography
DES (Data Encryption Standard)
IBM, NIST, NSA 1970s
56-bit key
Triple DES, 112-bit effective key size
AES (Advanced Encryption Standard)
Rijndael
128/192/256-bit key sizes
Public Key Cryptography
Diffie-Hellman 1976
Asymmetric
Two keys: one private, one public
Each decrypts what other encrypts
Problems
Much slower than symmetric
Key management
Public Keys Provide
Confidentiality
Protection again unauthorized access
Integrity
Protection against unauthorized changes
Authentication
Verification of an identity
Nonrepudiation
Cannot deny private key was used
Key Management
Generating Keys
Authenticating Public Keys
Distributing Keys
Generating KeysKeys are generated in pairs
Private/Public
Keeping private keys secret
Ideally no one but owner ever has key
Problems
convenience
escrow
recovery
Authenticating Public KeysX.509 Certificates
Bind public keys to identity information
Contents Include
Version Number
Public Key
Owner’s Name
Initial / Final Dates Valid
... other information ...
Signed by issuing CA
Digital Credentials
Private Key
For exclusive use of owner
MUST be kept secure
Public Key Certificate
Available to everyone
Links key with owner’s identity
Trust must be established somehow
Distributing CredentialsPKCS#12
Standard for secure transportation of user identity information
Wraps data in password-protected object
Content can include
Keys
Certificates
Passwords
PKCS#12 Package
X.509 Certificate
Public Key
Identity Info
Other Info
CA Signature
Private Key
Credential Package
Certificate ManagementDistribution
User to user (e.g. email)
LDAP directories
Revoking Certificates
Certificate Revocation Lists (CRL)
Online Cert Status Protocol (OCSP)
Keys and Certificates are not the same
Certificates not used for private keys
Credential GenerationKey Generation
Private Key Public Key ID Information
CertificateSigningRequest
Public Key Certificate
CA Private Key
CA Signing
PKCS#12Generation
PKCS#12ObjectPackage
Public Key Infrastructure
Solves some problems of public keys
Establishing owner’s identity
Defining validity dates, uses
Based on trusted third party
Signing may be through multiple levels
CA cert may sign other CA certs
Must end at trusted root CA
Certification Authority Functions
Register Users
Directly or through Registration Authority
Issue Public Key Certificates
Revoke Certificates
Publish revocation information
Archive Key and Certificate Data
Retrieve archives when appropriate
May or may not ever have user private key
Policies and ProceduresCertificate Policy Statement
Broad specification of policy objectives
Accepted by CA & relying party
Certification Practices Statement
Detailed practices for issuing certificates
Certificate lifetime, revocation, etc.
KU as Certification Authority
Strong authentication for campus services
Registration already done via Registrar & Human Resources
A natural extension of current I/A/A activity
KU Online ID, AMS, Argus, LDAP
Policy framework: EDUCAUSE, I2
Build on open source foundation
KU Root CA
KU Intermediate CA
KU Institutional CA
User Certificates
KU Personal CA
User Certificates
Other potential uses
KU Certificate Hierarchy
KU Root Certificate
Available on web at:
https://www.ku.edu/kuca
Currently root/anchor certificate
Must be installed into client system
Plan USHER-based path in future
Corresponding private key:
Used only to sign Intermediate CA Cert
Now stored only on encrypted CD
KU Digital Credential Process
Action Initiated by LocationTest Request User Web
Approval CA ServerID Request User WebGeneration CA Offline CANotification CA Email
Retrieval User WebInstallation User User’s PC
Use User Application
S/Mime Email
Normal Email is like a postcard
Message encryption seals the envelope
Digital signature adds unique “sealing wax” stamp
Message
Message Digest
Compute
Transmitted Message
(Original message encrypted digest
Sender!sPrivate Key
Encrypted Message Digest
Encrypt
Sender!s Cert(Public Key)
(Optional-- may be obtained by other means)
optional sender cert)
Signing Process
Message(with encrypted digest)(optional public key cert)
Message Digest
Compute
Encrypted Message Digest
(Extract)
Sender!s Cert(Public Key)
Verify throughCA Root Cert
Decrypt
Message Digest
Compare
The message digests match only if 1) Sender!s private key signed the message 2) The message has not been altered
Signature Verification
MessageGenerate(Random)
Symmetric Key
Encrypted Message
Encrypt
(Key)(Data)
Encrypt
Recipient!s Cert(Public Key)
EncryptedSymmetric Key
(One for each recipient)
(Key)(Data)
Transmitted Message
(Encrypted message Encrypted key)
Encryption Process
Transmitted Message
(Encrypted message Encrypted key)
Recipient!sPrivate Key
Symmetric Key
Decrypt
EncryptedSymmetric Key
(Key)(Data)
Extract
Encrypted Message
Message
Decrypt
(Key)(Data)
Decryption Process